Recently, an indoor audio visual (AV) network (hereinafter, described as a network) which connects AV devices at home through network and promotes sharing a variety of AV content between the connected AV devices is in the process of being realized.
For example, an embodiment of such an indoor AV network is to provide a router indoors and connect, to the router, through star network, an AV data receiving device such as a PC, a mobile terminal, a digital television, and an AV server which accumulates content. Here, the router is used for connecting an indoor network and an outdoor network. The AV server has a function to temporarily accumulate a variety of content obtained from the outdoor network through the router or a variety of AV content obtained through a means other than the network. Note that the means other than the network is, for example, digital broadcasting. In addition, the AV server has a function to transmit, according to a request from the AV-data receiving device such as a digital television, the variety of AV content to the AV data receiving device that requires the AV content.
On the other hand, when dealing with the AV content that requires copyright protection, it is necessary to protect the copyright of the AV content when transmitting the AV content through the network. A general method of protecting the copyright is to encrypt the data that needs copyright protection so as to prevent abuse of the data.
For such copyright protection, for example, Digital Transmission Content Protection over Internet Protocol (DTCP-IP) has been standardized (Non-Patent Literature 1). When transmitting the AV data using the DTCP-IP which has both an authentication function and a key-invalidation function, it is therefore possible to exclude an improper device and encrypt the AV data that requires copyright protection. This allows protecting the copyright of the AV data.
On the other hand, generally, use of the AV content such as a digital broadcast program is permitted for record reproduction within a scope of personal use indoors (at home). However, it is necessary to restrict the use that exceeds the scope of personal use, for example, use in which, through the Internet, the AV data recorded on the AV server provided indoors is unlimitedly distributed to an indefinite number of AV data receiving devices connected to the outdoor network. Accordingly, in the DTCT-IP, to restrict an access range of a command to be transmitted, a time to live (TTL) and a round trip time (RTT) are used.
Here, TTL restricts a hop count which is the number of routers as relay devices. Specifically, based on a value that is set for a TTL field included in an IP packet header, a maximum number of the relay devices that can relay an IP packet (maximum hop count) is set, so as to restrict the number of the relay devices (hop count). The DTCP-ID method specifies that TTL of the IP packet for transmitting an authentication and key exchange command and a decrypting key confirmation command should be 3 or below, and that a command included in an IP packet having a TTL larger than 3 should be ignored.
In addition, the DTCP-IP specifies, in authentication and key exchange processing, a command transaction for measuring RTT. Specifically, the AV data transmission device, which is to transmit the AV data, transmits an RTT measuring command to the AD data receiving device that receives the AV data, and measures RTT by measuring a length of time until a response from the AV data receiving device is received. The DTCP-IP specifies that the key exchange processing may be performed only when RTT is 7 ms or below.
Thus, according to the DTCP-IP, proximity of the AV data receiving device is judged using TTL and RTT. This allows preventing unlimited distribution of the AV data to AV data receiving devices connected to the outdoor network.
However, the DTCP-IP as described above also has a problem that such proximity checking also restricts the use of the AV content recorded on the AV server at home (indoors) within the scope of personal use, such as the user of the AV server viewing, in person, the AV content from outdoors. Thus, an AV data transmission and receiving system has been developed to allow, while using the DTCP-IP, restricting the distribution to an outdoor device, within a range that does not exceed the scope of personal use. In such an AV data transmission and receiving system, an authentication and key exchange processing unit dedicated to distribution to an outdoor receiving device is separately provided (See Patent Literature 1).
In the AV data transmission and receiving system in Patent Literature 1, the authentication and key exchange processing unit for distribution to an outdoor receiving device does not perform processing of confirming proximity between the AV data transmission device and the AV data receiving device. Instead, by performing processing for confirming identification information obtained from a shared short-distance wireless device, the AV data transmission and receiving system allows distribution of the AV data to a specific device (AV data receiving device) connected to a specific outdoor network.
The following will describe an operation performed, when moving the AV data receiving device from indoors to outdoors, in a conventional AV data transmission and receiving system, that is, the AV data transmission and receiving system for which, as described above, the authentication and key exchange processing dedicated to the distribution to an outdoor receiving device is separately provided.
FIG. 8 is a diagram showing a configuration of a conventional AV data transmission and receiving system. In FIG. 8, an AV data transmission device and an AV data receiving device that is moved from indoors to outdoors are connected to each other by a router 104 via an indoor wireless network 103, or via the indoor wireless network 103, the Internet 105, and an outdoor wireless network 106. Here, the router 104 is a bridge device to transmit and receive the data between an indoor device and an outdoor device. In addition, an AV server 101 and a mobile terminal 102 implement the authentication and key exchange processing according to the DTCP-IP and the authentication and key exchange processing dedicated to outdoor device distribution.
Indoors, the AV server 101 that is the AV data transmission device and the mobile device that is the AV data receiving device are connected to each other via the indoor wireless network 103 including a wireless medium (IEEE802.11). The router 104 is connected to the AV server 101 and the mobile terminal 102 via the indoor wireless network 103, and can be connected to an outdoor device through the Internet 105.
For example, in the case of using the mobile terminal 102 which is moved from indoors to outdoors, the mobile terminal 102 can be connected to the Internet 105 via the outdoor wireless network 106 including the wireless medium (IEEE802.11) for outdoor use, and can further access the AV server 101 located indoors via the router 104 and the indoor wireless network 103.
Accordingly, the mobile terminal 102, when transmitting the AV data indoors, checks proximity using TTL and RTT, so that ordinary authentication and key exchange processing is performed. On the other hand, when transmitting the AV data outdoors, the mobile terminal 102 performs the authentication and key exchange processing dedicated to outdoor device distribution, without checking the proximity between the outdoor device and the indoor device. In other words, processing for checking the identification information obtained from the shared short-distance wireless device is performed. This allows distribution of the AV data to a specific device (AV data receiving device) connected to the outdoor network.
FIG. 9 is a sequence diagram showing an operation performed in a conventional AV data transmission and receiving system when the mobile terminal 102 is moved from indoors to outdoors while receiving the content from the AV server 101.
First, the mobile terminal 102, which is connected to the indoor wireless network, performs, reciprocally with the AV server 101, the ordinary authentication and key exchange processing (indoor-device-authentication and key-exchange processing), to obtain an ordinary key (S901). Then, the mobile terminal 102 starts transmitting the AV data, to start decryption-receiving of the AV data (S902).
Next, when moving the mobile terminal 102 from indoors to outdoors, the mobile terminal 102 performs processing for switching the wireless network (S903). Subsequently, the mobile terminal 102 performs, reciprocally with AV server 101, processing for authenticating the outdoor device for distribution and key exchange (outdoor-device-authentication and key-exchange processing), to obtain a key for outdoor device distribution (S904). Then, the mobile terminal 102 resumes transmission of the AV data, using the obtained key for outdoor device distribution, and decryption-decodes the AV data (S905).
As described above, in the conventional AV data transmission system, in an indoor wireless network environment, transmission and receiving of the AV data is performed using an ordinary key obtained by performing the ordinary authentication and key exchange processing. On the other hand, in an outdoor wireless network environment, transmission and receiving of the AV data is performed using the key for outdoor device distribution, which is obtained by performing the authentication and key exchange processing for outdoor device distribution.