1. Field of the Invention
The present invention relates to an apparatus for displaying, storing, copying, editing or transferring digital data, and protecting digital data copyrights.
2. Background Art
In the information-oriented society of today, database systems are becoming wide spread in which it is possible to use various types of data, stored independently in each computer in the past, by connecting computers via communication lines.
In such a database system, the information handled up to this point has been conventionally coded information that can be processed by a computer, and that contains a relatively small amount of information and monochrome binary data, such as facsimile information at most. It is not possible to handle data containing a relatively large amount of information, such as data for natural pictures or animation.
With the rapid progress of digital processing technique for various electric signals, a technique is under development for digital processing of picture signals other than binary data, handled only as analog signals in the past.
By digitizing the picture signal, it is possible to handle a picture signal, e.g., a television signal, by a computer. "Multimedia system" is an emerging technology of the future capable of simultaneously handling the data handled by computers and digitized picture data.
Because picture data contains an overwhelmingly large amount of information compared with character data and audio data, it is difficult to store or transfer or process the picture data by computer. For this reason, techniques for compressing or expanding picture data have been developed. Further, several standards for compression/expansion of picture data have been established. For example, the following standards have been established as common standards: JPEG (Joint Photographic image coding Experts Group) standards for still pictures, H.261 standards for video conferences, MPEG1 (Moving Picture image coding Experts Group 1) standards for picture accumulation, and MPEG2 standards for current television broadcasting and high definition television broadcasting. By using these new techniques, it is now possible to transmit digital picture data in real time.
For analog data, which has been widely used in the past, the control of copyrights during processing has not been an important issue because the quality of the analog data deteriorates each time the data is stored, copied, edited, or transferred, the editing of a copyright produced due to the above operation has not been a large problem. However, the quality of digital data does not deteriorate when the data is repeatedly stored, copied, edited, or transferred. Therefore, the management and control of copyrights during processing of digital data is an important issue.
Up to now, there has been no adequate method for management and control of copyrights for digital data. It has been managed and controlled merely by copyright law or by contracts. In copyright law, only compensation for digital sound or picture recording devices has been prescribed.
It is possible not only to refer to the content of a database, but also to effectively utilize the data obtained from the database by storing, copying, or editing the data, and also transferring the edited data to the database with the edited data registered as new data. Further, it is possible to transfer edited data to other persons via a communication link or by a proper recording medium.
In a conventional database system, only character data is handled. However, in multimedia systems, sound data and picture data originally generated as analog data, are digitized and used as part of the database in addition to the other data in the database such as character data.
Under such circumstances, it is an important question to determine how to handle copyrights of the data in the database. However, there are no means in the prior art for copyright management and control of such actions as copying, editing, transferring, etc. of data.
Although data from "Software with advertisement" or "free software" is generally available free of charge, it is copyrighted and its use may be restricted by the copyright depending on the way it is used.
The inventors of the present invention proposed a system for copyright management, wherein a permit key is obtained from a key control center via a public telephone line in Japanese Patent Laid-Open No. 46419/1994 and Japanese Patent Laid-Open No. 141004/1994. Japanese Patent Laid-Open No. 132916/1994 to the same inventors also discusses an apparatus for copyright management. Furthermore, the same inventors proposed a system for managing a copyright of digital data in Japanese Patent Application No. 64889/1994 and Japanese Patent Application No. 237673/1994.
In these systems and apparatus, one who wants to view and listen to encrypted programs requests viewing from a control center via a communications line by using a communication device. The control center sends a permit key to the requester, performs charging and collects a fee.
After receiving the permit key, the requester sends the permit key to a receiver by using an on-line or off-line means. The receiver then decrypts the encrypted programs using the permit key.
The system disclosed in Japanese Patent Application No. 64889/1994 uses a program and copyright information for managing the copyright, in addition to the permit key, so that the copyright for display (including sound processes), storage, copying, editing, or transferring of the digital data in the database system, including real-time transmission of a digital picture, can be managed. The program for managing the copyright watches and manages to prevent a user from using the digital data outside the conditions of the user's request or permission.
Japanese Patent Application No. 64889/1994 further discloses that data is supplied in encrypted form from a database, decrypted by a copyright management program when displayed or edited, and encrypted again when it is stored, copied or transferred. Also, the copyright management program, being encrypted, is decrypted by a permit key. The copyright management program thus decrypted performs encryption and decryption of copyright data, and when data is utilized other than for storage and display, copyright information including information about the user, being stored as a history in addition to the original copyright information, is disclosed.
A general description of cryptography is provided below. Cryptography includes a secret-key cryptosystem and a public-key cryptosystem.
The secret-key cryptosystem is a cryptosystem using the same crypt key for encryption and decryption. While this cryptosystem requires only a short time for encryption or decryption, if the secret-key is found, the cryption may be cryptanalized.
The public-key cryptosystem is a cryptosystem in which a key for encryption is open to the public as a public-key, and a key for decryption is not open to the public. The key for encryption is referred to as a public-key and the key for decryption is referred to as a private-key. To use this cryptosystem, it is necessary that the party transmitting information encrypts the information with the public-key of the party receiving the information. The party receiving the information decrypts the information with a private-key not open to the public. While this cryptosystem requires a relatively long time for encryption or decryption, the private-key cannot easily be found, and it is very difficult to cryptanalyze the cryption.
In cryptography, a case of encrypting a plaintext M with a crypt key K to obtain a cryptogram C is expressed as EQU C=E(K, M)
and a case of decrypting the cryptogram C with the crypt key K to obtain the plaintext M is expressed as EQU M=D(K, C).
The cryptosystem used for the present invention uses a secret-key cryptosystem in which the same secret-key Ks is used for encryption and decryption, and a public-key cryptosystem in which a public-key Kb is used for encryption of plaintext data and a private-key Kv is used for decryption of a cryptogram.
FIG. 1 shows a structure of the data copyright management system disclosed in the Japanese Patent Application No. 237673/1994, in which the apparatus for data copyright management system of the present invention can be used.
In this system, encrypted data is supplied via two-way communication in accordance with a request from the primary user 4.
This system uses the secret-key cryptosystem and the public-key cryptosystem as a cryptosystem.
It will be obvious that this system can be applied when using a satellite broadcast, ground wave broadcast, CATV broadcast or a recording medium other than a database as the data supply means provided with advertisement requiring no charge or encryption.
In this system, reference numeral 1 represents a database, 4 represents a primary user terminal, 5 represents a secondary user terminal, 6 represents a tertiary user terminal, and 7 represents an n-order user terminal. Also, reference numeral 3 represents a copyright management center, 8-10 represent a secondary copyright data, tertiary copyright data, and n-order copyright data, respectively, stored at the copyright management center 3. Reference numeral 2 represents a communication network such as a public telephone line offered by a communication enterprise or a CATV line offered by a cable television enterprise.
In the above arrangement, the database 1, primary user terminal 4, secondary user terminal 5, tertiary user terminal 6, n-order user terminal 7, and copyright management center 3 are connected to the communication network 2. They can also be connected each other.
In FIG. 1, a path shown by a broken line represents a path for encrypted data. A path shown by a solid line represents a path of requests from each user terminal. A path shown by a one-dot chain line represents a path through which a crypt key and authorization information corresponding to a utilization request for data are transferred. A path shown by a two-dot chain line represents a path through which copyright information is transferred from the database or from one data element to a next-order data element within the copyright management center.
Each user who uses this system has previously been entered in the database system and has been provided with database utilization software. The database utilization software includes a program for decrypting an encrypted copyright management program in addition to normal communication software such as data communications protocols.
To use the database 1, a primary user prepares primary-user authentication data Au1, a first public-key Kb1, a first private-key Kv1 corresponding to the first public-key Kb1, a second public-key Kb2, and a second private-key Kv2 corresponding to the second public-key Kb2. The primary user accesses the database 1 from the primary user terminal 4 via the communication network 2.
The database 1, receiving the primary-user authentication data Au1, first public-key Kb1 and second public-key Kb2 from the primary user, confirms the primary-user authentication data Au1 and transfers the confirmed primary-user authentication data Au1 to the copyright management center 3 as the primary user information Iu1.
The database 1 prepares two secret-keys, first secret-key Ks1 and second secret-key Ks2. The second secret-key Ks2 is transferred to the copyright management center 3.
As the result of the above transfer, a permit key corresponding to primary utilization, the primary user information Iu1, original copyright information Ic0 and the second secret-key Ks2 are stored in the copyright management center 3. In this case, the original copyright information Ic0 is used for copyright royalties distribution.
When a primary user who desires data utilization accesses the database 1 from the primary user terminal 4, a data menu is transferred to him. In this case, information for charges may be displayed together with the data menu.
When the data menu is transferred, the primary user retrieves the data menu and selects the data M. In this case, the original copyright information Ic0 of the selected data M is transmitted to the copyright management center 3. The primary user selects permit key Kp1 corresponding to the required form of the usage such as viewing, storing, copying, editing and transferring of data. Permit key Kp1 is also transmitted to the copyright management center 3.
Because viewing and storing of data are the minimum required forms of use for the primary user, these forms of use may be excluded from the choices, thus offering only copying, editing and transferring as choices.
The original data M0 is read out of the database 1 in accordance with a request of the primary user. The read original data M0 is encrypted by the first secret-key Ks1: EQU Cm0ks1=E(Ks1, M0).
The encrypted data Cm0ks1 is provided with the uncrypted original copyright information Ic0.
The first secret-key Ks1 is encrypted by the first public-key Kb1 and the second secret-key Ks2 is encrypted by the second public-key Kb2: EQU Cks1kb1=E(Kb1, Ks1) EQU Cks2kb2=E(Kb2, Ks2)
While the copyright management program P is also encrypted by the second secret-key Ks2: EQU Cpks2=E(Ks2, P),
the copyright management program P may not always be encrypted by the second secret-key Ks2 but it may be encrypted by any other proper crypt key.
The encrypted original data Cm0ks1, encrypted copyright management program Cpks2, and two encrypted secret-keys Cks1kb1 and Cks2kb2 are transferred to the primary user terminal 4 via the communication network 2 and charged, if necessary.
It is possible to store the encrypted copyright management program Cpks2 in means such as in a ROM in the user terminal 4 instead of supplying it from the database 1.
The primary user receiving the encrypted original data Cm0ks1, two encrypted secret-keys Cks1kb1 and Cks2kb2, and encrypted copyright management program Cpks2 from the database 1 decrypts the encrypted first secret-key Cks1kb1 with the database utilization software using the first private-key Kv1 corresponding to the first public-key Kb1: EQU Ks1=D(Kv1, Cks1kb1),
and decrypts the encrypted second secret-key Cks2kb2 using the second private-key Kv2 corresponding to the second public-key Kb2: EQU Ks2=D(Kv2, Cks2kb2).
The primary user decrypts the encrypted copyright management program Cpks2 using the decrypted second secret-key Ks2: EQU P=D(Ks2, Cpks2).
Finally, the primary user decrypts the encrypted data Cm0ks1 by the decrypted copyright management program P using the decrypted first secret-key Ks1: EQU M0=D(Ks1, Cm0ks1)
and uses the decrypted original data M0 directly or data M1 as edited.
As described above, the first private-key Kv1 and second private-key Kv2 are crypt keys prepared by the primary user but not open to others. Therefore, even if a third party obtains the data M, it is impossible to use the encrypted data M by decrypting it.
Thereafter, to store, copy, or transfer the data M as the original data M0 or the edited data M1, it is encrypted and decrypted using the second secret-key Ks2: EQU Cmks2=E(Ks2, M) EQU M=D(Ks2, Cmks2).
The decrypted second secret-key Ks2 is thereafter used as a crypt key for encrypting/decrypting data when storing, copying, or transferring the data.
The first private-key Kv1 and second private-key Kv2, the first secret-key Ks1 and second secret-key Ks2, the data M, the copyright management program P, the original copyright information Ic0 and copyright information Ic1, containing information about the primary user and the editing date and time, are stored in the primary user terminal 4.
Further protection is provided by attaching the copyright information Ic1 to the data as copyright information label, and adding the digital signature.
The encrypted data Cmks2 is encrypted to be distributed. Since the copyright information label provides a clue to obtain the second secret-key Ks2 which is the key for decryption, the second secret key Ks2 cannot be obtained in the case where the copyright information label is removed from the encrypted data Cmks2.
When the encrypted data Cmks2 is stored in the primary user terminal 4, the second secret-key Ks2 is stored in the terminal 4. However, when the encrypted data Cmks2 is not stored in the primary user terminal 4 but is copied to the recording medium 11 or transferred to the secondary user terminal 5 via the communication network 2, the second secret-key Ks2 is disused in order to disable subsequent utilization of the data in the primary user terminal 4.
In this case, it is possible to set a limitation for repetitions of copying or transferring of the data so that the second secret-key Ks2 is not disused within limited repetitions of copying and transferring of the data.
The primary user who is going to copy the data M to the external recording medium 11 or transmit the data M via the communication network 2 must prepare the second secret-key Ks2 to encrypt the data M by this second secret-key Ks2 before copying or transmitting the data: EQU Cmks2=E(Ks2, M).
The uncrypted original copyright information Ic0 and primary-user copyright information Ic1 are added to the encrypted data Cmks2.
Before using a database, a secondary user, similar to the primary user, prepares authentication data Au2 for authenticating the secondary user, a third public-key Kb3, a third private-key Kv3 corresponding to the third public-key Kb3, a fourth public-key Kb4, and a fourth private-key Kv4 corresponding to the fourth public-key Kb4.
The secondary user who desires secondary utilization of the copied or transferred encrypted data Cmks2 must designate the original data name or number to the copyright management center 3 in order to request secondary utilization from the secondary user terminal 5 via the communication network 2. In this time, the secondary user also transfers the third public-key Kb3 and the fourth public-key Kb4, as well as the secondary user authentication data Au2, original copyright information Ic0 and primary user copyright information Ic1.
The copyright management center 3 receiving the secondary utilization request from the secondary user confirms the secondary-user authentication data Au2, and transfers confirmed secondary-user authentication data Au2 to the tertiary copyright data 9 as secondary user information.
When the secondary copyright information Ic1 of the primary user is transferred, the secondary copyright information Ic1 is provided to the secondary copyright data 8, and then, secondary copyright data 8 recognizes the secondary copyright information Ic1 to be transferred to the tertiary copyright data 9.
The secondary user selects permit key Kp2 corresponding to the form of data usage such as viewing, storing, copying, editing and transferring of data. Permit key Kp2 corresponding to the selected usage is sent to the tertiary copyright data 9.
Because viewing and storing of data are the minimum required forms of use for the secondary user, these forms of use may be excluded from the choices, offering only copying, editing and transferring as the choices.
The secondary copyright data 8 prepares a third secret-key Ks3. The prepared third secret-key Ks3 is transferred to and stored in the tertiary copyright data 9.
As the result of the above transfer, the permit key Kp2, primary user copyright information Ic1, primary user information Iu1, original copyright information Ic0, secondary user information Iu2, and third secret-key Ks3 are stored in the tertiary copyright data 9. The permit key Kp2, primary user copyright information Ic1, and primary user information Iu1 are used for copyright royalties distribution.
Hereafter similarly, permit key Kpn corresponding to n-order usage, copyright information for secondary exploitation right Icn-1 of (n-1)-order user, primary user information Iu1, original copyright information Ic0, n-order user information Iun, and n-th secret-key Ksn are stored in n-order copyright data 10.
The permit key Kp2, primary user information Iu1, original copyright information Ic0 and second secret-key Ks2 are read out of the secondary copyright data 8. The original copyright information Ic0 is used for copyright royalties distribution.
The read second secret-key Ks2 and third secret-key Ks3 are encrypted by the third public-key Kb3 and fourth public-key Kb4 of the secondary user respectively: EQU Cks2kb3=E(Kb3, Ks2) EQU Cks3kb4=E(Kb4, Ks3).
The copyright management program P is encrypted by the third secret-key Ks3 : EQU Cpks3=E(Ks3, P).
The encrypted copyright management program Cpks3, encrypted second secret-key Cks2kb3, and encrypted third secret-key Cks3kb4 are transferred to the secondary user terminal 5 via the communication network 2. In this case, charging is performed, if necessary.
The secondary user, receiving two encrypted secret-keys, Cks2kb3 and Cks3kb4, and the encrypted copyright management program Cpks3 from the secondary copyright data 8, and using the database utilization software decrypts the encrypted second secret-key Cks2kb3 by the third private-key Kv3, and decrypts the encrypted third secret-key Cks3kb4 by the fourth private-key Kv4 corresponding to the fourth public-key Kb4: EQU Ks2=D(Kv3, Cks2kb3) EQU Ks3=D(Kv4, Cks3kb4).
The encrypted copyright management program Cpks3 is decrypted by the decrypted third secret-key Ks3: EQU P=D(Ks3, Cpks3).
Then, the encrypted data Cmks2 is decrypted for use by the decrypted second secret-key Ks2 using decrypted copyright management program P: EQU M=D(Ks2, Cmks2).
As described above, the third private-key Kv3 and the fourth private-key Kv4 are prepared by the secondary user but not opened to others. Therefore, even if a third party obtains the encrypted data Cmks2, it is impossible to use the data by decrypting it.
Each user who uses the above-mentioned system must have previously been entered in the database system, and when entered in the system, is provided with database software.
Because the software includes not only normal communication software, such as a data communication protocols but also a program for decrypting a copyright management program by a first crypt-key, protection is necessary.
A first crypt-key K1, a second crypt-key K2, and a copyright management program P are transferred to each user in order to use data M. Each user keeps these keys and the program.
Further, the copyright information label, the user information, the public-key and private-key in the public-key cryptosystem and the program containing the algorithm for generating the secret-key are stored when needed.
For storing them, the simplest means to use is a flexible disk. However, the flexible disk is easy to lose or alter.
A hard disk drive is also subject to loss or alteration of data, though it is more stable than the flexible disk.
Recently, use of an IC card has spread in which an IC element is sealed in a card-like package. Particularly, standardization of a PC card with a microprocessor sealed inside has developed for PCMCIA cards and JEIDA cards.
The data copyright management apparatus proposed by the present inventors in the Japanese Patent application No. 237673/1994 is described in FIG. 2.
The data copyright management unit 15 is configured as a computer system comprising a microprocessor (CPU) 16, a local bus 17 of CPU 16, read only memory (ROM) 18 connected to local bus 17, and write/read memory (RAM) 19, and wherein the local bus 17 is connected to system bus 22 of the microprocessor 21 of the user terminal 20.
Further, a communication unit (COMM) 23 which receives data from an external database and transfers data to the external database; a CD-ROM drive (CDRD) 24 which reads data provided by CD-ROM; a flexible disk drive (FDD) 25 which copies received or edited data to a flexible disk drive to provide the outside with such data, and a hard disc drive (HDD) 26 which stores data are connected to the system bus 22 in the user terminal 20.
As is typical, ROM and RAM or the like are connected to the system bus 22 of the user terminal. However, this is not shown in the figure.
Fixed information, such as software and user data, for utilizing the database is stored in ROM 18 of the data copyright management unit 15. A crypt-key and the copyright management program provided from the key control center or copyright management center are stored in RAM 19.
The process of decryption and re-encryption are performed by the data copyright management unit 15, only the results of which are transferred to the user terminal 20 via the local bus 17 and the system bus 21 of the user terminal.
The data copyright management unit 15 is implemented as monolithic IC, hybrid IC, an expansion board, an IC card, or a PC card.