This invention relates to an information processing device having an access control function for performing control to determine whether access to or by another information processing device is permissible or should be rejected, in order to prevent unauthorized transfer of information. The invention also relates to its control program product and a storage medium for storing information necessary to operate the information processing device.
Digital information instruments such as DVD players, digital VTRs, etc. are being developed over the years, and therefore reproduction or recording of digital animation images can be easily realized at present. Moreover, a VOD (Video On Demand) system, for example, is now being developed for transmitting contents from a video server to an STB (Set Top Box) in accordance with a contract between the provider of the video server and the owner of the STB.
Since digital contents, unlike analog contents, are almost free from degradation in quality when recorded or reproduced, it is possible that original contents will be unauthoritatively copied, and a great amount of resultant unauthorized contents (so-called pirated editions) identical to the original ones will appear in the market. This being so, the owners of the copyright of the original contents may be very cautious in providing their digital contents, which will adversely affect the entire market of digital information instruments.
To avoid the above, information processing devices such as digital information instruments employ a mechanism for preventing unauthorized copying. However, it is possible that such an unauthorized copying prevention mechanism will be breached as a result of development of technology or intentionally breached by a person. In light of this, at present, unauthorized copying of digital contents is prevented by limiting access to or by the information processing devices when transferring information therebetween, as well as the employment of the unauthorized copying prevention mechanism.
For the access control, each information processing device holds an access revocation device list, as an aggregate of access control information, indicating devices which may perform unauthorized actions. When a certain information processing device has issued a request for access to another device, the latter device compares the identification number (ID) of the former device with the information in the list, and determines whether or not the former device is an access permissible one.
The above list can be created as follows.
A single access revocation device list for preventing any unauthorized access that can be expected is created and stored in an information medium which can be read by an information processing device (for example, if the information processing device is a CD-ROM drive, the information medium is a CD-ROM). This list is arranged to be always updated by the provider of the contents, and used to perform access control of all information processing devices.
There is another method, in which a plurality of lists that individually contain access control information items corresponding to respective information processing devices are prepared to constitute, as a whole, an access revocation device list. This list is transmitted in the form of data which can be read by respective devices (if one of the devices is a receiver for receiving a broadcast, the list is transmitted in the form of an electric wave), which enables updating of access control information in each device. This is contrived in consideration of the state, the environment, etc. in which each information processing device is used.
In the first-mentioned method, even a great amount of data can be easily updated. However, access control information cannot be updated for each information processing device.
In light of the above, it is necessary, for all digital devices produced so far and all devices whose unauthorized copying prevention mechanisms are breached, to include, in the objects be subjected to access limitation, information processing devices capable of performing unauthorized operations. Accordingly, the access revocation device list inevitably contains a great amount of information. If the size of the information in the list is limited, it is possible that all necessary access control information will not be stored therein.
On the other hand, in the second-mentioned method, the state of correspondence between information processing devices or the environment, district, etc., in which each device is used, can be taken into consideration. Accordingly, a large-scale list is not necessary for each information processing device, as compared with the first-mentioned method. Since, however, it is necessary to prepare a list for each information processing device, the entire access revocation device list will inevitably become large. If the entire amount of information is limited, only a small amount of access control information must be imparted to each list.
So far as the information processing capacity or storage capacity of each information processing device is limited, the contents of the access control information stored in the access revocation device list must be changed in accordance with the development of new type information processing devices or of techniques for breaching the protection mechanism, irrespective of using the first-mentioned method or the second-mentioned method.
However, there are many cases where the environment in which each information processing device is used, i.e. the relationship between each device and other devices which may access the former, will not change for a long time. In particular, in the case of a personal information processing device (an audio system, a personal computer, etc.), the once set system will not always be exchanged for a new one so quickly. It is also possible that the use of old type devices will continue even after they have stopped being manufactured. On the other hand, it is very possible that the aforementioned relationship will change in the near future.
Accordingly, it is possible that the above-described access control methods will not realize appropriate access control as a result of changes in the access revocation device list or the environment in which the information processing device is used.
Furthermore, the above-described problems in access control may occur where a computer network system, a VOD system, or any other type of information processing devices are connected to each other, in addition to so-called digital information devices such as a DVD recorder/player, a CD-ROM drive, etc. as aforementioned.
It is an object of the invention to provide an information processing device with an access control function, its control program product and a recording medium, which can continue to reject access by a wrong device that may be used at present and in the future, and can update the contents of an access revocation device list.
It is another object of the invention to provide an information processing device with an access control function, its control program product and a recording medium, which can continue to permit access by a correct device that may access it at present and in the future, and can update the contents of an access permission device list.
According to a first aspect of the invention, there is provided an information processing device with an access control function comprising: a first storage section storing at least one access information item that can be updated; a second storage section selectively storing at least one item of the access information, which was stored at least once in the past or is stored at present in the first storage section; a determination section for determining whether access by another information processing device is permissible or should be rejected, on the basis of the access information stored in the first or second storage section; and an access control section for controlling the another information processing device on the basis of a determination result of the determination section.
Preferably, the information processing device according to the first aspect further comprises: a past-accessed object storage section storing, irrespective of a determination result of the determination section, identification information indicating another information processing device access to which or access by which was requested; and an access information adding section for additionally registering, in the second storage section, the access information stored in the first storage section when an accessed object indicated by the identification information stored in the past-accessed object storage section is identical to an accessed object indicated by the access information stored in the first storage section.
According to a second aspect of the invention, there is provided a computer program stored in a computer readable medium, comprising: a code of first storage control means for storing, in a first storage section, at least one access information item that can be updated; a code of second storage control means for selectively storing, in a second storage section, at least one item of the access information, which was stored at least once in the past or is stored at present in the first storage section; a code of determination means for determining whether access by another information processing device is permissible or should be rejected, on the basis of the access information stored in the first or second storage section; and a code of access control means for controlling the another information processing device on the basis of a determination result of the determination section.
According to a third aspect of the invention, there is provided a recording medium that stores information used to determine whether an information processing device can access or cannot access another information processing device, comprising: a first storage section storing a list that includes at least one access information item used to determine whether an information processing device can access or cannot access another information processing device; and a second storage section storing at least one item of the access information, which was included in the list in the past or is included in the list at present.
Additional objects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out hereinafter.