1. Field of the Invention
The present invention relates to a system for managing copyrights in dealing in copyrighted digital data content, i.e., dealing in original digital data content and edited digital data content.
2. Background Art
Because analog data content is deteriorated in quality whenever storing, copying, editing, or transferring it, controlling copyrights associated with these operations has not been a serious problem. However, because digital data content is not deteriorated in quality after repeatedly storing, copying, editing, or transferring it, such controlling copyrights associated with these operation is a serious problem.
Because there has been hitherto no adequate method for controlling a copyright for digital data content, the copyright is handled by the copyright law or contracts. Even in the copyright law, compensation money for a digital-type sound- or picture-recorder is only systematized.
Use of a data content includes not only referring to its contents but also normally effectively using by storing, copying, or editing obtained data content by a user. Moreover, it is possible to transmit data content which is edited by a user to another person via on-line basis by a communication line or via off-line basis using a proper recording medium. Furthermore, it is possible to transmit the edited data content to the database to be registered as new data content. In such a case, the user who has edited the data content may also be an information provider.
Under these circumstances, how to deal in a copyright of data content in a database is a large problem. However, there has not been adequate copyright management means for solving the problem so far, particularly copyright management means completed for secondary utilization such as copying, editing, or transferring of the data content.
The inventor of the present invention proposed a system for managing a copyright by obtaining a permit key from a key control center via a public telephone line in Japanese Patent Laid-Open No. 46419/1994 (GB 2269302A) and Japanese Patent Laid-Open No. 141004/1994 (U.S. Pat. No. 5,504,933) and moreover, proposed an apparatus for managing the copyright in Japanese Patent Laid-Open No. 132916/1994 (GB 2272822A).
Moreover, a copyright management method for primary utilization of digital data content such as display (including process to sound) or storage including real-time transmission of the digital data content in a database system and secondary utilization of the digital data content such as copying, editing, or transferring of the digital data content by further developing the above invention is proposed in Japanese Patent Application No. 64889/1994 (U.S. patent application Ser. No. 08/416,037).
The database copyright management system of the above application in order to manage the copyright, either one or more of a program for managing the copyright, copyright information, and a copyright control message are used in addition to a use permit key corresponding to a requested use, and data content which has been transferred with encryption is decrypted to be used for viewing and editing, and the data content is encrypted again when used for storing, copying and transferring.
The copyright control message is displayed when utilization beyond the range of the user's request or authorized operation is found to give caution or warning to a user and the copyright management program performs monitoring and managing so that utilization beyond the range of the user's request or authorized operation is not performed.
The inventor also proposed in Japanese Patent Laid-open No. 185448/1996, EP publication No. EP 704785A2 (U.S. patent application Ser. No. 08/536,747) a system for specifically implementing a database copyright management system.
The above-mentioned system comprises a key management center that manages a crypt key and a copyright management center that manages the database copyright. According to this system, all of the data content delivered from a database is encrypted by a first crypt key, and a first user who wishes to uses data content directly from the database requests the key management center the key corresponding to the specific usage by presenting information on the first user to the center. In response to the primary usage request from the first user, the key management center transfers the information on the first user to the copyright management center. On receiving the information, the copyright management center transfers this information together with a copyright management program to the key control center. On receiving the copyright management program, the key control center transfers the first crypt key and a second crypt key K2 corresponding to the specific usage together with the copyright management program to the first user via a communication network. On receiving the first crypt key, the first user uses this key to decrypt the data content for usage. The user uses the second crypt key to encrypt and decrypt data content when subsequently storing, copying or transmitting the data content.
If data content is copied to an external record medium or transmitted without being stored, the first and second crypt keys are abandoned. If the first user wishes to use the data content again, the first and second crypt keys are re-delivered to the user from the copyright management center. The re-delivery of the second crypt key indicates a confirmation that the data content has been copied or transferred to a second user, and this is recorded in the copyright management center.
In requesting a secondary usage to the copyright management center, the second user presents the information on the first user and information on the original copyright to the copyright management center. The copyright management center transmits to the second user a permit key corresponding to the specific usage, together with a second crypt key (viewing permit key), a third crypt key (a permit key corresponding to the specific usage), and the copyright management program which have been encrypted.
On the other hand, it is widely practiced to establish LAN (Local Area Network) by connecting computers with each other in offices, organizations, companies, etc. Also, a plurality of networks are connected with each other, and Internet is now organized in global scale, by which a plurality of networks are utilized as if they are a single network.
In LAN used in an organization such as firms, secret information is often stored, which must not be disclosed to outsiders.
For this reason, it is necessary to arrange the secret information in such manner that only a specific group of users can gain access and use such information, and such access is generally placed under control to prevent leakage of secret information to outsiders.
There are roughly two methods to control the access: a method to control access with access permission, and a method to do it by encryption.
The method of access control by access permission is described in U.S. Pat. Nos. 5,173,939, 5,220,604, 5,224,163, 5,315,657, 5,414,772 and 5,438,508, in EP 506435, and in Japanese Patent Laid-Open 169540/1987.
The access control method based on encryption is disclosed in U.S. Pat. Nos. 4,736,422, 5,224,163, 5,400,403, 5,457,746, and 5,584,023, in EP 438154 and EP 506435, and in Japanese Patent Laid-Open 145923/1993. The access control method based on encryption and digital signature is described in U.S. Pat. Nos. 4,919,545 and 5,465,299.
Intranet is now being propagated, in which a plurality of LANs are connected with each other via Internet and these LANs are utilized as if they are a single LAN. In the intranet, information exchange is performed via Internet, which basically provides no guarantee for prevention of piracy, and information is encrypted to prevent the piracy when secret information is exchanged.
The prevention of information piracy during transmission by means of encryption is disclosed in U.S. Pat. Nos. 5,504,818 and 5,515,441, and the use of a plurality of crypt keys is described in U.S. Pat. Nos. 5,504,816, 5,353,351, 5,475,757, and 5,381,480. Also, performing re-encryption is described in U.S. Pat. No. 5,479,514.
When encrypting, management of crypt key including transfer and receipt of crypt key becomes an important issue. Generation of keys by IC card is disclosed in U.S. Pat. No. 5,577,121, and encryption/decryption by IC card is disclosed in U.S. Pat. Nos. 5,347,581 and 5,504,817.
Also, electronic watermark technique is described in EP 649074.
With recent development of computer network system, individual computers, used on stand-alone basis in the past, are connected together through the network system, and database system to commonly share the data is now propagated. Further, distributed object system has been proposed, in which application program or basic software called operating system as well as data is also commonly shared through the network.
In the distributed object system, both data content and software are supplied by a server as an object, which comprises program and data.
In the distributed object system, there are two systems, i.e. a system called object container, in which operating system, application program and data content are provided by a server and data content processing and data content storage are performed by a user terminal unit, which is an ordinary computer, and a system called server object, in which operating system, application program and data content are provided by a server, and data content processing is performed by a user terminal unit called network computer, while data content storage is carried out by a server. A system is further developed, in which data content processing is also performed by the server, and the user terminal unit is provided only with input/output function, and the whole system functions as a single computer.
Further, there is a method of so-called object oriented programming performing various processing by using “object” integrated with data content and program handling data content, instead of general form file consisting of data header and data body.
In object, a storing portion called as “slot” in an envelope called as “instance” accommodates data called as “instance variable”. The slot is surrounded by one or more of procedures called as “method” for referring, processing, binding and so on, and the instance variable can be referred to or operated only via “method”. This function is called as “encapsulation”. Instruction from outside for make the “method” refer to or operate the instance variable is called as “message”.
This means, in another view, the instance variable which is impossible to be referred to or operated without through “method” is protected by the “method”. Then, this can be used for encrypting the “method” and allowing the instance variable to be referred to or operated only by “message” which can decrypt the encrypted “method”.
In this case also, similarly to the case of data having general file form, since if entire “method” is encrypted, it is impossible to utilize “object”, a part of the “method” is not encrypted.
Another form of the network system called “license network” as rental network system, is considered. In this system, an enterprise providing network base such as communication lines also provides the systems other than communication lines such as fee charging system, security system, copyright management system, certification system, etc. And a service enterprise utilizes these services and carries out network business as if it is his own system.
Then, basic encryption-related technique used in the present invention will be described below.
Crypt Key
Secret-key system is also called “common key system” because the same key is used for encryption and decryption, and because it is necessary to keep the key in secret, it is also called “secret-key system”. Typical examples of encryption algorithm using secret-key are: DES (Data Encryption Standard) system of National Bureau of Standards, FEAL (Fast Encryption Algorithm) system of NTT, and MISTY system of Mitsubishi Electric Corp. In the embodiments described below, the secret-key is referred as “Ks”.
In contrast, the public-key system is a cryptosystem using a public-key being made public and a private-key, which is maintained in secret to those other than the owner of the key. One key is used for encryption and the other key is used for decryption. Typical example is RSA public-key system. In this specification, the public-key is referred as “Kb”, and the private-key is referred as “Kv”.
Here, the operation to encrypt data content, a plain text material M to a cryptogram Cmks using a secret-key Ks is expressed as:Cmks=E(M,Ks).The operation to decrypt the cryptogram Cmks to the plain text data content M using a crypt key Ks is expressed as:M=D(Cmks,Ks).
Also, the operation to encrypt the plain text data content M to a cryptogram Cmkb using a public key Kb is expressed as:Cmkb=E(M,Kb).The operation to decrypt the cryptogram Cmkb to the plain text data content M using a private-key Kv is expressed as:M=D(Cmkv,Kv).The operation to encrypt the plain text data content M to a cryptogram Cmkv using a private-key Kv is expressed as:Cmkv=E(M,Kv),and the operation to decrypt the cryptogram Cmkv to the plain text data content M using the public-key Kb is expressed as:M=D(Cmkb,Kb).
The encryption technique is the means to exclude illegitimate use of data content, but perfect operation is not guaranteed. Thus, the possibility of illegitimate use of data content cannot be completely excluded.
On the other hand, electronic watermark technique cannot exclude the possibility of illegitimate use, but if illegitimate use is detected, it is possible to check the illegitimate use by verifying the content of electronic watermark, and there are a number of methods in this technique. These methods are described in Nikkei Electronics, No.683, 1997-2-24, pp.99-124, “‘Digital watermark’ to help stop to use illegal proprietary digital works in the multimedia age”. Also, description is given on this technique by Walter Bender et al., “Introducing data-hiding technology to support digital watermark for protecting copyrights”, IBM System Journal, vol. 35, Nos. 3 & 4, International Business Machines Corporation.