Field of the Invention
The present invention relates to technology for managing operations from registration to distribution of digital content of an electronic confidential document, etc and controlling operations such as inspection, preservation, edition, copies, etc. of the distributed content. Specifically, it relates to a data processing apparatus for securely managing digital content using Digital Rights Management (DRM) technology.
DRM technology for dealing with the problem of copyright protection of digital content on the Internet is known. Generally, DRM technology protects digital content, permits its distribution and then manages the digital content. The DRM technology that is used in this specification indicates the following:                Content is encrypted. Then, a license condition for the content and a decoding key of the content are stored in a license.        When a user uses the content, he or she downloads the encrypted content from a content server, downloads a license from a license distribution server and then uses the content in accordance with a license condition of the license.        
When an electronic document is managed using a DRM technology, the distribution control of a license and the mechanism of generating an individual license for each user are described in “Confidential Content Management Method” (Japanese patent application 2003-095723) that is a senior application.
In the technical paper (refer to nonpatent literature 1) disclosing a UDAC (Universal Distribution with Access Control) that is a system of the DRM technology in which an inventor of the present invention is involved, the application cases, etc. of the UDAC to music content are described. [Nonpatent literature 1] Takeaki Anazawa, Hiroshi Takemura, Takashi Tsunehiro, Takayuki Hasebe and Takahisa Hatakeyama, “Open Superdistribution Infrastructure Realizing the Tenacity of the Content Protection” [online], report of study session of Information Processing Society of Japan, EIP14-5, November 2001, [Retrieved on Feb. 4, 2004], Internet<URL: http://www.keitaide-music.org/pdf/EIP14-5.pdf>
However, there are the following problems in the above-mentioned conventional content management method.    (1) In the content management system using a DRM, when a license is distributed, a public key certificate prepared based on a Public Key Infrastructure (PKI) is used for the communications between a client and a server. Certificate Authority (CA) should be introduced for the management/operation of the public key certificate. A system that requires the maintenance of high security strength should change a client module into a Tamper Resistant Module (TRM) for each security domain of a client utilizing a strict certificate authority. At present, however, there are many requests for operating a DRM readily and cheaply using a simple certificate authority even if the security strength decreases to some extent.
A system development party changes a client module into a TRM under the condition that a class public key certificate and a private key corresponding to this certificate are embedded in the client module beforehand and then ships this module. In the case where a class public key certificate becomes vulnerable in this structure, a System Development Corporation must reproduce the client module again and a user also must install the client module again.    (2) A license to be distributed to each user is individually generated by enabling a license distribution server to refer to an Access Control List (ACL). A license is set up in units of groups or users. Specifically, license conditions are set up in such a way that the printing of content is permitted in group A while the printing of content is prohibited in group B, etc. Since any user can belong to one or more groups under this circumstance, it is necessary to decide under which license condition distributed to the user should be applied for a license.    (3) A control of transmitting a license that is downloaded into a client terminal to another restricted client terminal is not materialized.    (4) As shown in FIG. 1, an operation log 13 that shows what kind of operation is performed in a client terminal 11 for the content to be protected is managed by the client terminal 11. Then, the operation log is transmitted to a log management server 12 at the right time and the transmitted log is managed as log data 14. However, an alteration can be easily made when the log is managed on a client side. Furthermore, it costs a lot when taking an alternation prevention process, etc. so that this process is difficult to carry out.    (5) A license distribution server can distribute only one license condition for one content regarding one license request. Therefore, a client terminal must make the license requests for a license distribution server on a plurality of occasions when a plurality of contents is used.    (6) When a license is acquired by the client terminal, there is no mechanism for informing a license distribution server about whether or not the terminal is certified by the content protection system using a DRM. Therefore, a license may be distributed even to a non-certified client terminal.    (7) In the case where the client terminal receives a license that stores a plurality of license conditions for the same content, there is no method of selecting one license condition from the plurality of conditions. Therefore, the received license cannot be utilized.    (8) When the content that is protected using a DRM is edited, the data can be stolen from a common memory (clipboard) by cutting, copying and pasting, etc. the data in the content.