Patent Application
20050160274
The present application claims priority from Japanese application serial no. P2004-008622, filed on Jan. 16, 2004, the content of which is hereby incorporated by reference into this application.
The present invention relates to a content transmission apparatus and a content reception apparatus, which are suitable for protecting copyrights of typically video and audio contents transmitted and received thereby through a network.
With improvement of the processing power of the personal computer, which is abbreviated hereafter to the PC, the storage capacity,of a hard-disk drive (abbreviated hereafter to an HDD) embedded in the PC also increases as well. By the processing power of a PC, the processing speed and storage capacity of the PC are implied. In this situation, even a PC of a rank intended for an ordinary home can be used for recording a TV broadcast program in the HDD to be watched later through a display unit of the PC. In addition, with the decreasing price of the HDD having a large storage capacity, an HDD video-recording apparatus having such an HDD embedded therein has been introduced also as a home video-recording apparatus for digitally recording audio/video information, and the fact that the user can utilize such a video-recording apparatus with a high degree of convenience by making use of a disk as a recording medium attracts much attention.
In recording equipment such as a video-recording apparatus and a PC, which employ the HDD described above, audio/video information can be recorded in an HDD fixed in the recording equipment in a room of a home. Thus, if the user wants to watch the recorded information in another room of the home, the user must move the recording equipment itself to the other room. That is to say, it is difficult to implement an application in which a plurality of video-recording/reproduction apparatus employing a replaceable recording medium is provided and the audio/video medium is moved from a video-recording/reproduction apparatus installed in a room to another apparatus installed in another room. An example of the video-recording/reproduction apparatus employing a replaceable recording medium is a VTR.
In order to solve the problem described above, there has been conceived a solution in which a video-recording apparatus is provided with an interface with a wire or wireless LAN (Local Area Network) and, by transmitting audio/video information recorded at a room of a home from the video-recording apparatus to another PC or reception apparatus installed at any other room of the home by way of the network, the user can watch the recorded information in the other room.
By the way, in order to protect copyrights of information such as contents, a Digital Transmission Content Protection (DTCP) has been provided as a typical copy protection method incorporated in a digital AV apparatus. The DTCP defines a copy protection method on an IEEE1394 bus or the like. For more information on the DTCP, refer to non-patent reference 1, namely, the 5C Digital Transmission Content Protection White Paper authored by Hitachi Ltd. et cetera.
In addition, some technologies have been developed as technologies for implementing copy protection to protect copyrights in the course of transmission between apparatus or transmission through a network. Such technologies are disclosed in documents such as Japanese Patent Laid-open No. 2000-287192 referred to hereafter as patent reference 1 and Japanese Patent Laid-open No. 2001-358706 referred to hereafter as patent reference 2.
In accordance with the conventional technologies described above, a video-recording apparatus for home applications is provided with an interface with a wire or wireless LAN (Local Area Network) and, by transmitting audio/video information recorded in the video-recording apparatus located in a room of a home from the video-recording apparatus to another PC or reception apparatus installed in any other room of the home by way of the network, the user can watch the recorded information in the other room. However, the conventional technologies do not consider copyright protection of audio/video information, the copyrights of which should be protected. In the following description, the audio/video information deserving copy protection is referred to as a content. Audio/video information recorded in an HDD of the video-recording apparatus can be transmitted to another PC by way of a LAN and stored in the HDD of the other PC. Thus, the audio/video information handled in this way must be a copy-free content, which can be copied with complete freedom.
In general, when a digitally recorded content is transmitted from one apparatus to another by way of a network or the like to be recorded in the other apparatus as described above, the data quality of the content hardly deteriorates in the course of the transmission. That is to say, in the apparatus on the reception side, it is possible to generate a copy of a content as a copy with the same quality as the content recorded in the apparatus on the transmission side. It is thus necessary to consider prevention of audio and video data from being created by illegal copying beyond a range of personal use. The audio and video data, the copyright of which should be protected, is referred to hereafter as a content. In a transmission of a content between digital AV apparatus, for example, the apparatus on the content transmission side encrypts the content and, by letting only the apparatus on the content transmission side and the apparatus on the content reception side share information for encrypting the content and decrypting the encrypted content, an apparatus other than the content reception apparatus serving as the sole transmission target of the content is not capable of correctly decrypting the content received from the apparatus on the content transmission side. In this way, it is possible to implement copy protection for avoiding creation of a limitless number of copies.
As a typical example of such a copy protection method adopted in digital AV apparatus, the DTCP method disclosed in non-patent reference 1 is provided. In accordance with the DTCP method, contents are managed by classifying the contents into ‘Copy free’, ‘Copy one generation’, ‘No more copies’ and ‘Copy never’ categories. In a video-recording apparatus, only contents of the ‘Copy free’ and ‘Copy one generation’ categories are recorded. A content of the ‘Copy one generation’ category can be recorded only once and, after being recorded, the content is handled as a content of the ‘No more copies’ category. Except a content of the ‘Copy free’ category, any content is encrypted in the apparatus on the transmission side prior to a transmission to an apparatus on the reception side so as to prevent a limitless number of copies from being created from the content.
Some technologies have been disclosed as technologies for implementing copy protection for protecting the copyright of a content in a transmission of the content by way of a wire or wireless LAN on the basis of a concept similar to the DTCP method. For example, patent reference 1 discloses a technology applying a technique similar to the DTCP to copy protection for distribution of a content through a network. On the other hand, patent reference 2 discloses a technology of building inter-apparatus communications by encryption also for protection of copyrights of contents.
In accordance with these technologies, a content is transmitted from an apparatus on the transmission side to an apparatus on the reception side by way of a wire or wireless network by not considering whether or not the apparatus on the transmission side and the apparatus on the reception side are installed at the same home. Rather, in the case of downloading a content from a distribution server, in general, the apparatus on the transmission side is located at the site of the provider and the apparatus on the reception side is located at an ordinary home.
Thus, even though the technologies described above are applied solely to a case in which a content is recorded in an HDD of a PC or an HDD embedded in a video-recording apparatus and then transmitted to another apparatus installed at the same home by way of a LAN provided at the home, a reception apparatus installed at another home connected to the LAN through the Internet is capable of receiving and displaying the content. In addition, the transmission range of the content can be widened to all places in the world provided that the places are connected to the Internet.
Assume that the user of a video-recording apparatus puts the video-recording apparatus in a state of being accessible from the Internet in such a situation. In this case, even if copy protection is applied in accordance with the technologies described above, a reception apparatus will be capable of receiving a content from the video-recording apparatus by way of the Internet with a high degree of freedom and displaying the content, provided that the reception apparatus has the copy-protect function. Thus, such a reception apparatus is capable of substantially departing from a range of personal use, which is the original purpose of the copyright protection.
It is thus an object of the present invention to provide a content/information transmission apparatus, a content/information reception apparatus and a content/information transmission method, which are capable of implementing copy protection for avoiding an illegal operation to copy a content during a transmission of the content through a wire or wireless LAN installed at a home and capable of limiting legal operations to watch a content and make copies of the content to a range of personal use of the content.
In order to solve the problems described above, the present invention provides a content transmission apparatus for transmitting a content to a content reception apparatus by way of a network as a content transmission apparatus comprising:
To be more specific, if the measurement result produced by the timer means does not exceed a predetermined value at the timer means, the address of the content reception apparatus and the apparatus information unique to the content reception apparatus are stored in the apparatus-information management means.
In addition, when a request for a content is received from the content reception apparatus, an address and apparatus-unique information, which have been cataloged in the apparatus-information management means, are compared with the address of the content reception apparatus and apparatus information unique to the content reception apparatus respectively and, if they match each other, the requested content is transmitted to the content reception apparatus without driving the timer means to measure a time interval.
Furthermore, in order to solve the problems described above, the present invention provides a content reception apparatus for receiving a content transmitted from a content transmission apparatus by way of a network as a content reception apparatus comprising:
That is to say, in accordance with the present invention, the content transmission apparatus and the content reception apparatus authenticate each other prior to a transmission of a content. When the authentications are carried out, the timer means each measure a time interval between a transmission of an authentication request and a reception of an acknowledgement of a reception of the authentication request or between a transmission of a response to an authentication request and a reception of an acknowledgement of a reception of the response. Only if the measured time intervals do not exceed the predetermined values, a content encrypted by using a shared key is transmitted. In addition, an address and apparatus-unique information are cataloged for the content reception apparatus. Thus, in an operation to again transmit a content to the content reception apparatus, the content is merely encrypted prior to the transmission without driving the timer means to measure a time interval.
As a result, it is possible to implement copy protection for avoiding illegal copies of a content transmitted by way of a wire or wireless LAN installed at a home. In addition, it is also possible to limit legal operations to watch a content and make copies of the content to a range of personal use of the content.
In accordance with the present invention, it is possible to improve the reliabilities of the content transmission apparatus, the content reception apparatus and the content transmission, which utilize a wire or wireless LAN installed at a home.
Preferred embodiments of the present invention are explained by referring to diagrams as follows.
A first embodiment of the present invention is explained as follows.
On the other hand, the content reception apparatus 200 comprises a content reception circuit 201, a decryption circuit 202, a network-communication process circuit 203, an authentication circuit 204, a non-volatile memory 205, a key generation circuit 206, a timer circuit 207 and an apparatus-information registration circuit 208. The content reception circuit 201 is a circuit for receiving a content transmitted by another apparatus by way of the LAN. The decryption circuit 202 is a circuit for finally receiving a content encrypted by the encryption circuit 102 employed in the content transmission apparatus 100 from the network-communication process circuit 203, decrypting the content and outputting the decrypted content to the content reception circuit 201. The network-communication process circuit 203 is a circuit for transmitting an output of the authentication circuit 204 to another apparatus and receiving an input to the authentication circuit 204 and a content supplied to the decryption circuit 202 from another apparatus by way of the LAN. The authentication circuit 204 is a circuit for exchanging information with another apparatus to authenticate the other apparatus and request the other apparatus to authenticate the content reception apparatus 200. The non-volatile memory 205 is a memory used for storing information necessary for processing carried out by the authentication circuit 204. The key generation circuit 206 is a circuit for generating a key based on information generated by the authentication circuit 204 as a key to be used by the decryption circuit 202 to decrypt a content. The timer circuit 207 is a circuit for measuring a time interval between a transmission of information such as an authentication request issued by the authentication circuit 204 to another apparatus and a reception of an acknowledgement of a reception of the information from the other apparatus. The apparatus-information registration circuit 208 is a circuit for cataloging apparatus information of another apparatus authenticated by the authentication circuit 204 and managing the cataloged apparatus information. An identification code is received along with a content. The content is processed in accordance with an identification code received along with the content. The identification code received along with a content can be ‘Copy free’, ‘Copy one generation’, ‘No more copies’ or ‘Copy never’. In the content reception apparatus 200, only contents of the ‘Copy free’ and ‘Copy one generation’ categories are recorded. A content of the ‘Copy one generation’ category can be recorded only once and, after being recorded, the content is handled as a content of the ‘No more copies’ category.
The IP addresses are set in the content transmission apparatus 100, the content reception apparatus 200a and 200b as well as the router 400 in accordance with a DHCP (Dynamic Host Configuration Protocol) widely adopted as a conventional protocol for automatically setting addresses in a network. In accordance with the DHCP, typically, the router 400 is operated as a DHCP server, which then assigns IP addresses to the other apparatus. It is to be noted that, if an IPv6 (Internet Protocol Version 6) is used, in accordance with a method known as a stateless automatic setting technique, an IP address assigned to another apparatus consists of the 64 high-order bits of an IP address assigned to the router 400 and a MAC address set in the other apparatus.
Reference numeral 1081 denotes an apparatus-inform acquisition unit for acquiring an address and apparatus-unique information from the content reception apparatus 200. Reference numeral 1082 denotes an apparatus-information registration unit for cataloging apparatus-unique information and an address, which have been acquired by the apparatus-information acquisition unit 1081 as apparatus-unique information and address of the content reception apparatus 200. Reference numeral 1083 denotes an apparatus-information management unit for cataloging the content reception apparatus 200 and authenticating the content reception apparatus 200 on the basis of the apparatus information cataloged in the apparatus-information registration unit 1082. The apparatus-information acquisition unit 1081 transmits typically an application for cataloging apparatus information or a web page for cataloging apparatus information through the use of a browser to the content reception apparatus 200.
Receiving the application for cataloging apparatus information or a web page for cataloging apparatus information, the content reception apparatus 200 catalogs the address and apparatus-unique information thereof in the content transmission apparatus 100 in accordance with instructions specified in the application for cataloging apparatus information or the web page for cataloging apparatus information automatically or on the basis of cataloging items entered by the user to the content reception apparatus 200.
An example of the apparatus information unique to the content reception apparatus 200 is a public key generated by a predetermined authentication engine and stored in the non-volatile memory 205 employed in the content reception apparatus 200. Since the public key is stored in the non-volatile memory 205 in advance at a manufacturing time of the content reception apparatus 200, the key has a value unique to the content reception apparatus 200.
As is obvious from the above explanation, in an operation to authenticate a content reception apparatus 200, the content transmission apparatus 100 is capable of identifying a cataloged content reception apparatus 200 on the basis of apparatus information cataloged in the apparatus-information registration circuit 108.
As typical apparatus-unique information, the above description has explained a public key used for mutual authentication when adopting the DTCP for determining a copy protection method in a transmission of a content between a content transmission apparatus and a content reception apparatus, which are connected to each other by a network. However, the apparatus-unique information is not limited specially to the public key. Any information unique to an apparatus can be cataloged as the apparatus-unique information as long as the information can be used for identifying the apparatus.
In addition, even though the above description explains an embodiment adopting a method of cataloging apparatus information of the content reception apparatus 200 in the content transmission apparatus 100, the method can also be applied as a technique of cataloging apparatus information of the content transmission apparatus 100 in the content reception apparatus 200.
Next, a second embodiment of the present invention is explained.
A second embodiment of the present invention is explained as follows.
This embodiment is characterized in that it is possible to provide a content transmission apparatus and a content reception apparatus, which are capable of implementing copy protection to avoid illegal copies of a content transmitted by way of a wire or wireless LAN and capable of limiting legal operations to watch a content and make copies of the content to a range of personal use of the content.
First of all, the content reception apparatus 200 creates an authentication request. The authentication request specifies a public key serving as the apparatus-unique information described earlier and includes a certificate of the public key. The authentication request is then transmitted to the content transmission apparatus 100. Receiving the authentication request, the content transmission apparatus 100 transmits an acknowledgement of the reception of the authentication request to the content reception apparatus 200. Then, the content transmission apparatus 100 creates its own authentication request for authenticating the content reception apparatus 200. Much like the authentication request created by the content reception apparatus 200, the authentication request created by the content transmission apparatus 100 specifies a public key issued by an authentication engine as a public key unique to the content transmission apparatus 100 and includes a certificate of the public key. The content transmission apparatus 100 then transmits the authentication request to the content reception apparatus 200. At the same time, the content transmission apparatus 100 drives the timer circuit 107 to start its operation to measure a time interval T1 between the transmission of the authentication request and a reception of an acknowledgement of a reception of a response to the request from the content reception apparatus 200.
If the time interval T1 does not exceed a predetermined value T, that is, if T1<T, the content reception apparatus 200 is authenticated to be an apparatus existing in a range of personal use. The operation to authenticate an apparatus to be an apparatus existing in a range of personal use is referred to as a time authentication. Reversely, a time authentication for the content transmission apparatus 100 can be carried out by transmitting an authentication request from the content reception apparatus 200 to the content transmission apparatus 100, driving the timer circuit 207 to start its operation to measure a time interval T2 between the transmission of the authentication request and a reception of an acknowledgement of a reception of a response to the request from the content transmission apparatus 100.
If the mutual authentications described above are successful, an authentication key common to the content transmission apparatus 100 and the content reception apparatus 200 is generated as a key to be shared by the apparatus. A commonly known key exchange algorithm is normally adopted in generating the authentication key. As the process of sharing the authentication key is completed, the content transmission apparatus 100 generates an exchange key and a random number, encrypts the exchange key and the random number by using the authentication key and transmits the encrypted exchange key and the encrypted random number to the content reception apparatus 200. It is to be noted that, even though the content transmission apparatus 100 transmits the encrypted exchange key and the encrypted random number to the content reception apparatus 200 separately in accordance with the procedure shown in
Then, the content reception apparatus 200 uses the authentication key to decrypt the encrypted exchange key and the encrypted random number, which have been received from the content transmission apparatus 100, storing the exchange key and the random number in a memory.
Subsequently, the content transmission apparatus 100 and the content reception apparatus 200 each use the exchange key and the random number to generate a common key in accordance with a computation algorithm determined in advance. As will be described below, the common key generated in this way is a key used by the content transmission apparatus 100 to encrypt a content to be transmitted to the content reception apparatus 200 and the content reception apparatus 200 is capable of decrypting the encrypted content received from the content transmission apparatus 100.
If the aforementioned authentications between the content transmission apparatus 100 and the content reception apparatus 200 are successful, the content reception apparatus 200 transmits a request to the content transmission apparatus 100 as a request for a transmission of a content. At this request, the content transmission apparatus 100 encrypts a content and transmits the encrypted content to the content reception apparatus 200. As the requested transmission of the content is completed, the content transmission apparatus 100 destroys the authentication key, the exchange key and the common key required for encrypting the content and decrypting the encrypted content. In the content reception apparatus 200, the authentication key, the exchange key and the common key are destroyed as is the case with the transmission apparatus 100, and when it is necessary to again receive a content, a new authentication request is normally made. In the case of this embodiment of the present invention, however, when the content reception apparatus 200 passes the time authentication, the address information of the content reception apparatus 200 and the apparatus information unique to the content reception apparatus 200 are stored in the apparatus-information registration circuit 108 of the content transmission apparatus 100 as described above.
Thus, by saving the common key common to the content transmission apparatus 100 and the content reception apparatus 200 cataloged in the apparatus-information registration circuit 108 of the content transmission apparatus 100 instead of destroying it, it is not necessary to transmit an authentication request to the content reception apparatus 200 in order to again transmit a content.
After transmitting an acknowledgement to the content transmission apparatus 100 as an acknowledgement of a reception of the in-house confirmation request received from the content transmission apparatus 100, the content reception apparatus 200 transmits an in-house confirmation response. The content transmission apparatus 100 measures a time interval T3 between the transmission of the in-house confirmation request and a reception of the in-house confirmation response from the content reception apparatus 200. If the time interval T3 does not exceed a predetermined value, the content reception apparatus 200 is authenticated to be a reception apparatus existing at the same home as the content transmission apparatus 100. After inter-apparatus authentications are carried out mutually by the content transmission apparatus 100 and the content reception apparatus 200 in this way, the time authentications described above can be performed securely and accurately.
The protocol adopted in transmitting a content from the content transmission apparatus 100 to the content reception apparatus 200 is not limited to the specific one. Protocols adoptable in such transmission include an RTP (Real-Time Transport Protocol), an HTTP (Hyper Text Transfer Protocol) and an FTP (File Transfer Protocol). In a transmission of a content, the content is encrypted by using a common key in accordance with an encryption algorithm determined in advance and accommodated in a payload portion of a transfer protocol used in the transmission. As a typical encryption algorithm, it is possible to adopt an AES (Advanced Encryption Standard) algorithm, which is an algorithm of a widely known encryption technology.
As described above, in the second embodiment, the content transmission apparatus catalogs the address of a content reception apparatus, which has been authenticated by the content transmission apparatus, and the apparatus information unique to the content reception apparatus. Thus, in a transmission of another content to the content reception apparatus, the other content is merely encrypted without the need to carry out a time authentication on the content reception apparatus. That is to say, the time authentication that used to be carried out for each content reception can be eliminated.
Next, a third embodiment of the present invention is explained.
In accordance with the third embodiment of the present invention, for example, a portable terminal can be used to watch a content, which is transmitted from the content transmission apparatus 100, through the Internet.
Thus, even at a location where the relation T1>T holds true, the portable content reception apparatus 200c cataloged in the apparatus-information registration circuit 108 can be used to receive and watch a content transmitted from the content transmission apparatus 100 without the need to carry out a time authentication. In addition, apparatus that can be used to receive and watch a content transmitted from the content transmission apparatus 100 are limited to apparatus cataloged in the apparatus-information registration circuit 108. Thus, it is possible to implement copy protection for avoiding illegal copies of the content and to limit operations to legally watch the content and create legal copies of the content to a range of personal use.
In addition, a TCP packet is used for transmitting an authentication request, an authentication response indicating a result of the requested authentication and a content. In this case, a TTL (Time To Live) of the TCP packet or a transmitted IP packet accommodating a UDP data gram is set at a low value of typically 1 so that an authentication request will not pass through the router 400. In this way, it is possible to add a limitation for limiting the transmission of a packet to a range of personal use.
A fourth embodiment implements a content transmission apparatus 500 for transmitting a content by way of a wireless LAN and a content reception apparatus 600 for receiving the content.
Prior to mutual authentications between the content transmission apparatus 500 and the content reception apparatus 600, which are shown in
As described above, before a content is transmitted through the wireless LAN, the WEP processing is always carried out. As a result, it is possible to prevent a content from being illegally copied by another data reception apparatus, which is connected to the wireless LAN without awareness of the users of the content transmission apparatus 500 and the content reception apparatus 600.
Aspects other than what is described above are exactly the same as those of the content transmission methods adopted by the content transmission apparatus and the content reception apparatus, which are implemented by the first to third embodiments. Thus, it is possible to protect copyrights of contents by suppressing creations of illegal copies of the contents. As a result, it is possible to prevent a content from being transmitted beyond a range of personal use.
For example, the purchased PDA 800 is connected to the LAN inside the home and authentications with the content transmission apparatus 100 as well as the content transmission apparatus 500 are carried out. If the authentications carried out by the content transmission apparatus 100 and 500 are successful, the content transmission apparatus 100 and 500 catalog the address of the PDA 800 and a common key, which is used as apparatus information unique to the PDA 800, for apparatus-management purposes. Without cataloging the information relevant to the PDA 800, the PDA 800 used at a location outside the home would naturally be disallowed by a time authentication to receive a content transmitted by any of the content transmission apparatus 100 and 500, which are installed at locations inside the home. In accordance with the present invention, however, once the PDA 800 passed the time authentications carried out by the content transmission apparatus 100 and 500, the apparatus information of the PDA 800 is cataloged in the content transmission apparatus 100 and 500 so that the PDA 800 can be used for watching a content transmitted by any of the content transmission apparatus 100 and 500, which are installed at locations inside the home.
As described above, in accordance with the embodiments of the present invention, the content transmission apparatus authenticates a content reception apparatus at a request for an authentication and catalogs the address of the content reception apparatus as well as apparatus information unique to the content reception apparatus. Thus, it is possible to provide a content transmission apparatus and a content reception apparatus that are capable of implementing copy protection to avoid an illegal copy of a content when the content is transmitted from the content transmission apparatus to the content reception apparatus by way of a wire or wireless LAN and, in addition, also capable of limiting legal operations of watching a content and making copies of the content to a range of personal use of the content. In addition, it is needless to say that, by having the content reception apparatus authenticate the content transmission apparatus and catalog the address of the content transmission apparatus as well as apparatus information unique to the content transmission apparatus, the same effect can also be obtained. In addition, even though information transmitted through the network is a content such as image information and apparatus transmitting and receiving the content are a content transmission apparatus and a content reception apparatus respectively as described above, the present invention can of course be applied to information of a kind other than the image information and information-processing apparatus for outputting and inputting the information.
The present invention is capable of implementing copy protection to avoid an illegal copy of a content when the content is transmitted from the content transmission apparatus to the content reception apparatus by way of a wire or wireless LAN and, in addition, also capable of limiting legal operations of watching a content and making copies of the content to a range of personal use of the content.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2004-008622 | Jan 2004 | JP | national |
