1) Field of the Invention
The present invention relates to a digital data distribution system that enables electronic commerce in which digital data is sold for a fee via a network.
2) Description of the Related Art
In the electronic commerce that is conducted via a network, a consumer generally accesses a home page set up by an information provider. Then, the consumer selects contents of his choice, goes through a purchasing process, and downloads the contents. The digital data that has been downloaded undergoes a copyright protection process, such as encryption, in order to prevent illegal secondary distribution of the digital data that occurs through the network.
A conventional digital data distribution system will now be explained referring to FIG. 32.
Digital data to be distributed is stored encrypted in a digital data storage means 3205. A decryption key, the storage location of the encrypted digital data itself, and use condition information of the digital data are stored in a digital data administration database 3204. The use condition information herein refers to information indicating that the digital data, after it is downloaded, can be copied to another storage media three times only.
The consumer operates a user device 3202, and accesses a distribution server 3201 via a sending and receiving means 3208 communication means 3209.
A distribution front end 3206 sends to the user device 3202 a list of music digital data to be distributed. The list of the music digital data is created based on information from the digital data administration database 3204. The consumer browses the list information using a browsing means 3210. When the consumer finds digital data he wishes to receive distribution of, he sends a request for purchasing the digital data and his user name to the distribution server 3201. If the user name is not found in the user administration database 3203, the distribution front end 3206 sends, to the browsing means 3210, a request for payment information inputs such as a credit card number. The consumer inputs the requested payment information via the browsing means, and sends the payment information to the distribution server 3201. The distribution front end 3206 records the payment information in the user administration database 3203, and executes the payment process. If the user name is found in the user administration database 3203, the payment process is performed using the payment information stored in the user administration database 3203. Once the payment process is completed successfully, the distribution front end 3206 directs the digital data distribution means 3207 to send the requested digital data to the user device 3202. The digital data distribution means 3207 sends to the user device 3202 the requested digital data, which is encrypted, and the decryption key and the use condition information of the digital data that are stored in the digital data administration database 3204. Access process control means 3211 stores the encrypted digital data it received in a storage media 3214 via storage media access means 3213. Access process control means 3211 also stores the decryption key and the use condition information it received in a secure information storage means 3212. The secure information storage means 3212 stores data after encrypting the data with information that relates to the user device 3202.
When the user device 3202 plays the digital data, the access process control means 3211 reads the encrypted digital data from the storage media 3214 and the decryption key from the secure information storage means 3212, and decrypts the digital data.
When the digital data written in the storage media 3214 is to be copied to another storage media 3214, the access process control means 3211 allows the copy if the use condition information stored in the secure information storage means 3212 and copy history information, which indicates the number of past copies, indicate less than three times. In so doing, the copy history information stored in the secure data storage means 3212 is incremented by one. Also, the access process control means 3211 does not perform the copying if the copy history information indicates greater than four times.
As described above, in the conventional technology, the distribution server uses only the user information for the digital data distribution control. On the other hand, the user device administers the decryption key of the digital data, the use right information of the digital data, and the use history information of the digital data with designated secure information storage means.
Such a conventional digital data distribution system is always subject to possibilities of being hacked by malicious consumers, such as illegal obtainment of the digital data from the distribution server 3201 and illegal secondary distribution of the digital data that has been distributed to the user device 3202. As a result, a user device 3202 that is particularly prone to parsing by malicious consumers have the secure information storage means 3212 and the access process control means 3211 that are more or less equipped with a tamper-resistant technology.
However, the aforesaid conventional structure has the following problems.
Since the user device stores the use condition information and the history information of the digital data securely, correlating the information with the user device, when the consumer wishes to change the user device, it is difficult to transfer these information.
Since the distribution server does not recognize digital data once the digital data is distributed, there is no system of redistributing the digital contents, even when the consumer cannot use the distributed contents anymore because, for instance, he broke the user device.
Even though the distribution server stores the information regarding the history of distribution to the user, since the information that identifies the user is pure information such as a user name and payment information, the security level is not very high.
The present invention has been conceived for the aforementioned situations. More specifically, the object of the present invention is to provide a digital data distributions system in which rights information of digital data and history information are administered at the distribution server, and authorization of users is executed using a user device ID.
To achieve the aforementioned object, the digital data distribution system according to the present invention is characterized in that the distribution server has an obtained rights administration database that stores information regarding rights to receive distribution of digital data that each user has obtained, and a history database that stores information regarding digital data that have been distributed to the users in the past.
Further, the digital data distribution control method according to the present invention is characterized in that the distribution front end processes a request for distribution of digital data sent from a user, based on information from the obtained rights administration database and the history database.
Still further, the digital data distribution cancellation method according to the present invention is characterized in that the distribution front end processes a request for canceling the right to digital data distribution sent from a user, based on information from the obtained rights administration database and the history database.
Still further, the digital data distribution system according to the present invention is characterized in that the user device includes the storage media having a media ID that can uniquely identify each storage media, a media ID detecting means for detecting the media ID and sending the media ID to the distribution server, and a media access process control means for executing control of writing the digital data distributed by the distribution server in the storage media that has the designated media ID, and that the distribution server includes an encryption means for encrypting the distributed digital data using a key that is created based on the media ID received from the user device.
Still further, the digital data distribution server according to the present invention is characterized in that the user device includes the media access process control means that sends the media ID of the storage media to the distribution server when the storage of the distributed encrypted digital data in the storage media is successful, and that the distribution server includes the history database that stores the media ID along with information regarding the encrypted digital data, the media ID being received after the encrypted digital data is sent to the user device, and the distribution front end that detects a number of types of media IDs to which digital data have been distributed in the past in response to a request for distribution of digital data from the user, and does not process the request for distribution if the number is greater than a predetermined number.
Still further, the digital data distribution server according to the present invention is characterized in that the user device includes the storage media having more than two different memory regions, at least one of the memory regions being a secure data area that cannot be accessed without an authorization between the storage media and the storage media access means, the storage media having a media ID that can uniquely identify each storage media, a media ID detecting means for detecting the media ID and sending the media ID to the distribution server and a media access process control means for storing encrypted digital data distributed by the distribution server in a memory region that is not the secure data area and storing an encrypted decryption key distributed by the distribution server in the secure data area after decrypting the encrypted decryption key with the media ID, and that the distribution server includes a distributed digital data storage means for storing the encrypted distributed digital data and the encrypted decryption key that decrypts the distributed digital data, an encrypting means for encrypting the decryption key using a key that is created based on the media ID received from the user device, and the digital data distributing means for sending the encrypted digital data and the decryption key that is encrypted with the encrypting means to the user device.
Still further, the digital data distribution server according to the present invention is characterized in that the user device includes the cache storage means that is separate from the storage media, the media access process control means storing the distributed encrypted digital data in the storage media and the cache storage means, and sending the storage location information to the distribution server, and the media access process control means that stores encryption data designated by the storage location information in the memory region which is not the secure data area when storage location information of the encryption digital data stored in the cache storage means is received instead of receiving the encrypted digital data from the distribution server, and that the distribution server includes the history database that stores the storage location information along with information regarding the encrypted digital data, the storage location information being received after the encrypted digital data is sent to the user device, and the distribution front end that refers to the history database in response to a digital data distribution request from a user, the distribution front end directing the digital data distributing means to send storage location information instead of the digital data if the requested digital data is digital data that has been distributed in the past and its storage location information exists.
Still further, the digital data distribution server according to the present invention is characterized in that the user device includes the media access control means that sends a media ID of the storage media if the distributed encrypted digital data is stored in the storage media successfully, and that the distribution server includes the history database that stores the media ID that is received after the encrypted digital data is sent to the user device, along with information regarding the encrypted digital data, and the distribution front end that detects the number of types of media ID to which the digital data of which distribution is requested has been sent in the past in response to the digital data distribution request from the user, the distribution front end not processing the distribution request if the number is greater than a predetermined number.
Still further, the digital data distribution server according to the present invention is characterized in that the distribution server includes a common account database for storing account information of another digital data distribution system the user has joined, an inter-server gateway that communicates with the another digital database distribution system and accesses the another digital data distributions system using account information stored in the common account database when a user whose information is in the common account database accesses the distribution front end, and the distribution front end that checks the common account database when a user accesses the distribution server, the distribution front end obtaining and writing information from and in the user administration database, the digital data administration database, the obtained rights administration database, and the history database of the another digital data distribution system via the inter-server gateway, if the account information under a user ID of the user is stored.
Still further, the digital data distribution server according to the present invention is characterized in that the user device includes a device ID that can uniquely identify each user device and a device ID detecting means for identifying the device ID and sending the device ID to the distribution server, and that the distribution server includes a user administration database that stores user IDs and related account information of the users.
Still further, the digital data distribution control method according to the present invention is characterized in that in response to a request for digital data distribution from a user who is accessing the distribution server, the distribution front end directs the device ID detecting means to identify a device ID, then, the device ID detecting means detects the device ID and sends the device ID to the distribution server, then, the distribution front end checks whether the device ID that has been received is registered in the user device administration database as the corresponding user""s information, and directs the digital distribution means to distribute the requested digital data to the device ID that has been sent if the device ID is registered, then, the digital data distribution means sends the digital data and the device ID to the user device, and then, the media access process control means confirms whether the device ID that has been received is the same as its own device ID, and if it is, directs writing of the digital data in the storage media that is connected to the storage media access means.
Still further, the device information registration method according to the present invention is characterized in that in response to a request for digital data distribution from a user who is accessing the distribution server, the distribution front end directs the device ID detecting means to identify a current device ID, then, the device ID detecting means identifies the device ID and sends to the distribution server, and then, the device ID that the distribution front end received is registered in the user device administration database along with a corresponding user ID.