The present application claims priority from Japanese patent application JP 2007-305198 filed on Nov. 27, 2007, the content of which is hereby incorporated by reference into this application.
1. Field of the Invention
The present invention relates to systems which are used to view content such as a video and more particularly, to a system which causes a plurality of devices to be linked to each other to view content via a network.
2. Description of the Related Art
Some of prior arts in the above technical field are enumerated. For example, JP-A-2004-336310 (Patent Document 1) recites “The object of the present invention is, upon terminal handover, to enable seamless and continuous view of a content so far viewed at the handover originator terminal again at a handover destination terminal without eliminating the need of newly logging in on the new terminal from the handover destination terminal (refer to paragraph number [0006] in the Patent Document 1). The object is attained by linking a system (MetaPORT) of seamlessly performing handover over the content to a view history management server conforming to the TV-Anytime Forum specifications, a content metaserver, a location solution server, a presence management server conforming to IETF specifications, and so on. The MetaPORT is a view continuous control server (MetaPORT server) which implements a suspend and resume function as a network service, that is, which causes a network to take over a context of the content so far viewed by the user at the handover originator terminal and to make the context to conform to the presence of the handover destination terminal for delivery and play. It provides such a user interface to the user that the user selects the handover originator/destination terminals on a display screen of the terminal (MetaPORT terminal) to instruct the handover, and the interface accesses the presence server and the location solution server according to the user's input to attain the handover function seamless to the handover destination terminal (refer to paragraph number [0008] in the Patent Document 1)”.
JP-A-2005-323068 (Patent Document 2) also recites “The object of the invention is to provide a home network AV server and a home network AV server program having a good handleability which, even when a user suspends a content view in a general home network environment, the user can resume the view from the suspended position, and also a home network AV server program (refer to paragraph number [0006] in the Patent Document 2). The object is attained by providing such a home network AV server as follows. That is, the AV server comprises a data transmission position detector which detects a current transmission position of the content data transmitted to a client terminal, and also comprises a content information creator which creates content information for start from a middle point corresponding to a played and stopped data position as a play resuming position on the basis of the current transmission position of the content data issued from the data transmission position detector and which stores the created data in a content information list memory. The transmission data creator, when the view play is resumed from the client terminal, transmits the content data from the play resuming position by referring to the middle start content information in the content information list memory (refer to paragraph number [0007] in the Patent Document 2).”
With respect to authentication of a transaction between devices, JP-A-2002-169719 (Patent Document 3) recites “The object of the invention is to provide a content delivery system which, in content transaction between user devices, performs personal authentication as user identifying operation to allow user use of the content. The object is attained by using, as a delivered content, a secure content which includes content encrypted with a content key and which also includes a secure content including container information having content transaction conditions set therein. The container information contains a personal identification certificate identifier list. In secondary content distribution between user devices after primary content distribution, use control information containing the list is generated and stored in the devices. During the content delivery between the devices, a personal information identification certificate is identified from the list, the user device executes personal authentication based on the personal identification certificate, and when the authentication is established, the transmission content can be used.”
In the above Patent Documents 1 and 2, however, no consideration is paid to certification or authentication relating to content viewing when the viewing terminal is switched to another terminal for continuous view.
The Patent Document 3 teaches the fact that, with respect to primary distribution to a main terminal and to secondary distribution as copy or move from the main terminal to a sub terminal in content delivery, when the secondary distribution is carried out after user authentication, content secondary distribution is carried out between the devices (terminals) under conditions of personal authentication based on certificate by a reliable third party certification authority. In the Patent Document 3, however, it is required to first perform the primary distribution, that is, to distribute the content to the main device. Accordingly, in a streaming type of delivery of IP-TV (broadcast service for distributing a video content such as a television program or a movie according to the Internet Protocol), when the user wants to display the content at the sub terminal (not at the main terminal), it is required to temporarily store the content in the main terminal (device) or to once send the content to the main terminal and then to deliver the content to the sub terminal via the main terminal. To this end, it becomes necessary to solve problems with difficult immediate display, data congestion and an increased amount of processing operations caused by complex data path. In particular, in a commercial IP-TV service, many users do not have sufficient expertise about network connection, how to use the content delivery service and terminals or devices used in many cases. Therefore, it also becomes necessary to solve problems with unsatisfactory immediateness and with operability reduced by an increased amount of data or processing operation.
Similarly, since even only display at the sub terminal requires a storage means, it also involves another problem with an increased price caused by an increased capacity of the memory means in the terminal and by mounting of a portable memory device (such as a portable media drive such as DVD or memory). This problem seemingly becomes remarkable when content requires a high-resolution video or an enormous amount of long-time data.
In order to solve the above problems, in accordance with the present invention, there is provided a technique by which, in a content delivery service for an example, a terminal for authentication and a terminal for displaying and/or storing contents are separately provided for content view. In particular, the technique is implemented while minimizing an increased amount of processing operation or data congestion in a terminal and a network.
More specifically, a content delivery method using a network includes a step of informing a server of information about designation of a display terminal for content view from the control terminal and a step of delivering content from the server to the display terminal. The method may also include a step of transmitting user log-in information from the control terminal to the server, a step of transmitting certificate information from the server to the control terminal when the server recognized the user on the basis of the log-in information, and a step of transmitting the certificate information from the control terminal to a display device. The method may also include a step of transmitting the information for designation of the display terminal and the certificate information received from the control terminal from the display device to the server, a step of authenticating at the server (the information) on the basis of the display-terminal designation information and the certificate information received from the control terminal, a step of transmitting key information corresponding to the content from the server to the display terminal when the authentication is established, and a step of displaying the content at the display terminal using the key information.
With the above means, one terminal such as a portable terminal can execute the authentication, while the user can view the content on the other terminal such as a TV terminal having a relatively large display screen.
Other objects, features and advantages of the invention will become apparent from the following description of the embodiments of the invention taken in conjunction with the accompanying drawings.
Explanation will be made as to preferred examples (embodiments) of the present invention.
Though it is assumed in the embodiments that a broadcast service (which will be referred to as the IP-TV, hereinafter) is provided to deliver content such as program information about several media including video, sound and character information according to Internet Protocol; the present invention is not limited only to the illustrated example.
The IPTV service is roughly classified into three forms, that is, streaming, download and progressive download. In the streaming service, data about content is sequentially distributed from a server to a client, and the client in turn plays a video, a sound and so on from the received data to present it to the user. For this reason, the streaming service is featured in that, in the case of a network having a sufficiently broad band, the user can view the content substantially on a real time basis. In the download service, a client previously acquires all data about content from a server, stores the data, and after the storage of the data, plays the content to view. For this reason, the download service is featured in that, when it is unnecessary to view the content on a real-time basis, the user can view the content many times for a desired time by previously completing the distribution of all the content data and storing it and can receive content delivery even in the absence of a network having a sufficiently broad band. In the progressive download service, which is regarded as an intermediate between these two of the streaming and download services; prior to completion of full delivery of the content, viewing is carried out sequentially from the data stored in the terminal (a view time axis can be changed for fast-forward or fast-reverse view or a temporary stop, which is sometimes called “trick play”). Thus, the progressive download service has a merit that it is not necessarily required to wait for the completion of the content storage, a storage time can be shortened even when the band is not a sufficient broad, and the user can view the content many times at desired timing so long as it is after the storage completion.
In the content delivery service including the IPTV service, in general, users are, in many cases, charged by the internet service provider for their use fees in exchange for receiving the service. At this time, the users previously registered as correct or authorized users, and various types of information including passwords (which may be passcodes or biometrics information such as fingerprint), real names and addresses are managed on the basis of their identifiers (IDs) as indexes. On the basis of such information, it is confirmed that charging information when the user receives deliver of a pay content, stores and views it, can also be recorded, and the user can pay a use fee for the content by a separately specified paying method. When the user wants to use the content, the user is required to receive user authentication to receive the service by collating the identifier in these registered information with management information based on the password. A display screen for service selection called “portal” to select and search for a desired delivery content or to select a service such as other information deliver is, in many cases, provided to the authenticated or authorized user.
In many cases, further, device authentication is carried out. That is, whether or not a terminal device used by the user is a device specified by the service provider or whether or not a program for receiving a delivery service to be operated in the terminal device is a program specified by the service provider, is confirmed through communication prior to the delivery service. This device authentication prevents an illegal action such as illegal copy, move or modification, based on a statute such as a copyright. At this time, the content is previously encrypted in a common key encryption scheme, and a key for decrypting the encrypted content is separately sent to or received and held in an authenticated device to be linked to the content so that the authenticated authorized user can be decrypted on the authenticated authorized device. Further, a public key and a secret key in a public key encryption scheme may be prepared by the terminal side or by the service provider so that the secret key is sent to the terminal upon user registration to be used between the service provider and the terminal for encryption and decryption respectively. In general, these decrypting keys are recorded together with play conditions of content play expiration date and frequency, and playable users and devices. The encrypting key will be referred to as the encryption key, and the decrypting key is referred to as the decryption key, hereinafter.
In this way, on the basis of the user authentication, the device authentication and encryption key linking; the internet service provider, as an agent of content or service provider, provides a content delivery service or the like to users and reliably charges the users with their use fees. Thereafter, the user can receive delivery of a desired content and can correctly receive a service such as content play. Based on the above, the user can hold, in some cases, content linked to a user playable right.
Using the content thus obtained and the decryption key, the user plays the content, but the content and the decryption key are assumed to be used by the same terminal device and by the same user. Thus, when it is desired to play the content on another device, it is required in some way to copy or move the content and the decryption key.
As an example of use situation, it is considered that the control terminal (140) is, for example, a portable terminal such as a cellular phone or a PDA and that the display terminal (120) is, for example, a TV set located in a living room or a study room, the user operates the portable terminal to view a content on the TV.
The server (100) includes a communication unit (108) for communication with another device and in particular, with a client using a central processing unit (107) and using a network; a client management unit (103) for managing clients; a content management unit (106) for managing contents; and a delivery management unit (110) for managing the delivery condition. The server (100) is not provided always as a single device, but provided separately, for example, for each of the content and client management units.
In this case, a client management unit (103) manages user authentication information (101) for authenticating each user, device authentication information (102) for authenticating a device possessed by the user, charging information (104) having a content charge condition recorded therein, and log-in information (111) having a user logged in a server management space recorded therein.
Each management unit may be implemented by hardware or by software such as a program to be executed under control of a CPU or the like.
Explanation will next be made as to examples of operations of the server (100), the display terminal (120), and the control terminal (140).
It is assumed that the server (100) already completes user registration so that the user can receive a content delivery service provided by the server. In this connection, it is also assumed that the user authentication information (101) such as a user name or a given password and the charging information (104) for paying a charge generated when the user receives the service are registered, and it is already recognized that the user has no inadequacy in using the service. It is further assumed that content data and its contents to be delivered as the service are separately registered already in the server as the content information (105). Another assumption is that conditions of an authorized terminal which can receive content delivery or conditions of a terminal excluded as a unauthorized terminal are managed as the device authentication information (102).
In the processing flow of
In the user authentication, the user, for example, enters information including the user name, the password, etc. on a log-in display screen. A processing unit (145) in the control terminal transmits the entered information in a predetermined format to the server, and the server in turn receives the information. Using the user authentication information (101) (in
In the next processing, after the log-in operation is completed, the server transmits data called user certificate to the control terminal (step 1002), and the control terminal in turn receives the data (step 1042).
The control terminal next searches for a display terminal usable on the network. At this time, as defined by the general universal plug & play (UPnP) standard, a device searching technique based on a “discovery” function of finding one of devices connected to a home network which satisfies specific requirements as a display terminal may be employed. More specifically, according to a protocol called SSDP (Simple Service Discovery Protocol), the control terminal transmits a display-terminal inquiry request by broadcast communication to corresponding one of network display terminals of multicast communication from the display terminal (step 1043), the corresponding device, in particular, the display terminal of the present embodiment receives the inquiry request (step 1021), and transmits a response to it to the control terminal (step 1022). At this time, address information of each display terminal relating to the display function including a network address, a port number, and a title, is obtained. In this connection, responses from a plurality of devices may take place simultaneously. Even in this case, the control terminal receives the responses from all the devices and holds respective device information therein. Based on the responses, the control terminal displays the display terminals connected to the network on a display unit (146) for user presentation (step 1044). Although the display units (146, 126) are assumed to be each a liquid crystal type or an organic EL type, the display units may be each any output unit for outputting data to the display.
The aforementioned address information obtained for the display terminal determined by the user in this way is transmitted from the control terminal to the server (step 1046), and the server in turn receives the address information (step 1003). In this connection, in this step, the display terminal may transmit the address information. In this case, a notification indicative of the display terminal determination is informed from the control terminal to the display terminal, and thereafter information on its own terminal is informed from the display terminal to the server. The step of informing of the information about the display terminal may be carried out at the same time as a next device authentication step.
The user certificate (see
The ID of the content thus selected is transmitted from the control terminal to the display terminal (steps 1051 and 1027), and the display terminal issues a content delivery request to the server using the received content ID (steps 1028 and 1007). The content delivery request may be transmitted from the control terminal directly to the server not via the display terminal.
The server then generates a decryption key for the content or acquires it from the existing data, and transmits the decryption key to the display terminal (steps 1008 and 1029).
When the display terminal satisfies the decryption key and the delivery conditions and completes preparation of the delivery, the display terminal transmits a notification indicative of the completion of the delivery preparation to the control terminal (step 1030), and the control terminal in turn causes a user interface for delivery control to be displayed on the display unit (146) or waits for a user operation from the input unit (147) (step 1052).
When the user inputs content play control such as play, temporary stop, fast forward, or quick reverse using the control terminal; the control terminal transmits the control information to the server (steps 1053 and 1009). When the control information is other than the end (stop) (step 1010), the server delivers the content to the display terminal (step 1011), the display terminal in turn receives the content. In the present the decryption key, the display terminal decrypts the content using the decryption key, and displays the content on the display unit (126) of the display terminal (step 1031). When the user operation is the end (stop) (step 1054), the control terminal transmits a display end request to the server via the display terminal or the like (steps 1055, 1032, and 1009), and the server in turn terminates the content delivery (step 1010) and terminates the session relating to the content delivery. When the decryption key or the certificate is unnecessary at the display terminal, the decryption key or the certificate may be eliminated (step 1033), that is to prevent user from playing illegally.
When the user again requires delivery of the same content, steps associated with transmission of the user certificate or of the decryption key may be omitted and the content delivery step may be carried out. In the content delivery, further, the display on the display terminal may be replaced with recording (123) or downloading of the content by a content management unit (122) of the display terminal (120) or with sequential display or progressive downloading of the recorded content.
Another example (embodiment 2) of operations of the server (100), the display terminal (120), and the control terminal (140) will be explained.
In the embodiment 1, the control terminal receives the user certificate and sends it to the display terminal, and thereafter the display terminal performs the terminal authentication through direct transaction with the server. In the embodiment 2, the control terminal performs transaction with the server without intervention of the user certificate, that is, the control terminal performs the terminal authentication and key transfer. However, a key for use in the display is transmitted to the display terminal, and the delivery itself is performed to the display terminal as in the embodiment 1. With it, the embodiment 2 can be implemented with the cost of the display terminal smaller than in the embodiment 1. In other words, it is assumed in the embodiment 1 that the servers performs independent authentication on the devices, that is, the server directly performs the device authentication with the display terminal; whereas, it is assumed in the embodiment 2 that the control terminal performs the authentication to omit the authenticating operation of the display terminal.
Steps until the step 1045 are the same as those in
The display terminal (120) transmits the device information (121) about the display terminal (120) via the control terminal (140) to the server (100) to cause the server to perform device authentication. That is, the control terminal issues a device information transmission request to the display terminal determined by the user, and the display terminal in turn receives the request (steps 1541 and 1521). The display terminal transmits the device information (121) (see
In a step 1502, unlike the step 1005 in
In a step 1544, unlike the step 1028 in
In a step 1545, unlike
The decryption key, if the key becomes unnecessary at the display terminal, may be removed (step 1523) to prevent user from playing illegally.
It is desirable that various sorts of information including the identifier, tables, etc. already explained above be stored by a suitable means such as encryption or self destruction upon abnormality in order to avoid illegal use such as external use by stealth or impersonation. It is also desirable that mutual communication between the communication unit of the server and the communication unit of the terminal be carried out based on data encryption to establish mutual reliability and to prevent external illegal use by another technique such as an SSL (Secure Socket Layer) technique.
The content used in the explanation of the present embodiments is assumed to be program information constituted by several media such as video, sound and character information. However, the content is not limited to such a content as mentioned above, and may be a file, executable object data, a mail, a markup description or a script for operational description sent or received by WWW (World Wide Web) for use in a PC (Personal Computer) or the like, and general electronic data transmitted through a network. Thus, the content can be applied to general use in many industries using networks, finding a great feasibility.
In addition, the server, the display terminal, and the control terminal may be partly implemented in the form of a processing program as software using a PC.
It should be further understood by those skilled in the art that although the foregoing description has been made on embodiments of the invention, the invention is not limited thereto and various changes and modifications may be made without departing from the spirit of the invention and the scope of the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
2007-305198 | Nov 2007 | JP | national |