Conventionally, there are terminals for receiving contents data such as music and images via a line, and playing the contents (hereinafter, “contents playing terminal”). Examples of the contents playing terminal include a PC (Personal Computer), an IPTV (Internet Protocol Television), a STB (Set Top Box), and various mobile terminals having a mobile music player installed.
In order to prevent fraudulent use of contents data by a contents playing terminal, the firmware of the contents playing terminal is preferably periodically updated. This is because the firmware includes a secret key for realizing secure communication to safely acquire a decryption key of the contents. That is to say, when secure communication is performed for a long period of time based on the same secret key, etc., in theory, the communication contents are likely to be hacked. Therefore, generally, the firmware of the contents playing terminal is operated to be periodically updated. As a result, the above secret key is updated, and safety of secure communication is continuously ensured.
FIG. 1 is for describing an update function of firmware in a conventional contents playing terminal.
In FIG. 1, a contents playing terminal 510 includes a security chip 511. The security chip 511 includes a firmware update unit 512 and firmware 513 that is the update target, etc.
Furthermore, the contents playing terminal 510 includes, as application programs executed by a CPU outside the security chip 511, a firmware update application 514 and a contents player application 515, etc.
The firmware update application 514 is an application program for downloading firmware from a firmware update service 520, and causing the firmware update unit 512 to execute updating of the firmware 513.
The contents player application 515 is an application program for playing contents data downloaded from a contents distribution service 530, with the use of the firmware 513, etc.
The firmware update service 520 is a service for providing firmware via a network. The firmware update service 520 is generally operated by the manufacturer of the contents playing terminal 510.
The contents distribution service 530 is a service for distributing contents data via a network.
The updating of the firmware 513 of the contents playing terminal 510 described above is executed by, for example, the following procedures.
For example, when an instruction to update the firmware 513 is input, the firmware update application 514 calls the firmware update unit 512 of the security chip 511, and acquires the version number (firmware version number) of the firmware 513 at the present time point (S1)
Next, the firmware update application 514 specifies the acquired firmware version number, and sends a firmware update request to the firmware update service 520 (S2).
The firmware update service 520 compares the firmware version number sent from the firmware update application 514 with the latest firmware version number, and if the former is older, the firmware update service 520 returns data (firmware data) including the latest firmware 513 (S3). Furthermore, regardless of whether the latest firmware is returned, the firmware update service 520 returns the next firmware update date. The next firmware update date is management information for periodically sending a firmware update request, and a date that is a certain period after the present time point is specified as the next firmware update date.
When firmware data is returned from the firmware update service 520, the firmware update application 514 inputs the firmware data in the firmware update unit 512 of the security chip 511, and requests to update the firmware 513 (S4). Furthermore, the firmware update application 514 records the next firmware update date that has been returned in a predetermined non-volatile area.
The firmware update unit 512 updates the firmware 513 inside the security chip 511 based on the input firmware data (S5).
It is detected that the firmware 513 updated as described above needs to be updated, and the detection is reported to the user, as described below.
When an instruction to play contents data is input to the contents player application 515, the contents player application 515 determines whether the present time (terminal time) of the contents playing terminal 510 has reached the next firmware update date. When the terminal time has reached the next firmware update date, an error indicating that the firmware 513 needs to be updated is output.
When the error is output, the playing of the contents data is not executed. Therefore, in order to cause the contents playing terminal 510 to execute the playing of the contents data, the user has to cause the contents playing terminal 510 to execute the process of step S501 and onward.
Patent Document 1: Japanese Laid-Open Patent Publication No. 2008-181228
Patent Document 2: Japanese Laid-Open Patent Publication No. 2005-148840
However, by the above mechanism, the coercive force with respect to the updating of the firmware is very weak.
That is to say, by the above mechanism, the contents player application 515 refuses to play the contents data according to the comparison between the terminal time and the next update date, so that the coercive force with respect to the updating of the firmware 513 is ensured. However, the contents player application 515 is recorded in a storage medium that may be easily altered, compared to a security chip. Therefore, there has been a possibility that the contents player application 515 is altered so that execution of playing of the contents data is possible even if the terminal time has reached the next update date.
Furthermore, the terminal time that is compared with the next firmware update date may be easily changed by the user's operation. Therefore, for example, by returning the terminal time to a past time when playing the contents data, the check mechanism of comparing the terminal time with the next firmware update date may be practically invalidated.
If a clock is provided inside the security chip 510, the time may be prevented from being changed. However, such a security chip 510 will be expensive and unrealistic.