Data providing system, device, and method
First Claim
1. A data providing system for distributing content data from a data providing apparatus to a data processing apparatus, whereinsaid data providing apparatus distributes a module storing the content data encrypted by using content key data, encrypted content key data, and an encrypted usage control policy data indicating handling of said content data to said data processing apparatus andsaid data processing apparatus decrypts said content key data and said usage control policy data stored in said distributed module and determines the handling of said content data based on the related decrypted usage control policy data,wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus,wherein a management apparatus manages said data providing apparatus and said data processing apparatus,wherein said data providing apparatus sends said usage control policy data and requests said management apparatus to certify legitimacy of said usage control policy data and said management apparatus registers and services said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
A content provider 101 distributes a secure container 104 storing content data encrypted using content key data, content key data encrypted using distribution key data, and encrypted usage control policy data indicating the handling of the content data to a SAM 1051 of a user home network 103 etc. The SAM 1051 etc. decrypts the content data and usage control policy data stored in the secure container 104 and determines the purchase mode and usage mode and other handling of the content data based on said decrypted usage control policy data.
273 Citations
125 Claims
-
1. A data providing system for distributing content data from a data providing apparatus to a data processing apparatus, wherein
said data providing apparatus distributes a module storing the content data encrypted by using content key data, encrypted content key data, and an encrypted usage control policy data indicating handling of said content data to said data processing apparatus and said data processing apparatus decrypts said content key data and said usage control policy data stored in said distributed module and determines the handling of said content data based on the related decrypted usage control policy data, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein a management apparatus manages said data providing apparatus and said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests said management apparatus to certify legitimacy of said usage control policy data and said management apparatus registers and services said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
16. A data providing system comprising:
-
a data providing apparatus that provides a first module storing content data encrypted by using content key data, encrypted content key data, and encrypted usage control policy data indicating the handling of said content data to said data distribution apparatus, a data distribution apparatus that distributes a second module storing said encrypted content data, content key data, and usage control policy data stored in said provided first module to said data processing apparatus, a data processing apparatus that decrypts said content key data and said usage control policy data stored in said distributed second module and determines the handling of said content data based on the related decrypted usage control policy data, and a management apparatus that manages said data providing apparatus and said data processing apparatus, wherein said data distribution apparatus performs mutual authentication with said data processing apparatus, encrypts said second module using session key data obtained by said mutual authentication, and transmits said encrypted second module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A data providing system comprising:
-
a data providing apparatus that provides a first module storing content data encrypted by using content key data, encrypted content key data, and encrypted usage control policy data indicating the handling of said content data to said plurality of data distribution apparatuses, a first data distribution apparatus that distributes the second module storing said encrypted content data, content key data, and usage control policy data stored in said provided first module to said data processing apparatus, a second data distribution apparatus that distributes a third module storing said encrypted content data, content key data, and usage control policy data stored in said provided first module to said data processing apparatus, a data processing apparatus that decrypts said content key data and said usage control policy data stored in said distributed second module and said third module and determines the handling of said content data based on the related decrypted usage control policy data, and a management apparatus that manages said data providing apparatus and said data processing apparatus, wherein said data distribution apparatus performs mutual authentication with said data processing apparatus, encrypts said second module using session key data obtained by said mutual authentication, and transmits said encrypted second module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
-
37. A data providing system comprising:
-
a first data providing apparatus that provides a first module storing first content data encrypted by using first content key data, encrypted first content key data, and encrypted first usage control policy data indicating the handling of said first content data to said data distribution apparatus, a second data providing apparatus that provides a second module storing second content data encrypted by using second content key data, encrypted second content key data, and encrypted second usage control policy data indicating the handling of said second content data to said data distribution apparatus, a data distribution apparatus that distributes a third module storing said encrypted first content data, said first content key data, and said first usage control policy data stored in said provided first module and said encrypted second content data, said second content key data, and said second usage control policy data stored in said provided second module to said data processing apparatus, a data processing apparatus that decrypts said first content key data and said first usage control policy data stored in said distributed third module, determines the handling of said first content data based on the related decrypted first usage control policy data, decrypts said second content key data and said second usage control policy data stored in said distributed third module, and determines the handling of said second content data based on the related decrypted second usage control policy data, and a management apparatus that manages said first data providing apparatus and said data processing apparatus, wherein said data distribution apparatus performs mutual authentication with said data processing apparatus, encrypts said second module using session key data obtained by said mutual authentication, and transmits said encrypted second module to said data processing apparatus, wherein said first data providing apparatus sends said first usage control policy data and requests to said management apparatus to certify legitimacy of said first usage control policy data, and wherein said management apparatus registers and serves said first usage control policy data from said first data providing apparatus, and certifies the legitimacy of said first usage control policy data in response to a request from said first data providing apparatus.
-
-
38. A data providing system comprising:
-
a data providing apparatus that distributes content data and usage control policy data indicating the handling of the related content data to said data processing apparatus, a data processing apparatus that determines at least one of a purchase mode and a usage mode of said distributed content data based on said distributed usage control policy data and transmits log data indicating the log of at least one of the related determined purchase mode and usage mode to said management apparatus, and a management apparatus that manages said data providing apparatus and said data processing apparatus and performs profit distribution processing for distributing the profit obtained accompanied with said purchase and said usage of said content data in said data processing apparatus to related parties of said data providing apparatus based on received log data, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A data providing system comprising:
-
a data providing apparatus that provides content data and usage control policy data indicating the handling of the related content data to said data distribution apparatus, a data distribution apparatus that distributes said provided content data and said usage control policy data to said data processing apparatus, a data processing apparatus that has a first module for communicating with said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, and a management apparatus that manages the data providing apparatus, data distribution apparatus, and data processing apparatus and performs profit distribution processing for distributing the profit obtained accompanied with said data processing apparatus receiving said distribution of said content data and purchasing and using said content data to related parties of said data providing apparatus and said data distribution apparatus based on said log data received from said second module, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67)
-
-
68. A data providing system comprising:
-
a data providing apparatus that provides content data and usage control policy data indicating the handling of the related content data to said data distribution apparatus, a data distribution apparatus that distributes said provided content data and said usage control policy data to said data processing apparatus and performs charge processing concerning the distribution of said content data based on a data distribution apparatus use purchase log data received from said data processing apparatus, a data processing apparatus that has a first module for creating the data distribution apparatus use purchase log data indicating the log of the purchase of said content data distributed from said data distribution apparatus and transmitting the same to said data distribution apparatus and a second module for determining at least one of the purchase mode and the usage mode of said distributed content data based on said distributed usage control policy data and transmitting a management apparatus use log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, and a management apparatus that performs profit distribution processing for distributing the profit obtained accompanied with said purchase and said usage of said content data in said data processing apparatus to related parties of said data providing apparatus and said data distribution apparatus based on said management apparatus use log data, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
-
69. A data processing apparatus for receiving the distribution of content data and usage control policy data indicating the handling of the related content data from a data providing apparatus via a data distribution apparatus and transmitting said log data to a management apparatus for performing profit distribution processing for distributing the profit obtained accompanied with the purchase and usage of the related distributed content data to related parties of said data providing apparatus and said data distribution apparatus based on said management apparatus use log data, said data processing apparatus comprising,
a first module for creating data distribution apparatus use purchase log data indicating the log of the purchase of said content data distributed from said data distribution apparatus and transmitting the same to said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting said management apparatus use log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
70. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data processing apparatus uses said distributed content data, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies the data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and wherein said data providing apparatus, said data distribution apparatus, and said data processing apparatus acquire said their own public key certificate data from said management apparatus before communicating with the other apparatus and transmit the related acquired public key certificate data to said other apparatus wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus.
-
71. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data processing apparatus uses said distributed content data, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates the signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and wherein said data providing apparatus, said data distribution apparatus, and said data processing apparatus acquire their own public key certificate data from said management apparatus before communicating with the other apparatus and transmit the related acquired public key certificate data to said other apparatus at said communication.
-
72. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data processing apparatus uses said distributed content data, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data and thereby to restrict said communication or said distribution using public key certificate data specified by said public key certificate revocation list by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus. - View Dependent Claims (73)
-
-
74. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data providing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data providing apparatus providing said distributed content data is invalid based on said public key certificate revocation list distributed from said management apparatus and controls the usage of said distributed content data based on the result of the related verification wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus. - View Dependent Claims (75, 76)
-
-
77. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data providing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and said data distribution apparatus verifies whether or not public key certificate data of said data providing apparatus providing said provided content data is invalid based on said public key certificate revocation list distributed from said management apparatus, and controls the distribution of said provided content data to said data processing apparatus based on the result of the related verification wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus.
-
-
78. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus verifies whether or not public key certificate data of the data distribution apparatus of the destination of provision of the content data is invalid and controls the provision of said content data to said data distribution apparatus based on the result of the related verification, said data distribution apparatus distributes said provided content data to said data processing apparatus, and said data processing apparatus uses said distributed content data wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus.
-
-
79. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said distributed public key certificate revocation list to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus. - View Dependent Claims (80, 81, 82, 83)
-
-
84. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus.
-
-
85. A data providing system comprising a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data distribution apparatus distributes said provided content data and public key certificate revocation list to said data processing apparatus said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification.
-
-
86. A data providing system comprising a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when a data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data processing apparatuses for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data and public key certificate revocation list to said data processing apparatuses, and said data processing apparatuses verify whether or not public key certificate data of said other data processing apparatuses are invalid based on the public key certificate revocation list distributed from said data distribution apparatus and control the communication with other data processing apparatuses based on the result of the related verification. - View Dependent Claims (87, 88)
-
-
89. A data providing system comprising a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when a data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data processing apparatuses for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data and said distributed public key certificate revocation list to said data processing apparatuses, and said data processing apparatuses verify whether or not public key certificate data of other data processing apparatuses are invalid based on the public key certificate revocation list distributed from said data distribution apparatus, and control the communication with other data processing apparatuses based on the result of the related verification. - View Dependent Claims (90, 91)
-
-
92. A data providing system comprising a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus, wherein:
-
a data processing apparatus supplies registration data, indicating an already registered data processing apparatus connected in a predetermined network to which is connected, to said management apparatus, refers to a revocation flag in registration data supplied from said management apparatus and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the revocation flag, said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to secret key data for when a data processing apparatus generates signature data indicating legitimacy of data using its own secret key data when supplying data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, stores the related public key certificate revocation list, generates new registration data by setting said revocation flag in said registration data supplied from data processing apparatuses based on the related public key certificate revocation list, distributes the related generated registration data to said data processing apparatuses, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said data distribution apparatus distributes said provided content data to said data processing apparatuses.
-
-
93. A data providing system comprising a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to said secret key data for when a data processing apparatus generates signature data indicating the legitimacy of data by using its own secret key data when supplying the related data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said public key certificate revocation list to said data processing apparatuses, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and a data processing apparatus sets a revocation flag in registration data indicating an already registered data processing apparatus connected in a predetermined network to which it is connected based on said distributed public key certificate revocation list and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the related revocation flag.
-
-
94. A data providing system comprising a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to secret key data for when a data processing apparatus generates signature data indicating the legitimacy of the data by using its own secret key data when supplying the related data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said public key certificate revocation list to said data processing apparatuses, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and a data processing apparatus sets a revocation flag in registration data indicating an already registered data processing apparatus connected in a predetermined network to which it is connected based on said distributed public key certificate revocation list and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the related revocation flag.
-
-
95. A data providing system comprising:
-
a data providing apparatus that provides content data and usage control policy data indicating the handling of the related content data to said data distribution apparatus, a data distribution apparatus that distributes said provided content data and said usage control policy data to said data processing apparatus, a data processing apparatus that has a first module for communicating with said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, a management apparatus that manages the data providing apparatus, data distribution apparatus, and data processing apparatus and has a settlement function for performing profit distribution processing for distributing the profit obtained accompanied with said data processing apparatus receiving distribution of said content data and purchasing and using said content data to related parties of said data providing apparatus and said data distribution apparatus based on said log data received from said second module and performing settlement based on the result of the related profit distribution processing and a right management function for registering said usage control policy data, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus. - View Dependent Claims (96, 97)
-
-
98. A data providing system comprising:
-
a data providing apparatus that provides content data and usage control, policy data indicating the handling of the related content data to said data distribution apparatus, a data distribution apparatus that has a charging function for performing settlement processing by using settlement claim data distributed from said management apparatus and distributes said provided content data and said usage control policy data to said data processing apparatus, a data processing apparatus that has a first module for communicating with said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, a management apparatus that manages the data providing apparatus, data distribution apparatus, and data processing apparatus and has a settlement claim data creation function for performing profit distribution processing for distributing the profit obtained accompanied with said data processing apparatus receiving distribution of said content data and purchasing and using said content data to related parties of said data providing apparatus and said data distribution apparatus based on said log data received from said second module, creating settlement claim data used when performing settlement based on the result of the related profit distribution processing, and supplying the same to said data distribution apparatus and a right management function for registering said usage control policy data, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
-
99. A data providing system comprising:
-
a data providing apparatus that has a charging function for performing settlement processing by using settlement claim data distributed from said management apparatus and provides content data and usage control policy data indicating the handling of the related content data to said data distribution apparatus, a data distribution apparatus that distributes said provided content data and said usage control policy data to said data processing apparatus, a data processing apparatus that has a first module for communicating with said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, a management apparatus that manages the data providing apparatus, data distribution apparatus, and data processing apparatus and has a settlement claim data creation function for performing profit distribution processing for distributing the profit obtained accompanied with said data processing apparatus receiving said distribution of said content data and purchasing and using said content data to related parties of said data providing apparatus and said data distribution apparatus based on said log data received from said second module, creating settlement claim data used when performing settlement based on the result of the related profit distribution processing, and distributing the same to said data providing apparatus and a right management function for registering said usage control policy data, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus wherein said data providing apparatus sends said usage control policy data and requests to said management apparatus to certify legitimacy of said usage control policy data, and wherein said management apparatus registers and serves said usage control policy data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus.
-
-
100. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus comprising the steps of:
-
providing content data and usage control policy data indicating the handling of the related content data from said data providing apparatus to said data distribution apparatus, performing mutual authentication with said data processing apparatus, encrypting said module using session key data obtained by said mutual authentication, and transmitting said encrypted module to said data processing apparatus, distributing said content data and said usage control policy data provided from said data distribution apparatus to said data processing apparatus to said data processing apparatus, generating data distribution apparatus use purchase log data indicating the log of the purchase of said content data distributed from said data distribution apparatus and transmitting the same to said data distribution apparatus, determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data, and transmitting management apparatus use log data indicating the log of the related determined purchase mode and usage mode to said management apparatus at said data processing apparatus, distributing the profit obtained accompanied with said purchase and said usage of said content data in said data processing apparatus to related parties of said data providing apparatus and said data distribution apparatus based on said management apparatus use log data at said management apparatus, registering and serving said usage control policy data from said data providing apparatus, certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and performing charging processing concerning the distribution of said content data based on the data distribution apparatus use purchase log data received from said data processing apparatus at said data distribution apparatus.
-
-
101. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said data processing apparatus manages the operation of a data provision service by said data providing apparatus, data distribution apparatus, and data processing apparatus, and said management apparatus manages operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and wherein the transmission of data among said data providing apparatus, said data distribution apparatus, said data processing apparatus, and said management apparatus is carried out by using mutual authentication using a public key encryption method, signature creation, signature verification, and encryption of data by a common key encryption method.
-
102. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein
said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data processing apparatus uses said distributed content data, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies the data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and wherein said data providing apparatus, said data distribution apparatus, and said data processing apparatus acquire said their own public key certificate data from said management apparatus before communicating with the other apparatus and transmit the related acquired public key certificate data to said other apparatus.
-
103. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data processing apparatus uses said distributed content data, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates the signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and wherein said data providing apparatus, said data distribution apparatus, and said data processing apparatus acquire their own public key certificate data from said management apparatus when communicating with the other apparatus and transmit the related acquired public key certificate data to said other apparatus at said communication.
-
104. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data processing apparatus uses said distributed content data, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by itself by using its own secret key data when each of said data providing apparatus, said data distribution apparatus, and said data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus, said data distribution apparatus, and said data processing apparatus when the legitimacy of the signature data corresponding to the data is verified by using the public key data of the related other apparatus when receiving the supply of the related data from the other apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data and thereby to restrict said communication or said distribution using public key certificate data specified by said public key certificate revocation list by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus. - View Dependent Claims (105)
-
-
106. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data providing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data providing apparatus providing said distributed content data is invalid based on said public key certificate revocation list distributed from said management apparatus and controls the usage of said distributed content data based on the result of the related verification. - View Dependent Claims (107, 108)
-
-
109. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data providing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data providing apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said data distribution apparatus verifies whether or not public key certificate data of said data providing apparatus providing said provided content data is invalid based on said public key certificate revocation list distributed from said management apparatus, and controls the distribution of said provided content data to said data processing apparatus based on the result of the related verification.
-
-
110. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, wherein said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus verifies whether or not public key certificate data of the data distribution apparatus of the destination of provision of the content data is invalid and controls the provision of said content data to said data distribution apparatus based on the result of the related verification, said data distribution apparatus distributes said provided content data to said data processing apparatus, and said data processing apparatus uses said distributed content data.
-
-
111. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data and said distributed public key certificate revocation list to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification. - View Dependent Claims (112, 113)
-
-
114. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification.
-
-
115. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatus, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when said data distribution apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data distribution apparatus for when another apparatus verifies the legitimacy of the related signature data by using public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data distribution apparatus distributes said provided content data and public key certificate revocation list to said data processing apparatus, and said data processing apparatus verifies whether or not public key certificate data of said data distribution apparatus distributing said distributed content data is invalid based on said distributed public key certificate revocation list and controls the usage of said distributed content data based on the result of the related verification.
-
-
116. A data providing method using a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when a data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data processing apparatuses for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data distribution apparatus distributes said provided content data and public key certificate revocation list to said data processing apparatuses, and said data processing apparatuses verify whether or not public key certificate data of said other data processing apparatuses are invalid based on the public key certificate revocation list distributed from said data distribution apparatus and control the communication with other data processing apparatuses based on the result of the related verification. - View Dependent Claims (117, 118)
-
-
119. A data providing method using a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates signature data indicating that the related data is generated by an apparatus itself by using its own secret key data when a data processing apparatus supplies data to another apparatus, generates and manages public key certificate data of public key data corresponding to secret key data of said data processing apparatuses for when another apparatus verifies the legitimacy of the related signature data by using the public key data corresponding to said secret key data, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said distributed public key certificate revocation list to said data processing apparatuses, and said data processing apparatuses verify whether or not public key certificate data of other data processing apparatuses are invalid based on the public key certificate revocation list distributed from said data distribution apparatus, and control the communication with other data processing apparatuses based on the result of the related verification. - View Dependent Claims (120, 121)
-
-
122. A data providing method using a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus to provide content data, wherein:
-
a data processing apparatus supplies registration data, indicating an already registered data processing apparatus connected in a predetermined network to which is connected, to said management apparatus, refers to a revocation flag in registration data supplied from said management apparatus and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the revocation flag, said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to secret key data for when a data processing apparatus generates signature data indicating legitimacy of data using its own secret key data when supplying data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, stores the related public key certificate revocation list, generates new registration data by setting said revocation flag in said registration data supplied from data processing apparatuses based on the related public key certificate revocation list, distributes the related generated registration data to said data processing apparatuses, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, and said data distribution apparatus distributes said provided content data to said data processing apparatuses.
-
-
123. A data providing method using a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to said secret key data for when a data processing apparatus generates signature data indicating the legitimacy of data by using its own secret key data when supplying the related data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data providing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus provides content data and said public key certificate revocation list to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said public key certificate revocation list to said data processing apparatuses, and a data processing apparatus sets a revocation flag in registration data indicating an already registered data processing apparatus connected in a predetermined network to which it is connected based on said distributed public key certificate revocation list and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the related revocation flag.
-
-
124. A data providing method using a data providing apparatus, data distribution apparatus, a plurality of data processing apparatuses, and a management apparatus to provide content data, wherein:
-
said management apparatus manages the operation of a data providing service by said data providing apparatus, said data distribution apparatus, and said data processing apparatuses, generates and manages public key certificate data of public key data corresponding to secret key data for when a data processing apparatus generates signature data indicating the legitimacy of the data by using its own secret key data when supplying the related data to another apparatus, generates public key certificate revocation list for specifying public key certificate data to be invalidated among said generated public key certificate data, distributes the related public key certificate revocation list to said data distribution apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus distributes said provided content data and said public key certificate revocation list to said data processing apparatuses, and a data processing apparatus sets a revocation flag in registration data indicating an already registered data processing apparatus connected in a predetermined network to which it is connected based on said distributed public key certificate revocation list and restricts communication with another data processing apparatus having public key certificate data indicated as invalid by the related revocation flag.
-
-
125. A data providing method using a data providing apparatus, data distribution apparatus, data processing apparatus, and management apparatus to provide content data, wherein:
-
said data providing apparatus provides content data and usage control policy data indicating the handling of the related content data to said data distribution apparatus, said data providing apparatus performs mutual authentication with said data processing apparatus, encrypts said module using session key data obtained by said mutual authentication, and transmits said encrypted module to said data processing apparatus, said data distribution apparatus distributes said provided content data and said usage control policy data to said data processing apparatus, said data processing apparatus has a first module for communicating with said data distribution apparatus and a second module for determining at least one of a purchase mode and usage mode of said distributed content data based on said distributed usage control policy data and transmitting log data indicating the log of the related determined purchase mode and usage mode to said management apparatus, said management apparatus manages the data providing apparatus, data distribution apparatus, and data processing apparatus, registers and serves usage control policy data indicating the handling of the related content data from said data providing apparatus, and certifies the legitimacy of said usage control policy data in response to a request from said data providing apparatus, and has a settlement function for performing profit distribution processing for distributing the profit obtained accompanied with said data processing apparatus receiving distribution of said content data and purchasing and using said content data to related parties of said data providing apparatus and said data distribution apparatus based on said log data received from said second module and performing settlement based on the result of the related profit distribution processing and a right management function for registering said usage control policy data.
-
Specification