The present invention relates to a data transfer system, a data transfer apparatus, a data recording apparatus, an edit controlling method, and a data processing method for transferring and recording content data such as music data.
There exists a scheme involving a hard disc drive (HDD) of a personal computer used as a primary storage medium on which to record content data such as music data, the recorded content data being subsequently transferred and recorded to another storage medium (i.e., secondary storage medium) from which the recordings such as music are eventually reproduced for enjoyment. The content data in this context refer to those distributed, transferred and/or used primarily as music data, video data, game data, and computer software.
Under the scheme above, the HDD may accommodate content data such as music data reproduced from package media including CD-DAs (Compact Disc Digital Audio) and DVDs (Digital Versatile Disc), or content data downloaded from external music servers via a communication network to which the personal computer is connected. A user may connect a secondary storage medium recording apparatus to the personal computer in order to copy or move content data from the HDD to the secondary storage medium through the attached apparatus. The user may utilize a suitable player compatible with the secondary storage medium to reproduce the content data such as music from the medium loaded in the player.
The secondary storage medium may be any one of diverse memories including memory cards based on semiconductor memories such as flash memories, magneto-optical discs (e.g., Mini-disc), CD-Rs (CD Recordable), CD-RWs (CD Rewritable), DVD-RAMs, DVD-Rs, and DVD-RWs.
Recorders and players serving as recording and reproducing apparatuses compatible with these storage media have gained widespread acceptance today. The apparatuses come in various forms and types including desk-top and portable types. Users may choose any of such apparatuses for content data recording and reproduction depending on their taste and the hardware they already possess.
Where content data are used and enjoyed under the above scheme or in similar styles, the copyright of the content data must be given due consideration. Illustratively, users may accumulate on their HDD the content data acquired from content data distribution services or from separately purchased package media and may copy the accumulated data unlimitedly to secondary storage media. In such cases, the interests of the copyright holders regarding the content date may not be adequately protected. A number of proposals have been submitted to prevent such potential or existing abuses with various technical arrangements and data processing rules for protecting content data in the form of digital data. One such proposal is called the SDMI (Secure Digital Music Initiative).
Data paths stipulated by the SDMI will be described later. The SDMI provides rules governing legitimate transfer and recording of content data from the primary storage medium (i.e., HDD in the personal computer) to secondary storage media with protection of copyrights and general users' benefits (i.e., right to copy for personal use) taken into account. The content data accumulated on the HDD fall into two broad categories: content data distributed illustratively from external servers over a network (called network contents hereunder), and content data reproduced and read from package media such as CD-ROMS, CD-DAs and DVDs loaded in a suitable disc drive incorporated in or externally attached to the personal computer.
The SDMI stipulates technical specifics that need to be complied with for copyright protection and protection of the right to copy for private use before the content data of interest can be transferred and copied from the primary storage medium (i.e., HDD) to a secondary storage medium (e.g., a Mini-disc or a memory card). Some of these specifics are discussed below.
Under the SDMI, content data are transferred from the primary storage medium to an SDMI-compliant secondary storage medium such as memory cards based on semiconductor memories including flash memories. Content data are recorded in encrypted form on the secondary storage medium. Because the content data are recorded to and accumulated on the primary storage medium such as the HDD in encrypted fashion in an SDMI setup, the data are copied unchanged (i.e., as encrypted) from there to the secondary storage medium. A reproducing apparatus into which the secondary storage medium is loaded for playback is equipped with a decrypting function that allows the copied content data to be reproduced from their encrypted state.
Each SDMI-compliant secondary storage medium is arranged to possess as part of its format an area on which to record content IDs identifying content data recorded on the medium. A content ID is generated for each content data item accumulated on the primary storage medium (HDD) in its host apparatus, and each content ID is stored on the medium in association with the applicable content data item. When a given content data item is copied to the secondary storage medium, the content ID corresponding to the content data item in question is also recorded to the secondary storage medium.
The content ID is used for what may be called content right management on both the primary storage medium side and the secondary storage medium side. On the primary storage medium side, the content right refers to the right to transfer (i.e., copy) content data to the secondary storage medium; on the secondary storage medium side, the content right signifies the right to reproduce copied content data. In the description that follows, transfer of content data (transfer of rights) from the primary storage medium to the secondary storage medium will be called “check-out,” and return of content data (actually return of rights) from the secondary storage medium to the primary storage medium will be referred to as “check-in.”
The SDMI stipulates usage rules over check-out and check-in transfers. For example, a single content data item is allowed to be checked out of the primary storage medium to the secondary storage medium up to three times (i.e., there are three transfer rights). Once checked out of the primary storage medium, the content data item has one of its rights transferred to the secondary storage medium side. That is, the content data item in question has two transfer rights left on the primary storage medium side; in turn, the secondary storage medium side gains a reproduction right to the content. If a content data item is checked in from the secondary storage medium to the primary storage medium, the right to the content data is considered returned. That is, the secondary storage medium side loses the reproduction right to the returned content data, while the primary storage medium side restores one transfer right to the content data in question.
Such check-in/check-out management is carried out on each content data item using the applicable content ID. Upon check-out, the content data item of interest and its content ID are recorded to the secondary storage medium. This enables the secondary storage medium side to reproduce the content data in question (i.e., the reproduction right is obtained). On the primary storage medium side, one of the transfer rights to the content data is reduced (i.e., one content ID is considered transferred) under the usage rules. Upon check-in, the content data item is not actually returned but is erased from the secondary storage medium. On the primary storage medium side, one content ID is considered returned and one transfer right is added to the content data in question under the usage rules; the secondary storage medium side loses the reproduction right to the erased content data item.
SDMI-compliant secondary storage media are subject to content right management in the manner outlined above when content data are checked in and checked out so as to be copied and recorded in their encrypted format. Such management is intended to provide for copyright protection by preventing unrestrained duplication of content data while ensuring users' right to copy for private use.
Content data that are downloaded illustratively from external servers to the HDD acting as the primary storage medium are encrypted using content keys CK. For purposes of description in this specification, the content data recorded in encrypted format on the HDD are assumed to be content data A3D compressed as per ATRAC3 standards (or by any other suitable compression scheme) using content keys CK.
In this specification, a data item y encrypted with a key x is expressed as E(x, y). When the encrypted data item E(x, y) is decrypted using the key x, the decrypted data item is expressed as D{x, E(x, y)}. For example, if ATRAC3-compressed data are denoted by A3D as mentioned above, then the content data A3D encrypted with a content key KC are expressed as E(CK, A3D). When the encrypted data (ECK, A3D) are decrypted using the key CK, the decrypted data are expressed as D{CK, E(CK, A3D)}.
On the HDD serving as the primary storage medium, encrypted content data E(CK, A3D) are stored along with the content key CK that is encrypted using a root key KR (i.e., E(KR, CK)). Illustratively, the encrypted content key E(KR, CK) is downloaded from an external server along with the encrypted content data E(CK, A3D). For content data transfer to the secondary storage medium, the encrypted content data E(CK, A3D) and the encrypted content key E(KR, CK) are transmitted from the HDD acting as the primary storage medium.
An apparatus on the side of the secondary storage medium is assumed to possess the root key KR. Using the root key KR, the apparatus decrypts the content key CK and proceeds to decrypt the encrypted content data by resorting to the decrypted content key CK.
The root key KR may be varied at the discretion of copyright holders and/or depending on the circumstances. It is possible to establish a different root key KR for each different content data item. As will be described later in detail, the SDMI stipulates a function for restricting destinations of distributed content data through appropriate processing of root keys KR.
For the destination-restricting function to be enabled in a preferred setup, data called EKB (enabling key block) are distributed to destination terminals, so that the legitimate terminals for which content data are destined can verify the root key using the EKB. In that setup, the EKB is distributed from the server for storage onto the HDD along with the encrypted content data and encrypted content key.
Suppose now that the Mini-disc, a magneto-optical disc having gained widespread acceptance today, is used as the secondary storage medium. An SDMI-compliant Mini-disc recording apparatus records checked-out content data in their encrypted state E(CK, A3D) to the Mini-disc loaded therein. At the time of reproduction, an SDMI-compliant Mini-disc player first acquires ATRAC3 data (A3D) from the loaded disc through a decryption process D{CK, E(CK, A3D)}=A3D before suitably decoding the data for reproduction and output of music or other sources represented by the data.
Mini-disc systems in general use today are not designed to record encrypted data on the Mini-disc. That is, these Mini-disc systems have no decryption function when operating as Mini-disc players. As a result, even if content data are recorded to a Mini-disc by the SDMI-compliant Mini-disc recording apparatus, the content data cannot be reproduced from that disc by many SDMI-noncompliant Mini-disc players. There is no compatibility in terms of data reproduction between the two types of apparatuses. This poses significant constraints on the legitimate use of SDMI content data purchased by general users and can seriously degrade the value of and the degree of satisfaction for SDMI content providing services in the eyes of general users.
The problem above may be circumvented illustratively by decrypting SDMI content data before they are transferred to an SDMI-noncompliant Mini-disc recording apparatus so that a copy of the data may be recorded in decrypted format on the Mini-disc or any other suitable secondary storage medium. However, this measure can encourage unrestrained copying of content data resulting in illegal duplication practices. That will defeat the initial purpose of the SDMI of protecting copyrights.
As one way of transferring content data, this applicant proposed previously the following method: upon transfer of content data, a data transfer apparatus (incorporating the primary storage medium) authenticates a data recording apparatus (handling the secondary storage medium) that serves as the destination of the transfer. The data transfer apparatus authorizes transfer of the content data on condition that the data recording apparatus is authenticated and that the content provider involved (e.g., copyright holder) gives his or her permission. The content data are then transferred in encrypted format over transmission lines. The transferred content data are decrypted by and recorded to the secondary storage medium. The proposed method was intended to tolerate unencrypted copies of content data for users' benefits while ensuring copyright protection.
The above method proposed by this applicant has turned out to have the following disadvantage: as the secondary storage medium, the Mini-disc having gained widespread acceptance today is incapable of recording content IDs when SDMI content data are to be checked in or checked out. The Mini-disc has no area in which to record content IDs, and the Mini-disc recorders marketed so far have no function for managing content IDs.
It is possible to establish a new area for accommodating content IDs illustratively in the control region (U-TOC) on the Mini-disc. Even so, once the U-TOC is updated through recording or editing by the Mini-disc recorder, all content IDs recorded in the newly allocated area are lost. Content IDs cannot be managed on the side of the Mini-disc while compatibility with the existing devices is maintained for users' benefits. The inability to manage content IDs signifies the failure to control check-in transfers among others.
On the side of the secondary storage medium such as the Mini-disc, it is possible to generate a content ID illustratively based on the content data item itself to be identified by that content ID. The trouble is that the process takes time because of the need to do seeks on the disc to read part of the content data in question. Such content IDs, even if generated on the side of the secondary storage medium, are unusable for management purposes because they do not coincide with the content IDs on the primary storage medium side.
Furthermore, the Mini-disc or like storage medium permits diverse kinds of editing on the content data recorded thereon. As is well known, the Mini-disc allows its recorded content data items (generally called tracks that are units of data representing music or other sources) to be divided, combined, erased, or moved (track number movement).
If content data checked out of the HDD to the Mini-disc are divided, combined or otherwise edited, they will become different from the original content data held on the HDD. This obviously thwarts the check-in function whereby the reproduction right to content data would be restored upon return of the original content data from the secondary storage medium to the primary storage medium. If content IDs are to be generated based on the corresponding content data, then dividing, combining, or otherwise editing the content will result in different content IDs that should be generated. As an additional matter to be considered, regardless of check-out transfers, the Mini-disc may also carry a specific content that may be recorded by each recording apparatus handling the disc in question.
Under these circumstances where users utilize the Mini-disc or other recordable or editable storage medium as per the SDMI standards without recourse to an SDMI-compliant system, there are obstacles to be cleared before consistency can be achieved between the ordinary procedure of recording or editing on the one hand, and check-out and check-in transfers under the SDMI scheme on the other hand.