WO2002003654A1 - Content providing method, content providing server, and client terminal in a content providing infrastructure - Google Patents

Content providing method, content providing server, and client terminal in a content providing infrastructure Download PDF

Info

Publication number
WO2002003654A1
WO2002003654A1 PCT/JP2001/000646 JP0100646W WO0203654A1 WO 2002003654 A1 WO2002003654 A1 WO 2002003654A1 JP 0100646 W JP0100646 W JP 0100646W WO 0203654 A1 WO0203654 A1 WO 0203654A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
user
information associated
user terminal
content provider
Prior art date
Application number
PCT/JP2001/000646
Other languages
French (fr)
Inventor
Ken Kutaragi
Shinichi Okamoto
Keiso Shimakawa
Makoto Kubo
Yutaka Kagiwada
Original Assignee
Sony Computer Entertainment Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Computer Entertainment Inc. filed Critical Sony Computer Entertainment Inc.
Priority to AU2001232222A priority Critical patent/AU2001232222A1/en
Priority to EP01904309A priority patent/EP1297673A1/en
Publication of WO2002003654A1 publication Critical patent/WO2002003654A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00884Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a watermark, i.e. a barely perceptible transformation of the original data which can nevertheless be recognised by an algorithm
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • CONTENT PROVIDING METHOD CONTENT PROVIDING SERVER
  • the present invention relates to a system for providing a so-called digital content such as game software, video software, audio software, and a computer program, and more particularly, to a high-security system for providing such a content.
  • a widely-used conventional technique of acquiring a content via a network is to specify a digital content registered on a home page and download it onto a computer of a user.
  • a downloaded digital content can be copied onto a medium such as a floppy disk or an optical disk, and the copied data can be used on another computer.
  • the conventional technique has a problem that protection of the copyright of contents is not sufficient.
  • a content providing method comprising: a step in which when a content is transmitted to a user, an electronic water mark is embedded in the content and at least information associated with the user to whom the content is to be transmitted is added to the content; and a step in which when the content is executed, the information associated with the user who has received the content is checked at both transmitting and receiving ends, and the execution of the content is allowed if and only if the result of the checking indicates that the content is an authorized content.
  • a content providing server characterized in that: when a content is transmitted to a user, the content providing server embeds an electronic water mark in the content and adds at least information associated with the user to whom the content is to be transmitted to the content; and when the content is executed, the content providing server checks the information associated with the user to whom said content has been transmitted, and gives to the user permission to execute the content if and only if the result of the checking indicates that the content is an authorized content.
  • a client terminal in a content providing infrastructure characterized in that: the client terminal stores a content in which an embedded electronic watermark is embedded and to which at least information associated with a user is added; and when the content is executed, the content is executed in accordance with information which allows the content to be executed and which is supplied from a content providing server if and only if the information associated with the user to whom the content has been provided indicates that the content is an authorized content.
  • a content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; and a network for connecting the at least one user terminal to the content provider, wherein the content provider includes a user database for registering, in advance, information associated with a user received from the at least one user terminal; when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; when the content transmitted from the content provider is executed at the user terminal, the user terminal checks whether the information associated with the user included in the content is consistent with the information stored in the user terminal; and in accordance with the result of the checking performed at the user terminal, the content provider determines whether to transmit a content execution permission command to
  • a content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; and a network for connecting the at least one user terminal to the content provider, wherein the content provider includes a user database for registering, in advance, information associated with a user received from the at least one user terminal; wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests said user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and when the content provided by the content provider is executed, the content provider requests the user terminal to resend the information associated with the user, checks whether the information associated with the user resent from the user terminal is consistent with the information registered in the user database, and then determines, in accordance with the result of the
  • the information associated with the user preferably includes at least a user name, a password, and a device ID uniquely assigned to a device of the user.
  • the content provider when the information associated with a user received from a user terminal is registered, in advance, in the user database of the content provider, the content provider transmits to the user a card on which a card ID is stored; and the information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of the user, and the card ID.
  • the content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in the content, and, when the content provider receives from a user terminal a request for providing a particular content, the content provider transmits the requested content after combining the requested content with the information associated with the user and with the electronic watermark; and the content execution permission command transmitted from the content provider serves to remove the electronic watermark.
  • a content provider connected to at least one user terminal via a network, the content provider comprising: a content server which stores plural kinds of digital contents; a user database for registering, in advance, information associated with a user received from the at least one user terminal, wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with said user is consistent with the information registered in the user database; and when the content transmitted from the content provider is executed, checking is performed as to whether the information associated with the user included in the content is consistent with the information stored in the user terminal, and the content provider determines, in accordance with the result of the checking, whether to transmit a content execution permission command to the user terminal.
  • a content provider connected to at least one user terminal via a network, the content provider comprising: a content server which stores plural kinds of digital contents; a user database for registering, in advance, information associated with a user received from the at least one user terminal, wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and when the content transmitted from the content provider is executed, the content provider requests the user terminal to resend the information associated with the user, checks whether the information associated with the user resent from the user terminal is consistent with the information registered in the user database, and then determines, in accordance with the result of the checking, whether to transmit a content execution permission command to the user terminal.
  • the information associated with the user preferably includes at least a user name, a password, and a device ID uniquely assigned to a device of the user.
  • the content provider when the information associated with a user received from a user terminal is registered, in advance, in the user database of the content provider, the content provider transmits to the user a card on which a card ID is stored; and the information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of the user, and the card ID.
  • the content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in the content, and, when the content provider receives from a user terminal a request for providing a particular content, the content provider transmits the requested content after combining the requested content with the information associated with the user and with the electronic watermark; and the content execution permission command transmitted from the content provider serves to remove the electronic watermark.
  • a content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, and a network for connecting the at least one user terminal to the content provider, the content providing method comprising: a step of registering, in advance, information associated with a user received from the at least one user terminal in a user database of the content provider; a step in which when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; a step in which when the content transmitted from the content provider is executed at the user terminal, the user terminal checks whether the information associated with the user included in the content is consistent with the information stored in the user terminal; and a step in which, in accordance with the result of the checking performed at the user terminal,
  • a content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, a network for connecting the at least one user terminal to the content provider, the content providing method comprising: a step of registering, in advance, information associated with a user received from the at least one user terminal in a user database of the content provider; a step in which when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and a step in which when the content transmitted from the content provider is executed, the content provider requests the user terminal to resend the information associated with the user and transmits a content execution permission command to the user terminal after checking that the information associated with the user resent from the user terminal is consistent with the information
  • Fig. 1 is a general block diagram illustrating a system for providing a content
  • Fig. 2 is a schematic diagram illustrating the structure of data to be provided and also illustrating elements thereof;
  • Fig. 3 is a flow chart illustrating the operation which is performed by a content provider in response to a registration request issued by a user;
  • Fig. 4 is a flow chart illustrating the operation which is performed by the content provider in response to a request for downloading of a content
  • Fig. 5 is a flow chart illustrating the operation which is performed by a user terminal in response to a content execution start command
  • Fig. 6 is a flow chart illustrating the operation which is performed by the content provider when a content execution start command is issued by a user terminal
  • Fig. 7 is a flow chart illustrating the operation which may be alternatively performed by the content provider when a content execution start command is issued by a user terminal.
  • FIG. 1 is a general block diagram illustrating a system for providing a content.
  • a content provider 1 is connected to a large number of user terminals 15-1 to 15-N via a network 14.
  • the network 14 is preferably a broadband network such as a television cable network, an optical fiber network, and a broadband wireless network.
  • the content provider 1 includes an interface 2 for connection with the network
  • a security server 3 serving as a firewall server, a main processor 4, and a content server 5.
  • the main processor 4 includes security checking means 6 for checking the validity of user information supplied from the user terminals 15-1 to 15-N by comparing it with information stored in user database 12, a provider 7 for transmitting a content in the form of a series of data, registration means 8 for registering user information in the user database 12, ID issuing means 9 for issuing a card ID to a user who has issued a registration request, electronic watermark issuing means 10 for issuing an electronic watermark, a key issuing means 11 for issuing a key used to remove an electronic watermark from a content, and encryption means 13 for encrypting user information (such as a "user name" 31, "password” 32, "device ID” 33, and “card ID” 34 shown in Fig. 2 A) stored in the user database 12 and for embedding an electronic watermark in a content.
  • the content server 5 stores a large number of digital contents.
  • Each user terminal 15-1 to 15-N includes an interface 16 for connection with the network 14, an entertainment system 17 such as a game machine, a television monitor
  • a main data storage 22 a sub data storage 23, a controller 24, and a card reader 25 for reading a card ID stored on an IC card.
  • the main data storage 22 is preferably a high-capacity hard disk drive.
  • the sub data storage 23 is preferably a memory card having a security capability.
  • the controller 24 is a controller of a home-use game machine, a pointing device, or a keyboard.
  • the entertainment system 17 includes a content executing engine 18 for executing a content, a decoder 19 for decoding user information, and control means 20.
  • the decoder 19 may be realized by means of hardware or software embedded in a browser for browsing contents provided by the content provider through the network.
  • the control means 20 is realized using a CPU and a program installed on the main data storage 22.
  • the content provider 1 acquires the device ID of the user terminal (one of 15-1 to 15-N) of the user.
  • the content provider 1 issues a card
  • the provider including the content provider 1 sends an IC card on which the card IC is stored.
  • the content provider 1 When a request for a content is received from a user, the content provider 1 requests the user to send his/her user information (information associated with the user, including the user name, the password, the device ID, and the card ID of the user). The content provider 1 checks whether the user information received from the user is registered in the user database 12. If it is determined that the user information is registered in the user database 12, the content provider 1 accepts the request for the content.
  • the user name 31, the password 32, the device ID 33, and the card ID 34 are encrypted as shown in Fig. 2A and put in the header as shown in Fig. 2B. Furthermore, electronic watermarks 36 are embedded in the content 35. An SOD (start of data) code and an EOD (end of data) code are placed at the start and the end of the data to be transmitted. Thus, the content is transmitted in the form shown in Fig. 2B.
  • the data is received by the user terminal (one of the user terminals 15-1 to 15-N), the data is stored, in the form as received, into the main data storage 22.
  • the "electronic watermark” or “digital watermark” used in the present invention serves to prevent the digital content including the “electronic watermark” or “digital watermark” embedded therein from being directly executed.
  • the digital content can be executed only when the "electronic watermark” or "digital watermark” has been removed using particular "key information”.
  • the header 37 described above is first decoded, and it is checked whether the device ID 33 described in the header 37 is identical to the actual device ID of the user terminal (one of the user terminals 15-1 to 15-N) and whether the card ID 34 described in the header 37 is identical to the actual card ID described in the IC card of the user. If the checking is completed successfully, the user name, the password, the device ID, and the card ID are transmitted from the user terminal (one of 15-1 to 15-N) to the content provider 1.
  • the content provider 1 checks the validity of the received information by comparing the received information with the information stored in the user database. If it is determined that the received information is valid, the content provider 1 transmits key information used to remove the electronic watermark from the content. The electronic watermark embedded in the content is then removed using the key information, and thus it becomes possible to execute the content.
  • the checking of the validity of the device ID and the card ID may be performed by the content provider 1.
  • the content provider 1 may further request the user to return the electronic watermark embedded in the transmitted digital content and may check whether the returned electronic watermark is identical to that issued by the electronic watermark issuing means 10.
  • FIG. 3 is a flow chart illustrating the operation which is performed by the content provider in response to a registration request issued by a user.
  • step SI the registration means 8 determines whether a registration request is received. If yes, the process goes to step S2 and the registration means 8 requests a user terminal (one of 15-1 to 15-N), which has issued the registration request, to send the user name. In step S3, it is determined whether the user name has been received. If yes, the process goes to step S4 and the registration means 8 requests the user terminal to send the password. In step S 5, it is determined whether the password has been received. If yes, the process goes to step S6 to acquire the actual device ID.
  • the actual device ID refers to the ID uniquely assigned to and stored in the entertainment system 17 of each user terminal 15-1 to 15-N. Preferably, the actual device ID is stored in a ROM (not shown) or the sub data storage 23 of the entertainment system 17.
  • the user terminal (15-1 to 15- N) transmits its actual device ID.
  • step S7 the ID issuing means 9 issues a card ID.
  • step S8 the registration means 8 registers the user name, the password, the actual device ID, and the actual card ID in the user database 12.
  • step S9 a registration completion message is transmitted to the user terminal (one of 15-1 to 15-N).
  • the information representing the actual ID registered in the user database is referred to as the "device ID”.
  • the ID stored on the IC card and read via the card reader 25 is referred to as the "actual card ID”
  • the information representing the card ID registered in the user database is referred to as the "card ID”.
  • All device IDs may be stored in the database, and the registration may be refused if a received actual ID is not identical to any device ID stored in the database.
  • Fig. 4 is a flow chart illustrating the operation (content transmission) which is performed by the content provider in response to a content downloading request.
  • step S 10 the main processor 4 determines whether a downloading request
  • a user terminal one of 15-1 to 15-N. If yes, the process goes to step Sll, and the main processor 4 requests the user terminal (one of 15-1 to 15-N) to send its user name and password.
  • step SI 2 the security checking means 6 determines whether the received user name and password are identical to those registered in the user database 12. If yes, the process goes to step S14 and requests the user terminal to send its actual card ID, however, if no, then the process goes to step S13 and transmits to the user terminal (one of 15-1 to 15-N) a message indicating that the received user name or password is invalid.
  • step SI 5 the actual card ID transmitted from the user terminal (one of 15-1 to 15-N) is received.
  • the actual card ID is a card ID which is read by the card reader 25 when the user inserts the IC card in the card reader 25.
  • step SI 6 the security checking means 6 determines whether the actual card ID received from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step SI 8 and acquires the actual device ID from the user terminal (one of 15-1 to 15-N), however, if no, then the process goes to step S17 and transmits to the user terminal (one of 15-1 to 15-N) a message indicating that the received card ID is invalid.
  • step SI 9 the security checking means 6 determines whether the actual device ID acquired directly from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step S21 and searches the content server 5 for the content requested by the user, however, if no, then the process goes to step S20 and transmits the user terminal (one of 15-1 to 15-N) a message indicating that the received device ID is invalid.
  • step S22 the provider 7 reads the retrieved content from the content server 5.
  • step S23 the encryption means 13 embedded, into the content, the electronic watermark issued by the electronic watermark issuing means 10.
  • step S24 it is determined whether all the content has been read and the electronic watermark has been embedded. If the decision in step S24 is negative, the process returns to step S22. However, if the decision in step 24 is affirmative, the process goes to step S25.
  • step S25 the encryption means 13 encrypts the user information and puts the encrypted user information in the header.
  • step S26 the provider 7 transmits the content as a series of transmission data to the user terminal (one of 15- 1 to 15-N).
  • Fig. 5 is a flow chart illustrating the operation which is performed by a user terminal in response to a content execution start command.
  • step S30 the control means 20 of the user terminal (one of 15-1 to 15-N) determines whether a content execution start command has been issued by the user. If yes, the process goes to step S31, and the decoder 19 decodes the information described in the header 30 of the specified content stored in the main data storage 22 thereby extracting the user name, the password, the device ID, and the card ID.
  • step S32 the control means 20 reads the actual device ID from the entertainment system 17 and determines whether the actual device ID is identical to the device ID extracted by the decoder 19 from the header. If yes, the process goes to step S35 and displays a message on the television monitor 21 to request the user to read the actual card ID from the IC card using the card reader 25. However, the decision in step S32 is negative, the process goes to step S34 and displays a message on the television monitor 21 to inform the user that the device ID is invalid.
  • step S36 the control means 20 receives the actual card ID from the card reader 25 and determines whether the actual card ID is identical to the card ID decoded from the header. If yes, the process goes to step S38 and transmits the information decoded from the header together with the card ID read via the card reader to the content provider 1. However, if the decision in step S36 is negative, the process goes to step S40 and displays a message on the television monitor 21 to inform the user that the card ID is invalid.
  • step S39 the control means 20 determines whether a message indicating the permission of executing the content has been received from the content provider 1. If yes, the process goes to step S41 and receives key information transmitted from the content provider 1. However, if the decision in step S39 is negative, the process goes to step S40 and displays a message on the television monitor 21 to inform the user that the execution of the content is not permitted.
  • step S42 in accordance with the key information, the decoder 19 removes the electronic watermark from the content to be executed.
  • the control means 30 deletes the key information.
  • step S44 the content executing engine 18 starts executing the content. Note that the key information represents the data location where the electronic watermark is embedded.
  • Fig. 6 is a flow chart illustrating the operation which is performed by the content provider when a content execution start command is issued by a user terminal.
  • the content provider 1 issues a content start command to the user terminal 15 in accordance with the result of the checking. Alternatively, the following steps may be taken if desired.
  • step S50 the main processor 4 of the content provider 1 determines whether any of the user terminals 15-1 to 15-N is accessing the content provider 1. If yes, the process goes to step S51 and receives the header information including the decoded user name, password, device ID, and card ID from the user terminal (one of 15-1 to 15-N).
  • step S52 the security checking means 6 compares the received header information with the information registered in the user database 12.
  • step S53 it is determined whether the received header information is identical to the information registered in the user database 21. If yes, the process goes to step S55 and transmits key information to the user terminal (one of 15-1 to 15-N). However, if the decision in step S53 is negative, the process goes to step S54 and transmits, to the user terminal (one of 15-1 to 15-N) a message indicating that the execution of the content is not permitted because the received information is not identical to the information registered in the user database 12.
  • Fig. 7 is a flow chart illustrating the operation which may be alternatively performed, instead of the operation shown in Fig. 6, by the content provider when a content execution start command is issued by a user terminal.
  • the main processor 4 of the content provider 1 determines whether any of the user terminals 15-1 to 15-N is accessing the content provider 1. If yes, the process goes to step S61 and requests the user terminal (one of 15-1 to 15-N) to send the user name. Furthermore, in step S62, the main processor 4 requests the user terminal to send the password.
  • the security checking means 6 determines whether the user name and the password received from the user terminal (one of 15-1 to 15-N) are identical to those registered in the user database 12.
  • step S65 If yes, the process goes to step S65 and requests the user terminal to send the actual card ID read by the card reader from the IC card of the user. However, if the decision in step S63 is negative, the process goes to step S64 and transmits, to the user terminal, a message indicating that the user name or the password input by the user is invalid.
  • step S66 the security checking means 6 determines whether the actual card ID received from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step S68 and acquires the actual device ID from the user terminal (one of 15-1 to 15-N). Furthermore, it is determined whether the acquired actual device ID is identical to the device ID registered in the user database 12. However, if the decision in step S66 is negative, the process goes to step S67 and transmits a message to notify the user that the card ID is invalid.
  • step S69 it is determined whether the actual device ID received from the user terminal (one of 15-1 to 15-N) is identical to the user's device ID registered in the user database 12. If yes, the process goes to step S71 and compares the electronic watermark received from the user terminal (one of 15-1 to 15-N) with the electronic watermark issued by the electronic watermark issuing means 10. However, if the decision in step S69 is negative, the process goes to step S70 and the transmits a message indicting that the device ID is invalid.
  • step S72 it is determined whether the electronic watermark received from the user terminal (one of 15-1 to 15-N) is identical to the electronic watermark issued by the electronic watermark issuing means 10. If yes, the process goes to step S74 and transmits a content execution permission command to the user terminal (one of 15-1 to 15-N). However, if the decision in step S72 is negative, the process goes to step S73 and transmits, to the user terminal (one of 15-1 to 15-N), a message indicating that the execution of the content is not permitted because the electronic watermark is invalid.
  • the entertainment system 17 extracts the electronic watermark and transmits the extracted electronic watermark to the content provider 1.
  • the control means 20 does not issue a content execution start command to the content executing engine, unless the content execution permission command is received from the content provider 1.
  • the consistency of the device ID described in the content stored in the main data storage 22 with the device ID stored in the device itself is one of conditions which should be satisfied to execute the content, the content is prevented from being executed on another device even if the same main data storage 22 is attached to the that another device.
  • the use of the card ID stored on the IC card makes the security more reliable. It is not necessarily required to use all the user name, the password, the device
  • the checking of the device ID detected directly from the device or the card ID detected from the IC card may be performed by both the user terminal (15-1 to 15-N) and the content provider or may be perform only by either the user terminal (15-1 to 15-N) or by the content provider.
  • the present invention can prevent a download digital content to be used onto a media such a floppy disk or an optical disk and the copied data to be used on another computer.
  • the present invention can provide a system that the protection of the copyright of the contents is sufficient.

Abstract

A high-security content providing system is disclosed . The content providing system includes a content provider connected to a large number of user terminals via a network. A content including user information specific to a particular user and an electronic watermark embedded therein is transmitted from the content provider to a user terminal. When the content is executed on the user terminal, the user information and the electronic watermark are checked by the user terminal or by the content provider. The content is allowed to be executed only when the checking indicates that the content is an authorized content.

Description

DESCRIPTION
CONTENT PROVIDING METHOD, CONTENT PROVIDING SERVER, AND CLIENT TERMINAL IN A CONTENT PROVIDING INFRASTRUCTURE
FIELD OF THE INVENTION
The present invention relates to a system for providing a so-called digital content such as game software, video software, audio software, and a computer program, and more particularly, to a high-security system for providing such a content.
BACKGROUND OF THE INVENTION
A widely-used conventional technique of acquiring a content via a network is to specify a digital content registered on a home page and download it onto a computer of a user. In this conventional technique, a downloaded digital content can be copied onto a medium such as a floppy disk or an optical disk, and the copied data can be used on another computer. Thus, the conventional technique has a problem that protection of the copyright of contents is not sufficient.
SUMMARY OF THE INVENTION
It is an object of the present invention to solve the above-described problem.
According to an aspect of the present invention, there is provided a content providing method comprising: a step in which when a content is transmitted to a user, an electronic water mark is embedded in the content and at least information associated with the user to whom the content is to be transmitted is added to the content; and a step in which when the content is executed, the information associated with the user who has received the content is checked at both transmitting and receiving ends, and the execution of the content is allowed if and only if the result of the checking indicates that the content is an authorized content.
According to another aspect of the present invention, there is provided a content providing server characterized in that: when a content is transmitted to a user, the content providing server embeds an electronic water mark in the content and adds at least information associated with the user to whom the content is to be transmitted to the content; and when the content is executed, the content providing server checks the information associated with the user to whom said content has been transmitted, and gives to the user permission to execute the content if and only if the result of the checking indicates that the content is an authorized content.
According to still another aspect of the present invention, there is provided a client terminal in a content providing infrastructure, characterized in that: the client terminal stores a content in which an embedded electronic watermark is embedded and to which at least information associated with a user is added; and when the content is executed, the content is executed in accordance with information which allows the content to be executed and which is supplied from a content providing server if and only if the information associated with the user to whom the content has been provided indicates that the content is an authorized content.
According to still another aspect of the present invention, there is provided a content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; and a network for connecting the at least one user terminal to the content provider, wherein the content provider includes a user database for registering, in advance, information associated with a user received from the at least one user terminal; when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; when the content transmitted from the content provider is executed at the user terminal, the user terminal checks whether the information associated with the user included in the content is consistent with the information stored in the user terminal; and in accordance with the result of the checking performed at the user terminal, the content provider determines whether to transmit a content execution permission command to the user terminal.
According to still another aspect of the present invention, there is provided a content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; and a network for connecting the at least one user terminal to the content provider, wherein the content provider includes a user database for registering, in advance, information associated with a user received from the at least one user terminal; wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests said user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and when the content provided by the content provider is executed, the content provider requests the user terminal to resend the information associated with the user, checks whether the information associated with the user resent from the user terminal is consistent with the information registered in the user database, and then determines, in accordance with the result of the checking, whether to transmit a content execution permission command to the user terminal.
In the content providing system, the information associated with the user preferably includes at least a user name, a password, and a device ID uniquely assigned to a device of the user.
Preferably, in the content providing system, when the information associated with a user received from a user terminal is registered, in advance, in the user database of the content provider, the content provider transmits to the user a card on which a card ID is stored; and the information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of the user, and the card ID.
Preferably, in the content providing system, the content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in the content, and, when the content provider receives from a user terminal a request for providing a particular content, the content provider transmits the requested content after combining the requested content with the information associated with the user and with the electronic watermark; and the content execution permission command transmitted from the content provider serves to remove the electronic watermark.
According to still another aspect of the present invention, there is provided a content provider connected to at least one user terminal via a network, the content provider comprising: a content server which stores plural kinds of digital contents; a user database for registering, in advance, information associated with a user received from the at least one user terminal, wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with said user is consistent with the information registered in the user database; and when the content transmitted from the content provider is executed, checking is performed as to whether the information associated with the user included in the content is consistent with the information stored in the user terminal, and the content provider determines, in accordance with the result of the checking, whether to transmit a content execution permission command to the user terminal.
According to still another aspect of the present invention, there is provided a content provider connected to at least one user terminal via a network, the content provider comprising: a content server which stores plural kinds of digital contents; a user database for registering, in advance, information associated with a user received from the at least one user terminal, wherein when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and when the content transmitted from the content provider is executed, the content provider requests the user terminal to resend the information associated with the user, checks whether the information associated with the user resent from the user terminal is consistent with the information registered in the user database, and then determines, in accordance with the result of the checking, whether to transmit a content execution permission command to the user terminal.
In the content provider described above, the information associated with the user preferably includes at least a user name, a password, and a device ID uniquely assigned to a device of the user.
Preferably, in the content provider described above, when the information associated with a user received from a user terminal is registered, in advance, in the user database of the content provider, the content provider transmits to the user a card on which a card ID is stored; and the information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of the user, and the card ID. Preferably, in the content provider described above, the content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in the content, and, when the content provider receives from a user terminal a request for providing a particular content, the content provider transmits the requested content after combining the requested content with the information associated with the user and with the electronic watermark; and the content execution permission command transmitted from the content provider serves to remove the electronic watermark.
According to still another aspect of the present invention, there is provided a content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, and a network for connecting the at least one user terminal to the content provider, the content providing method comprising: a step of registering, in advance, information associated with a user received from the at least one user terminal in a user database of the content provider; a step in which when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; a step in which when the content transmitted from the content provider is executed at the user terminal, the user terminal checks whether the information associated with the user included in the content is consistent with the information stored in the user terminal; and a step in which, in accordance with the result of the checking performed at the user terminal, the content provider determines whether to transmit a content execution permission command to the user terminal.
According to still another aspect of the present invention, there is provided a content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, a network for connecting the at least one user terminal to the content provider, the content providing method comprising: a step of registering, in advance, information associated with a user received from the at least one user terminal in a user database of the content provider; a step in which when the content provider receives from a user terminal a request for providing a particular content, the content provider requests the user terminal to resend the information associated with the user and transmits the requested content combined with the information associated with the user after checking that the information associated with the user is consistent with the information registered in the user database; and a step in which when the content transmitted from the content provider is executed, the content provider requests the user terminal to resend the information associated with the user and transmits a content execution permission command to the user terminal after checking that the information associated with the user resent from the user terminal is consistent with the information registered in the user database.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a general block diagram illustrating a system for providing a content; Fig. 2 is a schematic diagram illustrating the structure of data to be provided and also illustrating elements thereof;
Fig. 3 is a flow chart illustrating the operation which is performed by a content provider in response to a registration request issued by a user;
Fig. 4 is a flow chart illustrating the operation which is performed by the content provider in response to a request for downloading of a content;
Fig. 5 is a flow chart illustrating the operation which is performed by a user terminal in response to a content execution start command; Fig. 6 is a flow chart illustrating the operation which is performed by the content provider when a content execution start command is issued by a user terminal; and
Fig. 7 is a flow chart illustrating the operation which may be alternatively performed by the content provider when a content execution start command is issued by a user terminal.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Embodiments of the present invention are described below with reference to Figs. 1 to 7. Fig. 1 is a general block diagram illustrating a system for providing a content.
As shown in Fig. 1, a content provider 1 is connected to a large number of user terminals 15-1 to 15-N via a network 14. Herein, the network 14 is preferably a broadband network such as a television cable network, an optical fiber network, and a broadband wireless network. The content provider 1 includes an interface 2 for connection with the network
14, a security server 3 serving as a firewall server, a main processor 4, and a content server 5.
The main processor 4 includes security checking means 6 for checking the validity of user information supplied from the user terminals 15-1 to 15-N by comparing it with information stored in user database 12, a provider 7 for transmitting a content in the form of a series of data, registration means 8 for registering user information in the user database 12, ID issuing means 9 for issuing a card ID to a user who has issued a registration request, electronic watermark issuing means 10 for issuing an electronic watermark, a key issuing means 11 for issuing a key used to remove an electronic watermark from a content, and encryption means 13 for encrypting user information (such as a "user name" 31, "password" 32, "device ID" 33, and "card ID" 34 shown in Fig. 2 A) stored in the user database 12 and for embedding an electronic watermark in a content. The content server 5 stores a large number of digital contents.
Each user terminal 15-1 to 15-N includes an interface 16 for connection with the network 14, an entertainment system 17 such as a game machine, a television monitor
21, a main data storage 22, a sub data storage 23, a controller 24, and a card reader 25 for reading a card ID stored on an IC card.
The main data storage 22 is preferably a high-capacity hard disk drive. The sub data storage 23 is preferably a memory card having a security capability. Preferably, the controller 24 is a controller of a home-use game machine, a pointing device, or a keyboard. The entertainment system 17 includes a content executing engine 18 for executing a content, a decoder 19 for decoding user information, and control means 20.
The decoder 19 may be realized by means of hardware or software embedded in a browser for browsing contents provided by the content provider through the network.
Herein, the browser is assumed to have been installed on the main data storage 22 of the user terminals. The control means 20 is realized using a CPU and a program installed on the main data storage 22.
The process from the user registration in the content provider 1 to the execution of a provided content is described below.
(1) User Registration In order to receive a content, it is required that a user have made a user registration in the content provider 1 via one of the user terminals 15-1 to 15-N. In the user registration, the user transmits his/her user name and password determined by the user, in addition to his/her address and telephone number, to the content provider 1.
Furthermore, in the user registration, the content provider 1 acquires the device ID of the user terminal (one of 15-1 to 15-N) of the user. The content provider 1 issues a card
ID to the user who has issued the registration request. The provider including the content provider 1 sends an IC card on which the card IC is stored. (2) Content Transmission
When a request for a content is received from a user, the content provider 1 requests the user to send his/her user information (information associated with the user, including the user name, the password, the device ID, and the card ID of the user). The content provider 1 checks whether the user information received from the user is registered in the user database 12. If it is determined that the user information is registered in the user database 12, the content provider 1 accepts the request for the content.
Before transmitting the requested content, the user name 31, the password 32, the device ID 33, and the card ID 34 are encrypted as shown in Fig. 2A and put in the header as shown in Fig. 2B. Furthermore, electronic watermarks 36 are embedded in the content 35. An SOD (start of data) code and an EOD (end of data) code are placed at the start and the end of the data to be transmitted. Thus, the content is transmitted in the form shown in Fig. 2B. When the data is received by the user terminal (one of the user terminals 15-1 to 15-N), the data is stored, in the form as received, into the main data storage 22.
The "electronic watermark" or "digital watermark" used in the present invention serves to prevent the digital content including the "electronic watermark" or "digital watermark" embedded therein from being directly executed. The digital content can be executed only when the "electronic watermark" or "digital watermark" has been removed using particular "key information".
(3) Execution of Content
When the user starts the operation to execute the content, the header 37 described above is first decoded, and it is checked whether the device ID 33 described in the header 37 is identical to the actual device ID of the user terminal (one of the user terminals 15-1 to 15-N) and whether the card ID 34 described in the header 37 is identical to the actual card ID described in the IC card of the user. If the checking is completed successfully, the user name, the password, the device ID, and the card ID are transmitted from the user terminal (one of 15-1 to 15-N) to the content provider 1. The content provider 1 checks the validity of the received information by comparing the received information with the information stored in the user database. If it is determined that the received information is valid, the content provider 1 transmits key information used to remove the electronic watermark from the content. The electronic watermark embedded in the content is then removed using the key information, and thus it becomes possible to execute the content.
The checking of the validity of the device ID and the card ID may be performed by the content provider 1. In this case, the content provider 1 may further request the user to return the electronic watermark embedded in the transmitted digital content and may check whether the returned electronic watermark is identical to that issued by the electronic watermark issuing means 10.
The above process is described in further detail below. Fig. 3 is a flow chart illustrating the operation which is performed by the content provider in response to a registration request issued by a user.
In step SI, the registration means 8 determines whether a registration request is received. If yes, the process goes to step S2 and the registration means 8 requests a user terminal (one of 15-1 to 15-N), which has issued the registration request, to send the user name. In step S3, it is determined whether the user name has been received. If yes, the process goes to step S4 and the registration means 8 requests the user terminal to send the password. In step S 5, it is determined whether the password has been received. If yes, the process goes to step S6 to acquire the actual device ID. Herein, the actual device ID refers to the ID uniquely assigned to and stored in the entertainment system 17 of each user terminal 15-1 to 15-N. Preferably, the actual device ID is stored in a ROM (not shown) or the sub data storage 23 of the entertainment system 17. In response to the request issued by the content provider 1, the user terminal (15-1 to 15- N) transmits its actual device ID.
In step S7, the ID issuing means 9 issues a card ID. In step S8, the registration means 8 registers the user name, the password, the actual device ID, and the actual card ID in the user database 12. In step S9, a registration completion message is transmitted to the user terminal (one of 15-1 to 15-N).
In the present invention, the information representing the actual ID registered in the user database is referred to as the "device ID". Similarly, the ID stored on the IC card and read via the card reader 25 is referred to as the "actual card ID", and the information representing the card ID registered in the user database is referred to as the "card ID".
All device IDs may be stored in the database, and the registration may be refused if a received actual ID is not identical to any device ID stored in the database.
Fig. 4 is a flow chart illustrating the operation (content transmission) which is performed by the content provider in response to a content downloading request. In step S 10, the main processor 4 determines whether a downloading request
(request for transmission of a content) is received from a user terminal (one of 15-1 to 15-N). If yes, the process goes to step Sll, and the main processor 4 requests the user terminal (one of 15-1 to 15-N) to send its user name and password.
In step SI 2, the security checking means 6 determines whether the received user name and password are identical to those registered in the user database 12. If yes, the process goes to step S14 and requests the user terminal to send its actual card ID, however, if no, then the process goes to step S13 and transmits to the user terminal (one of 15-1 to 15-N) a message indicating that the received user name or password is invalid.
In step SI 5, the actual card ID transmitted from the user terminal (one of 15-1 to 15-N) is received. Herein, the actual card ID is a card ID which is read by the card reader 25 when the user inserts the IC card in the card reader 25. In step SI 6, the security checking means 6 determines whether the actual card ID received from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step SI 8 and acquires the actual device ID from the user terminal (one of 15-1 to 15-N), however, if no, then the process goes to step S17 and transmits to the user terminal (one of 15-1 to 15-N) a message indicating that the received card ID is invalid.
In step SI 9, the security checking means 6 determines whether the actual device ID acquired directly from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step S21 and searches the content server 5 for the content requested by the user, however, if no, then the process goes to step S20 and transmits the user terminal (one of 15-1 to 15-N) a message indicating that the received device ID is invalid.
In step S22, the provider 7 reads the retrieved content from the content server 5. In step S23, the encryption means 13 embedded, into the content, the electronic watermark issued by the electronic watermark issuing means 10. In step S24, it is determined whether all the content has been read and the electronic watermark has been embedded. If the decision in step S24 is negative, the process returns to step S22. However, if the decision in step 24 is affirmative, the process goes to step S25. In step S25, the encryption means 13 encrypts the user information and puts the encrypted user information in the header. In step S26, the provider 7 transmits the content as a series of transmission data to the user terminal (one of 15- 1 to 15-N).
Fig. 5 is a flow chart illustrating the operation which is performed by a user terminal in response to a content execution start command.
In step S30, the control means 20 of the user terminal (one of 15-1 to 15-N) determines whether a content execution start command has been issued by the user. If yes, the process goes to step S31, and the decoder 19 decodes the information described in the header 30 of the specified content stored in the main data storage 22 thereby extracting the user name, the password, the device ID, and the card ID. In step S32, the control means 20 reads the actual device ID from the entertainment system 17 and determines whether the actual device ID is identical to the device ID extracted by the decoder 19 from the header. If yes, the process goes to step S35 and displays a message on the television monitor 21 to request the user to read the actual card ID from the IC card using the card reader 25. However, the decision in step S32 is negative, the process goes to step S34 and displays a message on the television monitor 21 to inform the user that the device ID is invalid.
In step S36, the control means 20 receives the actual card ID from the card reader 25 and determines whether the actual card ID is identical to the card ID decoded from the header. If yes, the process goes to step S38 and transmits the information decoded from the header together with the card ID read via the card reader to the content provider 1. However, if the decision in step S36 is negative, the process goes to step S40 and displays a message on the television monitor 21 to inform the user that the card ID is invalid. In step S39, the control means 20 determines whether a message indicating the permission of executing the content has been received from the content provider 1. If yes, the process goes to step S41 and receives key information transmitted from the content provider 1. However, if the decision in step S39 is negative, the process goes to step S40 and displays a message on the television monitor 21 to inform the user that the execution of the content is not permitted.
In step S42, in accordance with the key information, the decoder 19 removes the electronic watermark from the content to be executed. In step S43, the control means 30 deletes the key information. In step S44, the content executing engine 18 starts executing the content. Note that the key information represents the data location where the electronic watermark is embedded.
Fig. 6 is a flow chart illustrating the operation which is performed by the content provider when a content execution start command is issued by a user terminal. When the checking of the validity is performed at the user terminal, the content provider 1 issues a content start command to the user terminal 15 in accordance with the result of the checking. Alternatively, the following steps may be taken if desired.
In step S50, the main processor 4 of the content provider 1 determines whether any of the user terminals 15-1 to 15-N is accessing the content provider 1. If yes, the process goes to step S51 and receives the header information including the decoded user name, password, device ID, and card ID from the user terminal (one of 15-1 to 15-N).
In step S52, the security checking means 6 compares the received header information with the information registered in the user database 12. In step S53, it is determined whether the received header information is identical to the information registered in the user database 21. If yes, the process goes to step S55 and transmits key information to the user terminal (one of 15-1 to 15-N). However, if the decision in step S53 is negative, the process goes to step S54 and transmits, to the user terminal (one of 15-1 to 15-N) a message indicating that the execution of the content is not permitted because the received information is not identical to the information registered in the user database 12.
Fig. 7 is a flow chart illustrating the operation which may be alternatively performed, instead of the operation shown in Fig. 6, by the content provider when a content execution start command is issued by a user terminal. In step S60, the main processor 4 of the content provider 1 determines whether any of the user terminals 15-1 to 15-N is accessing the content provider 1. If yes, the process goes to step S61 and requests the user terminal (one of 15-1 to 15-N) to send the user name. Furthermore, in step S62, the main processor 4 requests the user terminal to send the password. In step S63, the security checking means 6 determines whether the user name and the password received from the user terminal (one of 15-1 to 15-N) are identical to those registered in the user database 12. If yes, the process goes to step S65 and requests the user terminal to send the actual card ID read by the card reader from the IC card of the user. However, if the decision in step S63 is negative, the process goes to step S64 and transmits, to the user terminal, a message indicating that the user name or the password input by the user is invalid. In step S66, the security checking means 6 determines whether the actual card ID received from the user terminal (one of 15-1 to 15-N) is identical to that registered in the user database 12. If yes, the process goes to step S68 and acquires the actual device ID from the user terminal (one of 15-1 to 15-N). Furthermore, it is determined whether the acquired actual device ID is identical to the device ID registered in the user database 12. However, if the decision in step S66 is negative, the process goes to step S67 and transmits a message to notify the user that the card ID is invalid.
In step S69, it is determined whether the actual device ID received from the user terminal (one of 15-1 to 15-N) is identical to the user's device ID registered in the user database 12. If yes, the process goes to step S71 and compares the electronic watermark received from the user terminal (one of 15-1 to 15-N) with the electronic watermark issued by the electronic watermark issuing means 10. However, if the decision in step S69 is negative, the process goes to step S70 and the transmits a message indicting that the device ID is invalid.
In step S72, it is determined whether the electronic watermark received from the user terminal (one of 15-1 to 15-N) is identical to the electronic watermark issued by the electronic watermark issuing means 10. If yes, the process goes to step S74 and transmits a content execution permission command to the user terminal (one of 15-1 to 15-N). However, if the decision in step S72 is negative, the process goes to step S73 and transmits, to the user terminal (one of 15-1 to 15-N), a message indicating that the execution of the content is not permitted because the electronic watermark is invalid. In the alternative embodiment, as described above, the entertainment system 17 extracts the electronic watermark and transmits the extracted electronic watermark to the content provider 1. The control means 20 does not issue a content execution start command to the content executing engine, unless the content execution permission command is received from the content provider 1.
In the present embodiment, as described above, because the consistency of the device ID described in the content stored in the main data storage 22 with the device ID stored in the device itself is one of conditions which should be satisfied to execute the content, the content is prevented from being executed on another device even if the same main data storage 22 is attached to the that another device. Furthermore, the use of the card ID stored on the IC card makes the security more reliable. It is not necessarily required to use all the user name, the password, the device
ID, and the card ID, for the purpose of checking the security. Instead, one of or a combination of some of these data may be used. The checking of the device ID detected directly from the device or the card ID detected from the IC card may be performed by both the user terminal (15-1 to 15-N) and the content provider or may be perform only by either the user terminal (15-1 to 15-N) or by the content provider.
The present invention can prevent a download digital content to be used onto a media such a floppy disk or an optical disk and the copied data to be used on another computer. Thus, the present invention can provide a system that the protection of the copyright of the contents is sufficient.

Claims

1. A method of providing a content, characterized in that: when a content is transmitted to a user, an electronic water mark is embedded in said content and at least information associated with the user, to whom said content is to be transmitted, is added to said content; and when said content is executed, said information associated with the user who has received said content is checked at both transmitting and receiving ends, and the execution of said content is allowed if and only if the result of the checking indicates that said content is an authorized content.
2. A content providing server, characterized in that: when a content is transmitted to a user, said content providing server embeds an electronic water mark in said content and adds at least information associated with the user to whom said content is to be transmitted to said content; and when said content is executed, said content providing server checks said information associated with the user to whom said content has been transmitted, and gives to the user permission to execute said content if and only if the result of the checking indicates that said content is an authorized content.
3. A client terminal for use in a content providing infrastructure, characterized in that: said client terminal stores a content in which an embedded electronic watermark is embedded and to which at least information associated with a user is added; and when said content is executed, said content is executed in accordance with information which allows said content to be executed and which is supplied from a content providing server if and only if said information associated with the user to whom said content has been provided indicates that said content is an authorized content.
4. A content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; and a network for connecting said at least one user terminal to said content provider, wherein: said content provider includes a user database for registering, in advance, information associated with a user received from said at least one user terminal; when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; when the content transmitted from said content provider is executed at said user terminal, said user terminal checks whether the information associated with said user included in the content is consistent with the information stored in the user terminal; and in accordance with the result of the checking performed at said user terminal, said content provider determines whether to transmit a content execution permission command to said user terminal.
5. A content providing system comprising: a content provider including a content server which stores plural kinds of digital contents and also including a user database in which information associated with a user is registered; at least one user terminal; a network for connecting said at least one user terminal to said content provider, wherein said content provider includes a user database for registering, in advance, information associated with a user received from said at least one user terminal; when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; and when said content provided by said content provider is executed, said content provider requests said user terminal to resend the information associated with said user, checks whether the information associated with said user resent from said user terminal is consistent with the information registered in said user database, and then determines, in accordance with the result of the checking, whether to transmit a content execution permission command to said user terminal.
6. A content providing system according to one of Claims 4 and 5, wherein said information associated with the user includes at least a user name, a password, and a device ID uniquely assigned to a device of said user.
7. A content providing system according to one of Claims 4 and 5, wherein: when the information associated with a user received from a user terminal is registered, in advance, in the user database of said content provider, said content provider transmits to said user a card on which a card ID is stored; and said information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of said user, and said card ID.
8. A content providing system according to one of Claims 4 and 5, wherein: said content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in said content, and, when said content provider receives from a user terminal a request for providing a particular content, said content provider transmits the requested content after combining the requested content with the information associated with said user and with the electronic watermark; and said content execution permission command transmitted from said content provider serves to remove said electronic watermark.
9. A content provider connected to at least one user terminal via a network, said content provider comprising: a content server which stores plural kinds of digital contents; and a user database for registering, in advance, information associated with a user received from said at least one user terminal, wherein: when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; and when the content transmitted from said content provider is executed, checking is performed as to whether the information associated with said user included in said content is consistent with the information stored in the user terminal, and said content provider determines, in accordance with the result of the checking, whether to transmit a content execution permission command to said user terminal.
10. A content provider connected to at least one user terminal via a network, said content provider comprising: a content server which stores plural kinds of digital contents; and a user database for registering, in advance, information associated with a user received from said at least one user terminal, wherein: when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; and when said content transmitted from said content provider is executed, said content provider requests said user terminal to resend the information associated with said user, checks whether the information associated with said user resent from said user terminal is consistent with the information registered in said user database, and then determines, in accordance with the result of the checking, whether to transmit a content execution permission command to said user terminal.
11. A content providing system according to one of Claims 9 and 10, wherein said information associated with the user includes at least a user name, a password, and a device ID uniquely assigned to a device of said user.
12. A content providing system according to one of Claims 9 and 10, wherein when the information associated with a user received from a user terminal is registered, in advance, in the user database of said content provider, said content provider transmits to said user a card on which a card ID is stored; and said information associated with the user includes at least a user name, a password, a device ID uniquely assigned to a device of said user, and said card ID.
13. A content providing system according to one of Claims 9 and 10, wherein said content provider further includes encryption means for encrypting the information associated with a user and embedding an electronic watermark in said content, and, when said content provider receives from a user terminal a request for providing a particular content, said content provider transmits the requested content after combining the requested content with the information associated with said user and with the electronic watermark; and said content execution permission command transmitted from said content provider serves to remove said electronic watermark.
14. A content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, and a network for connecting said at least one user terminal to said content provider, said content providing method comprising: a step of registering, in advance, information associated with a user received from said at least one user terminal in a user database of said content provider; a step in which when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; a step in which when the content transmitted from said content provider is executed at said user terminal, said user terminal checks whether the information associated with said user included in the content is consistent with the information stored in the user terminal; and a step in which, in accordance with the result of the checking performed at said user terminal, said content provider determines whether to transmit a content execution permission command to said user terminal.
15. A content providing method for use in a content providing system comprising a content provider including a content server which stores plural kinds of digital contents, at least one user terminal, and a network for connecting said at least one user terminal to said content provider, said content providing method comprising: a step of registering, in advance, information associated with a user received from said at least one user terminal in a user database of said content provider; a step in which when said content provider receives from a user terminal a request for providing a particular content, said content provider requests said user terminal to resend the information associated with said user and transmits the requested content combined with said information associated with said user after checking that said information associated with said user is consistent with the information registered in said user database; and a step in which when said content transmitted from said content provider is executed, said content provider requests said user terminal to resend the information associated with said user and transmits a content execution permission command to said user terminal after checking that the information associated with said user resent from said user terminal is consistent with the information registered in said user database.
PCT/JP2001/000646 2000-07-04 2001-01-31 Content providing method, content providing server, and client terminal in a content providing infrastructure WO2002003654A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001232222A AU2001232222A1 (en) 2000-07-04 2001-01-31 Content providing method, content providing server, and client terminal in a content providing infrastructure
EP01904309A EP1297673A1 (en) 2000-07-04 2001-01-31 Content providing method, content providing server, and client terminal in a content providing infrastructure

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2000/241862 2000-07-04
JP2000241862 2000-07-04
JP2000375100A JP2002082917A (en) 2000-07-04 2000-12-08 Contents distribution method, contents distribution server, and client terminal in contents distribution infrastructure
JP2000/375100 2000-12-08

Publications (1)

Publication Number Publication Date
WO2002003654A1 true WO2002003654A1 (en) 2002-01-10

Family

ID=26597680

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2001/000646 WO2002003654A1 (en) 2000-07-04 2001-01-31 Content providing method, content providing server, and client terminal in a content providing infrastructure

Country Status (7)

Country Link
US (1) US20020049580A1 (en)
EP (1) EP1297673A1 (en)
JP (1) JP2002082917A (en)
KR (1) KR20030022802A (en)
AU (1) AU2001232222A1 (en)
TW (1) TWI238733B (en)
WO (1) WO2002003654A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7503073B2 (en) 2002-04-15 2009-03-10 Sony Corporation Information managing apparatus and method, recording medium, and program

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748763A (en) * 1993-11-18 1998-05-05 Digimarc Corporation Image steganography system featuring perceptually adaptive and globally scalable signal embedding
US6560349B1 (en) 1994-10-21 2003-05-06 Digimarc Corporation Audio monitoring using steganographic information
US7562392B1 (en) * 1999-05-19 2009-07-14 Digimarc Corporation Methods of interacting with audio and ambient music
US6577746B1 (en) 1999-12-28 2003-06-10 Digimarc Corporation Watermark-based object linking and embedding
US7373513B2 (en) * 1998-09-25 2008-05-13 Digimarc Corporation Transmarking of multimedia signals
US7532740B2 (en) 1998-09-25 2009-05-12 Digimarc Corporation Method and apparatus for embedding auxiliary information within original data
US6963884B1 (en) * 1999-03-10 2005-11-08 Digimarc Corporation Recoverable digital content degradation: method and apparatus
US7185201B2 (en) * 1999-05-19 2007-02-27 Digimarc Corporation Content identifiers triggering corresponding responses
US7404084B2 (en) 2000-06-16 2008-07-22 Entriq Inc. Method and system to digitally sign and deliver content in a geographically controlled manner via a network
US7237255B2 (en) * 2000-06-16 2007-06-26 Entriq Inc. Method and system to dynamically present a payment gateway for content distributed via a network
US7991697B2 (en) * 2002-12-16 2011-08-02 Irdeto Usa, Inc. Method and system to digitally sign and deliver content in a geographically controlled manner via a network
US7228427B2 (en) * 2000-06-16 2007-06-05 Entriq Inc. Method and system to securely distribute content via a network
US6961858B2 (en) 2000-06-16 2005-11-01 Entriq, Inc. Method and system to secure content for distribution via a network
US7389531B2 (en) * 2000-06-16 2008-06-17 Entriq Inc. Method and system to dynamically present a payment gateway for content distributed via a network
US11204729B2 (en) 2000-11-01 2021-12-21 Flexiworld Technologies, Inc. Internet based digital content services for pervasively providing protected digital content to smart devices based on having subscribed to the digital content service
US11467856B2 (en) 2002-12-12 2022-10-11 Flexiworld Technologies, Inc. Portable USB device for internet access service
EP2378733B1 (en) * 2000-11-10 2013-03-13 AOL Inc. Digital content distribution and subscription system
WO2002042896A1 (en) 2000-11-20 2002-05-30 Flexiworld Technologies, Inc. tOBILE AND PERVASIVE OUTPUT COMPONENTS
US20020097416A1 (en) 2001-01-19 2002-07-25 Chang William Ho Output controller processor for universal data output
KR100413627B1 (en) * 2001-03-19 2003-12-31 스톰 씨엔씨 인코포레이티드 System for jointing digital literary works against unlawful reproduction through communication network and method for there of
EP1410140B1 (en) * 2001-03-28 2017-02-15 NDS Limited Digital rights management system and method
US7216368B2 (en) * 2001-03-29 2007-05-08 Sony Corporation Information processing apparatus for watermarking digital content
US7562127B2 (en) * 2001-04-03 2009-07-14 Nippon Telegraph And Telephone Corporation Contents additional service inquiry server for identifying servers providing additional services and distinguishing between servers
JP2002312249A (en) * 2001-04-12 2002-10-25 Yamaha Corp Back-up method in content reproduction device and memory medium for back-up
US8108687B2 (en) * 2001-12-12 2012-01-31 Valve Corporation Method and system for granting access to system and content
US7392390B2 (en) * 2001-12-12 2008-06-24 Valve Corporation Method and system for binding kerberos-style authenticators to single clients
US20030202659A1 (en) * 2002-04-29 2003-10-30 The Boeing Company Visible watermark to protect media content from server to projector
US7908401B2 (en) 2002-12-12 2011-03-15 Flexiworld Technology, Inc. Method and device for wireless communication between computing devices
JP2004272341A (en) * 2003-03-05 2004-09-30 Sony Corp Reproduction method and device, recording method and device, program recording medium and program, and recording medium
CN1759585B (en) * 2003-04-04 2011-08-03 艾利森电话股份有限公司 Method providing visit to elevant data of consignor for data request entity and device
CN107832241B (en) 2003-04-11 2021-10-08 富意科技公司 Integrated circuit storage device or method capable of realizing automatic operation
JP4490053B2 (en) * 2003-05-28 2010-06-23 エヌ・ティ・ティ・コミュニケーションズ株式会社 DIGITAL CONTENT DISTRIBUTION METHOD, DISTRIBUTION SERVER, AND PROGRAM
US8098817B2 (en) * 2003-12-22 2012-01-17 Intel Corporation Methods and apparatus for mixing encrypted data with unencrypted data
JP4716704B2 (en) * 2004-10-08 2011-07-06 Omo株式会社 Authentication system and authentication method
US7571486B2 (en) * 2005-03-29 2009-08-04 Microsoft Corporation System and method for password protecting an attribute of content transmitted over a network
JP2007011535A (en) * 2005-06-29 2007-01-18 Miroku Jyoho Service Co Ltd Data file protection apparatus
EP1819124A1 (en) * 2006-02-08 2007-08-15 BRITISH TELECOMMUNICATIONS public limited company Automated user registration
US8102863B1 (en) 2006-06-27 2012-01-24 Qurio Holdings, Inc. High-speed WAN to wireless LAN gateway
US8615778B1 (en) 2006-09-28 2013-12-24 Qurio Holdings, Inc. Personalized broadcast system
US7983440B1 (en) 2006-11-02 2011-07-19 Qurio Holdings, Inc. Selection of I-frames for client-side watermarking
US7738676B1 (en) 2006-11-02 2010-06-15 Qurio Holdings, Inc. Client-side watermarking using hybrid I-frames
US7802306B1 (en) 2006-11-30 2010-09-21 Qurio Holdings, Inc. Multiple watermarks for digital rights management (DRM) and content tracking
US8000474B1 (en) 2006-12-15 2011-08-16 Quiro Holdings, Inc. Client-side protection of broadcast or multicast content for non-real-time playback
JP4697152B2 (en) * 2007-01-26 2011-06-08 ソニー株式会社 Information management apparatus, information management method, recording medium, and program
US8135947B1 (en) 2007-03-21 2012-03-13 Qurio Holdings, Inc. Interconnect device to enable compliance with rights management restrictions
US9191605B1 (en) 2007-03-26 2015-11-17 Qurio Holdings, Inc. Remote monitoring of media content that is associated with rights management restrictions
US7895442B1 (en) 2007-06-18 2011-02-22 Qurio Holdings, Inc. Interconnect device to enable compliance with rights management restrictions
KR100936124B1 (en) * 2008-01-16 2010-01-12 주식회사 마크애니 A method and apparatus for realtime-providing multimedia contents comprising watermark
US9911457B2 (en) 2008-09-24 2018-03-06 Disney Enterprises, Inc. System and method for providing a secure content with revocable access
US9967600B2 (en) * 2011-05-26 2018-05-08 Nbcuniversal Media, Llc Multi-channel digital content watermark system and method
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US20140280955A1 (en) 2013-03-14 2014-09-18 Sky Socket, Llc Controlling Electronically Communicated Resources
US9401915B2 (en) 2013-03-15 2016-07-26 Airwatch Llc Secondary device as key for authorizing access to resources
US20140282895A1 (en) * 2013-03-15 2014-09-18 Sky Socket, Llc Secondary device as key for authorizing access to resources
US9219741B2 (en) 2013-05-02 2015-12-22 Airwatch, Llc Time-based configuration policy toggling
US9584964B2 (en) 2014-12-22 2017-02-28 Airwatch Llc Enforcement of proximity based policies
US9413754B2 (en) 2014-12-23 2016-08-09 Airwatch Llc Authenticator device facilitating file security

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0843449A2 (en) * 1996-11-08 1998-05-20 Sunhawk Corporation, Inc. Encryption system with transaction coded decryption key
WO2000030323A2 (en) * 1998-11-16 2000-05-25 Into Networks, Inc. Methods and apparatus for secure content delivery over broadband access networks

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5768389A (en) * 1995-06-21 1998-06-16 Nippon Telegraph And Telephone Corporation Method and system for generation and management of secret key of public key cryptosystem
US5995625A (en) * 1997-03-24 1999-11-30 Certco, Llc Electronic cryptographic packing
JP3688099B2 (en) * 1997-07-22 2005-08-24 富士通株式会社 Electronic information distribution method and recording medium
US6385596B1 (en) * 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US20020161709A1 (en) * 1998-09-11 2002-10-31 Michel Floyd Server-side commerce for deliver-then-pay content delivery
US6668246B1 (en) * 1999-03-24 2003-12-23 Intel Corporation Multimedia data delivery and playback system with multi-level content and privacy protection
US6898706B1 (en) * 1999-05-20 2005-05-24 Microsoft Corporation License-based cryptographic technique, particularly suited for use in a digital rights management system, for controlling access and use of bore resistant software objects in a client computer
US7213005B2 (en) * 1999-12-09 2007-05-01 International Business Machines Corporation Digital content distribution using web broadcasting services
EP1118923A1 (en) * 2000-01-18 2001-07-25 Siemens Aktiengesellschaft Method for the use of SW products, which are provided over a network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0843449A2 (en) * 1996-11-08 1998-05-20 Sunhawk Corporation, Inc. Encryption system with transaction coded decryption key
WO2000030323A2 (en) * 1998-11-16 2000-05-25 Into Networks, Inc. Methods and apparatus for secure content delivery over broadband access networks

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7503073B2 (en) 2002-04-15 2009-03-10 Sony Corporation Information managing apparatus and method, recording medium, and program
US7861313B2 (en) 2002-04-15 2010-12-28 Sony Corporation Information managing apparatus and method, recording medium, and program

Also Published As

Publication number Publication date
US20020049580A1 (en) 2002-04-25
EP1297673A1 (en) 2003-04-02
AU2001232222A1 (en) 2002-01-14
JP2002082917A (en) 2002-03-22
TWI238733B (en) 2005-09-01
KR20030022802A (en) 2003-03-17

Similar Documents

Publication Publication Date Title
EP1297673A1 (en) Content providing method, content providing server, and client terminal in a content providing infrastructure
CN101305545B (en) Method and apparatus for managing digital rights of secure removable media
CN101310474B (en) Method and system for digital rights management among apparatuses
EP1569414B1 (en) Information-processing apparatus, information-processing method, and computer program
US7562141B2 (en) Using an information image to perform a predetermined action
US20040186880A1 (en) Management apparatus, terminal apparatus, and management system
WO2002088991A1 (en) Method of protecting and managing digital contents and system for using thereof
US7058820B2 (en) Information processing system, medium, information processing apparatus, information processing method, storage medium storing computer readable program for realizing such method
EP1947586A1 (en) Data providing system, data receiving system, computer-readable recording medium storing data providing program, and computer-readable recording medium storing data receiving program
US20030009667A1 (en) Data terminal device that can easily obtain content data again, a program executed in such terminal device, and recording medium recorded with such program
WO2006072994A1 (en) Login-to-network-camera authentication system
US20020032863A1 (en) System and method for performing digital watermarking in realtime using encrypted algorithm
KR20020022660A (en) Web page browsing limiting method and server system
JP3873624B2 (en) Mobile code execution method and system
JP2002297541A (en) Unauthorized utilization notice method, its device and program
KR100779985B1 (en) Protecting method and system of contents
KR100610638B1 (en) A system and a method for providing multimedia contents on demand
JP2011076430A (en) System and method for managing authentication id
JP2002041821A (en) Contents distributing device, contents reproducing device, program recording medium for contents distributing device and program recording medium for contents reproducing device
JP3723379B2 (en) Content directory system
KR100659870B1 (en) Mobile terminal and method for servicing contents
KR20040098876A (en) The construction of CRS(Certification Remote System) for DRM(Digital Right Management) on network and internet.
KR100814520B1 (en) Method and Apparatus for providing/playing of Digital Rights Management contents
KR100874933B1 (en) How to create a relay file for the distribution of digital content
KR100504442B1 (en) Method and system for preventing link

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU BR CA CN IN KR MX NZ RU SG

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2001904309

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 1020027015965

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 1020027015965

Country of ref document: KR

WWP Wipo information: published in national office

Ref document number: 2001904309

Country of ref document: EP

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)