The invention relates to an information transaction system, an information transaction method and a program providing medium. More particularly, the invention relates to information transaction systems and information transaction methods in which a variety of content information, such as music, picture data or game programs are provided to a user through a recording medium, such as a CD or DVD, or by the distribution over the network, and in which a fee for use of the content is collected or use points are associated with such use.
Nowadays, a variety of software and data, such as game programs, speech data, and picture data, referred to as content, are in circulation via various networks, such as the Internet, or via commercially available media, such as a DVD or CD. The content may be stored in recording devices coupled to recording and/or reproducing apparatus owned by a user, such as a personal computer (PC) or a game appliance, in a memory card or in a hard disc. Once stored, the content can be replayed from the storage medium.
The main elements of the conventional information equipment, such as video game equipment or a PC, include control means for operational control, a connector connected to the control means for connection to a slot formed in a main body portion of the information equipment, and a non-volatile memory for data storage which is connected to the control means. The non-volatile memory is provided in a memory card which may include an EEPROM and a flash memory.
The data stored in the commercially available recording media or content stored in the memory are fetched from the respective memory in response to a user command generated by the game equipment that is used as reproducing equipment or by the main body portion of the information equipment, such as a PC. Alternatively, the data or content are fetched in response to a user command entered through an inputting means for replay through the main body portion of the information equipment or for replay through a display or loudspeaker connected thereto.
The right of distribution, for example, of software content, such as game programs, music data or picture data, is generally owned by the authors or the sellers of the content. Thus, when distributing the content by a recording medium, such as a DVD or a CD, a fee is collected at the time of its sale. Alternatively, when distributing the content over the network, such as via the Internet, user information, such as a credit card number, is acquired to collect the counter-value for the provided content, that is the use fee, from the user.
During distribution, the conventional practice is to allow the use of the software only for authorized users by way of imposing certain restrictions on its use so as to prevent unauthorized duplication. When distributing the content through a recording medium or over a network, the content is encrypted and a key for decoding the encrypted content, known as a content key, is provided only for an authorized user.
For example, on-line distribution systems for digital data or content, which are becoming increasingly popular, are configured so that a user acquires content encrypted over a network or medium. To utilize the content, the distribution center connects a user terminal to a content utilization rights sales center to purchase the rights to use the content on-line and to acquire a key for decoding of the encrypted content.
The encrypted content data can be decoded by an on-line procedure, using the key acquired from the content use rights sale center, such that the data can be restored by decoding to decoded data (or plain text) at a user terminal. The data encrypting and decoding method, which employs a secret key for encrypting the information and a decoding key for decrypting the information, has been used extensively.
Among the variety of data encrypting or decrypting methods employing the secret key and decoding key is a system known as a common key encryption system. The common key encryption system uses a secret key for data encryption, a decoding key used for decrypting the data, and a common key for encryption and decoding by an authorized user to prevent an unauthorized user who does not have the key from accessing the data. Typical of this system is a data encryption standard (DES).
The secret key and the decoding key used in the above-described encryption and decoding may be obtained by an authorized user using a uni-directional function, such as a Hash function based, e.g., on a password. The uni-directional function is a function whose input is extremely difficult to find from the output by a reverse path. For example, a uni-directional function may use a user-selected password as input to generate the secret and decoding keys. It is virtually impossible to derive the password from the secret and decoding keys by tracing a reverse path.
Open key encryption systems exist in which an algorithm different from that used to decode is used to process the secret key during encryption. The open key may be used by unidentified users. Specifically, a document may be encrypted using the open key distributed by the individual or acquired from an authentication office. The document encrypted by the open key may be decoded only by the secret key corresponding to the open key that was used for the encryption. Since the secret key is owned solely by the person who distributed the open key, the document encrypted by the open key may be decoded solely by the owner of the secret key. A typical open key encryption system is the Rivest-Shamir-Adleman (RSA) cipher.
By exploiting this encryption system, encrypted content can be decoded solely by an authorized user.
FIG. 1 shows a typical configuration in which content, such as programs, speech data or video data, are acquired from a data providing means, such as a DVD, a CD 30 or the Internet 40. The content is reproduced by a reproducing means 10, such as game equipment, and can be stored in a memory means 20, such as a floppy disc, a memory card or a hard disc.
The content is encrypted and sent to a user having the replay means 10. An authorized user also receives, in addition to the encrypted data, key data in the form of encryption and decoding keys for the encrypted data.
The reproducing means 10 includes a central processor unit (CPU) 12 that controls the input data reproducing operation that is carried out by a reproducing unit 14. The reproducing unit decodes the encrypted data to reproduce the program and the content provided, such as audio or picture data 12.
The authorized user saves the content in the memory means 20 to later re-use the programs provided. The reproducing means 10 includes a storage processor 13 for this purpose. To prevent unauthorized use of data stored in the memory means 20, the storage processor 13 also encrypts the data.
To encrypt the content, a key for content encryption is used. The saving processor 13 uses content encryption to cipher the content so that the ciphered content may be stored in a storage unit 21 of the storage means 20.
To acquire and reproduce the content stored in the memory means 20, the user obtains encrypted data from the storage means 20 and then executes decoding in the reproducing unit 14 of the reproducing means 10 using a decoding key to acquire and reproduce decoded data from the encrypted data.
To utilize the ciphered content, it is necessary to acquire authenticated use rights for the content from a content use rights sale center, and so it is necessary to purchase the key applicable to the decoding of the ciphered content. There are a variety of methods of payment, such as (1) inputting a credit card number into a terminal for transmission to the content use rights sale center, (2) inputting a user bank account number into a terminal for transmission to the content use rights sale center, (3) registering, at the content use rights sale center, the credit card number or a bank account number in advance so that debits are effected based on the pre-registered data, and (4) using an electronic money for payment.
In the above payment methods (1) to (3), user credit card numbers and the bank account numbers are needed. Thus, users who do not have a credit card or a bank account cannot easily make such payments. Also, for the transaction of the content in smaller units, such as for distributing music content, the transaction may be for a sole musical number. In such a case, the content fee is of a small monetary value. Also, the need to present the credit number or the bank account number tends to restrict the circulation of content.
Such desired use of electronic money as in method (4) is in the tentative stage and the form of utilization is not yet established and thus is not in extensive use.