U.S. patent application number 11/017049 was filed with the patent office on 2005-06-30 for contents managing method and contents managing apparatus.
This patent application is currently assigned to Kabushiki Kaisha Toshiba. Invention is credited to Ishibashi, Yasuhiro, Kamibayashi, Toru, Kato, Taku, Tamura, Masafumi, Toma, Hideyuki, Yamada, Hisashi.
Application Number | 20050144138 11/017049 |
Document ID | / |
Family ID | 14879019 |
Filed Date | 2005-06-30 |
United States Patent
Application |
20050144138 |
Kind Code |
A1 |
Kamibayashi, Toru ; et
al. |
June 30, 2005 |
Contents managing method and contents managing apparatus
Abstract
A contents managing method of regulating a number of copied
contents storable on a storage medium includes giving a
predetermined number of copyable contents for each content,
recording the copied contents on the storage medium upon reception
of an instruction for copy recording on the storage medium when
there is a remainder in the number of copyable contents,
decrementing the number of copyable contents by "1" every time one
copied content is recorded on the storage medium at a time of
recording, and incrementing the number of copyable contents by "1"
every time one copied content is erased from the storage medium
upon reception of an instruction to erase the copied contents from
the storage medium.
Inventors: |
Kamibayashi, Toru;
(Chigasaki-shi, JP) ; Tamura, Masafumi;
(Chofu-shi, JP) ; Kato, Taku; (Kamakura-shi,
JP) ; Ishibashi, Yasuhiro; (Ome-shi, JP) ;
Yamada, Hisashi; (Yokohama-shi, JP) ; Toma,
Hideyuki; (Ome-shi, JP) |
Correspondence
Address: |
FINNEGAN, HENDERSON, FARABOW, GARRETT & DUNNER
LLP
901 NEW YORK AVENUE, NW
WASHINGTON
DC
20001-4413
US
|
Assignee: |
Kabushiki Kaisha Toshiba
|
Family ID: |
14879019 |
Appl. No.: |
11/017049 |
Filed: |
December 21, 2004 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11017049 |
Dec 21, 2004 |
|
|
|
09539416 |
Mar 30, 2000 |
|
|
|
6847950 |
|
|
|
|
Current U.S.
Class: |
705/57 |
Current CPC
Class: |
G06F 21/10 20130101 |
Class at
Publication: |
705/057 |
International
Class: |
G06F 017/60; H04K
001/00; G06F 012/16; G06F 013/00; H04L 009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Apr 30, 1999 |
JP |
11-124182 |
Claims
1-16. (canceled)
17. A contents managing method capable of controlling content
copying, comprising: providing a content to which a predetermined
number of allowable copies is allocated; decreasing the number of
allowable copies allocated to the content when the content is
copied onto a recording medium; and storing identification
information of the recording medium in a restricted memory area
that is accessible through security procedures when the content is
copied onto the recording medium.
18. The contents managing method according to claim 17, wherein the
decreasing includes decreasing the number of allowable copies
allocated to the content by "1" every time the content is copied
onto the recording medium.
19. The contents managing method according to claim 17, further
comprising: storing, in addition to the identification information
of the content, a corresponding checkout list having identification
information of the recording medium onto which the content has been
copied; and controlling checkout of the content by referring to at
least the stored identification information of the content and the
corresponding checkout list.
20. A contents managing method capable of controlling content
copying, comprising: providing a content to which a predetermined
number of allowable copies is allocated; decreasing the number of
allowable copies allocated to the content when the content is
copied onto a recording medium; and storing flag information, which
indicates whether the copied content on the recording medium is
movable, in a restricted memory area that is accessible through
security procedures.
21. The contents managing method according to claim 20, wherein the
decreasing includes decreasing the number of allowable copies
allocated to the content by "1" every time the content is copied
onto the recording medium.
22. The contents managing method according to claim 20, further
comprising: storing, in addition to the identification information
of the content, a corresponding checkout list having identification
information of the recording medium onto which the content has been
copied; and controlling checkout of the content by referring to at
least the stored identification information of the content and the
corresponding checkout list.
23. A contents managing method capable of controlling content
copying, comprising: providing a content to which a predetermined
number of allowable copies is allocated; and decreasing the number
of allowable copies allocated to the content when the content is
copied onto a recording medium, wherein the recording medium is one
of a first type of recording medium comprising an area for storing
identification information of the recording medium and a restricted
memory area that is accessible through security procedures, a
second type of recording medium comprising an area for storing
information of the recording medium and an unrestricted memory
area, and a third type of recording medium comprising an
unrestricted memory area, and wherein a type of the recording
medium is determined and a content regulation process based on the
type is performed when one of recording the content on the
recording medium, erasing the copied content on the recording
medium when the identification information of the recording medium
is stored in the restricted memory area, or reproducing the copied
content on the recording medium is executed.
24. The contents managing method according to claim 23, wherein the
decreasing includes decreasing the number of allowable copies
allocated to the content by "1" every time the content is copied
onto the recording medium.
25. The contents managing method according to claim 23, further
comprising: storing, in addition to the identification information
of the content, a corresponding checkout list having identification
information of the recording medium onto which the content has been
copied; and controlling checkout of the content by referring to at
least the stored identification information of the content and the
corresponding checkout list.
26. A contents managing apparatus capable of controlling content
copying, comprising: a storage device configured to provide a
content to which a predetermined number of allowable copies is
allocated; and a manager configured to decrease the number of
allowable copies allocated to the content when the content is
copied onto a recording medium, and to store identification
information of the recording medium in a restricted memory area
that is accessible through security procedures when the content is
copied onto the recording medium.
27. The contents managing apparatus according to claim 26, wherein
the manager decreases the number of allowable copies allocated to
the content by "1" every time the content is copied onto the
recording medium.
28. The contents managing apparatus according to claim 26, wherein
the manager is further configured to store, in addition to the
identification information of the content, a corresponding checkout
list having identification information of the recording medium onto
which the content has been copied, and to control checkout of the
content by referring to at least the stored identification
information of the content and the corresponding checkout list.
29. A contents managing apparatus capable of controlling content
copying, comprising: a storage device configured to provide a
content to which a predetermined number of allowable copies is
allocated; and a manager configured to decrease the number of
allowable copies allocated to the content when the content is
copied onto a recording medium, and to store flag information,
which indicates whether the copied content on the recording medium
is movable, in a restricted memory area that is accessible through
security procedures.
30. The contents managing apparatus according to claim 29, wherein
the manager decreases the number of allowable copies allocated to
the content by "1" every time the content is copied onto the
recording medium.
31. The contents managing apparatus according to claim 29, wherein
the manager is further configured to store, in addition to the
identification information of the content, a corresponding checkout
list having identification information of the recording medium onto
which the content has been copied, and to control checkout of the
content by referring to at least the stored identification
information of the content and the corresponding checkout list.
32. A contents managing apparatus capable of controlling content
copying, comprising: a storage device configured to provide a
content to which a predetermined number of allowable copies is
allocated; and a manager configured to decrease the number of
allowable copies allocated to the content when the content is
copied onto a recording medium, and wherein the recording medium is
one of a first type of recording medium comprising an area for
storing identification information of the recording medium and a
restricted memory area that is accessible through security
procedures, a second type of recording medium comprising an area
for storing information of the recording medium and an unrestricted
memory area, and a third type of recording medium comprising an
unrestricted memory area, and the manager is further configured to
determine a type of the recording medium and perform a content
regulation process based on the type when executing one of
recording the content on the recording medium, erasing the copied
content on the recording medium, or reproducing the copied content
on the recording medium.
33. The contents managing apparatus according to claim 32, wherein
the manager decreases the number of allowable copies allocated to
the content by "1" every time the content is copied onto the
recording medium.
34. The contents managing apparatus according to claim 32, wherein
the manager is further configured to store, in addition to the
identification information of the content, a corresponding checkout
list having identification information of the recording medium onto
which the content has been copied, and to control checkout of the
content by referring to at least the stored identification
information of the content and the corresponding checkout list.
Description
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application is based upon and claims the benefit of
priority from the prior Japanese Patent Application No. 11-124182,
filed Apr. 30, 1999, the entire contents of which are incorporated
herein by reference.
BACKGROUND OF THE INVENTION
[0002] The present invention relates to a contents managing method
for regulating the number of replicated contents, such as music
pieces and movies, that can be stored on a storage medium, and a
contents managing apparatus which uses this method.
[0003] Conventionally, copy management has been performed on
contents (works or the like). The copyright protection and the
users' convenience have been balanced by managing the copy
generation and the number of copies.
[0004] The concept of "moving" has emerged as a replacement of the
copy management. Copying does not erase the original data, whereas
"moving" transfers data to a different location (medium) and erases
the original data. The copy protection by "moving" has appeared to
cope with the digitalization of contents and the popularity of
networks or the like.
[0005] As it recently becomes possible to copy originals with high
fidelity over a network or the like, the copy management alone
cannot guarantee adequate copyright protection. Further, it is not
possible to implement copyright control on unlimited moving of
contents from one medium to another, e.g., distribution of data (by
moving) for a business purpose.
BRIEF SUMMARY OF THE INVENTION
[0006] Accordingly, it is an object of the present invention to
provide a contents managing method which can protect the copyright
of contents by restricting the replication of contents by
regulating the number of copied contents that can be stored on a
storage medium, and a contents managing apparatus which uses this
method.
[0007] According to one aspect of the present invention, there is
provided a contents managing method for regulating a number of
copied contents storable on a storage medium, the method comprising
giving a predetermined number of copyable contents for each
content; recording the copied contents on the storage medium upon
reception of an instruction for copy recording on the storage
medium when there is a remainder in the number of copyable
contents; decrementing the number of copyable contents by "1" every
time one copied content is recorded on the storage medium at the
time of recording; and incrementing the number of copyable contents
by "1" every time one copied content is erased from the storage
medium upon reception of an instruction to erase the copied
contents from the storage medium.
[0008] The method may further comprise recording information
necessary to reproduce the copied contents in a secret area
provided in a memory area on the storage medium and accessible by
secret specific procedures.
[0009] The method may further comprise recording at least the
number of copyable contents for each content in a secret memory
area accessible by secret specific procedures.
[0010] The method may further comprise recording at least the
number of copyable contents for each content and identification
information of the storage medium having stored the copied contents
in a secret memory area accessible by secret specific procedures;
and erasing the copied contents from the storage medium only when
the identification information of the storage medium is stored in
the secret memory area.
[0011] The method may further comprise recording information
necessary to reproduce the copied contents and flag information
indicating whether or not the copied contents can be moved in a
secret area provided in a memory area on the storage medium and
accessible by secret specific procedures, at the time of recording
the copied contents on the storage medium; and determining if
moving of the copied contents is allowable by referring to the flag
information.
[0012] The method may further comprise interrupting a subsequent
process when a time needed for reading or writing of data to the
storage medium does not lie within a predetermined time.
[0013] In the method, the storage medium may be one of a first type
of storage medium having identification information of the storage
medium stored therein and having a secret area provided therein
which is accessible only by secret specific procedures, a second
type of storage medium which does not have the secret area but has
the identification information of the storage medium, and a third
type of storage medium which has neither the secret area nor the
identification information of the storage medium. In this case, at
the time of recording copied contents on the storage medium,
erasing copied contents from the storage medium or reproducing
copied contents stored on the storage medium, the type of the
storage medium is determined and then a process according to the
type is performed.
[0014] According to another aspect of the present invention, there
is provided a contents managing apparatus for regulating a number
of copied contents storable on a storage medium comprising contents
copy recording means for giving a predetermined number of copyable
contents for each content, recording the copied contents on the
storage medium upon reception of an instruction for copy recording
on the storage medium when there is a remainder in the number of
copyable contents, and decrementing the number of copyable contents
by "1" every time one copied content is recorded on the storage
medium at a time of recording; and contents copy moving means for
incrementing the number of copyable contents by "1", every time one
copied content is erased from the storage medium upon reception of
an instruction to erase the copied contents from the storage
medium.
[0015] The apparatus may further comprise means for recording
information necessary to reproduce the copied contents in a secret
area provided in a memory area on the storage medium and accessible
by secret specific procedures.
[0016] The apparatus may further comprise means for recording at
least the number of copyable contents for each content in a secret
memory area accessible by secret specific procedures.
[0017] The apparatus may further comprise means for recording at
least the number of copyable contents for each content and
identification information of the storage medium having stored the
copied contents in a secret memory area accessible by secret
specific procedures; and means for erasing the copied contents from
the storage medium only when the identification information of the
storage medium is stored in the secret memory area.
[0018] The apparatus may further comprise means for recording
information necessary to reproduce the copied contents and flag
information indicating whether or not the copied contents can be
moved in a secret area provided in a memory area on the storage
medium and accessible by secret specific procedures; and means for
determining if moving of the copied contents is allowable by
referring to the flag information.
[0019] The apparatus may further comprise means for interrupting a
subsequent process when a time needed for reading or writing of
data to the storage medium does not lie within a predetermined
time.
[0020] The apparatus may further comprise discrimination means for
determining which one of a first type of storage medium having
identification information of the storage medium stored therein and
having a secret area provided therein which is accessible only by
secret specific procedures, a second type of storage medium which
does not have the secret area but has the identification
information of the storage medium, and a third type of storage
medium which has neither the secret area nor the identification
information of the storage medium the storage medium is, at a time
of recording copied contents on the storage medium, erasing copied
contents from the storage medium or reproducing copied contents
stored on the storage medium. In this case, this apparatus may
further comprise means for performing a process according to the
type of the storage medium determined by the discrimination
means.
[0021] Additional objects and advantages of the invention will be
set forth in the description which follows, and in part will be
obvious from the description, or may be learned by practice of the
invention. The objects and advantages of the invention may be
realized and obtained by means of the instrumentalities and
combinations particularly pointed out hereinafter.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING
[0022] The accompanying drawings, which are incorporated in and
constitute a part of the specification, illustrate presently
preferred embodiments of the invention, and together with the
general description given above and the detailed description of the
preferred embodiments given below, serve to explain the principles
of the invention in which:
[0023] FIG. 1 is a diagram exemplifying the structure of a music
contents usage managing system (LCM) which uses a contents managing
method of regulating the number of copied contents storable on a
storage medium according to one embodiment of the present
invention;
[0024] FIG. 2 is a diagram showing one example of the structure of
a memory area;
[0025] FIG. 3 is a diagram exemplifying the internal structure of a
recording/reproducing apparatus (PD);
[0026] FIGS. 4A to 4C are diagrams for explaining the
characteristics of three types of storage media;
[0027] FIG. 5 is a diagram exemplifying the internal structure of a
media interface (I/F) section;
[0028] FIG. 6 is a diagram for explaining the recorded contents on
a storage medium after checkin;
[0029] FIGS. 7A to 7C are diagrams showing a storage example of a
guest book stored in a secret area in the LCM;
[0030] FIGS. 8A and 8B are diagrams showing another storage example
of the guest book stored in the secret area in the LCM;
[0031] FIG. 9 is a flowchart for explaining a checkin/checkout
routine, illustrating procedures from the determination of the type
of a storage medium to the selection of a process according to that
type;
[0032] FIG. 10 is a diagram for explaining checkout procedures when
the type of the storage medium is level 2;
[0033] FIG. 11 is a diagram for explaining checkin procedures when
the type of the storage medium is level 2;
[0034] FIG. 12 is a diagram for explaining playback procedures when
the type of the storage medium is level 2;
[0035] FIG. 13 is a diagram for explaining checkout procedures when
the type of the storage medium is level 1;
[0036] FIG. 14 is a diagram for explaining playback procedures when
the type of the storage medium is level 1;
[0037] FIG. 15 is a diagram for explaining checkout procedures when
the type of the storage medium is level 0;
[0038] FIG. 16 is a diagram for explaining checkin procedures when
the type of the storage medium is level 0;
[0039] FIG. 17 is a diagram for explaining playback procedures when
the type of the storage medium is level 0;
[0040] FIGS. 18A to 18C are diagrams showing a further storage
example of the guest book which is stored in the secret area in the
LCM and includes a flag;
[0041] FIG. 19 is a flowchart for schematically explaining a
checkin routine using a flag;
[0042] FIG. 20 is a diagram for explaining authentication
procedures using a public-key encryption algorithm;
[0043] FIG. 21 is a diagram exemplifying the architecture of a
system in the case where copied contents are recorded on a storage
medium over a network;
[0044] FIG. 22 is a diagram exemplifying the internal structure of
a timeout determining section;
[0045] FIG. 23 is a flowchart for explaining one example of a
timeout determining routine;
[0046] FIG. 24 is a diagram for explaining a file system which
constitutes the secret area;
[0047] FIG. 25 is a flowchart for explaining the operation of a
secret-area driver; and
[0048] FIG. 26 is a flowchart for explaining the operation of the
secret-area driver when sector allocation is updated.
DETAILED DESCRIPTION OF THE INVENTION
[0049] A preferred embodiment of the present invention will now be
described with reference to the accompanying drawings.
[0050] FIG. 1 is a diagram exemplifying the structure of a music
contents usage managing system (which will hereinafter be simply
called "LCM" occasionally) that uses a contents managing method of
regulating the number of copied contents storable on a storage
medium according to this embodiment. Although music pieces are used
here as one example of contents, contents are not limited to this
particular type but may be movies, game software, etc. as well. A
storage medium is not limited to a memory card (MC), which is used
in this embodiment, but various other kinds of storage media such
as a floppy disk and DVD may be used as well.
[0051] An EMD (Electronic Music Distributor) is a music
distributing server or a music distribution broadcasting
station.
[0052] A contents usage managing system 1 is, for example, a
personal computer (PC) and comprises receiving sections #1 to #3
association with a plurality of EMDs (EMDs #1 to #3 in this
example). The contents usage managing system 1 receives encrypted
contents distributed by each EMD or the license of the contents (a
usage condition and an encrypted-contents decryption key) or the
like. The receiving sections #1 to #3 may have a playback
capability and/or a charging capability. The playback capability is
used to listen to distributed music contents. The charging
capability is used in purchasing desirable contents.
[0053] The LCM 1 further comprises a secure contents server (secure
music server (SMS) in this example) 2, which will hereinafter be
simply called "SMS" occasionally. Any content purchased by a user
is stored in the SMS 2 via an EMD interface (I/F) section 3. As
needed, the EMD I/F section 3 decrypts a music content, and
performs format conversion or re-encryption. When the SMS 2
receives an encrypted content, the SMS 2 stores it in a music data
storage section 10 and stores a music-data decryption key in a
license storage section 9. The SMS 2 may have a playback
capability, which can allow the SMS 2 to playback a music content
it manages on a PC.
[0054] The SMS 2 has a capability of outputting contents data to a
medium (which will hereinafter be simply called "MC" (Memory Card)
occasionally) 13. The MC 13 can be loaded into a
recording/reproducing apparatus (which will hereinafter be simply
called "PD" (Portable Device) occasionally) 12 to playback the
contents recorded in the MC 13.
[0055] Recording contents in the MC 13 from the SMS 2 can be
carried out directly via a media (MC) interface (I/F) section 6 or
can be performed via the PD 12.
[0056] The MC 13 has an unrewritable identification (ID)
information (MID) specific to that medium, and any content stored
in the MC 13 is encrypted with a contents decryption key which
depends on the MC 13.
[0057] The contents decryption key is encrypted with an encryption
key Kp stored inside the media I/F section 6 and the PD 12 and the
encrypted key is then recorded in the MC 13.
[0058] The contents and the contents decryption key in the MC 13
can be copied to any separate storage medium (hereinafter referred
to as MCb) with the following restrictions.
[0059] 1. Since the legitimate PD 12 alone has the encryption key
Kp, only the legitimate PD 12 can play back the contents stored in
the MCb.
[0060] 2. Because the ID information MID of the MC 13 cannot be
copied, however, the ID information MID of the MCb differs from the
ID information MID of the MC 13 which has made the copy, eventually
disabling adequate reproduction of the contents copied in the MCb.
That is, multiple copying of the copied contents recorded in the MC
13 from one MC to another is prevented.
[0061] The above has described the conventional structure of the
LCM 1. A method and structure according to this embodiment will now
be discussed.
[0062] To begin with, checkin/checkout will be discussed with
respect to the LCM 1 in FIG. 1.
[0063] "Checkout" is the action of the LMS 1 which holds a "parent"
content to copy its replica as a "child" content into the MC 13.
While the "child" content can be freely played back on the PD 12,
it is prohibited to create a "grandchild" content from the "child"
content. The number of "children" the "parent" can produce is
defined as the attribute of the "parent". "Checkin" is to connect,
for example, the MC 13 to the LCM 1 and cause the LCM 1 to erase
(or disable the use of) a "child" content. This action can allow a
"parent" content in the LCM 1 to regain the right to produce one
"child" content. This is also called "checkin to "parent"".
[0064] When one attempts to accomplish this checkin/checkout simply
by the conventional LCM 1, the following attack actually occurs. A
"child" stored in the MC 13 is saved on a separate storage medium
(excluding MID), and the "child" in the MC 13 is let to check in
the "parent". Next, the previously saved "child" is written back
into the MC 13. Because checkin has already been finished, the
"parent" on the LCM 1 may copy a "child" in another MC 13. This
scheme can permit production of any number of "children".
[0065] This "attack" can be dealt with by performing authentication
at the time of transferring data between the MC 13 and the LCM 1.
Specifically, supposing that the MC 13 does not accept data
transfer from an illegitimate LCM 1 and the LCM 1 does not accept
data transfer from an illegitimate MC 13, a "child" in the MC 13
cannot be saved in a separate recording medium. It is also
impossible to make an unauthorized checkin. The above "attack" can
therefore be avoided.
[0066] Actually, however, checkin/checkout cannot be accomplished
even on the premise that authentication between the LCM 1 and the
MC 13 is made because the following "attack" is possible. First,
with no "child" produced from a "parent" on the LCM 1, data on the
LCM 1 (particularly, information in the license storage section 9)
is backed up in a separate storage medium. After a "child" is
copied in the MC 13, the backed-up data of the LCM 1 is restored.
Because the "parent" on the LCM 1 returns to the state of before
the production of the "child", it is possible to produce a "child"
in another MC 13. Any number of "children" can be created this
way.
[0067] A description will now be given of a problem other than
those which arise in accomplishing checkin/checkout. This problem
is concerned with recording to the MC 13 over a predetermined
communications path such as the Internet. The Internet distribution
authorized by an EMD is the legitimate distribution that is made
upon permission by a copyright owner and thus raises no problem.
But, contents may be recorded in the MC 13 via the Internet in the
manner that is illustrated in FIG. 21. A communications section 201
on a personal computer (PC) in FIG. 21 is merely relaying a write
protocol to the MC 13. The LCM 1 cannot distinguish the PD 12 that
is directly connected to the PC #2 which is activated by this LCM 1
from a PD 12 connected to the PC #2 that is activated by an LCM 1
which is remotely connected via the communications section 201.
This makes it possible to carry out (illegitimate) distribution of
contents via a network such as the Internet.
[0068] Means or the like for regulating checkin/checkout and the
recording of contents into the MC 13 over a network, which is
subject matter of the present invention, will now be described in
order of the items listed below.
[0069] 1. Checkin/checkout
[0070] (1-1) Checkin/checkout
[0071] (1-2) Checkin/checkout of Copied Contents Using MC of Level
2
[0072] (1-3) Guest Book-oriented Management of Copied Contents
[0073] (1-4) Playback of Copied Contents Stored in MC of Level
1
[0074] (1-5) Checkin/checkout of Copied Contents and Playback of
Copied Contents Using MC of Level 1
[0075] (1-6) Checkin/checkout of Copied Contents and Playback of
Copied Contents Using MC of Level 0
[0076] 2. Means for Regulating Recording of Copied Contents in MC
over Network
[0077] 3. Secret Area
[0078] (Checkin/Checkout)
[0079] To accomplish checkin/checkout, an area (secret area) which
cannot be read or written with known procedures is provided in the
memory area in the MC 13 and information needed to decrypt contents
is recorded in the secret area (see FIG. 2). In addition, an area
(secret area) which can be accessed only with secret procedures is
provided in the memory area in the LCM 1 (e.g., a hard disk (HDD)
when the LCM 1 is constructed by a PC) and a guest book to be
described later is stored in the secret area (see FIG. 2). Further,
an area (secret area) which can be accessed only with secret
procedures may be provided in the memory area in the PD 12 so that
information needed to decrypt contents is recorded there (see FIG.
2). In the following description, an area which is other than
secret areas and is accessible by ordinary procedures is called
"public area".
[0080] As shown in FIG. 1, The LCM 1 has a guest book storage
section 8 provided in the secret area and a secret-area driver 7
for reading data from the secret area after the SMS 2 carries out
secret specific procedures for accessing the guest book storage
section 8.
[0081] As shown in FIG. 4C, the MC 13 includes an ID-information
storage section 13b which is designed to be externally unwritable
and uncopyable and stores its ID information MID, a secret area
13c, a public area 13a and a switch (SW) 13e which opens the gate
so as to be accessible to the secret area 13c only when an
authentication section 13d, which carries out authentication every
time the secret area 13c is accessed, determines that the accessing
side is the legitimate. There are three types of MCs 13 usable in
this embodiment. The type of the MC 13 which has both ID
information MID and a secret area, as shown in FIG. 4C, is called
"level 2". The type of the MC 13 which does not have a secret area
but ID information MID, as shown in FIG. 4B, is called "level 1".
The type of the MC 13 which has neither ID information MID nor a
secret area, as shown in FIG. 4C, is called "level 0". Level 0 can
be distinguished from the other types depending on whether or not
the MC 13 has ID information MID. Further, level 1 and level 2 can
be distinguished from each other based on the structure of the ID
information MID. For example, when ID information is a series of
values, it is level 2 if the value is equal to or greater than a
predetermined value.
[0082] The following description will be given of the MC 13 of
level 2 unless otherwise specified.
[0083] This MC 13 may be loaded either into the PD 12 connected to
the LCM 1 or into the LCM 1 directly.
[0084] FIG. 3 exemplifies the structure of the PD 12 in which
example the MC 13 is loaded in the a media interface (I/F) section
12f. In the case where the LCM 1 reads or writes data to the MC 13
via the PD 12, the secret area in the MC 13 is accessed via a
secret-area accessing section in the PD 12. The media I/F section
12f has the secret-area accessing section for accessing the secret
area in the MC 13. The secret area in the PD 12 may be provided in
a flash memory 12d. Written in a ROM 12c are a program for carrying
out mutual authentication with the MC 13 and a program for
discriminating the type of the MC 13. Those programs carry out
processes, such as mutual authentication between the PD 12 and the
MC 13 and discrimination of the type of the MC 13, under the
control of a CPU 12a.
[0085] FIG. 5 shows the structure of the media I/F section 6, which
comprises an authentication section 6c which performs mutual
authentication with the MC 13, a media discriminating section 6b
which discriminates the type of the MC 13, and a control section 6a
which performs the general control of the former two sections. The
authentication section 6c is a secret-area accessing section for
accessing to the secret area in the MC 13.
[0086] The guest book which is stored in the secret area in the LCM
1 will now be discussed.
[0087] Every music content that is held in the SMS 2 has a content
ID (TID) which is ID information to identify that music content and
a predetermined number of copyable contents or the number of
remaining children and a checkout list as attribute information.
This attribute information is referred to as a guest book. The
guest book is recorded in the guest book storage section 8 provided
in the secret area in the form as illustrated in FIG. 7A.
[0088] In FIG. 7A, the number of remaining children of, for
example, a content ID "TID1" is "2" and its checkout list is
L1.
[0089] The checkout list is a list of ID information of the MC 13
which has recorded copied contents (children). In FIG. 7A, for
example, it is apparent from the checkout list L1 that children of
the content which has the content ID "TID1" have checked out from
two MCs 13 having ID information of "m1" and "m2".
[0090] (Checkin/Checkout of Copied Contents Using MC of Level
2)
[0091] Next, checkin/checkout using the MC 13 of level 2 which has
the structure as shown in FIG. 4C will be discussed with reference
to FIGS. 9 to 11.
[0092] When the MC 13 is loaded into the media I/F section 6 of the
LCM 1 or into the PD 12, mutual authentication is carried out
between the media I/F section 6 and the MC 13 or between the PD 12
and the MC 13 (step S1 in FIG. 9). When both sections have
determined that the other is legitimate (step S2), the media I/F
section 6 or the PD 12 discriminates the type of the MC 13 based on
the ID information MID read from the MC 13 (step S3). As the type
of the MC 13 is level 2 here, the media I/F section 6 or the PD 12
carries out a checkin/checkout routine according to that type (step
S6).
[0093] Referring to FIG. 10, a description will now be given of the
case where a checkout instruction is given to the SMS 2 via a user
interface (I/F) section 15 of the LCM 1 or via the PD 12. The SMS 2
checks the number of remaining children, n, of a content (e.g., the
one whose content ID is "TID1") for which a request for checkout
from the guest book has been made (step S101). When n>0, the SMS
2 performs mutual authentication with the MC 13 if needed (step
S102). When their legitimacy is mutually verified, the SMS 2 asks
the MC 13 to transfer its ID information MID (e.g., MID=m0) (step
S103).
[0094] The SMS 2 generates a random number r and generates an
encryption key w using this random number r, the ID information m0
of the MC 13 and a key generating algorithm W that the legitimate
MC 13 and the LCM 1 share. The key generating algorithm W uses two
arguments (r and m0 in this example) and serves to change the
encryption key w each time. The SMS 2 further encrypts a contents
decryption key K(C) for decrypting the encrypted content using both
an encryption key Kp, which the MC 13 and the LCM 1 share, and the
previously generated encryption key w. This contents decryption key
is expressed by w[Kp[k(C)]]. The SMS 2 also encrypts a content C
with a key K(C). The encrypted content is expressed by K(C)[C]
(step S104).
[0095] After making a folder having the name of "TID1", for
example, in the memory area in the MC 13 (step S105), the SMS 2
writes the encrypted content K(C)[C] and the encrypted contents
decryption key w[Kp[k(C)]] in the public area in that folder (steps
S106 and S107).
[0096] Then, the SMS 2 performs mutual authentication with the MC
13 in order to access the secret area 13c of the MC 13, and writes
the random number r in an area corresponding to the folder "TID1"
in the secret area 13c when the gate to the secret area 13c is
opened as a result of their legitimacy being mutually verified
(steps S108 to S109). When this process is completed, the gate that
has enabled access to the secret area 13c is closed by the switch
13e. It is desirable that the route up to the transfer of the
random number r to the secret area 13c in step S108 be protected by
carrying out a process, such as encrypting the random number r.
[0097] Finally, the SMS 2 subtracts "1" from the number of
remaining children n of the content having the content ID of "TID1"
for which the request for checkout from the guest book has been
made and adds the ID information "m0" of the MC 13 to the checkout
list L1 as shown in FIG. 7B (step S110).
[0098] FIG. 6 shows the recorded contents on the MC 13 when the
above-described routine is completed.
[0099] Referring to FIG. 11, a description will now be given of the
case where a checkin instruction is given to the SMS 2 via the user
I/F section 15 of the LCM 1 or via the PD 12.
[0100] The SMS 2 performs mutual authentication with the MC 13 if
needed (step S201). When their legitimacy is mutually verified, the
SMS 2 asks the MC 13 to transfer its ID information MID (e.g.,
MID=m0) (step S202).
[0101] The SMS 2 generates random numbers r1 and r2 when the ID
information of the MC 13, i.e., "m0", is registered in the checkout
list in the guest book of the content whose checkin request has
been made (e.g., the content has the content ID of "TID1") (step
S203). Then, the SMS 2 overwrites information stored in the area
that corresponds to the folder of this content (folder "TID1" in
this example) in the public area 13a of the MC 13 with the random
number r2 to erase it (step S204). The SMS 2 also performs mutual
authentication with the MC 13 in order to access the secret area
13c of the MC 13, and overwrites information in the area that
corresponds to the folder "TID1" in the secret area 13c of the MC
13 with the random number r1 to erase it (step S205). When this
process is completed, the gate that has enabled-access to the
secret area 13c is closed by the switch 13e. It is desirable that
the route up to the transfer of the random number r1 to the secret
area 13c in step S205 be protected by carrying out a process, such
as encrypting the random number r1.
[0102] Thereafter, the SMS 2 asks the MC 13 to transfer the values
of the individual areas after overwriting to verify the
overwriting-oriented erasure (step S206) and checks if the values
respectively match with the random numbers r1 and r2 (step S207).
When verifying the overwriting-oriented erasure, the SMS 2 erases
the folder "TID1" from the MC 13 (step S208).
[0103] Finally, as shown in FIG. 7C, the SMS 2 adds "1" to the
number of remaining children n of the content having the content ID
of "TID1" for which the request for checking in the guest book has
been made and deletes the ID information "m0" of the MC 13 from the
checkout list L1 (step S209).
[0104] The random number r recorded in the secret area 13c in the
MC 13 cannot be saved in a separate storage medium (because no
authentication-oriented legitimacy can be confirmed). After the
content having the ID information of "TID1" checks in, therefore,
the content restored in the MC 13 cannot be used. The guest book
that is stored in the secret area in the LCM 1 cannot be saved in a
separate recording medium (because no authentication-oriented
legitimacy can be confirmed). After the content having the ID
information of "TID1" checks out, therefore, the guest book cannot
be set back to the state of before the checkout. Apparent from the
above, the present invention provides an adequate countermeasure
against the aforementioned attack.
[0105] At the time of making checkin, from the viewpoint of
security, it is important to overwrite the contents of the secret
area in the MC 13 with a random number. It is only the legitimate
SMS 2 that can write data in the secret area in the MC 13. In other
words, the legitimate SMS 12 always writes data in the secret area
by taking security procedures. The legitimacy of the MC 13 is
guaranteed if writing through the security procedures succeeds.
That is, it is possible to prevent an illegitimate checking. To
enhance the security, the SMS 2 overwrites the information in the
secret area with a random number, then reads the contents of the
secret area (through the security procedures) and checks if the
contents are the overwritten random number.
[0106] (Guest Book-Oriented Management of Copied Contents)
[0107] The SMS 2 may check in a content whose title (content ID) is
not listed in the guest book. Alternatively, the SMS 2 may allow
checkin from a MC 13 which is not listed in the checkout list. In
this case, the guest book does not have a checkout list of the
individual contents. This is because the checkout list is to be
referred to for the purpose of preventing checkin from an
"innocent" MC 13. FIG. 8A shows the stored contents of the guest
book in this case.
[0108] As shown in FIG. 8A, the guest book of the individual
contents has only the content ID of each content and the number of
remaining children of that content registered therein.
[0109] Let us consider a case where a content having a content ID
of "TID7" checks in from the MC 13 which has the ID information
MID=m0. That is, a content whose content ID is "TID7" and which has
checked out from a separate SMS 2 is currently stored in the form
as shown in FIG. 6 in this MC 13.
[0110] The LCM 1 erases the stored contents of the secret area and
public area in the MC 13 and deletes the folder "TID7" without
going over step S203 of referring to the checkout list in the
procedures illustrated in FIG. 11. Then, registration of a new
content (TID7, 1) is made into the guest book.
[0111] If the LCM 1 checks in a content which is not listed in the
guest book, the following event, for example, becomes possible.
Suppose that a "parent" content the LCM 1 which is constructed by a
home PC stores can have two "children". The LCM 1 checks out one
"child" from the home PC with respect to the MC 13 and checks it in
to a friend's PC. This means that the "parent" the LCM 1 purchased
has reduced the number of producible "children" and has presented a
content to the friend.
[0112] If the LCM 1 is allowed to check in a content which is not
listed in the guest book, it is apparently possible to "move" a
"child" content via the LCM 1. While this function is convenient to
users, it also provides an opportunity to develop the market of
secondhand goods. Actually, the following transaction of used
contents can take place. A user purchases a new content from one
EMD and checks this content in the LCM 1 of a used-data dealer
after a short period of usage. At this time, this user can receive
money for the content. The used-data dealer sells the data to
another person who wants it at a price cheaper than the normal
price at the EMD.
[0113] The establishment of a "secondhand market" where the
copyright of contents cannot be controlled is not desirable to
copyright holders. To allow each copyright holder to control the
checkin to different LCMs 1, therefore, each content may be
provided with a checkout attribute flag f.
[0114] FIG. 18A shows the form of the guest book the LCM 1 has in
this case.
[0115] As shown in FIG. 18A, the guest book of the individual
contents has the content ID, the number of remaining children, the
checkout list and the checkout attribute flag f of each content
registered therein.
[0116] When the flag f is "1", the associated content can check out
from and check in another LCM 1. When the flag f is "0", however,
the associated content cannot at least check in another LCM 1.
[0117] Let us consider a case where a content having a content ID
of "TID6" checks out. First, the SMS 2 checks the guest book and
confirms that the checkout attribute flag of this content is "1".
In this example, it is assumed that with the flag value being "0",
the LCM 1 does not check out the content. When the flag f is "1",
the number of remaining children with the content ID of "TID6" in
the guest book is decremented by "1" by the same procedures as
illustrated in FIG. 10, so that this number becomes "1" (see FIG.
18B). It is to be noted that a checkout list L6 is empty (denoted
by ".phi.") and what is more, the flag f is "1" which allows the
associated content to check in an LCM 1 provided on another PC. The
guest book need not therefore have a checkout list. It is also to
be noted that the flag f is recorded together with the random
number r in the secret area in the MC 13.
[0118] Referring now to the flowchart shown in FIG. 19, a
description will be given of the case where the content having the
content ID of "TID6" checks in the same LCM 1 from which it has
checked out or checks in another LCM 1.
[0119] Through the procedures illustrated in FIG. 11, mutual
authentication is carried out between the MC 13 and the LCM 1 (step
S11) to acquire the ID information MID of the MC 13 (step S12).
[0120] Regardless of whether or not the content whose checkin
request has been made is registered in the guest book, the SMS 2
carries out the above-described security procedures on the secret
area 13c in the MC 13 (the gate to the secret area 13c is opened
after mutual authentication with the MC 13 is performed and their
legitimacy is verified) to read the flag f from the secret area 13c
(step S13). When the flag f is "1" (step S14), the SMS 2 executes
steps S204 to S208 in FIG. 11 (steps S15 to S16). When the flag f
is "0", the SMS 2 terminates the routine. Finally, when the content
is not registered in the guest book, new registration (TID6, 1,
.phi., 1) with the number of remaining children of that content
being set to "1" is made in the guest book, whereas when the
content is registered in the guest book, the number of remaining
children of that content is incremented by "1" (step S17).
[0121] (Playback of Copied Contents Stored in MC of Level 1)
[0122] Referring now to FIG. 12, a description will be given of how
to play back a copied content stored in the MC 13 of level 2 which
has the structure as shown in FIG. 4C. When the MC 13 is loaded
into the PD 12, the PD 12 asks the MC 13 to transfer its ID
information MID (e.g., MID=m0) (step S301). At this time, the type
of the MC 13 can be discriminated to be level 2 based on the ID
information MID=m0. Accordingly, the PD 12 reads out w[Kp[k(C)]]
from the secret area in the MC 13 (step S302). The PD 12 then
performs mutual authentication with the MC 13 to access the secret
area 13c of the MC 13, and reads a random number r from an area
corresponding to the folder "TID1" in the secret area 13c when the
gate to the secret area 13c is opened as a result of their
legitimacy being mutually verified (step S303). When this process
is completed, the gate that has enabled access to the secret area
13c is closed by the switch 13e.
[0123] The PD 12 generates an encryption key w using the ID
information "m0" of the MC 13 and the key generating algorithm W
that the legitimate MC 13 and the PD 12 share. The PD 12 decrypts a
contents decryption key K(C) from the encryption key w, the
encryption key Kp that the MC 13 and LCM 1 share, and w[Kp[k(C)]]
read from the MC 13 (step S304).
[0124] Then, the PD 12 reads an encrypted content K(C)[C] from the
public area in the MC 13 (step S305), decrypts the content C in a
decryption section 12g, decodes the decrypted content in a decoder
12h, converts the resultant digital signal to an analog signal in a
D/A conversion section 12i and plays back the music piece (step
S306).
[0125] (Checkin/Checkout of Copied Contents and Playback of Copied
Contents Using MC of Level 1)
[0126] Referring now to FIGS. 9 and 13, a description will be given
of checkin/checkout using the MC 13 of level 2 which has the
structure as shown in FIG. 4B. It is to be noted that the MC 13 of
level 1 has no secret area and cannot therefore make checkin.
[0127] The sequence of procedures from the point when the MC 13 is
loaded into the media I/F section 6 of the LCM 1 or into the PD 12
up to the discrimination of the type of the MC 13 are the same as
those in FIG. 9.
[0128] As the type of the MC 13 is level 1 here, the media I/F
section 6 or the PD 12 carries out a checkin/checkout routine
according to that type (step S5).
[0129] When an checkin instruction has been made to the SMS 2 via
the user I/F section 15 of the LCM 1 or via the PD 12, this
instruction is rejected as the type of the MC 13 has been
discriminated as level 1.
[0130] Referring now to FIG. 13, a description will be given of the
case where a checkout instruction is given to the SMS 2 via the
user I/F section 15 of the LCM 1 or via the PD 12.
[0131] The SMS 2 checks the number of remaining children, n, of a
content (e.g., the one whose content ID is "TID1") for which a
request for checkout from the guest book has been made (step S401).
When n>0, the SMS 2 performs mutual authentication with the MC
13 if needed (step S402). When their legitimacy is mutually
verified, the SMS 2 asks the MC 13 to transfer its ID information
MID (e.g., MID=m0) (step S403).
[0132] As in the case of level 2, the SMS 2 carries out generation
of a random number r, generation of an encryption key w, encryption
of a content key using the keys w and Kp and encryption of a
content C (step S404), and then creates a folder whose name is
"TID1", for example, in the memory area (only the public area in
this example) in the MC 13 (step S405). Then, the SMS 2 writes the
encrypted content K(C)[C], the encrypted contents decryption key
w[Kp[k(C)]] and the random number r in this folder (steps S406 to
S408).
[0133] Finally, the SMS 2 subtracts "1" from the number of
remaining children n of the content having the content ID of "TID1"
for which the request for checkout from the guest book has been
made and adds the ID information "m0" of the MC 13 to the checkout
list L1 as shown in FIG. 7B (step S409).
[0134] Referring now to FIG. 14, a description will be given of how
to play back a copied content stored in the MC 13 of level 1. When
the MC 13 is loaded into the PD 12, the PD 12 asks the MC 13 to
transfer its ID information MID (e.g., MID=m0) (step S501). At this
time, the type of the MC 13 can be discriminated to be level 1
based on the ID information MID=m0. Accordingly, the PD 12 reads
out w[Kp[k(C)]] and the random number r from the memory area (only
the public area) in the MC 13 (steps S502 to S503), and generates
an encryption key w using the random number r, the ID information
"m0" of the MC 13 and the key generating algorithm W that the
legitimate MC 13 and the PD 12 share. The PD 12 decrypts a contents
decryption key K(C) from the encryption key w, the encryption key
Kp that the MC 13 and LCM 1 share, and w[Kp[k(C)]] read from the MC
13 (step S504).
[0135] Then, the PD 12 reads an encrypted content K(C)[C] from the
memory area (only the public area) in the MC 13 (step S505),
decrypts the content C in the decryption section 12g, decodes the
decrypted content in the decoder 12h, converts the resultant
digital signal to an analog signal in the D/A conversion section
12i and plays back the music piece (step S506).
[0136] (Checkin/Checkout of Copied Contents and Playback of Copied
Contents Using MC of Level 0)
[0137] Referring now to FIGS. 9, 15 and 16, a description will be
given of checkin/checkout using the MC 13 of level 0 which has the
structure as shown in FIG. 4A.
[0138] The MC 13 of level 0 cannot perform checkin/checkout and
playback without using the PD 12. As this MC 13 does not have ID
information MID, the ID information PID of the PD 12 is used
instead in carrying out checkin/checkout.
[0139] The sequence of procedures from the point when the MC 13 is
loaded into the PD 12 up to the discrimination of the type of the
MC 13 are the same as those in FIG. 9.
[0140] As the type of the MC 13 is level 0 in this example, the PD
12 carries out a checkin/checkout routine according to that type
(step S4).
[0141] Referring now to FIG. 15, a description will be given of the
case where a checkout instruction is given to the SMS 2 via the PD
12.
[0142] The SMS 2 checks the number of remaining children, n, of a
content (e.g., the one whose content ID is "TID1") for which a
request for checkout from the guest book has been made (step S601).
When n>0, the SMS 2 performs mutual authentication with the PD
12 (step S602). When their legitimacy is mutually verified, the SMS
2 asks the PD 12 to transfer its ID information PID (step
S603).
[0143] As in the case of level 2, the SMS 2 carries out generation
of a random number r, generation of an encryption key w, encryption
of a content key using the keys w and Kp and encryption of a
content C (step S604). It is to be noted that the two arguments the
key generating algorithm W takes are r and PID.
[0144] Then, the SMS 2 creates a folder whose name is "TID1", for
example, in the memory area (only the public area in this example)
in the MC 13 (step S605). Then, the SMS 2 writes the encrypted
content K(C)[C], the encrypted contents decryption key w[Kp[k(C)]]
in this folder (steps S606 to S607).
[0145] The SMS 2 writes the random number r in the secret area in
the PD 12 (step S608). It is desirable that the route up to the
transfer of the random number r to the secret area of the PD 12 in
step S608 be protected by carrying out a process, such as
encrypting the random number r.
[0146] Finally, the SMS 2 subtracts "1" from the number of
remaining children n of the content having the content ID of "TID1"
for which the request for checkout from the guest book has been
made and adds the ID information "PID" of the PD 12 to the checkout
list L1 as shown in FIG. 7B (step S609).
[0147] Referring now to FIG. 16, a description will be given of the
case where a checkin instruction is given to the SMS 2 via the PD
12.
[0148] The SMS 2 performs mutual authentication with the MC 13
(step S701). When their legitimacy is mutually verified, the SMS 2
asks the PD 12 to transfer its ID information PID (step S702).
[0149] The SMS 2 generates random numbers r1 and r2 when the ID
information PID of the PD 12 is registered in the checkout list in
the guest book of the content whose checkin request has been made
(e.g., the content has the content ID of "TID1") (step S703). Then,
the SMS 2 overwrites information stored in the area that
corresponds to the folder of this content (folder "TID1" in this
example) in the public area 13a of the MC 13 with the random number
r2 to erase it (step S704). The SMS 2 also performs mutual
authentication with the PD 12 in order to access the secret area of
the PD 12, and overwrites information in the area that corresponds
to the folder "TID1" in the secret area 13c with the random number
r1 to erase it (step S705). When this process is completed, the
gate that has enabled access to the secret area of the PD 12 is
closed by the switch 13e. It is desirable that the route up to the
transfer of the random number r1 to the secret area 13c in step
S705 be protected by carrying out a process, such as encrypting the
random number r1.
[0150] Thereafter, the SMS 2 asks the MC 13 to transfer the value
after overwriting to verify the overwriting-oriented erasure or
reads the value of this area after overwriting from the secret area
of the PD 12 (step S706) and checks if the values respectively
match with the random numbers r1 and r2 (step S707). When verifying
the overwriting-oriented erasure, the SMS 2 erases the folder
"TID1" from the MC 13 (step S708).
[0151] Finally, as shown in FIG. 7C, the SMS 2 adds "1" to the
number of remaining children n of the content having the content ID
of "TID1" for which the request for checking in the guest book has
been made and deletes the ID information "PID" of the PD 12 from
the checkout list L1 (step S709).
[0152] Referring now to FIG. 17, a description will be given of how
to play back a copied content stored in the MC 13 of level 0. When
the MC 13 is loaded into the PD 12, the PD 12 asks the MC 13 to
transfer its ID information MID but the MC 13 does not have ID
information, so that the PD 12 can discriminate that the type of
the MC 13 is level 0. Accordingly, the PD 12 reads out w[Kp[k(C)]]
from the memory area (only the public area) in the MC 13 (step
S801), and generates an encryption key w using the ID information
"PID" of the PD 12 itself, the random number r stored in the secret
area of the PD 12 and the key generating algorithm W. The PD 12
then decrypts a contents decryption key K(C) from the encryption
key w, the encryption key Kp and w[Kp[k(C)]] read from the MC 13
(step S802).
[0153] Then, the PD 12 reads an encrypted content K(C)[C] from the
memory area (only the public area) in the MC 13 (step S803),
decrypts the content C in the decryption section 12g, decodes the
decrypted content in the decoder 12h, converts the resultant
digital signal to an analog signal in the D/A conversion section
12i and plays back the music piece (step S804).
[0154] (Means for Regulating Recording of Copied Contents in MC
over Network)
[0155] To overcome the second conventional problem or to regulate
recording of a content to the MC 13 over a network, a timeout
discriminating section 4 is provided in the present invention as
shown in FIG. 1.
[0156] The timeout discriminating section 4 sets a given
restriction time and interrupts the sequence of procedures of
reading and/or writing to the MC 13 when the sequence is not
finished within the restriction time. Because communications over a
network usually takes a considerably longer time than
communications to a device which is directly connected, the timeout
capability can cope with illegitimate copying over the network. It
is also possible to use band restriction. Assuming that the band of
communications with the device is constant, it is possible to
compute the upper limit of the time need to transfer a certain size
of data to the device. When the actual transfer time exceeds the
computed time, the routine is interrupted.
[0157] The above will be discussed below more specifically
referring to the structure of the timeout discriminating section 4
shown in FIG. 22 and the flowchart shown in FIG. 23. Suppose that
the timeout time has been preset to t and the communication
bandwidth between the LCM 1 and the PD 12 is b. The operation of
the timeout discriminating section 4 will be discussed with
reference to the case where checkout is made to the MC 13 that is
loaded into, for example, the PD 12.
[0158] When a reading/writing operation which is included in the
procedures of making checkout to the MC 13 that is loaded into the
PD 12 is initiated, the timeout discriminating section 4 receives a
decision start signal from the SMS 2 via a decision-start signal
input section 102 (step S20) and receives the size s of packet
data, which is exchanged between the SMS 2 and the PD 12, from a
data-size input section 101 (step S21). A control section 105
acquires the current time T from a clock 107 via a time acquisition
section 106 (step S22). Accordingly, the control section 105
acquires a bandwidth b from a bandwidth storage section 108 (step
S23), computes an estimated end time T' (step S24) and stores this
estimated end time T' in an estimated-end-time storage section 111
(step S25).
[0159] The estimated end time T' can be acquired from an equation
T'=T+s/b using the bandwidth b and the data size s.
[0160] When the timeout discriminating section 4 receives a
decision-end signal from the SMS 2 via a decision-end signal input
section 103 at the same time as the reading/writing operation to
the MC 13 loaded in the PD 12 is finished (step S26), the control
section 105 reacquires the current time T (step S27) and compares
the difference between the previously computed estimated end time
T' and the current time T with the timeout time t (step S28). When
this difference is greater than the timeout time t, the control
section 105 determines that the decision result is "NG" (No Good)
and informs the SMS 2 of this decision result (step S30). If the PD
12 is connected to a PC #2 which is connected over a network to the
LCM 1 that is located in a PC #1 which is different from the PC #2
and performs checkout as illustrated in FIG. 21, the decision
result of "NG" is obtained so that the LCM 1 in the PC #1
interrupts the subsequent steps in the routine for making
checkout.
[0161] Alternatively, the decision result may be made "NG" when the
reading/writing operation has not been completed yet even after the
estimated end time T' has passed.
[0162] The timeout discriminating section 4 may operate in two
modes. One mode is taken when the data size s is input to the
data-size input section 101, and at this time, the timeout
discriminating section 4 computes the estimated end time T'=T+s/b
and stores it in the estimated-end-time storage section 111. Upon
reception of the decision-end signal, the timeout discriminating
section 4 compares the current time T with the time T' stored in
the estimated-end-time storage section 111. When the former time is
smaller than the latter, the timeout discriminating section 4
informs the SMS 2 of the decision result being OK. Otherwise, the
timeout discriminating section 4 informs the SMS 2 of the decision
result being "NG".
[0163] The other mode takes place when the decision-start signal is
input to the decision-start signal input section 102. In this mode,
the timeout discriminating section 4 stores the current time
T+timeout time t in the estimated-end-time storage section 111. The
operation for determining the timeout in this mode is the same as
that done in the first mode.
[0164] (Secret Area)
[0165] The LCM 1 of the present invention uses a secret area in
order to store a checkin/checkout guest book. When the LCM 1 is
constructed by a PC, this secret area is created on a hard disk
(HDD).
[0166] The secret area on the HDD will now be discussed below.
[0167] Normally, partitions are present on the HDD. Each partition
is recognized as one drive by the OS. Each partition contains a
plurality of sectors on which data is recorded. The data allocation
in the sectors is called a logical format. A file system generally
has a file allocation table on which the positions of individual
files and the directory on the sectors are recorded. The OS
acquires the position of a file to be accessed by referring to the
file allocation table, and accesses the target file. The physical
allocation of the sectors is called a physical format. The
individual partitions can have different physical formats. The
position of each sector can be identified by the head position. The
start position of each sector is identified by a magnetic mark.
[0168] The OS has a driver for the file system that the OS
supports. The driver identifies the physical format and logical
format of the file system, and can reach the file allocation table
or each file by going over the sectors in each partition and then
can read the contents of the file allocation table or the target
file or write data therein.
[0169] FIG. 24 shows the file system for constructing the secret
area according to the present invention. Although the ordinary file
system has sectors allocated at equal intervals, the present file
system does not employ such allocation. A sector allocation table
is located at the head of the first sector SC1. The sector
allocation table has sector positions recorded therein in the
following form.
[0170] Head position #2, head position #3, . . . , and head
position #n respectively indicate the positions of the second
sector SC2, the third sector SC3, . . . , and the n-th sector
SCn.
[0171] The sector allocation table is encrypted. The key that
decrypts this encryption depends on an ID specific to the system.
The system's specific ID may be the ID of the OS, the ID of the
BIOS or the ID of the CPU.
[0172] Further, a file allocation table FT is located at the head
of the second sector SC2 in the following form.
[0173] (file 1, (sector number, intra-sector position))
[0174] (file 2, (sector number, intra-sector position))
[0175] .
[0176] .
[0177] .
[0178] The intra-sector position is the number of bytes from the
head of the associated sector. The file allocation table FT is also
encrypted. The key that decrypts this encryption likewise depends
on the specific ID of the system.
[0179] Access to the file system of the present invention is
executed by using a special driver (the secret-area driver 7 in
FIG. 1). FIG. 25 shows the operation of the secret-area driver 7.
This driver 7 has a capability of altering the sector allocation.
FIG. 26 illustrates the operation of the secret-area driver 7 at
the time of altering the sector allocation.
[0180] (Authentication)
[0181] The following will discuss an example of mutual
authentication which is carried out, for example, when the MC 13 is
loaded into the LCM 1 and an example of an authentication process
which is executed at the time of accessing to the secret area. This
authentication is the one that has conventionally been employed
using a public-key encryption technique, but the present invention
is in no way limited to this particular type.
[0182] A description will be given of authentication between two
devices (e.g., LCM 1 and MC 13) A and B in the case where A
authenticates B that tries to gain access to A, by referring to
FIG. 20.
[0183] In this case, the device A has a public key kp and the
device B, if capable of accessing the device A, holds a secret key
ks corresponding to the public key kp. When receiving a random
number R generated by the device A, the device B encrypts the
random number with the secret key ks (the encrypted number is
represented by ks[R]) and sends ks[R] back to the device A. The
device A decrypts ks[R] using the public key, and determines that
the device B is legitimate one if the decryption result matches
with the previously generated random number R.
[0184] Thereafter, the same procedures are performed on the device
A from the device B to thereby ensure mutual authentication. In
this case, the device B has a public key and the device A has a
secret key and encrypts the random number, generated by the device
B, by using the secret key. The device B decrypts the encrypted
random number using the public key and checks if the decryption
result matches with the previously generated random number.
[0185] As described in details, the present invention can
efficiently regulate the number of copied contents and can thus
adequately protect the copyright of contents.
[0186] Additional advantages and modifications will readily occur
to those skilled in the art. Therefore, the invention in its
broader aspects is not limited to the specific details and
representative embodiments shown and described herein. Accordingly,
various modifications may be made without departing from the spirit
or scope of the general inventive concept as defined by the
appended claims and their equivalents.
* * * * *