JP2000307567A - Digitally written work protecting system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a digitally written work protecting system which prevents illegal writing of a written work obtained from outside into a recording medium and illegal reproducing of the written work recorded in the recording medium. SOLUTION: The medium characteristic key storing part 220 of a memory card 200 stores a characteristic key Ki; a conversion part 230 generates a ciphered characteristic key Ji from the key Ki; the random number generating part 331 of a memory card writer 300 generates a random number R1; a ciphering part 252 generates a ciphered random number S1 from the number R1; a decoding part 333 generates a random number R'1 from the number S1, a mutual authentication control part 334 compares the number R'1 with the number R1 and authenticates the card 200 to be legal at the time of coincidence; when the memory card and an access device are authenticated to be legal to each other, the access device ciphers or deciphers the written work by using the decoded characteristic key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for distributing digital works such as digitalized documents, sounds, images, and programs through a network, recording the digital works on a storage medium, and playing back the data on a player. The present invention relates to a system for preventing such recording and reproduction from being performed illegally.

[0002]

2. Description of the Related Art In recent years, digital works such as digitalized documents, sounds, images, and programs have been distributed through networks such as the Internet, and users have been able to easily transfer various digital works through the network. It can be taken out, recorded on another recording medium, and reproduced.

[0003]

However, although there is an advantage that the digital work can be easily duplicated in this way, there is a problem that the copyright of the author is easily violated. The present invention relates to a digital work protection system and a digital work protection method for preventing illegally writing a digital work taken out from the outside onto a recording medium and preventing illegal reproduction of the digital work recorded on the recording medium. And a recording medium on which a digital work protection program is recorded.

[0004]

In order to achieve the above object, the present invention provides a recording medium device having an area for storing digital copyrighted work information, and reads information from or writes information to the area. An access device, wherein the digital work protection system realizes utilization of a digital work between the recording medium device and the access device, wherein the recording medium device has a unique key information Secretly transmitting a key to said access device;
The recording medium device and the access device,
An authentication phase for authenticating the other device using the unique key, and when the recording medium device and the access device are both authenticated, the access device includes the unique key. And encrypting the digital work using the unique key, and transferring the digital work to the recording medium device, or using the unique key to decrypt the encrypted digital work transferred from the recording medium device. .

Here, in the authentication of the recording medium device by the access device in the authentication phase, the recording medium device includes a first arithmetic unit, and the access device includes a first authentication information generating unit. , First authentication means, wherein the first authentication information generation means generates first authentication information, outputs the generated first authentication information to the recording medium device, and wherein the first arithmetic means Receiving first authentication information, performing a first operation on the first authentication information using the unique key to generate first operation authentication information, and outputting the generated first operation authentication information to the access device; The first authentication unit uses the secretly transmitted unique key,
The recording medium device may be configured to authenticate whether or not the recording medium device is valid based on the first authentication information and the first operation authentication information.

Here, in the authentication phase, in the authentication phase, the authentication of the access device by the recording medium device, the access device includes a second arithmetic unit, and the recording medium device includes a second authentication information generating unit. , A second authentication unit, wherein the second authentication information generation unit generates second authentication information, and outputs the generated second authentication information to the access device. (2) receiving the authentication information, performing a second operation on the second authentication information using the secretly transmitted unique key to generate second operation authentication information, and transmitting the generated second operation authentication information to the recording medium device And the second authentication means uses the unique key to
The second authentication information and the second operation authentication information may be configured to authenticate whether the access device has legitimacy.

Here, in the secret transmission of the unique key from the recording medium device to the access device in the authentication phase, the recording medium device includes: a unique key storage unit storing the unique key; And a first encryption means for generating an encrypted unique key by applying a first encryption algorithm to the access device, and outputting the generated encrypted unique key to the access device, wherein the access device receives the encrypted unique key. A first decryption unit for performing a first decryption algorithm on the encrypted unique key to generate a decryption unique key,
The decryption algorithm may be configured to decrypt the cipher text generated by the first encryption algorithm.

[0008] Here, the recording medium device further includes first key storage means for storing a first key in advance.
The first encryption unit generates the encrypted unique key by applying the first encryption algorithm to the unique key using the first key, and the access device further stores a second key in advance. Wherein the second key corresponds to the first key, and the first decryption means uses the second key corresponding to the first key. The decryption unique key may be generated by applying the first decryption algorithm to the encrypted unique key.

Here, the recording medium device further comprises: first master key storage means for storing a master key group including a plurality of master keys in advance; and one master key from the master key group. First selecting means for selecting as the first key, wherein the first encrypting means performs the first encryption algorithm on the unique key using the selected first key to generate the encrypted unique key. The access device further generates a master key group identical to the master key group, and a master key group stored in the second master key storage unit. Second selecting means for selecting the same master key as the first key as the second key from among them, wherein the first decryption means uses the same second key as the first key to perform the encryption. The first decryption algorithm as It may be configured to generate the decoded unique key by.

[0010] Here, the first authentication means performs the same operation as the first operation on the first authentication information using the secretly transmitted unique key to generate third operation authentication information. Computing means, and first comparing means for judging whether the first computational authentication information and the third computational authentication information match and, if so, authenticating that the recording medium device is legitimate. You may comprise so that it may contain.

Here, the second authentication means performs a same operation as the second operation on the second authentication information using the unique key to generate fourth operation authentication information,
A second comparing unit configured to determine whether the second operation authentication information and the fourth operation authentication information match, and to authenticate the access device as valid if the two operation authentication information match. You may.

Here, the first operation is a first encryption algorithm, and the first operation means performs the first operation authentication by applying the first encryption algorithm to the first authentication information using the unique key. The first authentication unit generates first decryption authentication information by performing a first decryption algorithm on the first operation authentication information using the secret transmitted unique key, and generates the first decryption authentication information. It is determined whether or not the authentication information matches the first decryption authentication information. If the authentication information and the first decryption authentication information match, it is authenticated that the recording medium device has legitimacy.
The decryption algorithm may be configured to decrypt the cipher text generated by the first encryption algorithm.

Here, the second operation is a second encryption algorithm, and the second operation means applies the second encryption algorithm to the second authentication information using the secretly transmitted unique key. Generating second operation authentication information;
The authentication means uses the unique key to apply a second decryption algorithm to the second operation authentication information to generate second decryption authentication information, and the second authentication information and the second decryption authentication information are Judge whether they match, and if they match, authenticate that the access device has legitimacy;
The decryption algorithm may be configured to decrypt the cipher text generated by the second encryption algorithm.

Here, in the copyrighted work transfer phase, the recording medium device stores the digital copyrighted work information generated by applying a cryptographic algorithm to a digital copyrighted work using the unique key. Outputting the digital work information from the area and outputting the read digital work information to the access device when both the recording medium device and the access device are authenticated as valid. Means for reading the information from the area, receiving the digital work information from the recording medium device, and decrypting the digital work information with the secret transmitted unique key using a decryption algorithm. Means for generating a decrypted digital work by performing the decrypted digital work. And a reproducing device for the decoding algorithm may be configured to decrypt the ciphertext generated by the encryption algorithm.

Here, in the work transfer phase, a work obtaining means for obtaining a digital work from the outside and a cryptographic algorithm for applying a cryptographic algorithm to the obtained digital work using the secretly transmitted unique key. Copyright information generating means for generating copyright information and outputting the digital copyright information to the recording medium device, wherein the recording medium device receives the digital copyright information, and stores the received digital copyright information in the area. You may comprise so that it may contain.

Here, in the copyrighted work transfer phase, if both the recording medium device and the access device are authenticated as having legitimacy, the access device divides the digital work into one or more. Generating a data block key for each of the generated data blocks, encrypting the data block using the unique key and the data block key corresponding to the data block, and generating an encrypted data block. Produces
Transferring the generated encrypted data block to the recording medium device, or receiving one or more encrypted data blocks constituting the encrypted digital work from the recording medium device; For each block, generate a data block key, and decrypt the received encrypted data block using the unique key and the data block key corresponding to the encrypted data block to generate a data block. The data block may have a logical unit length or a physical unit length, and the encrypted data block may have a logical unit length or a physical unit length.

Here, in the copyrighted work transfer phase, if both the recording medium device and the access device are authenticated as having legitimacy, the access device determines whether or not each file constituting the digital copyrighted work is valid. Generating a file key, encrypting the file using the unique key and the file key to generate an encrypted file, transferring the generated encrypted file and information about the file key to the recording medium device, Alternatively, a file constituting the encrypted digital work and information on a file key are received from the recording medium device, and for each of the received files, received using the unique key and the information on the file key. The digital work may be reproduced by decoding the file.

Here, in the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having validity, the access device accepts an input of a user key from an operator, Based on the received user key and the unique key secretly transmitted from the storage medium, a modified key is generated, and the digital work is encrypted using the modified key and transmitted to the recording medium device. Transferring or receiving the encrypted digital work from the recording medium device and decoding the encrypted digital work received using the modified key to generate a digital work. You may.

Here, the digital work protection system further includes an encryption unique key creation device, and the digital work protection system further includes the encryption unique key creation device owned by the recording medium device. Encrypting the unique key to generate an encrypted unique key; the recording medium device has an encryption unique key setting phase for storing the generated encrypted unique key; and in the authentication phase, the recording medium device Transmits the stored encrypted unique key to the access device, the access device decrypts the obtained encrypted unique key to generate a unique key, and uses the generated unique key to store the recording medium. It may be configured to authenticate the validity of the device.

[0020]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A digital work protection system 100 according to one embodiment of the present invention will be described. 1. 1. Configuration of Digital Work Protection System 100 The digital work protection system 100 includes a memory card 200, a memory card writer 300, and a memory card reader 400, as shown in the block diagram of FIG.

As shown in FIG. 2, the memory card 200 is inserted from a memory card insertion slot 301 and is mounted on a memory card writer 300. Further, the memory card writer 300 is inserted from the memory card writer insertion slot 501 and is attached to the personal computer 500.
The personal computer 500 is connected to a network represented by the Internet via the communication line 10, and the memory card writer 300 is connected to the outside via the personal computer 500.

The personal computer 500 includes a display 503, a keyboard 504, a speaker 502, a processor (not shown), a RAM, a ROM, and a hard disk device. The memory card 200 is mounted on a memory card reader 400. Memory card 200
As shown in FIG. 3, is inserted from a memory card insertion slot 403 and is mounted on a headphone stereo 401 as one embodiment of a memory card reader 400. The headphone stereo 401 has an operation button 404a on the top surface,
404b, 404c, and 404d are arranged, a memory card insertion slot 403 is provided on one side, and the headphones 4 are provided on another side.
02 is connected.

The user inserts the memory card 200 into the personal computer 50 via the memory card writer 300.
0, and retrieves digital works such as music from the outside via the Internet, and writes the retrieved digital works to the memory card 200. Next, the user operates the memory card 20 on which the digital work is recorded.
0 is mounted on the headphone stereo 401, and the digital work recorded on the memory card 200 is reproduced by the headphone stereo 401 and enjoyed. 1.1 Configuration of Memory Card 200 As shown in FIG. 4, the memory card 200 includes a master key storage unit 210, a media unique key storage unit 220, and a conversion unit 23.
0, media unique key information storage unit 240, device key storage unit 2
21, inverse conversion unit 222, device key information storage unit 223, mutual authentication unit 250, encrypted work storage unit 260, communication unit 27
0 and a control unit 280.

When the memory card 200 is inserted into the memory card writer 300, the communication section 270 is connected to a communication section 340 of the memory card writer 300 described later. When the memory card 200 is inserted into the memory card reader 400, the communication unit 270 is connected to a communication unit 440 of the memory card reader 400, which will be described later. 1.1.1 Master Key Storage Unit 210 The master key storage unit 210 is specifically composed of a semiconductor memory or the like, and stores one master key Mk in advance. The master key Mk is composed of a 56-bit bit string. The master key is different for each digital work management system. In addition, the master key storage of all memory cards used for a particular digital work management system stores the same master key, even if these memory cards are manufactured by different manufacturers. I have.

Here, the digital work management system is, for example, a company A, a company B, and a company C jointly operate,
A music distribution system that distributes music.
This is a movie rental system jointly operated by Y and Z companies. 1.1.2 Media Unique Key Storage Unit 220 The media unique key storage unit 220 is specifically composed of a semiconductor memory or the like, and stores one unique key Ki in advance. The unique key Ki is composed of a 56-bit bit string. The unique key differs for each manufactured memory card. The unique key is calculated by subjecting a serial number of a memory card that differs for each manufactured memory card and a random number generated each time the memory card is manufactured to a predetermined calculation, for example, by adding. 1.1.3 Conversion Unit 230 The conversion unit 230 is, specifically, a ROM (Read Only Memory) storing a processor and a program.
ry), working RAM (Random access)
, And reads the unique key Ki stored in the media unique key storage unit 220, and reads the master key Mk stored in the master key storage unit 210.

The conversion unit 230 has a DES (Data Encryption Standard, Data Encryption Standard).
The encryption algorithm E1 specified by d) is stored in advance. Here, in the encryption algorithm E1 specified by the DES, the encryption key is 56 bits, and the length of the plaintext and the ciphertext is 64 bits. In addition,
In this specification, the encryption algorithm and the decryption algorithm are algorithms specified by DES, unless otherwise specified, the encryption key and the decryption key are 56 bits, and the length of the plaintext and the ciphertext is 64 bits. .

The conversion unit 230 applies an encryption algorithm E1 to the read unique key Ki to generate an encrypted unique key Ji. At this time, the read master key Mk is used as a key for the encryption algorithm E1. Generated encryption unique key J
i is expressed as shown in Equation 1. (Equation 1) Ji = E1 (Mk, Ki) In this specification, when the encryption algorithm E is applied to the plaintext M using the key K to generate the ciphertext C, as shown in the expression 2, Will be expressed as (Equation 2) C = E (K, M) Also, when the decryption algorithm D is applied to the generated ciphertext C using the key K to generate the plaintext M, It is expressed as follows. (Equation 3) M = D (K, C) Thus, using the key K, the ciphertext E is applied to the plaintext M to generate the ciphertext C, and the generated ciphertext C is A decryption algorithm D is applied to obtain the plaintext M
When the same plaintext is generated, the relationship between the encryption algorithm E and the decryption algorithm D is expressed as shown in Expression 4. (Equation 4) E = crpt (D) The conversion unit 230 outputs the generated encrypted unique key Ji to the media unique key information storage unit 240. 1.1.4 Media Unique Key Information Storage Unit 240 The media unique key information storage unit 240 is specifically composed of a semiconductor memory or the like, receives the encryption unique key Ji from the conversion unit 230, and receives the received encryption key Ji. The unique key Ji is stored. 1.1.5 Mutual Authentication Unit 250 Mutual authentication unit 250 includes random number generation unit 251 and encryption unit 25.
2, a decryption unit 253 and a mutual authentication control unit 254. Each component of the mutual authentication unit 250 is specifically composed of a processor, a ROM storing a program, a working RAM, and the like. (1) Random Number Generator 251 The random number generator 251 generates a random number R2. Random number R2
Consists of a 64-bit bit string. Random number generator 251
Outputs the generated random number R2 to the communication unit 270 and the mutual authentication control unit 254. (2) Encryption Unit 252 The encryption unit 252 receives the random number R1 from the communication unit 270.

The encryption unit 252 includes a media unique key storage unit 2
Then, the unique key Ki is read from 20. The encryption unit 252 uses the DE
The encryption algorithm E2 specified by S is stored in advance. The encryption unit 252 calculates the received random number R
1 is subjected to an encryption algorithm E2 to generate an encrypted random number S1. At this time, the read unique key Ki is used as a key of the encryption algorithm E2. The generated encrypted random number S1
Can be expressed as shown in Equation 5. (Equation 5) S1 = E2 (Ki, R1) The encryption unit 252 transmits the generated encrypted random number S1 to the communication unit 27.
Output to 0. (3) Decryption Unit 253 The decryption unit 253 receives the encrypted random number S2 from the communication unit 270, and reads out the device key A'j from the device key storage unit 221.

The decoding unit 253 stores in advance a decoding algorithm D2 specified by DES.
The decryption unit 253 performs a decryption algorithm D2 on the received encrypted random number S2 to generate a random number R'2. At this time, the read device key A'j is
Key 2 The generated random number R'2 can be expressed as shown in Expression 6. (Equation 6) R′2 = D2 (A′j, S2) = D2 (A′j, E2 (Aj, R2)) The decoding unit 253 outputs the generated random number R′2 to the mutual authentication control unit 254. . (4) Mutual Authentication Control Unit 254 The mutual authentication control unit 254 sends the random number R′2
Receive. Further, the mutual authentication control unit 254 receives the random number R2 from the random number generation unit 251.

The mutual authentication control unit 254 compares the random number R'2 received from the decryption unit 253 with the random number R2 received from the random number generation unit 251. If the random number R'2 and the random number R2 match, the memory If the memory card writer 300 or the memory card reader 400 with the card 200 attached is authenticated as a correct device, and the random number R'2 and the random number R2 do not match, the memory card writer 300 with the memory card 200 attached is authenticated. Alternatively, it is considered that the memory card reader 400 is an unauthorized device.

The mutual authentication control unit 254 outputs an authentication signal indicating whether the memory card writer 300 or the memory card reader 400 is a correct device or an incorrect device to the control unit 280. 1.1.6 Encrypted Work Storage Unit 260 The encrypted work storage unit 260 has a semiconductor memory as a storage medium.

The encrypted work storage unit 260 includes the communication unit 27
0 to the encrypted partial work Fi (i = 1, 2, 3,...)
・), And the received encrypted partial work Fi (i
= 1, 2, 3,...). 1.1.7 Communication Unit 270 The communication unit 270 reads the encrypted unique key Ji from the media unique key information storage unit 240, and stores the read encrypted unique key Ji in the communication unit 340 of the memory card writer 300 or the memory card reader 400. Is output to the communication unit 440.

The communication unit 270 includes the memory card writer 30
The random number R1 is received from the communication unit 340 of the memory card reader 400 or the communication unit 440 of the memory card reader 400, and the received random number R1 is output to the encryption unit 252 of the mutual authentication unit 250. The communication unit 270 receives the encrypted random number S1 from the encryption unit 252 and outputs the received encrypted random number S1 to the communication unit 340 of the memory card writer 300 or the communication unit 440 of the memory card reader 400.

The communication unit 270 includes the memory card writer 30
The encryption device key Bj is received from the communication unit 340 of the memory card reader 400 or the communication unit 340 of the memory card reader 400, and the received encryption device key Bj is output to the device key information storage unit 223. The communication unit 270 receives the random number R2 from the random number generation unit 251 and transmits the received random number R2 to the memory card writer 3.
00 to the communication unit 340 or the communication unit 440 of the memory card reader 400.

The communication unit 270 includes the memory card writer 30
It receives the encrypted random number S2 from the communication unit 340 of the memory card reader 400 or the communication unit 440 of the memory card reader 400 and outputs the received encrypted random number S2 to the decryption unit 253 of the mutual authentication unit 250. Upon receiving the communication stop signal from the control unit 280, the communication unit 270 receives the communication stop signal from the communication unit 34 of the memory card writer 300.
0 or the communication with the communication unit 440 of the memory card reader 400 is stopped.

The communication unit 270 includes the memory card writer 30
0 from the communication unit 340, the encrypted partial work Fi (i = 1,
..) And outputs the received encrypted partial work Fi (i = 1, 2, 3,...) To the encrypted work storage unit 260. The communication unit 270 reads the encrypted work from the encrypted work storage unit 260, and stores the read encrypted work in the communication unit 44 of the memory card reader 400.
Output to 0. 1.1.8 Device Key Information Storage Unit 223 The device key information storage unit 223 is specifically composed of a semiconductor memory or the like.
And stores the received encryption device key Bj. 1.1.9 Inverse Transformation Unit 222 The inverse transformation unit 222 is specifically composed of a processor, a ROM storing a program, a working RAM, and the like. Bj is read, and the master key Mk stored in the master key storage unit 210 is read.

The inverse transform section 222 stores in advance a decoding algorithm D3 specified by DES. The inverse converter 222 generates a device key A'j by applying the decryption algorithm D3 to the read encrypted device key Bj. At this time, the read master key Mk is used as a key of the decryption algorithm D3. The generated device key A′j can be expressed as shown in Expression 7. The inverse conversion unit 222 outputs the generated device key A′j to the device key storage unit 221. 1.1.10 Device Key Storage Unit 221 The device key storage unit 221 is specifically composed of a semiconductor memory or the like, and stores the device key A′j output from the inverse conversion unit 222. 1.1.11 Control Unit 280 The control unit 280 specifically includes a processor, a ROM storing a program, a working RAM, and the like. An authentication signal indicating whether the memory card writer 300 or the memory card reader 400 is a correct device or an incorrect device is received.

If the received authentication signal indicates that the device is an unauthorized device, control unit 280 outputs a communication stop signal to communication unit 270 to stop communication with memory card writer 300 or memory card reader 400. . 1.2 Configuration of Memory Card Writer 300 The memory card writer 300 includes, as shown in FIG.
2. Master key storage unit 313, media unique key information storage unit 320, inverse conversion unit 321, media unique key storage unit 32
3, mutual authentication unit 330, communication unit 340, control unit 350,
Encrypting unit 360, work storage unit 370, work acquisition unit 38
It consists of 0.

The copyrighted work obtaining unit 380 is connected to the outside via the communication line 10. 1.2.1 Device Key Storage Unit 310 The device key storage unit 310 is specifically composed of a semiconductor memory or the like, and stores one device key Aj in advance. The device key Aj is composed of a 56-bit bit string.
The device key differs for each manufactured memory card writer.
The device key is calculated by performing a predetermined operation on a serial number of a memory card writer that differs for each memory card writer to be manufactured and a random number generated each time the memory card writer is manufactured, for example, by performing addition. You. 1.2.2 Converting Unit 311 The converting unit 311 specifically includes a processor, a ROM storing a program, a working RAM, and the like, and stores the device key Aj stored in the device key storage unit 310. And reads the master key Mk stored in the master key storage unit 313.

The conversion unit 311 stores an encryption algorithm E3 specified by DES in advance.
Equation 8 has a relationship between the decryption algorithm D3 and the encryption algorithm E3 stored in the inverse converter 222 of the memory card 200. (Equation 8) E3 = crpt (D3) The conversion unit 311 applies the encryption algorithm E3 to the read device key Aj to generate an encryption device key Bj. At this time, the read master key Mk is used as the encryption algorithm E
Key 3 The generated encryption device key Bj can be expressed as shown in Expression 9. (Equation 9) Bj = E3 (Mk, Aj) The conversion unit 311 outputs the generated encrypted device key Bj to the device key information storage unit 312. 1.2.3 Device Key Information Storage Unit 312 The device key information storage unit 312 is specifically composed of a semiconductor memory or the like.
And stores the received encryption device key Bj. 1.2.4 Master Key Storage Unit 313 The master key storage unit 313 is specifically composed of a semiconductor memory or the like, and stores one master key Mk in advance. The master key Mk is the same as the master key stored in the master key storage unit 210 of the memory card 200. 1.2.5 Media Unique Key Information Storage Unit 320 The media unique key information storage unit 320 is specifically composed of a semiconductor memory or the like, receives the encrypted unique key Ji from the communication unit 340, and receives the received encrypted unique key Ji. The key Ji is stored. 1.2.6 Inverse Transformation Unit 321 The inverse transformation unit 321 is specifically composed of a processor, a ROM storing a program, a working RAM, and the like. The master key storage unit 313 reads out the encrypted unique key Ji
Read the master key Mk stored in the.

The inverse transform unit 321 stores in advance a decoding algorithm D1 specified by DES. Equation 10 has a relationship between the encryption algorithm E1 and the decryption algorithm D1 stored in the conversion unit 230 of the memory card 200. (Equation 10) E1 = crpt (D1) The inverse conversion unit 321 performs a decryption algorithm D1 on the read encrypted unique key Ji to generate a unique key K'i. At this time, the read master key Mk is used as a key of the decryption algorithm D1. The generated unique key K′i is expressed by Equation 11
Can be expressed as shown below. The inverse conversion unit 321 outputs the generated unique key K′i to the media unique key storage unit 323. 1.2.7 Media Unique Key Storage Unit 323 The media unique key storage unit 323 is specifically composed of a semiconductor memory or the like.
i, and stores the received unique key K'i. 1.2.8 Mutual Authentication Unit 330 Mutual authentication unit 330 includes random number generation unit 331 and encryption unit 33.
2, a decryption unit 333 and a mutual authentication control unit 334. Each component of the mutual authentication unit 330 is, specifically, a processor, a ROM storing a program,
It is composed of a working RAM and the like. (1) Random Number Generator 331 The random number generator 331 generates a random number R1. Random number R1
Consists of a 64-bit bit string. Random number generator 331
Outputs the generated random number R1 to the communication unit 340. Further, the random number generation unit 331 outputs the generated random number R1 to the mutual authentication control unit 334. (2) Encryption unit 332 The encryption unit 332 receives the random number R2 from the communication unit 340 and reads the device key Aj from the device key storage unit 310.

The encryption unit 332 stores in advance an encryption algorithm E2 specified by DES.
The encryption unit 332 performs an encryption algorithm E2 on the received random number R2 to generate an encrypted random number S2. At this time,
The read device key Aj is used as a key for the encryption algorithm E2. The generated encrypted random number S2 can be expressed as shown in Expression 12. (Equation 12) S2 = E2 (Aj, R2) The encryption unit 332 transmits the generated encrypted random number S2 to the communication unit 34.
Output to 0. (3) Decryption Unit 333 The decryption unit 333 receives the encrypted random number S1 from the communication unit 340.

The decryption unit 333 stores the media unique key storage unit 3
23, the unique key K′i is read. The decoding unit 333 calculates D
The decoding algorithm D2 specified by ES is stored in advance. The relationship shown in Expression 13 exists between the encryption algorithm E2 and the decryption algorithm D2 stored in the encryption unit 252 of the mutual authentication unit 330 of the memory card 200. (Equation 13) E2 = crpt (D2) The decryption unit 333 performs a decryption algorithm D2 on the received encrypted random number S1 to generate a random number R'1. At this time, the read unique key K′i is converted into a decryption algorithm D
Key 2 The generated random number R'1 can be expressed as shown in Expression 14. (Equation 14) R′1 = D2 (K′i, S1) = D2 (K′i, E2 (Ki, R1)) The decoding unit 333 outputs the generated random number R′1 to the mutual authentication control unit 334. I do. (4) Mutual Authentication Control Unit 334 The mutual authentication control unit 334 sends the random number R′1 from the decryption unit 333.
Receive. Further, the mutual authentication control unit 334 receives the random number R1 from the random number generation unit 331.

The mutual authentication control unit 334 compares the random number R′1 received from the decryption unit 333 with the random number R1 received from the random number generation unit 331, and if the random number R′1 and the random number R1 match, the memory The memory card 200 attached to the card writer 300 is authenticated as a correct device, and if the random number R'1 and the random number R1 do not match, the memory card 200 attached to the memory card writer 300 is an unauthorized device. Assume that there is.

The mutual authentication control unit 334 outputs an authentication signal to the control unit 350 indicating whether the memory card 200 mounted on the memory card writer 300 is a correct device or an incorrect device. 1.2.9 Communication Unit 340 The communication unit 340 receives the encrypted unique key Ji from the communication unit 270 of the memory card 200 and outputs the received encrypted unique key Ji to the media unique key information storage unit 320.

The communication section 340 receives the random number R 1 from the random number generation section 331 and outputs the received random number R 1 to the communication section 270 of the memory card 200. The communication unit 340
The encrypted random number S1 is transmitted from the communication unit 270 of the memory card 200.
Receiving the encrypted random number S1 and the mutual authentication unit 3
30 to the decoding unit 333.

The communication unit 340 includes a device key information storage unit 312
, And reads the encrypted device key Bj to the communication unit 270 of the memory card 200. The communication unit 340 is a communication unit 27 of the memory card 200.
The random number R2 is received from 0, and the received random number R2 is output to the encryption unit 332 of the mutual authentication unit 330. Communication unit 340
Receives the encrypted random number S2 from the encryption unit 332 and transmits the received encrypted random number S2 to the communication unit 2 of the memory card 200.
Output to 70.

When communication unit 340 receives the communication stop signal from control unit 350, communication unit 27 of memory card 200
Cancel communication with 0. The communication unit 340 includes an encryption unit 360
From the encrypted partial work Fi (i = 1,2,3, ...)
And receives the received encrypted partial work Fi (i =
1, 2, 3,...) To the communication unit 2 of the memory card 200.
Output to 70. 1.2.10 Control Unit 350 The control unit 350 is specifically composed of a processor, a ROM storing a program, a working RAM, and the like.
An authentication signal indicating whether the memory card 200 mounted on the device 0 is a correct device or an unauthorized device is received.

When the received authentication signal indicates that the device is an unauthorized device, the control unit 350
A communication stop signal for stopping the communication with 0 is output to the communication unit 340. If the received authentication signal indicates that the received device is a correct device, control unit 350 outputs to literary work obtaining unit 380 a literary work acquisition signal instructing the literary work to be obtained from outside. 1.2.11 Work Acquisition Unit 380 The work acquisition unit 380 receives a work acquisition signal from the control unit 350.

Upon receiving a copyrighted work acquisition signal from the control unit 350, the copyrighted work acquiring unit 380 acquires a music copyrighted work from the outside via the communication line 10, and stores the obtained copyrighted work in the copyrighted work storage unit 370. Output to Although the copyrighted work is music here, it goes without saying that the work is not limited to music. Other documents, images, movies, etc. are also included in the copyrighted work. 1.2.12 Work Storage Unit 370 The work storage unit 370 is specifically composed of a semiconductor memory or the like, receives a work from the work acquisition unit 380, and stores the received work. 1.2.13 Encryption Unit 360 The encryption unit 360 is specifically composed of a processor, a ROM storing a program, a working RAM, and the like. The unique key K′i is read from the key storage unit 323.

The encryption unit 360 stores in advance an encryption algorithm E2 specified by DES.
The encryption unit 360 converts the read literary work into a partial literary work Ci (i = 1, 2, 3,...) Consisting of a plurality of 64-bit bit strings.
..), And each partial work Ci (i = 1, 2,
,... Are subjected to an encryption algorithm E2 to generate a plurality of encrypted partial works Fi (i = 1, 2, 3,...). At this time, the read unique key K'i is used as the key of the encryption algorithm E2. The generated encrypted partial work Fi (i = 1, 2, 3,...) Can be expressed as shown in Expression 15. (Equation 15) Fi = E2 (K'i, Ci) (i = 1, 2, 3,...) The encryption unit 360 generates the encrypted partial copyrighted work Fi (i =
1, 2, 3,...) To the communication unit 340. 1.3 Configuration of Memory Card Reader 400 As shown in FIG. 6, the memory card reader 400 includes a device key storage unit 410, a conversion unit 411, and a device key information storage unit 41.
2. Master key storage unit 413, media unique key information storage unit 420, inverse conversion unit 421, media unique key storage unit 42
3, mutual authentication unit 430, communication unit 440, control unit 450,
It comprises a decryption unit 460, a copyrighted work storage unit 470, a reproduction unit 480, and an operation unit 490.

Device key storage unit 410, conversion unit 411, device key information storage unit 412, master key storage unit 413, media unique key information storage unit 420, inverse conversion unit 421, media unique key storage unit 423, mutual authentication unit 430 , Communication unit 440,
Regarding the control unit 450, the device key storage unit 310, the conversion unit 311, the device key information storage unit 312, the master key storage unit 313, the media unique key information storage unit 320, the inverse conversion unit 321 and the media unique Since they are equivalent to the key storage unit 323, the mutual authentication unit 330, the communication unit 340, and the control unit 350, the description of the equivalent parts is omitted,
The description will focus on points having different functions and actions. 1.3.1 Control Unit 450 The control unit 450 instructs the decryption unit 460 to decrypt the encrypted copyrighted work output from the communication unit 440 when the received authentication signal indicates that the device is correct. The decryption instruction to instruct is output. 1.3.2 Decoding Unit 460 The decoding unit 460 receives a decoding instruction from the control unit 450.

Upon receiving the decryption instruction from the control unit 450, the decryption unit 460 receives the encrypted work from the communication unit 440 and reads the unique key K′i from the media unique key storage unit 423. The decoding unit 460 stores a decoding algorithm D2 specified by DES in advance.

The decryption unit 460 divides the received encrypted work into partial encrypted works Gi (i = 1, 2, 3,...) Consisting of a plurality of 64-bit bit strings, and The work Gi (i = 1, 2, 3,...) Is subjected to the decryption algorithm D2 to obtain a plurality of partial works Hi (i = 1, 2).
2, 3, ...) are generated. At this time, the read unique key K'i is used as a key of the decryption algorithm D2. The generated partial work Hi (i = 1, 2, 3,...) Can be expressed as shown in Expression 16. (Equation 16) Hi = D2 (K'i, Gi) (i = 1, 2, 3,...) The decoding unit 460 generates the partial work Hi (i = 1,
..) Are output to the work storage unit 470. 1.3.3 Work storage unit 470 The work storage unit 470 receives the partial work H from the decryption unit 460.
i (i = 1, 2, 3,...) are received, and the received partial work Hi (i = 1, 2, 3,...) is stored. 1.3.4 Operation Unit 490 The operation unit 490 has a plurality of operation buttons for receiving various user instructions.

When operation buttons corresponding to various user instructions are operated by the user, instructions corresponding to the operated operation buttons are output to the reproducing unit 480. 1.3.5 Playback Unit 480 The playback unit 480 receives an instruction from the operation unit 490. The reproduction unit 480 reads the music work stored in the work storage unit 470 based on the received instruction, and reproduces the read work. 2. Operation of Digital Work Protection System 100 The operation of the digital work protection system 100 will be described. 2.1 Memory Card 200 is Memory Card Writer 30
Outline Operation When Memory Card 200 is Mounted on Memory Card Writer 300 The outline operation when the memory card 200 is mounted on the memory card writer 300 will be described with reference to the flowchart shown in FIG.

When the memory card 200 is inserted into the memory card writer 300, the memory card writer 300 authenticates the memory card 200 (step S110), and the memory card writer 300 determines that the memory card 200 is an unauthorized device. If it is recognized (step S11
1), memory card writer 300 and memory card 200
The process ends without performing communication with the.

When the memory card writer 300 recognizes that the memory card 200 is a correct device (step S111), the memory card 200 authenticates the memory card writer 300 (step S112), and the memory card 200 If the card writer 300 recognizes that the device is an unauthorized device (step S113), the process ends without performing communication between the memory card writer 300 and the memory card 200.

If the memory card 200 recognizes that the memory card writer 300 is a correct device (step S113), the memory card writer 300 acquires a work from outside, encrypts the acquired work, The encrypted work is output to the memory card 200 (step S114), and the memory card 200 stores the encrypted work (step S115). 2.2 Memory Card 200 is Memory Card Reader 40
Overview Operation When Memory Card 200 is Mounted on Memory Card Reader 400 The overview operation when the memory card 200 is mounted on the memory card reader 400 will be described with reference to the flowchart shown in FIG.

When the memory card 200 is inserted into the memory card reader 400, the memory card reader 400 authenticates the memory card 200 (step S120), and determines that the memory card 200 is an unauthorized device. If recognized (step S12
1), memory card reader 400 and memory card 200
The process ends without performing communication with the.

If the memory card reader 400 recognizes that the memory card 200 is a correct device (step S121), the memory card 200 authenticates the memory card reader 400 (step S122), and the memory card 200 If the card reader 400 recognizes that the device is an unauthorized device (step S123), the process ends without performing communication between the memory card reader 400 and the memory card 200.

If the memory card 200 recognizes that the memory card reader 400 is the correct device (step S123), the memory card 200 outputs the encrypted work to the memory card reader 400 (step S124). The memory card reader 400 decrypts the encrypted work output from the memory card 200 (step S125), and the memory card reader 400 reproduces the decrypted work (step S126). 2.3 Memory Card 200 is Memory Card Writer 30
Details of the authentication operation when the memory card 200 is mounted on the memory card writer 300 will be described with reference to FIGS.
Explanation will be made using 0.

Using the master key Mk as the key of the encryption algorithm E1, the conversion unit 230 applies the encryption algorithm E1 to the unique key Ki to generate an encrypted unique key E1 (Mk, Ki) (step S130), and the communication unit 270 Outputs the encrypted unique key E1 (Mk, Ki) to the inverse transform unit 321 via the communication unit 340 (step S131).
1 uses the master key Mk as the key of the decryption algorithm D1 and applies the decryption algorithm D1 to the encrypted unique key E1 (Mk, Ki) to obtain the unique key K'i = D1 (Mk, E1 (Mk
, Ki)) (step S132), and the random number generator 331 generates a random number R1 (step S133),
The communication unit 340 outputs the generated random number R1 to the encryption unit 252 via the communication unit 270 (step S134),
The encryption unit 252 generates an encrypted random number E2 (Ki, R1) by applying the encryption algorithm E2 to the random number R1 using the unique key Ki as the key of the encryption algorithm E2 (step S13).
5) The communication unit 270 outputs the encrypted random number E2 (Ki, R1) to the decryption unit 333 via the communication unit 340 (step S136), and the decryption unit 333 converts the unique key K'i into the decryption algorithm D2. As a key of the encryption random number E2 (Ki,
R1) is subjected to a decryption algorithm D2, and D2 (K'i
, E2 (Ki, R1)) (step S13).
7), the mutual authentication control unit 334 determines that the random numbers R1 and D2 (K '
i, E2 (Ki, R1)), and if they match, the memory card 200 is recognized as a correct device,
If they do not match, the memory card 200 is recognized as an unauthorized device (step S138).

The conversion unit 311 uses the master key Mk as a key of the encryption algorithm E3 and applies the encryption algorithm E3 to the device key Aj to generate an encryption device key E3 (Mk, Aj) (step S139), and the communication unit 340 Outputs the encryption device key E3 (Mk, Aj) to the inverse conversion unit 222 via the communication unit 270 (step S140), and the inverse conversion unit 222 uses the master key Mk as a key of the decryption algorithm D3 to perform encryption. The decryption algorithm D3 is applied to the encrypted device key E3 (Mk, Aj) to obtain the device key A'j = D3 (Mk, E3).
(Mk, Aj)) (step S141), and the random number generator 251 generates a random number R2 (step S14).
2) The communication unit 270 transmits the generated random number R2 to the communication unit 3
40 and output to the encryption unit 332 (step S14).
3) Using the device key Aj as a key of the encryption algorithm E2, the encryption unit 332 applies the encryption algorithm E2 to the random number R2 to generate an encrypted random number E2 (Aj, R2) (step S144). The encrypted random number E2 (Aj, R2) is output to the decryption unit 253 via the communication unit 270 (step S145), and the decryption unit 253 outputs the device key A '.
j is used as a key of the decryption algorithm D2, and the encrypted random number E2
(Aj, R2) is subjected to a decryption algorithm D2 to obtain D2
(A'j, E2 (Aj, R2)) is generated (step S146), and the mutual authentication control unit 254 generates the random number R2 and D2.
(A'j, E2 (Aj, R2)), and if they match, the memory card writer 300 recognizes it as a correct device. (Step S14)
7). 2.4 Summary As described above, a recording medium device having an area for storing an encrypted digital work, for example, a memory card, and information from the area, for example, a memory card writer or a memory card reader. An access device for reading or writing information to the area is, when each device is connected, mutually authenticating whether the other device is an appropriate device or an unauthorized device, and is an appropriate device for each other. Only when it is authenticated, the copyrighted work is transferred from the recording medium device to the access device, or the copyrighted work is transferred from the access device to the recording medium device. With this configuration, it is possible to prevent the transfer of the copyrighted work from the proper device to the unauthorized device, so that it is possible to prevent the use of the properly acquired copyrighted work illegally, Therefore, it is possible to prevent the copyrighted work from being transferred to an appropriate device, thereby preventing the illegally obtained copyrighted work from being further used. In this way, it is possible to realize a strong authentication process that can withstand a replay attack of an unauthorized recording device that imitates an authentication procedure performed by an appropriate access device, and that an unauthorized device deceives an appropriate device and creates a copy. It is possible to prevent unauthorized reading of a product or unauthorized writing of a copyrighted work.

Further, the recording medium device secretly transmits the possessed unique key to the access device using the master key, and the access device transmits the authentication information generated as a random number to the recording medium device. The authentication information is encrypted using the unique key and transmitted to the access device, and the access device decrypts the secretly transmitted unique key using a master key, and encrypts the secret information using the decrypted unique key. The authentication information thus decrypted is decrypted, and when the generated authentication information matches the decrypted authentication information, it is authenticated that the recording medium device has legitimacy. The same applies when the recording medium device authenticates the access device. With such a configuration, the device can authenticate whether the connected device is an appropriate device or an unauthorized device. Further, in the authentication process, information transfer is performed three times between each device, that is, the transfer of the encrypted unique key, the transfer of the authentication information, and the transfer of the encrypted authentication information. It is difficult to imitate the authentication procedure using a simple device. Further, since two types of encryption schemes, that is, encryption of a unique key and encryption of authentication information, are used, it is difficult for an unauthorized device to decrypt the encryption. Further, since the master key is not transferred between the respective devices, leakage of the master key can be prevented. 3. Other Embodiments Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. That is, the following cases are also included in the present invention. 3.1 Digital Work Protection System 100a As shown in the block diagram of FIG. 11, a digital work protection system 100a according to another embodiment of the present invention includes a memory card 200a, media unique key information, It comprises a creating device 600, a memory card writer 300, and a memory card reader 400.

The memory card writer 300 and the memory card reader 400 are substantially the same as the memory card writer 300 and the memory card reader 400 of the digital copyrighted work protection system 100, respectively, and the description is omitted. The memory card 200a stores the media unique key information creation device 60
Connected to 0. 3.1.1 Media Unique Key Information Creation Device 600 The media unique key information creation device 600 includes a master key storage unit 210b, a media unique key storage unit 220b, and a conversion unit 23.
0b, media unique key information storage section 240b, communication section 27
0b.

The master key storage section 210b, the medium unique key storage section 220b, the conversion section 230b, and the medium unique key information storage section 240b are respectively provided in the memory card 20.
0 master key storage unit 210, media unique key storage unit 22
0, the conversion unit 230, and the media unique key information storage unit 240 have the same functions, functions, and configurations as those of the media unique key information storage unit 240. The following description focuses on the differences. (1) Master key storage unit 210b Master key The storage unit 210b stores one master key Mk in advance similarly to the master key storage unit 210. (2) Media unique key storage unit 220b The media unique key storage unit 220b receives the unique key Ki from the communication unit 270b and stores the received unique key Ki. (3) Conversion Unit 230b The conversion unit 230b, like the conversion unit 230, converts the unique key Ki stored in the media unique key storage unit 220b and the master key Mk stored in the master key storage unit 210b.
To generate the encrypted unique key Ji, and outputs the generated encrypted unique key Ji to the media unique key information storage unit 240b. (4) Media unique key information storage unit 240b The media unique key information storage unit 240b
, Receives the encrypted unique key Ji, and stores the received encrypted unique key Ji. (5) Communication Unit 270b The communication unit 270b is a communication unit 27 of the memory card 200a.
0a, and receives the unique key Ki.
Is output to the media unique key storage unit 220b.

The communication unit 270b reads the encrypted unique key Ji from the media unique key information storage unit 240b, and outputs the read encrypted unique key Ji to the communication unit 270a of the memory card 200a. 3.1.2 Memory Card 200a As shown in the figure, the memory card 200a includes a master key storage unit 210, a medium unique key storage unit 220, a medium unique key information storage unit 240a, a device key storage unit 221, and an inverse conversion unit. 222, device key information storage unit 223, mutual authentication unit 2
50, an encrypted work storage unit 260, a communication unit 270a, and a control unit 280.

Master key storage unit 2 of memory card 200a
10, media unique key storage unit 220, device key storage unit 22
1, inverse conversion unit 222, device key information storage unit 223, mutual authentication unit 250, encrypted work storage unit 260, control unit 280
Are the master key storage units 2 of the memory card 200, respectively.
10, media unique key storage unit 220, device key storage unit 22
1, inverse conversion unit 222, device key information storage unit 223, mutual authentication unit 250, encrypted work storage unit 260, control unit 280
Therefore, the description is omitted, and the memory card 200a
Media unique key information storage unit 240a, communication unit 270a
The following describes mainly the differences from the media unique key information storage unit 240 and the communication unit 270 of the memory card 200. (1) Media unique key information storage unit 240a The media unique key information storage unit 240a is a communication unit 270a
Receives the encrypted unique key Ji from the server, and stores the received encrypted unique key Ji. (2) Communication Unit 270a The communication unit 270a reads the unique key Ki from the media unique key storage unit 220 and outputs the read unique key Ki to the communication unit 270b of the media unique key information creation device 600.

The communication unit 270a receives the encrypted unique key Ji from the communication unit 270b of the media unique key information creating device 600, and outputs the received encrypted unique key Ji to the media unique key information storage unit 240a. 3.1.3 Operation when Memory Card 200a is Inserted in Media Unique Key Information Generating Apparatus 600
The operation when the camera is mounted at 00 will be described with reference to FIG.

When memory card 200a is inserted into media unique key information creating apparatus 600, communication unit 270a
Reads the unique key Ki from the medium unique key storage unit 220, outputs the read unique key Ki to the medium unique key storage unit 220b via the communication unit 270b of the medium unique key information creation device 600 (step S211), and performs conversion. Part 2
30b generates an encrypted unique key Ji using the unique key Ki stored in the media unique key storage unit 220b and the master key Mk stored in the master key storage unit 210b, and generates the generated encrypted unique key Ji. Ji is output to the media unique key information storage unit 240b (step S212), and the communication unit 2
70b reads the encrypted unique key Ji from the media unique key information storage unit 240b, and reads the read encrypted unique key Ji.
Is output to the media unique key information storage unit 240a via the communication unit 270a of the memory card 200a (step S213). 3.1.4 Details of Authentication Operation when Memory Card 200a is Mounted in Memory Card Writer 300 Differences from FIG. 9 regarding details of the authentication operation when memory card 200a is mounted in memory card writer 300 This will be described with reference to FIG.

The details of the authentication operation are described in step S shown in FIG.
139 to S147 correspond to steps S201 to S201 shown in FIG.
This is replaced with S206. Random number generator 25
1 generates a random number R3 (step S201), the communication unit 270a outputs the generated random number R3 to the encryption unit 332 via the communication unit 340 (step S202), and the encryption unit 332 outputs the master key Mk. Is used as the key of the encryption algorithm E2, the random number R3 is subjected to the encryption algorithm E2 to generate an encrypted random number E2 (Mk, R3) (step S20).
3) The communication unit 340 outputs the encrypted random number E2 (Mk, R3) to the decryption unit 253 via the communication unit 270 (step S204), and the decryption unit 253 transmits the master key Mk to the key of the decryption algorithm D2. As an encrypted random number E2 (Mk,
R3) is subjected to a decryption algorithm D2, and D2 (Mk
, E2 (Mk, R3)) (step S20).
5), the mutual authentication control unit 254 transmits the random numbers R3 and D2 (Mk
, E2 (Mk, R3)), and if they match, the memory card writer 300 recognizes that the device is correct, and if they do not match, the memory card writer 300
Is recognized as an unauthorized device (step S206). 3.1.5 Conclusion According to this embodiment, before memory card 200a is distributed and sold to the user, memory card 200a is connected to media unique key information creating device 600, and media unique key information creating device 600 is connected. The encrypted unique key Ji generated by 600 is written to the memory card 200a.

With this configuration, the conversion unit 230 can be removed from the memory card 200.
The memory card 200a has an effect that the circuit scale can be reduced as compared with the memory card 200. Also,
When the recording medium device authenticates the access device, the recording medium device transmits the authentication information generated as a random number to the access device, and the access device encrypts the authentication information using a master key, and The recording medium device decrypts the encrypted authentication information using the master key, and determines that the access device has legitimacy when the generated authentication information matches the decrypted authentication information. Authenticate. With this configuration, the device authentication process can be simplified as compared with the digital copyright protection system 100. Also in this case, since the master key is not transferred between the devices, the leakage of the master key can be prevented. 3.2 Another Digital Work Protection System In the digital work protection system 100, the memory card 200, the memory card writer 300, and the memory card reader 400 have the same master key, and use the common key encryption algorithm or common key for the master key. Although the key of the key decryption algorithm is used, instead of the master key, the memory card 200 has a public key Kp of RSA encryption which is a kind of public key encryption, and a memory card writer 300 and a memory card reader 4 are provided.
00 may have its private key Ks.

Here, the public key Kp and the secret key Ks are determined as follows. Each of p and q is a decimal number of about 160 digits, the product is n, the integer L is the least common multiple of p-1 and q-1, and the numbers e and d are reciprocals of each other under the modulus L. And That is, ed = 1 (mo
dL). The public key Kp is n and e, and the secret key Ks is d. The conversion unit performs an operation of M ＾ e (M raised to the power of e) on the input M under modulo n to obtain a conversion result C.
Calculation of d (C to the power of d) is performed. Under the modulus n, C ＾ d = (M
＾ e) Since ＾ d = M ＾ ed = M, it can be seen that the inverse transform can be successfully performed.

The public key Kp is generated in advance by another public key generation device as described above, and the generated public key Kp is transmitted to the memory card 200. (Detailed Authentication Operation when Memory Card 200 is Inserted into Memory Card Writer 300)
A detailed authentication operation when 00 is inserted into the memory card writer 300 will be described with reference to FIG. In addition,
Steps having the same reference numerals as those in FIG. 10 are the same operations, and will not be described.

The public key generation device reads the secret key Ks from the memory card writer 300 in advance, generates a public key Kp based on the read secret key Ks using a public key encryption algorithm, and generates the generated public key Kp. Is transmitted to the memory card 200, and the memory card 200 stores the transmitted public key Kp (step S301). The conversion unit 230 uses the public key Kp as the key of the encryption algorithm E4 and applies the encryption algorithm E4 to the unique key Ki to generate an encrypted unique key E4 (Kp, Ki) (step S30).
2), the communication unit 270 transmits the encrypted unique key E4 (Kp, Ki)
) Is output to the inverse transform unit 321 via the communication unit 340 (step S303), and the inverse transform unit 321 outputs the secret key Ks.
As the key of the decryption algorithm D4, and the encryption unique key E4
(Kp, Ki) is subjected to a decryption algorithm D4 to generate a unique key K'i = D4 (Ks, E4 (Kp, Ki)) (step S304).

Here, the encryption algorithm E4 and the decryption / decryption algorithm D4 are algorithms based on RSA encryption. Since the public key and the secret key are configured as described above, the public key e cannot be calculated from the secret key d. Because, when the secret key d is known, the modulus L must be known in order to obtain e from here, but L is p
Because it is the least common multiple of −1 and q−1, it cannot be obtained simply by knowing the product of p and q. Thus, even if the secret key d existing in the card reader or the card writer is exposed, the public key e cannot be obtained from now on, so that there is an effect that it is difficult to forge the memory card.

The encryption algorithm E4 and the decryption algorithm D4 are not limited to the RSA encryption. Other encryption algorithms may be used. 3.3 Another Digital Work Protection System In the digital work protection system described in “3.2 Another Digital Work Protection System”, the memory card 2
00 has a public key Kp, a memory card writer 300,
Although the memory card reader 400 has a secret key Ks, in another digital copyright protection system, the memory card 200 has a secret key Ks of a recoverable signature on an elliptic curve which is a kind of public key cryptosystem. And the memory card writer 300 and the memory card reader 400 may have the public key Kp. Here, the public key Kp and the secret key Ks are determined as follows.

The scalar x is selected as the secret key Ks.
The public key Kp is defined as G + G + ·
.. + G (x additions). A recovery type signature conversion using the secret key Ks is used as the conversion processing, and a recovery type signature verification conversion using the public key Kp is used as the inverse conversion processing.
For the recovery type signature, refer to “A message recoverysi
gnature scheme equivalent to DSA over elliptic cur
ves '' (Atsuko Miyaji, Advances in Cryptology- Pro
ceedings of ASIACRYPT'96, Lecture Notes in Computer
Science, 1163 (1996), Springer-Verlag, 1-14).

At this time, the public key Kp is stored in the memory card 2
The public key Kp is generated in advance by another public key generation device using a public key encryption algorithm based on the secret key Ks of the memory card writer 3 and the generated public key Kp.
00 has been sent. The conversion unit 230 uses the secret key Ks as the key of the encryption algorithm E4 and applies the encryption algorithm E4 to the unique key Ki to encrypt the unique key E4 (Ks, Ki
). In addition, the inverse conversion unit 321 outputs the public key Kp
As the key of the decryption algorithm D4, and the encryption unique key E4
(Ks, Ki) is subjected to a decryption algorithm D4 to generate a unique key K'i = D4 (Kp, E4 (Ks, Ki)).

Since the public key Kp and the secret key Ks are configured as described above, it is extremely difficult to obtain the secret key Ks from the public key Kp in terms of computational complexity. Therefore, a configuration in which a public key is given to a memory writer or a memory reader which is considered to be relatively high in the risk of internal analysis compared to a memory card and a secret key is given to the memory card has an effect of increasing the security of the entire operation system. Have.

It should be noted that in a public key cryptosystem such as an elliptic curve cryptosystem which has security grounds for the discrete logarithm problem, a public key is obtained from a secret key. 3.4 Another Digital Work Protection System 10 A digital work protection system 10 according to another embodiment of the present invention.
0c is the memory card 200c and the memory card writer 30 shown in the block diagrams of FIGS. 14, 15 and 16, respectively.
0c, and a memory card reader 400c.

The memory card 200c is mounted on a master key selection device (not shown). The memory card writer 300c and the memory card reader 400c are connected to a master key selection device. 3.4.1 Master Key Selection Device When the memory card 200c is mounted on the master key selection device, the master key selection device
Is connected to the communication unit 270.

Master Key Selection Device and Memory Card Writer 3
00c is connected, the master key selection device
Connected to communication unit 340 of memory card writer 300c. When the master key selection device and the memory card reader 400c are connected, the master key selection device is connected to the communication unit 440 of the memory card reader 400c. When the master key selection device is connected to the memory card 200c, the memory card writer 300c, or the memory card reader 400c, the communication unit 270 of the connected memory card 200c and the communication unit 340 of the memory card writer 300c
Alternatively, the password is output to the communication unit 440 of the memory card reader 400c.

The password corresponds to one of a plurality of master keys. 3.4.2 Memory Card 200c The memory card 200c further includes a master key selection unit 215 in the memory card 200. Memory card 200c
Are the same as those of the memory card 200. The following description focuses on differences from the memory card 200.

The master key storage section 210 stores a plurality of master keys in advance. When the memory card 200c is mounted on the master key selection device, the memory card 200
c is connected to the master key selecting device via the communication unit 270. Communication unit 270 receives the password from the master key selection device, and outputs the received password to master key selection unit 215.

The master key selecting unit 215 selects one master key corresponding to the password from the master key storage unit 210 using the password received from the communication unit 271, and stores the selected master key in the master key storage unit 210. Output to The master key storage unit 210 attaches a selection mark indicating that the selected master key has been selected, and stores it.

The conversion unit 230 and the inverse conversion unit 222 read the master key with the selection mark. 3.4.3 Memory Card Writer 300c, Memory Card Reader 400c Memory Card Writer 300c
00 further includes a master key selection unit 315. Other components of the memory card writer 300c are the same as those of the memory card writer 300.

The master key storage unit 313 stores a plurality of master keys in advance. Similarly to the memory card 200c, the communication unit 340 receives the password from the master key selection device and outputs the password to the master key selection unit 315. The master key is selected from the master key storage unit 313, and the master key storage unit 313 stores the selected master key with a selection mark indicating that the selected master key is selected.

The conversion section 311 and the inverse conversion section 321 read the master key with the selection mark. Regarding the memory card reader 400c, the memory card writer 300
Same as c. 3.4.4 Conclusion Digital work protection system 1 shown in the present embodiment
00c is applied to a plurality of different operation systems. As an example of the operation system, there is a music distribution system, and this music distribution system is jointly operated by three companies, A company, B company, and C company. As another example of the operation system, there is a movie rental system, and this movie rental system is jointly operated by companies X, Y and Z.

In one operation system, one and the same master key is used, and in another operation system, another master key is used. For example, the music distribution system uses a master key Mk1, and the movie rental system uses a master key Mk different from the master key Mk1.
k2 is used. Digital copyright protection system 100c
In a desirable operation system to which is applied, there are three parties: a license organization, a manufacturer, and a user. The licensing organization is in a position to secure the confidentiality of confidential information such as a master key at the same time as deciding the standard of the operation system, and grants a license to each manufacturer. , Manufactures equipment of a predetermined standard and provides it to users, and the user uses individual equipment.

When manufacturing a device such as a memory card, a memory card writer, or a memory card reader, it is difficult to impose complete security conditions so that the master key is not leaked to the manufacturer. Also, a memory card writer or a memory card reader seems to be relatively easier to analyze than a memory card. Therefore, in order to reduce the possibility of master key leakage as much as possible and to reduce the manufacturing cost of the device including the selection of the master key and the maintenance cost of the operation system, the selection of the master key of the memory card is
It is entrusted to the manufacturer to select a master key for the memory card writer and the memory card reader by a licensing organization.

For this reason, there are a master key selection device 901 for a memory card, a master key selection device 902 for a memory card writer, and a master key selection device 903 for a memory card reader. The master key selection device 902 and the master key selection device 903 are in the hands of the manufacturer and are not handed over to the manufacturer, being in the hands of the license organization.

When a memory card is manufactured by a manufacturer, the memory card has a plurality of master keys, one of which is selected by a master key selecting device 901. On the other hand, in the memory card writer or the memory card reader, only the master key selected as a result of selection using the master key selection device 902 or 903 owned by the license organization is recorded in advance.

As described above, since the recording medium device and the access device have a plurality of master keys, they can be applied to a plurality of different digital work management systems.
Also, one operating system uses one and the same master key, and different operating systems use another master key. Therefore, even if the master key of a certain operating system is exposed, other operating There is an effect that a highly secure security system that does not affect the system can be realized. 3.5 Another Digital Work Protection System A digital work protection system 100d according to another embodiment of the present invention includes a memory card 200d and a memory card writer 300d shown in FIG. It comprises a memory card reader 400d.

The memory card 200, the memory card writer 300d, and the memory card reader 400d correspond to the memory card 200, the memory card writer 300,
Since the configuration is the same as that of the memory card reader 400, the following description focuses on the differences. 3.5.1 Memory Card 200d The memory card 200d is different from the memory card 200 in that the sub-group key storage unit 290d and the conversion unit 2
91d. In addition, memory card 2
The other components of 00d are the same as the components of the memory card 200 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 290d The subgroup key storage unit 290d stores one subgroup key Gjk in advance. Subgroup key Gjk
Consists of a 56-bit bit string.

When a single digital work management system is operated by a plurality of organizations, different subgroup keys exist by the number of these organizations, and these different subgroup keys are respectively assigned to the plurality of organizations. . For example, a digital copyrighted work management system is a music distribution system that distributes music, and this music distribution system is a company A,
When the three companies B and C operate jointly, there are three different subgroup keys, and these three different subgroup keys are assigned to the three companies A, B and C, respectively. Can be (2) Conversion Unit 291d The conversion unit 291d reads one subgroup key Gjk stored in the subgroup key storage unit 290d, and reads one unique key Ki stored in the media unique key storage unit 220.

The conversion section 291d performs a predetermined operation on the read one subgroup key Gjk and the read one unique key Ki to generate a transformed key. here,
The predetermined operation is, for example, an exclusive OR. (Deformed key) = (subgroup key Gjk) EOR (unique key K
i) Here, EOR is an operation indicating exclusive OR.

Conversion section 291d outputs the generated deformed key to conversion section 230. (3) Conversion Unit 230 The conversion unit 230 reads the unique key Ki stored in the media unique key storage unit 220, and reads the read unique key Ki.
Instead of generating the encrypted unique key Ji by applying the encryption algorithm E1 to the conversion key 291d, the modified key is received from the conversion unit 291d, and the received modified key is subjected to the encryption algorithm E1 to generate the encrypted unique key Ji. 3.5.2 Memory card writer 300d The memory card writer 300d is a memory card writer 3
00, the subgroup key storage unit 390
d and an inverse transform unit 391d. Also,
The other components of the memory card writer 300d are the same as the components of the memory card writer 300 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 390d The subgroup key storage unit 390d stores one subgroup key Gjk in advance, like the subgroup key storage unit 290d. The subgroup key Gjk is composed of a 56-bit bit string.

[0099] The subgroup key Gjk is the same as the subgroup key Gjk stored in the subgroup key storage unit 290d, and the description is omitted. (2) Inverse Transformation Unit 321 The inverse transformation unit 321 performs a decryption algorithm D1 on the read encrypted unique key Ji to generate a unique key K′i, and stores the generated unique key K′i in the media unique key storage unit 323. Instead of outputting the modified key, the modified unique key Ji is subjected to the decryption algorithm D1 to generate a modified key, and the generated modified key is output to the inverse transform unit 391d. (3) Inverse Transformation Unit 391d The inverse transformation unit 391d reads one subgroup key Gjk stored in the subgroup key storage unit 390d,
The transformed key is received from the inverse transform unit 321.

The inverse conversion unit 391d performs an inverse operation of the predetermined operation performed by the conversion unit 291d on one read subgroup key Gjk and the received deformed key, and converts the unique key K'i into Generate. The inverse conversion unit 391d outputs the generated unique key K′i to the media unique key storage unit 323. (4) Media unique key storage unit 323 The media unique key storage unit 323 receives the unique key K′i from the inverse conversion unit 391d, and stores the received unique key K′i. 3.5.3 Memory card reader 400d The memory card reader 400d is the memory card reader 4
00, the sub-group key storage unit 490
d and an inverse transform unit 491d. Here, the subgroup key storage unit 490d and the inverse conversion unit 491d
Are the same as those of the sub-group key storage unit 390d and the inverse conversion unit 391d, respectively, and a description thereof will be omitted. Further, the reverse conversion unit 421 and the medium unique key storage unit 423 of the memory card reader 400d are respectively connected to the reverse conversion unit 321 and the medium unique key storage unit 32 of the memory card writer 300d.
3 and the other components of the memory card reader 400d are the same as the components of the memory card reader 400, and a description thereof will be omitted. 3.5.4 Operation of Digital Work Protection System 100d The operation of the digital work protection system 100d will be described.

The outline operation when the memory card 200d is mounted on the memory card writer 300d and the outline operation when the memory card 200d is mounted on the memory card reader 400d are the same as those of the digital copyright protection system 100. The description is omitted. Next, a detailed authentication operation when the memory card 200d is inserted into the memory card writer 300d will be described with reference to FIG. 18, focusing on differences from the digital copyright protection system 100.

In step S150d, the conversion unit 29
1d reads one subgroup key Gjk stored in the subgroup key storage unit 290d, reads one unique key Ki stored in the media unique key storage unit 220, and reads one read subgroup key Gjk Then, a predetermined operation is performed on the read unique key Ki and a modified key Hjk is generated.

In step S130, conversion unit 230
Uses the master key Mk as a key for the encryption algorithm E1.
An encryption algorithm E1 is applied to the modified key Hjk to generate an encrypted unique key E1 (Mk, Hjk). In step S132, the inverse conversion unit 321 uses the master key Mk as the key of the decryption algorithm D1, and uses the encrypted unique key E1 (Mk, Hj
k) is subjected to a decryption algorithm D1, and a modified key D1 (Mk,
E1 (Mk, Hjk)).

At step S151d, the inverse transform unit 3
91d reads one subgroup key Gjk stored in the subgroup key storage unit 390d,
The conversion unit 21 receives the modified key D1 (Mk, E1 (Mk, Hjk)) from the sub-key 21 and reads out the one read subgroup key Gjk and the received modified key D1 (Mk, E1 (Mk, Hjk)). An inverse operation of the predetermined operation performed at 291d is performed to generate a unique key K'i.

The detailed authentication operation when the memory card 200d is inserted into the memory card reader 400d is the same as described above, and the description is omitted. 3.5.5 Conclusion When a single digital work management system is operated by a plurality of organizations, there are different subgroup keys as many as the number of these organizations, and these different subgroup keys correspond to the plurality of organizations, respectively. , Each organization can provide its own service.

For example, the digital work management system is as follows.
This is a music distribution system for distributing music. When three companies A, B and C operate this music distribution system jointly, there are three different subgroup keys, and these three different subgroup keys exist. Group keys are A company, B company,
Since the three companies are assigned to the three companies, the companies A, B, and C can provide their own music distribution services.

Further, since the storage capacity of the memory card is limited, the number of master keys that can be stored in the memory card is often limited, and a key that can be used by a combination of a master key and a subgroup key. There is an effect that the number of can be increased. In the digital copyright protection system 100d, a control unit that causes the conversion unit 230 to convert the unique key stored in the media unique key storage unit 220 without causing the conversion unit 291d to perform the conversion process; and By providing a control unit for inverting the inverse conversion unit 391d and performing an inverse conversion of the encrypted unique key stored in the media unique key information storage unit 320 for the inverse conversion unit 321, After a subgroup key is assigned to each organization, one master key can be further assigned to one digital work management system to provide a common service for each organization. 3.6 Another Digital Work Protection System A digital work protection system 100e according to another embodiment of the present invention includes a memory card 200e and a memory card writer 300e shown in FIG. It comprises a memory card reader 400e.

The memory card 200e, the memory card writer 300e, and the memory card reader 400e are the memory card 200, the memory card writer 300,
Since the configuration is the same as that of the memory card reader 400, the following description focuses on the differences. 3.6.1 Memory Card 200e Compared with the memory card 200, the memory card 200e further includes a subgroup key storage unit 290e and a conversion unit 2
91e. In addition, memory card 2
The other components of 00e are the same as the components of the memory card 200 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 290e The subgroup key storage unit 290e stores one subgroup key Gjk in advance. Subgroup key Gjk
Consists of a 56-bit bit string.

The sub-group key is the same as the sub-group key in the sub-group key storage unit 290d, and the description is omitted. (2) Conversion Unit 291e The conversion unit 291e reads one subgroup key Gjk stored in the subgroup key storage unit 290e, and reads an encryption unique key Ji stored in the media unique key information storage unit 240. .

The conversion unit 291e converts the read one subgroup key Gjk and the read one encrypted unique key Ji.
Is subjected to a predetermined operation to generate a transformed key. Here, the predetermined operation is the same operation as the predetermined operation used in the conversion unit 291d. The conversion unit 291e outputs the generated deformed key to the communication unit 270. (3) Communication Unit 270 The communication unit 270 reads the encrypted unique key Ji from the media unique key information storage unit 240, and transmits the read encrypted unique key Ji to the communication unit 340 of the memory card writer 300 or the communication of the memory card reader 400. Instead of outputting to the unit 440, a modified key is received from the conversion unit 291e, and the received modified key is transmitted to the communication unit 340 of the memory card writer 300e.
Alternatively, the data is output to the communication unit 440 of the memory card reader 400e. 3.6.2 Memory card writer 300e The memory card writer 300e is a memory card writer 3
00, the subgroup key storage unit 390
e, and the point that an inverse transform unit 391e is provided. Also,
The other components of the memory card writer 300e are the same as the components of the memory card writer 300 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 390e The subgroup key storage unit 390e stores one subgroup key Gjk in advance, similarly to the subgroup key storage unit 290e. The subgroup key Gjk is composed of a 56-bit bit string.

Since the subgroup key Gjk is the same as the subgroup key Gjk stored in the subgroup key storage unit 290e, the description is omitted. (2) Communication Unit 340 The communication unit 340 receives the encrypted unique key Ji from the communication unit 270 of the memory card 200 and outputs the received encrypted unique key Ji to the media unique key information storage unit 320 instead of the memory card. The transformed key is received from the communication unit 270 of 200e, and the received transformed key is output to the inverse transform unit 391e. (3) Inverse conversion unit 391e The inverse conversion unit 391e reads out one subgroup key Gjk stored in the subgroup key storage unit 390e,
The modified key is received from the communication unit 340.

The inverse transform unit 391e performs an inverse operation of the predetermined operation performed by the conversion unit 291e on the one read subgroup key Gjk and the received deformed key, and generates the encrypted unique key Ji. Generate. The inverse transform unit 391d stores the generated encrypted unique key Ji in the media unique key information storage unit 32.
Output to 0. 3.6.3 Memory card reader 400e The memory card reader 400e is a memory card reader 4
00, the sub-group key storage unit 490
e and the point that it has an inverse converter 491e. Here, the subgroup key storage unit 490e and the inverse conversion unit 491e
Are the same as those of the subgroup key storage unit 390e and the inverse conversion unit 391e, respectively, and thus description thereof will be omitted. Further, the communication unit 440 of the memory card reader 400e is the same as the communication unit 340 of the memory card writer 300e, and the other components of the memory card reader 400e are the same as the components of the memory card reader 400. Description is omitted. 3.6.4 Operation of Digital Work Protection System 100e The operation of the digital work protection system 100e will be described.

The general operation when the memory card 200e is mounted on the memory card writer 300e and the general operation when the memory card 200e is mounted on the memory card reader 400e are similar to those of the digital copyright protection system 100. The description is omitted. Next, a detailed authentication operation when the memory card 200e is inserted into the memory card writer 300e will be described with reference to FIG. 20, focusing on differences from the digital copyright protection system 100.

In step S150e, conversion unit 29
1e reads one subgroup key Gjk stored in the subgroup key storage unit 290e, and reads the encrypted unique key Ji stored in the media unique key information storage unit 240.
And one read subgroup key Gjk,
A predetermined operation is performed on one of the read encrypted unique keys Ji to generate a modified key, and the generated modified key is output to the communication unit 270.

In step 131, the communication unit 270
Receives the modified key from the conversion unit 291e and outputs the received modified key to the communication unit 340 of the memory card writer 300e. The communication unit 340 receives the modified key from the communication unit 270 of the memory card 200e, and Is output to the inverse transform unit 391e. In step S151e, the inverse conversion unit 391e sets the subgroup key storage unit 390
e, reads out one subgroup key Gjk stored in e, receives a modified key from the communication unit 340, and reads out
The sub-group key Gjk and the received deformed key are subjected to a reverse operation of a predetermined operation performed by the conversion unit 291e to generate an encrypted unique key Ji.

The detailed authentication operation when the memory card 200e is inserted into the memory card reader 400e is the same as that described above, and the description is omitted. 3.6.5 Summary Similar to the digital copyright protection system 100d, when a single digital copyright management system is operated by a plurality of organizations, there are as many different subgroup keys as the number of these organizations, and these different subgroup keys exist. Since the subgroup key is assigned to each of the plurality of organizations, each organization can provide its own service.

Further, since the storage capacity of a memory card is limited, the number of master keys that can be stored in a memory card is often limited, and a key that can be used by a combination of a master key and a subgroup key. There is an effect that the number of can be increased. Note that in the digital copyright protection system 100e, a control unit that causes the conversion unit 230 to convert the unique key stored in the media unique key storage unit 220 without causing the conversion unit 291e to perform the conversion process; By providing a control unit for causing the inverse conversion unit 391e to perform the inverse conversion process on the encrypted unique key stored in the media unique key information storage unit 320 without providing the inverse conversion unit 391e with the inverse conversion process, After a subgroup key is assigned to each organization, one master key can be further assigned to one digital work management system to provide a common service for each organization. 3.7 Another Digital Work Protection System A digital work protection system 100f according to another embodiment of the present invention includes a memory card 200f and a memory card writer 300f shown in FIG. It comprises a memory card reader 400f.

The memory card 200f, the memory card writer 300f, and the memory card reader 400f are the memory card 200, the memory card writer 300,
Since the configuration is the same as that of the memory card reader 400, the following description focuses on the differences. 3.7.1 Memory Card 200f The memory card 200f is different from the memory card 200 in that the subgroup key storage unit 290f and the conversion unit 2
91f is different. In addition, memory card 2
The other components of 00f are the same as the components of the memory card 200 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 290f The subgroup key storage unit 290f stores one subgroup key Gjk in advance. Subgroup key Gjk
Consists of a 56-bit bit string.

Since the subgroup key is the same as the subgroup key in the subgroup key storage unit 290d, the description is omitted. (2) Conversion Unit 291f The conversion unit 291f reads one subgroup key Gjk stored in the subgroup key storage unit 290f and reads the master key Mk stored in the master key storage unit 210.

The conversion section 291f performs a predetermined operation on the read one subgroup key Gjk and the read one master key Mk to generate a modified key. Here, the predetermined operation is the same operation as the predetermined operation used in the conversion unit 291d. The conversion unit 291f outputs the generated deformed key to the conversion unit 230. (3) Conversion Unit 230 The conversion unit 230 reads the master key Mk stored in the master key storage unit 210, and reads the read master key Mk.
k is used as a key of the encryption algorithm E1, and the read unique key Ki is subjected to the encryption algorithm E1 to obtain an encrypted unique key J.
i, instead of generating the transformed key, the transformed key is received from the conversion unit 291f, and the received transformed key is used as the encryption algorithm E1.
The encryption algorithm E1 is applied to the read unique key Ki to generate an encrypted unique key Ji. 3.7.2 Memory card writer 300f The memory card writer 300f is a memory card writer 3
00, the subgroup key storage unit 390
f and an inverse conversion unit 391f. Also,
The other components of the memory card writer 300f are the same as the components of the memory card writer 300 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 390f The subgroup key storage unit 390f stores one subgroup key Gjk in advance, similarly to the subgroup key storage unit 290f. The subgroup key Gjk is composed of a 56-bit bit string.

Since the subgroup key Gjk is the same as the subgroup key Gjk stored in the subgroup key storage unit 290f, the description is omitted. (2) Inverse conversion unit 391f The inverse conversion unit 391f reads one subgroup key Gjk stored in the subgroup key storage unit 390f,
The master key Mk stored in the master key storage unit 313 is read.

The inverse conversion unit 391f performs a predetermined operation on the read one subgroup key Gjk and the read one master key Mk to generate a modified key. Here, the predetermined operation is the same operation as the predetermined operation used in the conversion unit 291d. The inverse transform unit 391f outputs the generated deformed key to the inverse transform unit 321. (3) Inverse Transformation Unit 321 The inverse transformation unit 321 reads the master key Mk stored in the master key storage unit 313, and uses the read master key Mk as a key of the decryption algorithm D1 to read the encrypted unique key Ji. Instead of generating a unique key K′i by applying a decryption algorithm D1 to the decryption algorithm D1 from the inverse transform unit 391f.
As one key, a decryption algorithm D1 is applied to the read encrypted unique key Ji to generate a unique key K'i. 3.7.3 Memory card reader 400f The memory card reader 400f is the memory card reader 4
00, the sub-group key storage unit 490
f and an inverse conversion unit 491f. Here, the subgroup key storage unit 490f and the inverse conversion unit 491f
Are the same as those of the sub-group key storage unit 390f and the inverse conversion unit 391f, respectively, and a description thereof will be omitted. In addition, the inverse converter 421 of the memory card reader 400f is the same as the inverse converter 321 of the memory card writer 300f,
The other components of the memory card reader 400f are the same as the components of the memory card reader 400, and a description thereof will not be repeated. 3.7.4 Operation of Digital Work Protection System 100f The operation of the digital work protection system 100f will be described.

The general operation when the memory card 200f is mounted on the memory card writer 300f and the general operation when the memory card 200f is mounted on the memory card reader 400f are similar to those of the digital copyright protection system 100. The description is omitted. Next, a detailed authentication operation when the memory card 200f is inserted into the memory card writer 300f will be described with reference to FIG. 22, focusing on differences from the digital copyright protection system 100.

In step S150f, conversion unit 29
1f reads one subgroup key Gjk stored in the subgroup key storage unit 290f, reads a master key Mk stored in the master key storage unit 210, reads one read subgroup key Gjk, and A predetermined operation is performed on the one master key Mk to generate a modified key Mk ′, and the conversion unit 291f outputs the generated modified key Mk ′
Is output to the conversion unit 230.

In step S130, conversion unit 230
Generates an encrypted unique key E1 (Mk ', Ki) by applying the encryption algorithm E1 to the unique key Ki using the modified key Mk' as the key of the encryption algorithm E1. In step S151f, the inverse conversion unit 391f sets the subgroup key storage unit 3
One subgroup key Gjk stored in the master key storage unit 313 is read, and a master key Mk stored in the master key storage unit 313 is read.
jk and one read master key Mk to perform a predetermined operation to generate a modified key Mk ′.
k ′ is output to the inverse transform unit 321.

In step S132, the inverse transform unit 32
1 uses the modified key as a key of the decryption algorithm D1 and applies the decryption algorithm D1 to the encrypted unique key E1 (Mk ', Ki) to obtain the unique key K'i = D1 (Mk', E1 (Mk ', Ki).
)). The detailed authentication operation when the memory card 200f is inserted into the memory card reader 400f is the same as the above, and the description is omitted. 3.7.5 Summary Similar to the digital copyright protection system 100d, when a single digital copyright management system is operated by a plurality of organizations, there are as many different subgroup keys as the number of these organizations, and these different subgroup keys exist. Since the subgroup key is assigned to each of the plurality of organizations, each organization can provide its own service.

Since the storage capacity of a memory card is limited, the number of master keys that can be stored in a memory card is often limited, and a key that can be used by a combination of a master key and a subgroup key. There is an effect that the number of can be increased. Note that, in the digital copyright protection system 100f, a control unit that causes the conversion unit 230 to convert the unique key stored in the media unique key storage unit 220 without causing the conversion unit 291f to perform the conversion process; and By providing a control unit for causing the inverse conversion unit 391f to perform the inverse conversion process on the encrypted unique key stored in the media unique key information storage unit 320 without providing the inverse conversion unit 391f with the inverse conversion process, After a subgroup key is assigned to each organization, one master key can be further assigned to one digital work management system to provide a common service for each organization.

The digital work protection system 100
f, the same master key is stored in the master key storage unit 210 and the master key storage unit 313.
The following may be performed using the public key method. In the digital copyright protection system 100f, the memory card 2
The master key storage unit 210 of 00f stores a master key as a secret key. The memory card 200f further has a public key generation unit that generates a public key from the transformed key generated by the conversion unit 291f. The generated public key is distributed to the memory card writer 300f in advance. In the memory card writer 300f, the encryption unit 360
The copyrighted work is encrypted using the generated public key. 3.8 Another Digital Work Protection System A digital work protection system 100g according to another embodiment of the present invention includes a memory card 200g and a memory card writer 300g shown in FIG. It comprises a memory card reader 400g.

The memory card 200g, the memory card writer 300g, and the memory card reader 400g correspond to the memory card 200, the memory card writer 300,
Since the configuration is the same as that of the memory card reader 400, the following description focuses on the differences. 3.8.1 Memory Card 200g The memory card 200g is different from the memory card 200 in that the subgroup key storage unit 290g and the conversion unit 2
The difference is that it has 91 g. In addition, memory card 2
The other components of 00g are the same as the components of the memory card 200 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 290g The subgroup key storage unit 290g stores one subgroup key Gjk in advance. Subgroup key Gjk
Consists of a 56-bit bit string.

Since the subgroup key is the same as the subgroup key in the subgroup key storage unit 290d, the description is omitted. (2) Conversion Unit 291g The conversion unit 291g reads one subgroup key Gjk stored in the subgroup key storage unit 290g, and reads the unique key Ki stored in the media unique key storage unit 220.
Read out.

The conversion unit 291g performs a predetermined operation on the read one subgroup key Gjk and the read one unique key Ki to generate a modified key. here,
The predetermined operation is the same operation as the predetermined operation used in the conversion unit 291d. The conversion unit 291g outputs the generated deformed key to the encryption unit 252 of the mutual authentication unit 250. (3) Encryption Unit 252 The encryption unit 252 reads the unique key Ki from the media unique key storage unit 220, and performs encryption by applying the encryption algorithm E2 to the received random number R1 using the read unique key Ki as the key of the encryption algorithm E2. Instead of generating the encrypted random number S1, it receives a modified key from the conversion unit 291g and uses the received modified key as a key for the encryption algorithm E2 to apply the encryption algorithm E2 to the received random number R1 to generate an encrypted random number S1. 3.8.2 Memory Card Writer 300g The memory card writer 300g is a memory card writer 3
00, the subgroup key storage unit 390
g and an inverse transform unit 391g. Also,
The other components of the memory card writer 300g are the same as the components of the memory card writer 300 unless otherwise described, and the description is omitted. (1) Subgroup key storage unit 390g The subgroup key storage unit 390g stores one subgroup key Gjk in advance, like the subgroup key storage unit 290g. The subgroup key Gjk is composed of a 56-bit bit string.

Since the subgroup key Gjk is the same as the subgroup key Gjk stored in the subgroup key storage unit 290g, the description is omitted. (2) Inverse conversion unit 391g The inverse conversion unit 391g reads one subgroup key Gjk stored in the subgroup key storage unit 390g,
The unique key K′i stored in the media unique key storage unit 323 is read.

The inverse conversion unit 391g performs a predetermined operation on the read one subgroup key Gjk and the read one unique key K′i to generate a modified key. Here, the predetermined operation is the same operation as the predetermined operation used in the conversion unit 291d. The inverse conversion unit 391g outputs the generated deformed key to the decryption unit 333. (3) Decryption unit 333 The decryption unit 333 reads the unique key K′i from the media unique key storage unit 323, and decrypts the read unique key K′i as the key of the decryption algorithm D2 into the received encrypted random number S1. Instead of generating the random number R'1 by applying the algorithm D2, it receives a modified key from the inverse transform unit 391g, and performs the decryption algorithm D2 on the received encrypted random number S1 using the received modified key as a key of the decryption algorithm D2. To generate a random number R'1. 3.8.3 Memory card reader 400g The memory card reader 400g is the memory card reader 4
00, the sub-group key storage unit 490
g and an inverse transform unit 491g. Here, the subgroup key storage unit 490g and the inverse conversion unit 491g
Are the same as those of the subgroup key storage unit 390g and the inverse conversion unit 391g, respectively, and a description thereof will be omitted. Also, the decoding unit 433 of the memory card reader 400g is the same as the decoding unit 333 of the memory card writer 300g, and the other components of the memory card reader 400g are the same as the components of the memory card reader 400. Description is omitted. 3.8.4 Operation of Digital Work Protection System 100g The operation of the digital work protection system 100g will be described.

The outline operation when the memory card 200g is inserted into the memory card writer 300g and the outline operation when the memory card 200g is inserted into the memory card reader 400g are the same as those of the digital copyright protection system 100. The description is omitted. Next, a detailed authentication operation when the memory card 200g is mounted on the memory card writer 300g will be described with reference to FIG. 24, focusing on differences from the digital copyright protection system 100.

In step S150g, the conversion unit 29
1g reads one subgroup key Gjk stored in the subgroup key storage unit 290g, reads a unique key Ki stored in the media unique key storage unit 220, and reads the read one subgroup key Gjk, A predetermined operation is performed on the read one unique key Ki to generate a modified key, and the generated modified key is output to the encryption unit 252 of the mutual authentication unit 250.

In step S135, the encryption unit 252
Receives the modified key from the conversion unit 291g and uses the received modified key as a key for the encryption algorithm E2 to apply the encryption algorithm E2 to the received random number R1 to generate an encrypted random number S1. In step S151g, the inverse conversion unit 391g reads one subgroup key Gjk stored in the subgroup key storage unit 390g, and reads the unique key K′i stored in the media unique key storage unit 323.
And one read subgroup key Gjk,
A predetermined operation is performed on one read unique key K′i to generate a modified key, and the generated modified key is
Output to 3.

In step S137, the decoding unit 333
Receives the transformed key from the inverse transform unit 391g and uses the received transformed key as a key for the decryption algorithm D2 to apply the decryption algorithm D2 to the received encrypted random number S1 to generate a random number R'1. The detailed authentication operation when the memory card 200g is inserted into the memory card reader 400g is the same as described above, and thus the description is omitted. 3.8.5 Summary Similar to the digital copyright protection system 100d, when a single digital copyright management system is operated by a plurality of organizations, there are as many different subgroup keys as the number of these organizations, and these different subgroup keys exist. Since the subgroup key is assigned to each of the plurality of organizations, each organization can provide its own service.

Further, since the storage capacity of the memory card is limited, the number of master keys that can be stored in the memory card is often limited, and a key that can be used by a combination of a master key and a subgroup key. There is an effect that the number of can be increased. In the digital copyright protection system 100g, a control unit that causes the conversion unit 230 to convert the unique key stored in the media unique key storage unit 220 without causing the conversion unit 291g to perform the conversion process; and By providing a control unit that causes the inverse conversion unit 391g to perform the inverse conversion process on the encrypted unique key stored in the media unique key information storage unit 320 without providing the inverse conversion unit 391g with the inverse conversion process, After a subgroup key is assigned to each organization, one master key can be further assigned to one digital work management system to provide a common service for each organization. 3.9 Another Digital Work Protection System A digital work protection system 100h according to another embodiment of the present invention includes a memory card 200 and a memory card writer 300 shown in FIGS.
h, a memory card reader 400h.

[0139] The memory card 200 is the same as the memory card 200 of the digital copyrighted work protection system 100, and a description thereof will be omitted. Also, the memory card writer 300
h and the memory card reader 400h have the same configuration as the memory card writer 300 and the memory card reader 400, respectively. Therefore, the following description will focus on the differences. 3.9.1 Memory card writer 300h The memory card writer 300h is a memory card writer 3
Compared with 00, the difference is that a conversion unit 392 and a user key input unit 393 are further provided. Other components of the memory card writer 300h are not described unless otherwise described below.
And the description is omitted. (1) User Key Input Unit 393 The user key input unit 393 includes an input device such as a keyboard, and receives input of a user key, which is a password unique to the user, known only by the user.

The user key can be determined by each user and is composed of a combination of alphanumeric characters and symbols of up to 10 digits. When the user key input unit 393 receives the input of the user key,
The input user key is output to the conversion unit 392. (2) Conversion Unit 392 The conversion unit 392 reads the unique key K′i from the media unique key storage unit 323 and receives the user key from the user key input unit 393.

The conversion unit 392 outputs the read unique key K′i
And a predetermined operation is performed on the received user key to generate a transformed key. Here, the predetermined operation is an exclusive OR. Conversion section 392 outputs the generated deformed key to encryption section 360. (3) Encryption Unit 360 The encryption unit 360 reads the unique key K′i from the media unique key storage unit 323, and converts the read work into a partial work Ci (i = 1, 2,
..), And the read unique key K'i is used as a key of the encryption algorithm E2 to obtain each partial work Ci.
(I = 1, 2, 3,...) And a plurality of encrypted partial works Fi (i = 1, 2, 3,.
..) Instead of generating a partial work Ci (i = 1, 2, 3,...) Consisting of a plurality of 64-bit bit strings.
・) And transform the received transformed key into an encryption algorithm E
As the key of 2, each partial work Ci (i = 1, 2, 3,.
..) to generate a plurality of encrypted partial works Fi (i = 1, 2, 3,...). 3.9.2 Memory card reader 400h The memory card reader 400h is a memory card reader 4
Compared with 00, the difference is that a conversion unit 492 and a user key input unit 493 are further provided. Other components of the memory card reader 400h are not described unless otherwise described below.
And the description is omitted. (1) User Key Input Unit 493 The user key input unit 493 accepts an input of a user key from the user, as in the case of the user key input unit 393, and outputs the accepted user key to the conversion unit 492. (2) Conversion Unit 492 The conversion unit 492 reads the unique key K′i from the media unique key storage unit 423, receives the user key from the user key input unit 493, and reads the read unique key K ′, like the conversion unit 392. A predetermined operation is performed on i and the received user key to generate a transformed key. Here, the predetermined operation is an exclusive OR.

Conversion section 492 outputs the generated modified key to decryption section 460. (3) Decryption Unit 460 The decryption unit 460 reads the unique key K′i from the media unique key storage unit 423, and converts the received encrypted work into a partially encrypted work Gi composed of a plurality of 64-bit bit strings.
(I = 1, 2, 3,...), And each of the partially encrypted works Gi (i = 1, 2, 3,...) Is used by using the read unique key K′i as a key of the decryption algorithm D2. ..) to obtain a plurality of partial works Hi (i =
1, 2, 3,...), The conversion unit 49
2 and converts the received encrypted work into a partially encrypted work G comprising a plurality of 64-bit bit strings.
i (i = 1, 2, 3,...) and each of the partially encrypted works Gi (i = 1, 2, 3,...) To a plurality of partial works Hi (i = 1, 2,
3,...). 3.9.3 Operation of Digital Work Protection System 100h The operation of the digital work protection system 100h will be described.

The detailed authentication operation when the memory card 200 is mounted on the memory card writer 300h and the detailed authentication operation when the memory card 200 is mounted on the memory card reader 400h are described in the digital copyright protection system. 100, the description is omitted, and the memory card 200 is replaced with the memory card writer 300h.
The general operation when the memory card 200 is mounted on the memory card reader 400h and the general operation when the memory card 200 is mounted on the memory card reader 400h will be described below. (1) The memory card 200 is a memory card writer 300
h in the outline operation when the memory card 200 is inserted in the memory card writer 300h, the details of step S114 in the flowchart shown in FIG. Next, step S is performed using the flowchart shown in FIG.
Details of 114 will be described.

The user key input unit 393 receives the input of the user key from the user, and outputs the received user key to the conversion unit 392 (step S100h).
Reference numeral 92 denotes a unique key K′i from the media unique key storage unit 323.
And receives a user key from the user key input unit 393, performs a predetermined operation on the read unique key K′i and the received user key to generate a modified key, and encrypts the generated modified key. Output to the section 360 (step S101).
h), the encryption unit 360 receives the modified key from the conversion unit 392, and divides the read work into partial works Ci (i = 1, 2, 3,...) consisting of a plurality of 64-bit bit strings. Each partial work Ci (i = 1, 2, 3,...) Using the received deformed key as a key of the encryption algorithm E2.
Is subjected to an encryption algorithm E2 to generate a plurality of encrypted partial works Fi (i = 1, 2, 3,...), And outputs the generated encrypted partial works Fi to the communication unit 340 (step S102h). ), The communication unit 340 performs the encrypted partial copyrighted work Fi
Is output to the communication unit 270 of the memory card 200 (step S103h). (2) The memory card 200 is a memory card reader 400
h when the memory card 200 is inserted into the memory card reader 400h, the details of step S125 in the flowchart shown in FIG. 8 differ from the operation of the digital copyright protection system 100. Next, step S is performed using the flowchart shown in FIG.
125 will be described in detail.

The user key input unit 493 receives the input of the user key from the user, outputs the received user key to the conversion unit 492 (step S111h), and
Reference numeral 92 denotes a unique key K′i from the media unique key storage unit 423.
And receives a user key from the user key input unit 493, performs a predetermined operation on the read unique key K′i and the received user key, generates a modified key, and decrypts the generated modified key. Output to the section 460 (step S112).
h), the decryption unit 460 receives the modified key from the conversion unit 492, and converts the received encrypted work into a partially encrypted work Gi (i = 1, 2,
,...), And using the received deformed key as a key for the decryption algorithm D2, each partially encrypted work Gi (i =
1, 2, 3,...) To generate a plurality of partial works Hi (i = 1, 2, 3,...) (Step S113h). 3.9.5 Conclusion A user can encrypt a work using a user key set by himself and can decrypt the encrypted work using the user key, so that the user's own work is decrypted by another person. Without
The effect is that it can be protected. 3.10 Another Digital Work Protection System A digital work protection system 100i as another embodiment of the present invention includes a memory card 200i and a memory card writer 300 shown in FIGS.
i, a memory card reader 400i.

The memory card 200i, the memory card writer 300i, and the memory card reader 400i have the same configurations as the memory card 200, the memory card writer 300, and the memory card reader 400 of the digital copyright protection system 100, respectively. Will be described focusing on the differences. 3.10.1 Memory Card Writer 300i The memory card writer 300i is a memory card writer 3
Compared with 00, the difference is that an encryption unit 365 and a file key generation unit 366 are further provided. The other components of the memory card writer 300i are the same as those of the memory card writer 30
0, and the description is omitted. (1) Control Unit 350 The control unit 350 outputs a copyrighted work acquisition signal instructing to obtain a copyrighted work from the outside to the copyrighted work obtaining unit 380 for each file. hand,
Output a generation instruction to generate a file key for each file. (2) Work Acquisition Unit 380 The work acquisition unit 380 acquires one work as a file. Here, a file is a set of data collected according to a certain rule. For example, in the case of a music work,
One song corresponds to one file. (3) Work Storage 370 The work storage 370 stores a work for each file. (4) File Key Generation Unit 366 Upon receiving a generation instruction from the control unit 350, the file key generation unit 366 randomly generates a 56-bit file key, and outputs the generated file key to the encryption unit 365. The generated file key is output to the encryption unit 360.

Although the file key is generated randomly, the file key generation unit 366 may receive the input of the file key from the operator. (5) Encryption Unit 365 The encryption unit 365 reads the unique key K′i from the media unique key storage unit 323, and receives the file key from the file key generation unit 366.

The encryption section 365 stores in advance the encryption algorithm E5 specified by DES.
The encryption unit 365 performs an encryption algorithm E5 on the received file key to generate an encrypted file key. At this time, the read unique key K'i is
Key 5

[0149] Encryption section 365 outputs the generated encrypted file key to communication section 340. (6) Encryption Unit 360 The encryption unit 360 reads the unique key K′i from the media unique key storage unit 323, and converts the read work into a partial work Ci (i = 1, 2,
..), And the read unique key K′i is used as a key of the encryption algorithm E2, and each partial work Ci (i
= 1, 2, 3,...) And a plurality of encrypted partial works Fi (i = 1, 2, 3,...)
Instead of generating）), the encryption unit 360 reads out the copyrighted work for each file, receives the file key from the file key generation unit 366, and converts the copyrighted work read out for each file into a partial copyright consisting of a plurality of 64-bit bit strings. Thing Ci (i
= 1, 2, 3,...), The received file key is used as a key for the encryption algorithm E2, and each partial work Ci
(I = 1, 2, 3,...) And a plurality of encrypted partial works Fi (i = 1, 2, 3,.
...) is generated. (7) Communication Unit 340 The communication unit 340 further receives the encrypted file key from the encryption unit 365 and outputs the received encrypted file key to the communication unit 270. 3.10.2 Memory Card 200i The following describes constituent elements of the memory card 200i that are different from those of the memory card 200, focusing on the differences. (1) Communication Unit 270 The communication unit 270 further receives the encrypted file key from the communication unit 340 and outputs the received encrypted file key to the encrypted work storage unit 260.

The communication section 270 further reads the encrypted file key 261 from the encrypted work storage section 260, and outputs the read encrypted file key to the communication section 440. (2) Encrypted Work Storage Unit 260 The encrypted work storage unit 260 further receives an encrypted file key from the communication unit 270 and stores the received encrypted file key 261.

The encrypted work storage section 260 stores the encrypted partial work Fi (i =
, 1, 2, 3,...) Is stored as the encrypted file 262. 3.10.3 Memory Card Reader 400i The memory card reader 400i is a memory card reader 4
Compared with 00, the difference is that a decoding unit 465 is further provided. The other components of the memory card reader 400i are the same as the components of the memory card reader 400 unless otherwise described, and the description is omitted. (1) Communication Unit 440 The communication unit 440 further receives the encrypted file key from the communication unit 270, and outputs the received encrypted file key to the decryption unit 465. (2) Decryption Unit 465 The decryption unit 465 reads the unique key K′i from the media unique key storage unit 423, and receives the encrypted file key from the communication unit 440.

The decoding unit 465 stores a decoding algorithm D5 specified by DES in advance.
Here, there is a relationship shown in Expression 17 between the encryption algorithm E5 and the decryption algorithm D5 stored in the encryption unit 365. (Equation 17) E5 = crpt (D5) The decryption unit 465 performs a decryption algorithm D5 on the received encrypted file key to generate a file key. At this time, the read unique key K′i is converted into a decryption algorithm D
Key 5

The decryption unit 465 outputs the generated file key to the decryption unit 460. (3) Decryption Unit 460 The decryption unit 460 reads the unique key K′i from the media unique key storage unit 423, and converts the received encrypted work into a partially encrypted work Gi composed of a plurality of 64-bit bit strings.
(I = 1, 2, 3,...), And each of the partially encrypted works Gi (i = 1, 2, 3,...) Is used by using the read unique key K′i as a key of the decryption algorithm D2. ..) to obtain a plurality of partial works Hi (i =
1, 2, 3,...) Instead of generating
5 and divides the received encrypted work into partial encrypted works Gi (i = 1, 2, 3,...) Consisting of a plurality of 64-bit bit strings, and As a key for the decryption algorithm D2, each partial encrypted work Gi (i = 1, 2, 3,...) Is subjected to the decryption algorithm D2 to obtain a plurality of partial works Hi (i =
1, 2, 3,...). 3.10.4 Operation of Digital Work Protection System 100i The operation of the digital work protection system 100i will be described.

Detailed authentication operation when the memory card 200i is inserted into the memory card writer 300i, and
The detailed authentication operation when the memory card 200i is inserted into the memory card reader 400i is the same as that of the digital copyright protection system 100, and thus the description is omitted, and the memory card 200i is replaced with the memory card writer 30.
Operation when inserted into memory card 0i and memory card 20
The general operation when 0i is attached to the memory card reader 400i will be described below. (1) The memory card 200i is the memory card writer 30
Outline Operation when Inserted into Memory Card Writer 0i Regarding the outline operation when the memory card 200i is inserted into the memory card writer 300i, the details of step S114 in the flowchart shown in FIG. Only
Next, the details of step S114 will be described using the flowchart shown in FIG.

The file key generation unit 366 includes the control unit 350
, A file key consisting of 64 bits is randomly generated, and the generated file key is
5 and the encryption unit 365 outputs the information to the media unique key storage unit 3.
23, the unique key K′i is read from the
66, a file key is received, and the read unique key K'i is used as a key of the encryption algorithm E5 by the encryption unit 3.
65 is an encryption algorithm E5 for the received file key.
To generate an encrypted file key, and output the generated encrypted file key to the communication unit 340 (step S100).
i). The communication unit 340 receives the encrypted file key from the encryption unit 365, and outputs the received encrypted file key to the communication unit 270 (Step S101i). Encryption unit 36
0 receives the file key from the file key generation unit 366, divides the read literary work into partial literary works Ci (i = 1, 2, 3,...) Composed of a plurality of 64-bit bit strings, and receives The file key is used as the key of the encryption algorithm E2, and each partial work Ci (i = 1, 2, 3,...)
Is subjected to an encryption algorithm E2 to generate a plurality of encrypted partial works Fi (i = 1, 2, 3,...) (Step S102i). The communication unit 340 receives the plurality of encrypted partial works from the encryption unit 360 and outputs the received plurality of encrypted partial works to the communication unit 270 (step S).
103i). (2) The memory card 200i is the memory card reader 40
Overview operation when the memory card 200i is inserted into the memory card reader 400i Regarding the outline operation when the memory card 200i is inserted into the memory card reader 400i, details of step S125 in the flowchart shown in FIG. Only
Next, the details of step S125 will be described using the flowchart shown in FIG.

The communication unit 440 receives the encrypted file key from the communication unit 270 and outputs the received encrypted file key to the decryption unit 465. The decryption unit 465 transmits the unique key K′i from the media unique key storage unit 423. Is read, and the communication unit 4
40, the decryption unit 465 receives the encrypted file key, uses the read unique key K'i as a key for the decryption algorithm D5, and applies the decryption algorithm D5 to the received encrypted file key to generate a file key. The generated file key is output to the decryption unit 460 (Step S111)
i). The decryption unit 460 receives the file key from the decryption unit 465, and converts the received encrypted work into a partially encrypted work Gi (i = 1, 2) consisting of a plurality of 64-bit bit strings.
2, 3,...), And using the received file key as a key for the decryption algorithm D2,
i (i = 1, 2, 3,...) and the decoding algorithm D2
And a plurality of partial works Hi (i = 1, 2, 3,...)
.) Is generated (step S112i). 3.10.5 Summary As described above, the recording medium device is connected to the access device, which is a memory card writer, and the digital work is encrypted using the file key and written into the recording medium device. Both the recording medium device and the access device
When the access device is authenticated, the access device generates a file key for each file constituting the digital work, and generates one or more file keys using a unique key secretly transmitted from the recording medium device. Encrypting to generate one or more encrypted file keys, encrypting a file using the file key for each file constituting the digital work to generate an encrypted file, and generating the one or more encrypted files; Outputting the encrypted file key and the one or more encrypted files to a recording medium device, and the recording medium device receives and stores the one or more encrypted file keys and the one or more encrypted files.

Also, one or more of the encrypted file keys and one
A recording medium device storing the above-described encrypted file and an access device serving as a memory card reader are connected, and the encrypted file is decrypted and played back. When both are authenticated, the recording medium device outputs one or more of the encrypted file keys and one or more of the encrypted files to the access device, and the access device
Receiving one or more of the encrypted file keys and one or more of the encrypted files from the recording medium device, and for each of the encrypted files, encrypting the encrypted file key using a unique key secretly transmitted from the recording medium device; A file key is generated by decryption, the encrypted file is decrypted using the generated file key to generate a file, and the generated file is reproduced.

In this way, a different file key is generated for each file forming the work, and the file-based work is encrypted with the generated different file keys. There is an effect that is improved. The digital copyright protection system 100i may be configured as follows. (1) Modification 1 of Digital Work Protection System 100i FIG. 33 shows a modification of the digital work protection system 100i.
Is shown in the block diagram of FIG.

As shown in FIG.
i further includes a random number seed generation unit 292, and the random number seed generation unit 292 generates a seed that is an initial value of a random number. Here, the seed is a time consisting of 64 bits. The seed is preferably a value that changes every moment, such as a time. The random number seed generation unit 292 outputs the generated seed to the communication unit 270, and the communication unit 270 receives the seed, and outputs the received seed to the communication unit 340.
The communication unit 340 receives the seed and outputs the received seed to the file key generation unit 366. The file key generation unit 366 receives the seed, generates a random number using the received seed, and uses the generated random number as a file key.

Note that the file key generation unit 366 may generate a random number as follows. The file key generation unit 366 encrypts the received seed using a predetermined encryption algorithm to generate a ciphertext. Here, a predetermined key is used as the key. Further, the file key generation unit 366 further encrypts the generated cipher text by using the predetermined encryption algorithm to generate a cipher text. This encryption process is repeated a specific number of times, and the last generated encrypted text is used as the random number. (2) Modification 2 of Digital Work Protection System 100i Still another modification of the digital work protection system 100i is shown in the block diagram of FIG.

As shown in FIG.
i further includes a random number seed generation unit 293, and the random number seed generation unit 293 generates a seed that is an initial value of a random number, similarly to the random number seed generation unit 292. Here, the seed is a time consisting of 64 bits. The seed is preferably a value that changes every moment, such as a time. The random number seed generation unit 293 outputs the generated seed to the mutual authentication unit 25.
Output to 0. The mutual authentication unit 250 receives the seed, and outputs the received seed to the mutual authentication unit 330 via the communication unit 270 and the communication unit 340 by an authentication process. The mutual authentication unit 330 receives the seed, and outputs the received seed to the file key generation unit 366. The file key generation unit 366 receives the seed, generates a random number using the received seed, and uses the generated random number as a file key.

Next, details of the operation of the above-described authentication process will be described focusing on differences from the flowcharts shown in FIGS. 9 and 10. In step S135,
The encryption unit 252 receives the seed S from the random number seed generation unit 293.
And combine the random number R1 and the seed S to obtain (R1
+ S) to generate a bit string of 128 bits in total.
The encryption unit 252 generates an encrypted random number E2 (Ki, (R1 + S)) by applying the encryption algorithm E2 to (R1 + S) using the unique key Ki as the key of the encryption algorithm E2.
Here, since (R1 + S) is a bit string of 128 bits, it is encrypted in two blocks of 64 bits each.

In step S136, communication unit 270
Is a two-block encrypted random number E via the communication unit 340.
2 (Ki, (R1 + S)) is output to the decoding unit 333.
In step S137, the decryption unit 333 applies the decryption algorithm D2 to the encrypted random number E2 (Ki, (R1 + S)) using the unique key K'i as the key of the decryption algorithm D2, and obtains D2 (K'i, E2 ( Ki, (R1 + S)))
Generate The decoding unit 333 outputs D2 (K'i, E2 (K
i, (R1 + S))) is separated into a first half 64-bit bit string and a second half 64-bit bit string.

In step S138, the mutual authentication control unit 334 compares the random number R1 with the bit string of the first half 64 bits. For example, the memory card 200 is recognized as an unauthorized device. If they match, the mutual authentication control unit 334 determines that the latter 64-bit bit string is the seed S, and outputs the seed S to the file key generation unit 366.

In the above, the random number R 1 and the seed S
To generate (R1 + S),
The random number R1 is separated into a first half bit sequence and a second half bit sequence of 32 bits each, and the seed S is separated into a first half bit sequence and a second half bit sequence of 32 bits each. The first bit sequence of the random number R1, the first half bit sequence of the seed S, and the random number R1 The latter bit sequence and the latter bit sequence of the seed S may be combined in this order. (3) Modification 3 of Digital Work Protection System 100i The work is constituted by one or more data blocks for each logical or physical unit,
When each data block of the work is encrypted and transferred to the recording medium, or when the work transferred from the recording medium is decrypted, a data block key unique to each data block is generated and obtained through the device authentication. Using the unique key and the data block key, the corresponding data block may be encrypted and transferred to the recording medium, or the data block transferred from the recording medium may be decrypted.

More specifically, when both the memory card 200i and the memory card writer 300i are authenticated as having validity, the memory card writer 300i
Dividing the work into one or more data blocks, generating a data block key for each of the generated data blocks, and using the unique key and the data block key corresponding to the data block to generate the data block key; The block may be encrypted to generate an encrypted data block, and the generated encrypted data block may be transferred to the memory card 200i. When both the memory card 200i and the memory card reader 400i are authenticated as having validity, the memory card reader 400i transmits one or more encrypted data blocks constituting a work encrypted from the memory card 200i. And for each of the received encrypted data blocks, generate a data block key and decrypt the received encrypted data block using the unique key and the data block key corresponding to the encrypted data block To generate a data block.

According to this configuration, a different data block key is generated for each data block forming a work, and the work in data block units is encrypted with the generated different data block keys. This is advantageous in that the security of the data block is improved. 3.11 Another Digital Work Protection System A digital work protection system 100j according to another embodiment of the present invention includes a memory card 200j, a memory card writer 300j, and a memory card reader 400j (not shown). Consists of

The memory card 200j is the memory card 2
00j stored in the memory card writer 30
0j, and the memory card writer 300j authenticates the validity of the memory card 200j using the secretly transmitted unique key, and then the memory card 200j authenticates the validity of the memory card writer 300j using the unique key. If the validity can be mutually verified, the memory card writer 30
0j outputs the digital work to the memory card 200j. Memory card 200j and memory card reader 40
In the same way, the other party is authenticated between 0j.

The memory card 200j, the memory card writer 300j, and the memory card reader 400j have the same configurations as the memory card 200, the memory card writer 300, and the memory card reader 400 of the digital copyright protection system 100, respectively. Will be described focusing on the differences. 3.11.1 Memory Card 200j The memory card 200j includes a master key storage unit 210, a medium unique key storage unit 220, a conversion unit 230, a medium unique key information storage unit 240, a mutual authentication unit 250, and an encrypted work storage unit 260. , A communication unit 270, and a control unit 280. The mutual authentication unit 250 includes a random number generation unit 251 and a conversion unit 2.
55, a mutual authentication control unit 254.

The master key storage unit 210, the medium unique key storage unit 220, the conversion unit 230, and the medium unique key information storage unit 240 are the same as those of the memory card 200 having the same reference numerals. Will be described. (1) Random Number Generator 251 The random number generator 251 generates a random number R2. Random number R2
Consists of a 64-bit bit string. Random number generator 251
Outputs the generated random number R2 to the communication unit 270 and the conversion unit 255. (2) Converter 255 The converter 255 stores the function f1 in advance.

The conversion unit 255 receives the random number R from the communication unit 270.
1 and reads the unique key Ki from the media unique key storage unit 220, and performs a function f1 on the received random number R1 using the unique key Ki to generate a conversion coefficient Q1. The generated transform coefficient Q1 can be expressed as shown in Expression 18. (Equation 18) Q1 = f1 (Ki, R1) where f1 is a one-way function. One-way function is easy to calculate the direction from input value to output value,
A function having a property that it is difficult to calculate from an output value in the opposite direction to an input value. One example of a one-way function is an encryption function.

The conversion section 255 outputs the generated conversion coefficient Q1 to the communication section 270. Further, the conversion unit 255 receives the random number R2 from the random number generation unit 251 and reads the unique key Ki from the media unique key storage unit 220. Generate. The generated conversion coefficient Q2 can be expressed as shown in Expression 19. (Equation 19) Q2 = f1 (Ki, R2) The conversion unit 255 outputs the generated conversion coefficient Q2 to the mutual authentication control unit 254. (3) Mutual authentication control unit 254 The mutual authentication control unit 254 sends the conversion coefficient Q
2 from the communication unit 270 and the conversion coefficient Q′2
Receive.

The mutual authentication control unit 254 compares the conversion coefficient Q2 with the conversion coefficient Q'2, and if they match, it is determined that the memory card writer 300j or the memory card reader 400j to which the memory card 200j is attached is the correct device. If the authentication is not successful, the memory card writer 300j or the memory card reader 400j to which the memory card 200j is attached is regarded as an unauthorized device.

The mutual authentication control unit 254 outputs to the control unit 280 an authentication signal indicating whether the memory card writer 300j or the memory card reader 400j is a correct device or an incorrect device. (4) Communication Unit 270 The communication unit 270 reads the encrypted unique key Ji from the media unique key information storage unit 240 and communicates the read encrypted unique key Ji with the communication unit 340 of the memory card writer 300j or the communication of the memory card reader 400j. Output to the unit 440.

The communication unit 270 is connected to the memory card writer 30
0j from the communication unit 340 or the memory card reader 400
The random number R1 is received from the communication unit 440 of j, and the received random number R1 is output to the conversion unit 255 of the mutual authentication unit 250. The communication unit 270 receives the conversion coefficient Q1 from the conversion unit 255, and transmits the received conversion coefficient Q1 to the communication unit 340 of the memory card writer 300j or the memory card reader 40.
0j to the communication unit 440.

The communication unit 270 receives the random number R2 from the random number generation unit 251 and outputs the received random number R2 to the communication unit 340 of the memory card writer 300j or the communication unit 440 of the memory card reader 400j. The communication unit 270
The conversion coefficient Q2 is transmitted from the communication unit 340 of the memory card writer 300j or the communication unit 440 of the memory card reader 400j.
And the received conversion coefficient Q2
0 to the mutual authentication control unit 254.

[0177] The communication unit 270 is connected to the memory card 20.
0, the communication unit 340 of the memory card writer 300j or the communication unit 44 of the memory card reader 400j when receiving the communication stop signal from the control unit 280.
Cancel communication with 0. Also, the memory card writer 30
0j from the communication unit 340, the encrypted partial work Fi (i =
, 1), and outputs the received encrypted partial work Fi (i = 1, 2, 3,...) To the encrypted work storage unit 260. Further, the encrypted work is read from the encrypted work storage unit 260, and the read encrypted work is read by the communication unit 440 of the memory card reader 400j.
Output to 3.11.2 Memory Card Writer 300j The memory card writer 300j
3. Media unique key information storage unit 320, inverse conversion unit 32
1, media unique key storage unit 323, mutual authentication unit 330,
The communication unit 340 includes a communication unit 340, a control unit 350, an encryption unit 360, a work storage unit 370, and a work acquisition unit 380. The work acquisition unit 380 is connected to the outside via the communication line 10, Are the random number generation unit 331 and the conversion unit 3
35, a mutual authentication control unit 334.

The master key storage unit 313, the media unique key information storage unit 320, the inverse conversion unit 321, the media unique key storage unit 323, the control unit 350, the encryption unit 360, the work storage unit 370, and the work acquisition unit 380 Since each component is the same as that of the memory card writer 300 having the same reference numeral, the other components will be described below. (1) Random Number Generator 331 The random number generator 331 generates a random number R1. Random number R1
Consists of a 64-bit bit string. Random number generator 331
Outputs the generated random number R1 to the communication unit 340. Further, the random number generation unit 331 converts the generated random number R1 into the conversion unit 3
Output to 35. (2) Converter 335 The converter 335 stores the function f1 in advance.
The function f1 stored in the conversion unit 335 is
Is the same as the stored function f1.

The conversion unit 335 transmits the random number R from the communication unit 340.
2 and reads the unique key K'i from the media unique key storage unit 323, and applies a function f1 to the received random number R2 using the unique key K'i to generate a conversion coefficient Q'2.
The generated transform coefficient Q'2 can be expressed as shown in Expression 20. (Equation 20) Q′2 = f1 (K′i, R2) The conversion unit 335 converts the generated conversion coefficient Q′2 into the communication unit 34.
Output to 0.

The conversion section 335 includes a random number generation section 331
Receives the random number R1 from the
, And a function f1 is applied to the random number R1 received using the unique key to generate a conversion coefficient Q'1. The generated transform coefficient Q′1 can be expressed as shown in Expression 21. (Equation 21) Q′1 = f1 (K′i, R1) The conversion unit 335 outputs the generated conversion coefficient Q′1 to the mutual authentication control unit 334. (3) Mutual Authentication Control Unit 334 The mutual authentication control unit 334 receives the conversion coefficient Q′1 from the conversion unit 335 and receives the conversion coefficient Q1 from the communication unit 340.

The mutual authentication control unit 334 calculates the conversion coefficient Q′1
Is compared with the conversion coefficient Q1. If they match, the memory card 200j attached to the memory card writer 300j is authenticated as a correct device. If not, the memory card 200j attached to the memory card writer 300j is authenticated.
j is considered an unauthorized device. Mutual authentication control unit 334
Outputs to the control unit 350 an authentication signal indicating whether the memory card 200j inserted into the memory card writer 300j is a correct device or an incorrect device. (4) Communication Unit 340 The communication unit 340 is a communication unit 270 of the memory card 200j.
, And outputs the received encrypted unique key Ji to the media unique key information storage unit 320.

The communication section 340 receives the random number R1 from the random number generation section 331, and outputs the received random number R1 to the communication section 270 of the memory card 200j. Communication unit 340
Receives the conversion coefficient Q1 from the communication unit 270 of the memory card 200j, and outputs the received conversion coefficient Q1 to the mutual authentication control unit 334 of the mutual authentication unit 330.

The communication unit 340 receives the random number R2 from the communication unit 270 of the memory card 200j, and outputs the received random number R2 to the conversion unit 335 of the mutual authentication unit 330. The communication unit 340 receives the conversion coefficient Q'2 from the conversion unit 335, and transmits the received conversion coefficient Q'2 to the memory card 200.
j to the communication unit 270. In addition, the communication unit 340
Similarly to the communication unit 340 of the memory card writer 300, when receiving the communication stop signal from the control unit 350, the communication with the communication unit 270 of the memory card 200 is stopped. Also, the encrypted partial work Fi (i = 1, 2,
..) And the received encrypted partial work Fi (i = 1, 2, 3,...)
j to the communication unit 270. 3.11.3 Memory Card Reader 400j The memory card reader 400j
3. Media unique key information storage unit 420, inverse conversion unit 42
1, media unique key storage unit 423, mutual authentication unit 430,
The communication unit 440 includes a communication unit 440, a control unit 450, a decryption unit 460, a copyrighted work storage unit 470, a reproduction unit 480, and an operation unit 490. The mutual authentication unit 430 includes a random number generation unit 431, a conversion unit 4
35, and a mutual authentication control unit 434.

Master key storage unit 413, media unique key information storage unit 420, inverse conversion unit 421, media unique key storage unit 423, control unit 450, decryption unit 460, copyrighted work storage unit 470, playback unit 480, operation unit 490 Are the same as those of the memory card reader 400 with the same reference numerals, respectively. The communication unit 440, the random number generation unit 431, the conversion unit 435, and the mutual authentication control unit 434 are provided by the communication unit 340 of the memory card writer 300j. Since it is the same as the random number generation unit 331, the conversion unit 335, and the mutual authentication control unit 334, the description is omitted. 3.11.4 Operation of Digital Work Protection System 100j The operation of the digital work protection system 100j will be described.

The general operation when memory card 200j is mounted on memory card writer 300j and the general operation when memory card 200j is mounted on memory card reader 400j are the same as those of digital copyright protection system 100. Therefore, the description is omitted, and the detailed operation of the authentication when the memory card 200j is mounted on the memory card writer 300j will be described below.
Also, the memory card 200j is
The detailed operation of the authentication when the memory card 200j is mounted on the memory card writer 300j is the same as the detailed operation of the authentication when the memory card 200j is mounted on the memory card writer 300j, and thus the description thereof is omitted. (1) The memory card 200j is the memory card writer 30
Detailed Operation of Authentication When Inserted in Memory Card 0j The detailed operation of authentication when the memory card 200j is installed in the memory card writer 300j will be described with reference to FIG.

Steps S130 to S134 in FIG.
Steps S130 to S134 in FIG. 9 are the same as those in FIG. The conversion unit 335 receives the random number R1 from the random number generation unit 331, reads the unique key K'i from the media unique key storage unit 323, performs a function f1 on the received random number R1 using the unique key, and converts the random number R1 into a conversion coefficient Q'1. Is generated, and the generated conversion coefficient Q′1 is output to the mutual authentication control unit 334 (step S162).

The conversion unit 255 sends the random number R from the communication unit 270.
1 and reads the unique key Ki from the media unique key storage unit 220, performs a function f1 on the received random number R1 using the unique key Ki to generate a conversion coefficient Q1 (step S161), and generates the conversion coefficient Q1. Output to mutual authentication control section 334 via communication section 270 and communication section 340 (step S163).

The mutual authentication control unit 334 calculates the conversion coefficient Q′1
Is compared with the conversion coefficient Q1. If they match, the memory card 200j attached to the memory card writer 300j is authenticated as a correct device. If not, the memory card 200j attached to the memory card writer 300j is authenticated.
j is regarded as an unauthorized device (step S164).

The random number generation unit 251 generates a random number R2 (step S165), and transmits the generated random number R2 to the communication unit 27.
0 and output to the conversion unit 335 via the communication unit 340 (step S166). The conversion unit 335 includes a communication unit 340
Receives the random number R2 from the media unique key storage unit 323
A unique key K'i is read out from the, and a function f1 is applied to the random number R2 received using the unique key K'i to generate a conversion coefficient Q'2 (step S168).

The conversion unit 335 generates the generated conversion coefficient Q′2
Is output to the mutual authentication control unit 254 via the communication unit 340 and the communication unit 270 (step S169). Converter 25
5 receives the random number R2 from the random number generation unit 251 and reads the unique key Ki from the media unique key storage unit 220, and performs a function f1 on the received random number R2 using the unique key Ki to generate a conversion coefficient Q2 (step S5). S167).

The mutual authentication control unit 254 compares the conversion coefficient Q2 with the conversion coefficient Q'2, and if they match, it is determined that the memory card writer 300j or the memory card reader 400j to which the memory card 200j is attached is the correct device. If the authentication is not successful, the memory card writer 300j or the memory card reader 400j to which the memory card 200j is attached is regarded as an unauthorized device (Step S).
170). 3.11.5 Summary As described above, the digital copyright protection system 10
According to 0j, similar to the digital copyright protection system 100, the transfer of a copyrighted work from an appropriate device to an unauthorized device can be prevented, so that a properly obtained copyrighted work is prevented from being illegally used. And, in addition,
Since the transfer of a copyrighted work from an unauthorized device to an appropriate device can be prevented, further use of a copyrighted work illegally acquired can be prevented.

The recording medium device secretly transmits the possessed unique key to the access device using the master key, and the access device decrypts the secretly transmitted unique key using the master key. The access device transmits the authentication information generated as a random number to the recording medium device, and performs a function on the authentication information using the unique key. The recording medium device performs the same function on the authentication information using the unique key and transmits the authentication information to the access device. The access device compares the authentication information subjected to the function received from the recording medium device with the authentication information subjected to the function by itself, and if they match, authenticates that the recording medium device is valid, and does not match. In this case, it is authenticated that the recording medium device has no validity. The same applies when the recording medium device authenticates the access device. With such a configuration, the device can authenticate whether the connected device is an appropriate device or an unauthorized device.

Further, the access device and the recording medium device are:
Using the unique key stored in the recording medium device, the other devices are mutually authenticated, and the digital copyright protection system 100
Since the access key does not use the device key stored in the access device, the access device and the recording medium device include a memory that stores the device key and the device key information, a conversion unit that converts the device key into the device key information, or It is possible to reduce the size of each circuit without the need for an inverse transform unit for performing inverse transform. 3.12 Other Modifications (1) In the above embodiment, the digital copyright protection system is configured by a memory card, a memory card writer, and a memory card reader. May include a memory card and a memory card writer. Further, the digital copyright protection system may include a memory card and a memory card reader. (2) In the above embodiment, when a recording medium device as an example of a memory card and an access device as an example of a memory card writer or a memory card reader are connected, the other device is an appropriate device. Or an unauthorized device, and transfer the copyrighted material from the recording medium device to the access device, or transfer the copyrighted material from the access device to the recording medium device only if the devices are authenticated as mutually proper devices. Although it is described that the object is transferred, the following may be performed.

When a copyrighted work is transferred from an access device such as a memory card writer to a recording medium device such as a memory card, when the recording medium device is connected to the access device, the access device is However, the right or wrong of the recording medium device may be authenticated, and the work may be transferred from the access device to the recording medium device only when the recording medium device is authenticated as an appropriate device. In this case, the recording medium device does not authenticate the access device as appropriate or unauthorized.

Conversely, when transferring a copyrighted work from a recording medium device such as a memory card to an access device such as a memory card reader, when the recording medium device is connected to the access device. Even if the recording medium device authenticates the appropriateness or injustice of the access device, and transfers the copyrighted work from the recording medium device to the access device only when the access device is authenticated as an appropriate device, Good. In this case, the access device does not perform proper or unauthorized authentication of the recording medium device.

[0196] This is based on the idea that the device that is the source of the copyrighted work authenticates the appropriateness and fraudulence of the device at the destination, thereby preventing unauthorized use of the properly obtained copyrighted work. It is. (3) In the above embodiment, the access device
Although the access device is described as a memory card writer or a memory card reader, the access device may have both configurations of the memory card writer and the memory card reader.

Specifically, an access device having both a memory card writer and a memory card reader is connected to the personal computer 500 shown in FIG. 2, and the memory card is inserted into the access device and connected. The user obtains a work such as music from the outside via the communication line 10 using the personal computer 500, and writes the work obtained by the access device into a memory card. Further, the user may obtain a copyrighted work such as music recorded on a memory card by the access device, and play back the obtained copyrighted work with the personal computer 500 to enjoy the same. (4) In the above embodiment, the DES encryption is used, but another encryption may be used. (5) A memory card is an optical disk medium or MO (Magneto-Optical) instead of a semiconductor memory.
It may have a medium. (6) In the above embodiment, the unique key is key information that is different for each manufactured recording medium device, but may be as follows.

A plurality of recording medium devices may have a unique key that is the same key information, and another plurality of recording medium devices may have a unique key that is another key information. Also, recording medium devices having the same production version number have the same key information,
Recording medium devices having different production version numbers may have different key information. Furthermore, recording medium devices manufactured by the same manufacturer may have the same key information, and recording medium devices manufactured by different manufacturers may have different key information. (7) When both the recording medium device and the access device are authenticated as having legitimacy, the following may be performed when encrypting or decrypting the digital work using the user key.

When the recording medium device and the access device as a memory card writer are connected, the access device accepts an input of a user key from an operator and generates a file key for each file constituting a digital work. Then, a predetermined operation is performed between the user key and the file key to generate a transformed key for each file. Here, the predetermined operation is, for example, an exclusive OR. The access device encrypts one or more of the files using one or more of the generated deformation keys to generate one or more encrypted files, and generates one or more of the generated encrypted files and one or more of the generated one or more encrypted files. And outputting the modified key to a recording medium device. The recording medium device receives and stores one or more encrypted files and one or more deformation keys.

When a recording medium device that stores one or more encrypted files and one or more modified keys and an access device that is a memory card reader are connected, the recording medium device Output the encrypted file and one or more modified keys to the access device, the access device receives the one or more encrypted files and the one or more modified keys, and receives a user key from an operator. Receiving input, performing a reverse operation of the predetermined operation between the user key and the modified key for each encrypted file to generate a file key, and decrypting the encrypted file using the generated file key To generate a file and play the generated file. (8) Another embodiment is a computer-readable recording medium on which a program to be executed by a computer is recorded, in which a program for causing a computer to execute the above procedure may be recorded. Further, it may be a computer digital signal composed of the program. (9) Another embodiment may be a transmission medium for transmitting the program through a communication line. By transferring the recording medium or by transferring the program through a communication line, the program may be executed by another independent computer system. Further, the present invention may be the computer program or the computer digital signal transmitted via a communication line. (10) Several embodiments may be selected from the plurality of embodiments described above and combined. Also,
Some of the embodiments may be selected and combined.

[0201]

To achieve the above object, the present invention provides a recording medium device having an area for storing digital work information and an access device for reading information from the area or writing information to the area. A digital work protection system configured to realize utilization of a digital work between the recording medium device and the access device, wherein the recording medium device accesses a unique key that is unique key information owned by the access device. The recording medium device and the access device perform secret transmission to the device, and the recording medium device and the access device respectively perform an authentication phase of authenticating the validity of the partner device using the unique key. When the access device is authenticated, the access device encrypts the digital work using the unique key and transfers the digital work to the recording medium device. Or comprising a work transfer phase for decoding using the unique key of the digital work is encrypted transferred from the recording medium device.

According to this configuration, it is possible to prevent a copyrighted work from being transferred from a proper device to an unauthorized device, so that a properly obtained copyrighted work can be prevented from being used illegally. Since the transfer of a copyrighted work from an unauthorized device to an appropriate device can be prevented, further use of a copyrighted work illegally acquired can be prevented. Here, in the authentication of the validity of the recording medium device by the access device in the authentication phase, the recording medium device includes a first calculation unit, and the access device includes:
A first authentication information generating unit; and a first authentication unit, wherein the first authentication information generating unit generates first authentication information, outputs the generated first authentication information to the recording medium device, The first calculation means receives the first authentication information, performs a first calculation on the first authentication information using the unique key to generate first calculation authentication information, and generates the first calculation authentication information. Output to the access device, wherein the first authentication means:
Using the secret key, the unique key may be used to authenticate whether the recording medium device is legitimate with the first authentication information and the first calculation authentication information. In the authentication of the access device by the recording medium device in the authentication phase, the access device includes a second arithmetic unit, and the recording medium device includes a second authentication information generating unit, Means, the second authentication information generating means generates second authentication information, outputs the generated second authentication information to the access device, and the second arithmetic means converts the second authentication information to Receiving and performing a second operation on the second authentication information using the secretly transmitted unique key to generate second operation authentication information, and outputting the generated second operation authentication information to the recording medium device; The second authentication unit may be configured to authenticate whether or not the access device has legitimacy using the second authentication information and the second calculation authentication information using the unique key. .

According to this configuration, the device can authenticate whether the connected device is an appropriate device or an unauthorized device. Here, in the secret transmission of the unique key from the recording medium device to the access device in the authentication phase, the recording medium device includes: a unique key storage unit storing the unique key; First encryption means for generating an encryption unique key by performing an encryption algorithm, and outputting the generated encryption unique key to the access device, the access device receiving the encryption unique key, First decryption means for performing a first decryption algorithm on the encrypted unique key to generate a decryption unique key,
The first decryption algorithm may be configured to decrypt a ciphertext generated by the first encryption algorithm.

According to this configuration, since the unique key is encrypted and transferred from the recording medium device to the access device, the possibility of exposing the unique key is reduced. Here, the recording medium device further includes a first key storage unit that stores a first key in advance, and the first encryption unit uses the first key to store the first key in the unique key. Performing an encryption algorithm to generate the encrypted unique key; the access device further includes a second key storage unit that stores a second key in advance, wherein the second key is the first key; And the first decryption means generates the decryption unique key by applying the first decryption algorithm to the encrypted unique key using the second key corresponding to the first key. It may be configured as follows.

According to this configuration, since the encryption and decryption are performed using the key, the unique key is transferred many times without exposing the unique key using the same encryption algorithm and the same decryption algorithm. Can be. Here, the first key is a master key, which is the same key as the second key, the second key is a master key, and the first decryption means is the same as the first key. Using the certain second key, the first decryption algorithm may be applied to the encrypted unique key to generate the decrypted unique key.

According to this configuration, since the recording device and the access device have the same master key, the recording device and the access device can be easily manufactured. Here, the first key is a public key calculated by a public key determination algorithm of a public key cryptosystem based on the second key, and the first encryption unit uses the first key to Applying the first encryption algorithm to the unique key to generate the encrypted unique key, wherein the first encryption algorithm is an encryption algorithm of the public key cryptosystem, and the first decryption unit comprises: Using the second key, the first decryption algorithm is applied to the encrypted unique key to generate the decryption unique key, wherein the first decryption algorithm is a decryption algorithm of the public key cryptosystem. It may be configured as follows.

According to this configuration, unlike the first key which is a public key and the second key which is a secret key, even if a secret key existing in a card reader or a card writer is exposed, a public key can be obtained from now. Therefore, there is an effect that it is difficult to forge a memory card. Here, the second key is a public key calculated based on the first key by a public key determination algorithm of a recovery type signature processing method, and the first encryption algorithm is the recovery type signature processing method. The first encryption means generates the encrypted unique key as a signature by applying the first encryption algorithm to the unique key using the first key, The decryption algorithm is a verification algorithm of the recovery type signature processing method, and the first decryption unit performs the first decryption algorithm on the encrypted unique key, which is a signature, using the second key. , The decryption unique key may be generated.

According to this configuration, it is extremely difficult to obtain the secret key Ks from the public key Kp in terms of computational complexity. Therefore, a configuration in which a public key is given to a memory writer or a memory reader, which is considered to have a higher risk of internal analysis than a memory card, and a secret key is given to the memory card, enhances the security of the entire operation system. effective.

Here, the recording medium device further includes a first master key storage means for storing in advance a master key group including a plurality of master keys, and one master key from the master key group. First selecting means for selecting as the first key, wherein the first encrypting means performs the first encryption algorithm on the unique key using the selected first key to generate the encrypted unique key. The access device further generates a master key group identical to the master key group, and a master key group stored in the second master key storage unit. Second selecting means for selecting the same master key as the first key as the second key from among them, wherein the first decryption means uses the same second key as the first key to perform the encryption. The first decryption algorithm as It may be configured to generate the decoded unique key by.

According to this configuration, since the recording medium and the access device have a plurality of master keys, they can be applied to a plurality of different digital work management systems. Here, the first encryption means stores a sub-group key in advance, performs a first conversion on the unique key using the sub-group key, generates a modified key, and stores the first key in the modified key. Applying an encryption algorithm to generate the encrypted unique key, wherein the first decryption means comprises:
The same subgroup key as the subgroup key is stored in advance, the first encrypted decryption key is subjected to the first decryption algorithm to generate a decrypted modified key, and the decrypted modified key is generated using the subgroup key. The key may be configured to perform a reverse conversion of the first conversion to generate a decryption unique key.

According to this configuration, when a single digital work management system is operated by a plurality of organizations, there are different subgroup keys by the number of these organizations, and these different subgroup keys are Is assigned to each group, so that each group can provide its own service. Further, since the storage capacity of the memory card is limited, the number of master keys that can be stored in the memory card is often limited, and the number of master keys that can be used in combination with the master key and the subgroup key is large. The effect is that the number can be increased.

Here, the first encryption means stores a subgroup key in advance, applies a first encryption algorithm to the unique key, generates a ciphertext, and uses the subgroup key to generate the ciphertext. Applying a first transformation to the sentence to generate an encrypted unique key, wherein the first decryption means previously stores the same subgroup key as the subgroup key;
Using the subgroup key, the encrypted unique key is subjected to the inverse transformation of the first transformation to generate a decrypted text, and the decrypted text is subjected to the first decryption algorithm to generate a decrypted unique key. May be configured.

According to this configuration, when a single digital work management system is operated by a plurality of organizations, each organization can provide its own service as described above. Further, there is an effect that the number of keys that can be used by a combination of the master key and the subgroup key can be increased. Here, the recording medium device further includes a first key storage unit that stores a first key in advance, wherein the first key is a master key, and the first encryption unit is a subgroup. A key is stored in advance, an encrypted first key is generated by performing a first conversion on the first key using the subgroup key, and the unique key is generated using the generated encrypted first key. Applying the first encryption algorithm to generate the encrypted unique key, the access device further includes a second key storage unit that stores a second key in advance, wherein the second key is , A master key, which is the same key as the first key, wherein the first decryption means stores in advance the same subgroup key as the subgroup key, and uses the subgroup key to Perform the same conversion as the first conversion on the two keys It generates No. of second key,
The decryption unique key may be generated by applying the first decryption algorithm to the encrypted unique key using the generated encrypted second key.

According to this configuration, when a single digital work management system is operated by a plurality of organizations, each organization can provide its own service as described above. Further, there is an effect that the number of keys that can be used by a combination of the master key and the subgroup key can be increased. The first authentication unit includes a third operation unit that performs the same operation as the first operation on the first authentication information using the secret transmitted unique key to generate third operation authentication information. A first comparing unit that determines whether the first operation authentication information matches the third operation authentication information and, if they match, authenticates that the recording medium device has legitimacy. You may comprise.

According to this configuration, the access device is:
There is an effect that it can be confirmed that the recording medium device has the same operation method as the access device has. Thereby, the access device can authenticate the validity of the recording medium device. Here, the second authentication unit includes:
Fourth operation means for performing the same operation as the second operation on the second authentication information using the unique key to generate fourth operation authentication information, the second operation authentication information and the fourth operation authentication information May be configured to include a second comparing unit that determines whether or not the access device matches, and if the match, authenticates the access device as having validity.

According to this configuration, the recording medium device is
There is an effect that it can be confirmed that the access device has the same operation method as that of the recording medium device. Thereby, the recording medium device can authenticate the validity of the access device. Here, the first calculating means is:
A subgroup key is stored in advance, a first conversion is performed on the unique key using the subgroup key to generate a modified unique key, and the first authentication information is generated using the generated modified unique key. A first operation is performed to generate the first operation authentication information, and the third operation means stores in advance a subgroup key identical to the subgroup key, and is secretly transmitted using the subgroup key. Applying a reverse transformation of the first transformation to the unique key to generate a modified decryption unique key, and performing the same operation as the first operation on the first authentication information using the generated modified decryption unique key. The third operation authentication information may be configured to be generated.

According to this configuration, when a single digital work management system is operated by a plurality of organizations, each organization can provide its own service as described above. Further, there is an effect that the number of keys that can be used by a combination of the master key and the subgroup key can be increased. Here, the first authentication information generation means generates a random number, uses the generated random number as first authentication information, and the second authentication information generation means generates a random number, and uses the generated random number as second authentication information. May be configured.

According to this configuration, even when the access device and the recording medium device repeatedly authenticate each other many times, there is an effect that the authentication information is not exposed.
Here, the first operation is a first encryption algorithm, and the first operation means uses the unique key to perform the first operation.
Applying the first encryption algorithm to the authentication information to generate first operation authentication information, the first authentication unit applies a first decryption algorithm to the first operation authentication information using the secretly transmitted unique key. To generate the first decryption authentication information,
It is determined whether the first authentication information matches the first decryption authentication information. If the first authentication information and the first decryption authentication information match, it is authenticated that the recording medium device has validity. , The ciphertext generated by the first encryption algorithm may be decrypted.

According to this configuration, the access device is:
There is an effect that it can be confirmed that the recording medium device has an encryption algorithm corresponding to the decryption algorithm of the access device. Thereby, the access device can authenticate the validity of the recording medium device. Here, the second operation is a second encryption algorithm, and the second operation means performs the second operation by applying the second encryption algorithm to the second authentication information using the secret transmitted unique key. Using the unique key, the second authentication unit applies a second decryption algorithm to the second operation authentication information to generate second decryption authentication information, and generates the second decryption authentication information. It is determined whether or not the second decryption authentication information matches, and if they match, the access device is authenticated as having validity, wherein the second decryption algorithm is based on the second encryption algorithm. The generated ciphertext may be configured to be decrypted.

According to this configuration, the recording medium device is
There is an effect that it can be confirmed that the access device has an encryption algorithm corresponding to the decryption algorithm of the recording medium device. Thereby, the recording medium device can authenticate the validity of the access device. Here, the first arithmetic means stores a subgroup key in advance, generates a modified unique key by performing a first conversion on the unique key using the subgroup key, and generates the modified unique key. Applying the first encryption algorithm to the first authentication information to generate the first operation authentication information, wherein the first authentication means stores in advance the same subgroup key as the subgroup key. Applying a reverse conversion of the first conversion to the unique key secretly transmitted using the subgroup key to generate a modified decryption unique key, and using the generated modified decryption unique key to generate the first authentication information. The first decryption algorithm may be configured to generate the first decryption authentication information by performing the first decryption algorithm.

According to this configuration, when a single digital work management system is operated by a plurality of organizations, each organization can provide its own service as described above. Further, there is an effect that the number of keys that can be used by a combination of the master key and the subgroup key can be increased. Here, the first authentication information generation means generates a random number, uses the generated random number as first authentication information, and the second authentication information generation means generates a random number, and uses the generated random number as second authentication information. May be configured.

According to this configuration, even when the access device and the recording medium device repeatedly authenticate each other many times, there is an effect that the authentication information is not exposed.
Here, in the copyrighted work transfer phase, the recording medium device includes: an area storing digital copyrighted information generated by applying a cryptographic algorithm to a digital copyrighted work using the unique key; Output means for reading out the digital work information from the area and outputting the read digital work information to the access device when both the recording medium device and the access device are authenticated as having legitimacy. The access device for reading information from the area includes receiving the digital work information from the recording medium device, performing a decryption algorithm on the digital work information received using the secret transmitted unique key, and decrypting the digital work information. A work decryption means for generating a digital work, and a reproducing means for reproducing the generated decrypted digital work Wherein the door, the decryption algorithm may be configured to decrypt the ciphertext generated by the encryption algorithm.

According to this configuration, there is an effect that the access device can decode and reproduce the digital work stored in the recording medium device. Here, in the copyrighted work transfer phase, a copyrighted work acquiring means for acquiring a digital copyrighted work from outside, and a cryptographic algorithm applied to the acquired digitalized work using the secretly transmitted unique key to obtain digital copyrighted work information. And a work encrypting means for generating and outputting the digital work information to the recording medium device, wherein the recording medium device receives the digital work information and includes the area for storing the received digital work information. You may comprise.

According to this configuration, there is an effect that the access device can encrypt and write a digital work in the recording medium device. Here, in the copyrighted work transfer phase, if both the recording medium device and the access device are authenticated as having legitimacy, the access device divides the digital work into one or more data blocks. Generating a data block key for each generated data block, encrypting the data block using the unique key and the data block key corresponding to the data block to generate an encrypted data block. Transferring the generated encrypted data block to the recording medium device, or receiving one or more encrypted data blocks constituting the encrypted digital work from the recording medium device, and receiving the encrypted data block. A data block key is generated for each data block, and the data corresponding to the unique key and the encrypted data block is generated. Decrypting the encrypted data block received using the block key to generate a data block, wherein the data block has a logical unit length or a physical unit length, and the encrypted data block is , May have a logical unit length or a physical unit length.

According to this configuration, a different data block key is generated for each data block forming a work, and the work in data block units is encrypted with the generated different data block keys. This is advantageous in that the security of the data block is improved. Here, in the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having legitimacy, the access device sets a file key for each file constituting the digital copyrighted work. Generating, encrypting the file using the unique key and the file key to generate an encrypted file, transferring the generated encrypted file and information about the file key to the recording medium device, or A file constituting the encrypted digital work and information about a file key are received from a recording medium device, and for each received file, the file received using the unique key and the information about the file key is used. The digital work may be reproduced by decoding.

According to this configuration, a different file key is generated for each file forming the work, and the work is encrypted on a file basis with the generated different file keys. The effect is that the safety of the vehicle is improved. Here, in the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having legitimacy, the access device sets a file key for each file constituting the digital copyrighted work. Generating an encrypted file by encrypting the file using the file key, generating an encrypted file key by encrypting the file key using the unique key, and generating the encrypted file key. Transfer the encrypted file key to the recording medium device, or, from the recording medium device, encrypt an encrypted file in which a file constituting the digital work is encrypted, and encrypt a file key generated for each file. And the received encrypted file key, and for each received encrypted file, decrypt the encrypted file key using the unique key to obtain a file key. Form, by generating a file by decrypting the encrypted file received by using the generated file key may be configured to play the digital work.

According to this configuration, a different file key is generated for each file forming the work, the work is encrypted in file units with the generated different file keys, and the file key is further encrypted with the unique key. Therefore, there is an effect that the file is more difficult to be tapped and the security of the file is improved. Here, the recording medium device generates a seed based on a current time and outputs the seed to the access device, where the seed is an initial value of a random number, the access device receives the seed, and A random number may be generated using the seed as an initial value, and the generated random number may be used as a file key.

According to this configuration, since the random number generated with the seed generated based on the time as an initial value is used as the file key, there is an effect that the file key is hard to be tapped. Here, in authenticating the validity of the recording medium device by the access device in the authentication phase, the access device transmits first authentication information to the recording medium device, and the recording medium device uses the current time based on the current time. Generating a seed, combining the seed and the first authentication information, encrypting the combined result of the seed and the first authentication information using the unique key, and transmitting the encrypted result to the access device. , The seed is an initial value of a random number, and the access device decrypts a combined result of the encrypted seed and the first authentication information using the secret transmitted secret key, and Decryption authentication information, and when the first authentication information and the first decryption authentication information match, authenticates that the recording medium device has legitimacy, and in the copyrighted work transfer phase, Location is the decoding seed to generate a random number as an initial value may constitute a generated random number to the file key.

According to this configuration, since the seed generated based on the time is transmitted to the access device through the device authentication process, the seed is less likely to be eavesdropped in the process of transmitting the seed from the storage medium device to the access device. This has the effect. Here, in the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having validity, the access device accepts an input of a user key from an operator, and receives the input. Based on the received user key and the unique key secretly transmitted from the storage medium, a modified key is generated, the digital work is encrypted using the modified key, and transferred to the recording medium device. Alternatively, the encrypted digital work may be received from the recording medium device, and the encrypted digital work received using the modified key may be decrypted to generate a digital work. .

According to this configuration, the user can encrypt the work using the user key set by himself, and can decrypt the encrypted work using the user key. There is an effect that it can be protected without being decoded. Here, in the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having validity, the access device accepts an input of a user key from an operator, and Generating a file key for each file constituting the object, generating a modified key based on the user key and the file key, encrypting the file using the modified key to generate an encrypted file, Transfer the generated encrypted file and the modified key to the recording medium device, or, based on the encrypted file in which the file constituting the digital work is encrypted, and the user key and the file key. Receiving the input of the user key from the operator, generating a file key based on the user key and the deformed key, By generating a file by decrypting the encrypted file received with Le key may be configured to play the digital work.

According to this configuration, the work is encrypted using the user key set by the user himself and the file key generated for each file forming the work, and the encrypted work is used as the user key. Since the file can be decrypted using the file key, there is an effect that the user's own work is not decrypted by others and can be protected. Here, in the authentication of the access device by the recording medium device in the authentication phase, the recording medium device transmits second authentication information to the access device, and the access device includes:
The second authentication information is encrypted using a master key and transmitted to the recording medium device, and the recording medium device decrypts the second authentication information encrypted using the master key to obtain the second authentication information. Generating decryption authentication information, the second authentication information and the second
The access device may be configured to authenticate that the access device has validity when the decryption authentication information matches.

According to this configuration, the recording medium device has an effect that it is possible to confirm that the access device has an encryption algorithm corresponding to the decryption algorithm of the recording medium device. Thus, it is possible to confirm that the access device has the same master key as the master key of the recording medium device. Thereby, the recording medium device can authenticate the validity of the access device.

Here, the digital work protection system further includes an encryption unique key creation device, and the digital work protection system further includes the encryption unique key creation device owned by the recording medium device. Encrypting the unique key to generate an encrypted unique key; the recording medium device has an encryption unique key setting phase for storing the generated encrypted unique key; and in the authentication phase, the recording medium device Transmits the stored encrypted unique key to the access device, the access device decrypts the obtained encrypted unique key to generate a unique key, and uses the generated unique key to store the recording medium. It may be configured to authenticate the validity of the device.

According to this configuration, since the recording medium device does not have the conversion unit, it has an effect that the circuit scale can be reduced. Further, the present invention is a recording medium device having an area for storing digital work information, wherein the recording medium device is a component constituting a digital work protection system, and the digital work protection system includes: The recording medium device, comprising: an access device that reads information from the area or writes information to the area, realizes use of a digital work between the recording medium device and the access device, The device secretly transmits a unique key possessed by the access device to the access device, and the recording medium device and the access device respectively perform an authentication phase for authenticating the other device using the unique key and the recording medium device. If the access device and the access device are both authenticated, the access device uses the unique key to perform digital signature processing. A work transfer phase of encrypting a product and transferring it to the recording medium device, or decrypting an encrypted digital work transferred from the recording medium device using the unique key, The unique key may be configured to be key information unique to the recording medium device.

According to this configuration, it is apparent that the recording medium device has the same effect as the recording medium device of the digital copyright protection system. Here, in the authentication of the validity of the recording medium device by the access device in the authentication phase, the recording medium device includes:
A first authentication unit, wherein the access device includes a first authentication information generation unit; and a first authentication unit, wherein the first authentication information generation unit generates the first authentication information, and generates the first authentication information. The authentication information is output to the recording medium device, and the first calculation means receives the first authentication information, performs a first calculation on the first authentication information using the unique key, and generates the first calculation authentication information. Generating and outputting the generated first operation authentication information to the access device, wherein the first authentication means uses the secretly transmitted unique key to generate the first operation information and the first operation authentication information Thus, it may be configured to authenticate whether or not the recording medium device has legitimacy.

According to this configuration, it is apparent that the recording medium device has the same effect as the recording medium device of the digital copyright protection system. Here, in authentication of the validity of the access device by the recording medium device in the authentication phase, the access device includes:
A second authentication unit, wherein the recording medium device includes a second authentication information generation unit; and a second authentication unit, wherein the second authentication information generation unit generates second authentication information, and generates the second authentication information. 2 outputs the authentication information to the access device, and the second operation means receives the second authentication information, performs a second operation on the second authentication information using the secretly transmitted unique key, and performs a second operation. The second authentication unit generates operation authentication information and outputs the generated second operation authentication information to the recording medium device. The second authentication unit uses the unique key to generate the second authentication information and the second operation authentication information. It may be configured to authenticate whether or not the access device has legitimacy based on the information.

According to this configuration, it is apparent that the recording medium device has the same effect as the recording medium device of the digital copyright protection system. Further, the present invention is an access device for reading information from or writing information to the area of a recording medium device having an area for storing digital copyright information, wherein the access apparatus includes a digital copyright protection system. Constituent elements, the digital work protection system, the recording medium device, the access device is configured, to realize the use of digital work between the recording medium device and the access device, The recording medium device secretly transmits the possessed unique key to the access device, the recording medium device and the access device, respectively, using the unique key, an authentication phase for authenticating the other device, If the recording medium device and the access device are both authenticated, the access device And encrypting the digital work using the unique key, and transferring the encrypted digital work to the recording medium device using the unique key. And the unique key is
It may be configured such that the key information is unique to the recording medium device.

According to this configuration, it is apparent that the access device has the same effect as the access device of the digital work protection system. Here, in the authentication of the validity of the recording medium device by the access device in the authentication phase, the recording medium device includes:
A first authentication unit, wherein the access device includes a first authentication information generation unit; and a first authentication unit, wherein the first authentication information generation unit generates the first authentication information, and generates the first authentication information. The authentication information is output to the recording medium device, and the first calculation means receives the first authentication information, performs a first calculation on the first authentication information using the unique key, and generates the first calculation authentication information. Generating and outputting the generated first operation authentication information to the access device, wherein the first authentication means uses the secretly transmitted unique key to generate the first operation information and the first operation authentication information Thus, it may be configured to authenticate whether or not the recording medium device has legitimacy.

According to this configuration, it is clear that the access device has the same effect as the access device of the digital work protection system. Here, in authentication of the validity of the access device by the recording medium device in the authentication phase, the access device includes:
A second authentication unit, wherein the recording medium device includes a second authentication information generation unit; and a second authentication unit, wherein the second authentication information generation unit generates second authentication information, and generates the second authentication information. 2 outputs the authentication information to the access device, and the second operation means receives the second authentication information, performs a second operation on the second authentication information using the secretly transmitted unique key, and performs a second operation. The second authentication unit generates operation authentication information and outputs the generated second operation authentication information to the recording medium device. The second authentication unit uses the unique key to generate the second authentication information and the second operation authentication information. It may be configured to authenticate whether or not the access device has legitimacy based on the information.

According to this configuration, it is apparent that the access device has the same effect as the access device of the digital work protection system. Here, an encryption unique key creation device, wherein the encryption unique key creation device is a constituent element of a digital work protection system, and the digital work protection system is an encryption unique key creation device. And a recording medium device having an area for storing digital copyrighted work information, and an access device for reading information from or writing information to the region, wherein a digital device is provided between the recording medium device and the access device. Realizing the use of the copyrighted work, the encryption unique key generation device generates an encryption unique key by encrypting the unique key owned by the recording medium device, and the recording medium device generates the encrypted unique key. An encryption unique key setting phase for storing a key, wherein the recording medium device transmits the stored encryption unique key to the access device, and the access device obtains the encrypted unique key. The encrypted unique key is decrypted to generate a unique key, the validity of the recording medium device is authenticated using the generated unique key, and the recording medium device performs the access using the unique key. An authentication phase for performing authentication of device validity, and when both the recording medium device and the access device are authenticated to be valid, the access device encrypts the digital work using the unique key. Transferring the data to the recording medium device, or decrypting the encrypted digital work transferred from the recording medium device using the unique key. The key information unique to the medium device may be configured.

According to this configuration, it is apparent that the encrypted unique key creation device has the same effect as the encrypted unique key creation device of the digital work protection system. Further, the present invention comprises a recording medium device having an area for storing digital copyrighted work information, and an access device for reading information from or writing information to the region, wherein the recording medium device, the access device, A digital work protection method used in a digital work protection system for realizing the use of a digital work between the storage medium device, wherein a unique key owned by the recording medium device is secretly transmitted to the access device, and the recording medium device And by the access device, respectively, an authentication step in which the authenticity of the partner device is authenticated using the unique key, and a case where both the recording medium device and the access device are authenticated as having authenticity. In the access device, a digital work is encrypted using the unique key and transferred to the recording medium device. It is, or includes a work transfer step of digital work which is encrypted transferred from the recording medium device is decrypted using the unique key,
The unique key may be configured to be key information unique to the recording medium device.

By using this method in a digital work protection system, it is apparent that the same effect as in the digital work protection system can be obtained. Here, a recording medium device having an area for storing digital copyrighted work information, and an access device that reads information from the area or writes information to the area, is configured between the recording medium device and the access device. A computer-readable recording medium that records a digital work protection program used in a digital work protection system that realizes use of a digital work, wherein the program has a unique key owned by the recording medium device. An authentication step in which the secret device is secretly transmitted to the access device, and the recording medium device and the access device respectively perform authentication of the validity of the partner device using the unique key, and the recording medium device and the access device Are both authenticated, the access device A copyrighted work in which a digital work is encrypted using a secret key and transferred to the recording medium device, or an encrypted digital work transferred from the recording medium device is decrypted using the unique key. And steps,
The unique key may be configured to be key information unique to the recording medium device.

By using the program recorded on this recording medium in a digital copyright protection system, it is clear that the same effect as in the digital copyright protection system can be obtained.

[Brief description of the drawings]

FIG. 1 shows a block diagram of a digital copyright protection system 100 according to one embodiment of the present invention.

FIG. 2 shows a memory card 200 as a memory card writer 30;
0 shows that the memory card writer 300 is attached to the personal computer 500.

FIG. 3 shows that the memory card 200 is a memory card reader 40;
0 shows a state of being mounted on a headphone stereo 401, which is a kind of the headphone stereo.

FIG. 4 is a block diagram showing a configuration of a memory card 200.

FIG. 5 is a block diagram showing a configuration of a memory card writer 300.

FIG. 6 is a block diagram showing a configuration of a memory card reader 400.

FIG. 7 shows that the memory card 200 is a memory card writer 3
It is a flowchart which shows the outline | summary operation | movement at the time of being attached to 00.

FIG. 8 shows that the memory card 200 is a memory card reader 4
It is a flowchart which shows the outline | summary operation | movement at the time of being attached to 00.

FIG. 9 shows that the memory card 200 is a memory card writer 3
The mutual detailed authentication operation when the camera is mounted at 00 is shown.

FIG. 10 shows a memory card writer 3 when the memory card 200 is mounted on the memory card writer 300.
00 indicates an operation of authenticating the memory card 200.

FIG. 11 is a block diagram showing a configuration of a digital copyrighted work protection system 100a as another embodiment of the present invention.

12 shows an operation when the memory card 200a is inserted into the medium unique key information creating apparatus 600 and a detailed authentication operation when the memory card 200a is inserted into the memory card writer 300. FIG.

FIG. 13 shows a detailed authentication operation when the memory card 200 is mounted on the memory card writer 300 in the digital copyright protection system according to another embodiment of the present invention.

FIG. 14 is a block diagram showing a configuration of a memory card 200c in a digital copyright protection system 100c as another embodiment of the present invention.

FIG. 15 is a block diagram showing a configuration of a memory card writer 300c in the digital copyright protection system 100c.

FIG. 16 is a block diagram showing a configuration of a memory card reader 400c in the digital copyright protection system 100c.

FIG. 17 is a block diagram showing a configuration of a digital copyrighted work protection system 100d.

FIG. 18 shows the operation of the digital copyright protection system 100d.

FIG. 19 is a block diagram showing a configuration of a digital copyrighted work protection system 100e.

FIG. 20 shows an authentication operation of the digital copyright protection system 100e.

FIG. 21 is a block diagram showing a configuration of a digital work protection system 100f.

FIG. 22 shows an authentication operation of the digital copyright protection system 100f.

FIG. 23 is a block diagram showing a configuration of a digital copyrighted work protection system 100g.

FIG. 24 shows an authentication operation of the digital copyright protection system 100g.

FIG. 25 is a block diagram showing a configuration of a digital copyrighted work protection system 100h. It continues to FIG.

FIG. 26 is a block diagram showing a configuration of a digital work protection system 100h. Continued from FIG.

FIG. 27 shows the operation of the digital copyright protection system 100h. The memory card 200 is the memory card writer 30
This is a schematic operation when the camera is mounted at 0h.

FIG. 28 shows the operation of the digital copyright protection system 100h. The memory card 200 is a memory card reader 40
This is a schematic operation when the camera is mounted at 0h.

FIG. 29 is a block diagram showing a configuration of a digital copyrighted work protection system 100i. It continues to FIG.

FIG. 30 is a block diagram showing a configuration of a digital copyrighted work protection system 100i. Continued from FIG.

FIG. 31 shows the operation of the digital copyright protection system 100i. The memory card 200i is a memory card writer 3
This is a schematic operation when the camera is mounted on 00i.

FIG. 32 shows the operation of the digital copyright protection system 100i. The memory card 200i is a memory card reader 4
This is a schematic operation when the camera is mounted on 00i.

FIG. 33 is a block diagram showing another configuration of the digital copyright protection system 100i.

FIG. 34 is a block diagram showing another configuration of the digital copyright protection system 100i.

FIG. 35 shows a mutual authentication operation when a memory card 200j is mounted on a memory card writer 300j.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 10 Communication line 100, 100a-100j Digital copyright protection system 200, 200a-200j Memory card 210, 210b Master key storage unit 215 Master key selection unit 220 Media unique key storage unit 220b Media unique key storage unit 221 Device key storage unit 222 Inversion unit 223 Device key information storage unit 230, 230b Conversion unit 240, 240a to 240b Media unique key information storage unit 250 Mutual authentication unit 251 Random number generation unit 252 Encryption unit 253 Decryption unit 254 Mutual authentication control unit 255 Conversion unit 260 Encryption Work storage unit 270, 270a to 270b, 271 Communication unit 280 Control unit 290d to 290g Subgroup key storage unit 291d to 291g Conversion unit 292, 293 Random number seed generation unit 300, 300c to 300j Memory card writer Reference Signs List 10 device key storage unit 311 conversion unit 312 device key information storage unit 313 master key storage unit 315 master key selection unit 320 media unique key information storage unit 321 inverse conversion unit 323 media unique key storage unit 330 mutual authentication unit 331 random number generation unit 332 Encryption unit 333 Decryption unit 334 Mutual authentication control unit 335 Conversion unit 340 Communication unit 350 Control unit 360, 365 Encryption unit 366 File key generation unit 370 Work storage unit 380 Work acquisition unit 390d to 390g Subgroup key storage unit 391d to 391f Inversion unit 392 Conversion unit 393 User key input unit 400, 400c to 400j Memory card reader 401 Headphone stereo 410 Device key storage unit 411 Conversion unit 412 Device key information storage unit 413 Master key storage unit 420 Media unique key information storage unit 421 Inverse Conversion unit 423 Media unique key storage unit 430 Mutual authentication unit 431 Random number generation unit 433 Decryption unit 434 Mutual authentication control unit 435 Conversion unit 440 Communication unit 450 Control unit 460, 465 Decryption unit 470 Copyrighted work storage unit 480 Playback unit 490 Operation unit 490d 490 g Subgroup key storage unit 491 d to 491 g Inverse conversion unit 492 Conversion unit 493 User key input unit 500 Personal computer 600 Media unique key information creation device 901 to 903 Master key selection device

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification code FI Theme coat ゛ (Reference) G06K 19/10 G11B 20/10 H G11B 20/10 G06K 19/00 R H04L 9/08 H04L 9/00 601C (72) Inventor Masayuki Kozuka 1006 Kadoma, Kazuma, Osaka Prefecture Inside Matsushita Electric Industrial Co., Ltd. (72) Inventor Minoru Nakamura 1006 Odaka Kazuma, Kadoma City, Osaka Pref.

Claims (40)

[Claims] 1. An apparatus comprising: a recording medium device having an area for storing digital copyrighted work information; and an access device for reading information from or writing information to the area, wherein the recording medium device and the access device are connected to each other. A digital work protection system for realizing use of a digital work between the storage medium, wherein the recording medium device secretly transmits a unique key, which is unique key information owned by the recording medium device, to the access device; The device includes an authentication phase for authenticating the validity of the other device using the unique key, and the access device when the recording medium device and the access device are both authenticated. Is encrypted using the unique key and transferred to the recording medium device, or transferred from the recording medium device. Digital work protection system, characterized in that it comprises a work transfer phase for decoding using the inherent key encrypted digital work. 2. In the authentication of the validity of the recording medium device by the access device in the authentication phase, the recording medium device includes a first arithmetic unit, the access device includes a first authentication information generating unit, A first authentication unit, wherein the first authentication information generation unit generates first authentication information,
Outputting the generated first authentication information to the recording medium device; receiving the first authentication information; performing a first operation on the first authentication information using the unique key; (1) generating the operation authentication information, outputting the generated first operation authentication information to the access device, wherein the first authentication unit uses the secret key to transmit the first authentication information, 2. The digital copyright protection system according to claim 1, wherein the recording medium device authenticates whether the recording medium device has legitimacy based on the first operation authentication information. 3. In the authentication of the access device by the recording medium device in the authentication phase, the access device includes a second arithmetic unit, the recording medium device includes a second authentication information generating unit, A second authentication unit, wherein the second authentication information generation unit generates second authentication information,
Outputting the generated second authentication information to the access device, the second operation means receives the second authentication information, and performs a second operation on the second authentication information using the secretly transmitted unique key. To generate the second operation authentication information, and output the generated second operation authentication information to the recording medium device. The second authentication unit uses the unique key to generate the second authentication information, The digital copyright protection system according to claim 2, wherein the access device authenticates whether the access device has legitimacy based on the second operation authentication information. 4. In the secret transmission of a unique key from the recording medium device to the access device in the authentication phase, the recording medium device includes: a unique key storage unit storing the unique key; First encryption means for generating an encryption unique key by performing a first encryption algorithm, and outputting the generated encryption unique key to the access device, the access device receiving the encryption unique key, The first encryption unique key
The digital decoding device according to claim 3, further comprising: a first decryption unit that performs a decryption algorithm to generate a decryption unique key, wherein the first decryption algorithm decrypts a ciphertext generated by the first encryption algorithm. Copyright protection system. 5. The recording medium device further includes a first key storage unit that stores a first key in advance, and the first encryption unit uses the first key to store the first key in the unique key. Applying the first encryption algorithm to generate the encrypted unique key, the access device further includes a second key storage unit that stores a second key in advance, wherein the second key is A first key, wherein the first decryption means applies the first decryption algorithm to the encrypted unique key using the second key corresponding to the first key, and generates the decrypted unique key. The digital work protection system according to claim 4, wherein the digital work protection system generates the digital work. 6. The first key is a master key and is the same key as the second key. The second key is a master key. The second being identical
6. The digital copyright protection system according to claim 5, wherein the decryption unique key is generated by applying the first decryption algorithm to the encrypted unique key using a key. 7. The first key is based on the second key,
A public key calculated by a public key determination algorithm of a public key cryptosystem, wherein the first encryption means performs the first encryption algorithm on the unique key using the first key, and performs the encrypted unique key. Wherein the first encryption algorithm is an encryption algorithm of the public key cryptosystem, and the first decryption means uses the second key to generate the first decryption Performing an algorithm to generate the decryption unique key, wherein the first decryption algorithm comprises:
6. The digital work protection system according to claim 5, wherein the digital work protection algorithm is a decryption algorithm of the public key cryptosystem. 8. The second key is based on the first key,
A public key calculated by a public key determination algorithm of a recovery type signature processing method; the first encryption algorithm is a signature processing algorithm of the recovery type signature processing method; and the first encryption means is the first key. Applying the first encryption algorithm to the unique key to generate the encrypted unique key that is a signature sentence, wherein the first decryption algorithm is a verification algorithm of the recovery type signature processing method, 6. The decryption unique key according to claim 5, wherein the first decryption unit performs the first decryption algorithm on the encrypted unique key, which is a signature text, using the second key to generate the decryption unique key. Digital copyright protection system. 9. The recording medium device further includes: a first master key storage unit that stores a master key group including a plurality of master keys in advance; and a first master key from the master key group. First selecting means for selecting as one key, wherein the first encrypting means uses the selected first key,
Applying the first encryption algorithm to the unique key to generate the encrypted unique key; the access device further stores a master key group identical to the master key group in a second master key storage unit And second selecting means for selecting, as a second key, the same master key as the first key from a master key group stored in the second master key storing means, The digital work according to claim 4, wherein the decryption unique key is generated by applying the first decryption algorithm to the encrypted unique key using the second key that is the same as the first key. Object protection system. 10. The first encryption unit stores a subgroup key in advance, performs a first conversion on the unique key using the subgroup key, generates a modified key, and generates the modified key as the modified key. Applying a first encryption algorithm to generate the encrypted unique key; the first decryption means pre-stores the same subgroup key as the subgroup key; (1) performing a decryption algorithm to generate a decryption modified key; performing a reverse conversion of the first conversion on the decryption modified key using the sub-group key to generate a decryption unique key; Item 6. A digital work protection system according to Item 4. 11. The first encryption means stores a subgroup key in advance, applies a first encryption algorithm to the unique key, generates a ciphertext, and uses the subgroup key to generate the ciphertext. Performs a first conversion to generate an encrypted unique key. The first decryption means stores in advance the same subgroup key as the subgroup key, and uses the subgroup key to generate the encrypted unique key. The key is subjected to an inverse transformation of the first transformation to generate a decrypted text, and the first decrypted text is
The digital work protection system according to claim 4, wherein a decryption algorithm is applied to generate a decryption unique key. 12. The recording medium device further includes a first key storage unit that stores a first key in advance, wherein the first key is a master key, and the first encryption unit is A subgroup key is stored in advance, a first conversion is performed on the first key using the subgroup key to generate an encrypted first key, and the generated encrypted first key is used to generate the encrypted first key. Applying the first encryption algorithm to the unique key to generate the encrypted unique key; the access device further includes a second key storage unit that stores a second key in advance; The key is a master key and is the same key as the first key. The first decryption unit stores the same subgroup key as the subgroup key in advance, and uses the subgroup key to The same conversion as the first conversion for the second key To generate an encrypted second key, and the generated encrypted second key
5. The digital work protection system according to claim 4, wherein the decryption unique key is generated by applying the first decryption algorithm to the encrypted unique key using a key. 13. The third operation for generating the third operation authentication information by performing the same operation as the first operation on the first authentication information using the secretly transmitted unique key. Means for judging whether or not the first operation authentication information and the third operation authentication information match, and, if they match, first comparing means for authenticating that the recording medium device has legitimacy. 4. The digital work protection system according to claim 3, wherein: 14. The fourth operation means, wherein the second authentication means performs the same operation as the second operation on the second authentication information using the unique key to generate fourth operation authentication information, A second comparing unit that determines whether the second operation authentication information matches the fourth operation authentication information, and authenticates that the access device has legitimacy when they match. A digital work protection system according to claim 13. 15. The first arithmetic means stores a subgroup key in advance, performs a first conversion on the unique key using the subgroup key, generates a modified unique key,
Performing the first operation on the first authentication information using the generated modified unique key to generate the first operation authentication information, wherein the third operation means uses the same subgroup key as the subgroup key A modified decryption unique key is generated by applying an inverse transformation of the first transformation to the unique key secretly transmitted using the subgroup key, and using the generated modified decryption unique key. The first authentication information includes the first
The digital copyright protection system according to claim 14, wherein the third operation authentication information is generated by performing the same operation as the operation. 16. The first authentication information generation means generates a random number, uses the generated random number as first authentication information, and the second authentication information generation means generates a random number, and uses the generated random number as a second authentication information. 15. The information as information.
A digital work protection system according to item 1. 17. The method according to claim 17, wherein the first operation is a first encryption algorithm, and wherein the first operation means applies the first encryption algorithm to the first authentication information using the unique key to obtain first operation authentication information. The first authentication means generates a first decryption authentication information by applying a first decryption algorithm to the first operation authentication information using the secret transmitted unique key, and generates the first decryption authentication information. Determining whether the information matches the first decryption authentication information,
If they match, the recording medium device is authenticated as having validity, wherein the first decryption algorithm is adapted to
4. The digital work protection system according to claim 3, wherein a ciphertext generated by the encryption algorithm is decrypted. 18. The second operation is a second encryption algorithm, and the second operation means performs the second encryption algorithm on the second authentication information using the secretly transmitted unique key. The second authentication means generates second operation authentication information by applying a second decryption algorithm to the second operation authentication information using the unique key, and generates the second decryption authentication information. Determining whether the information and the second decryption authentication information match, and if they match, authenticates that the access device has legitimacy;
The digital copyright protection system according to claim 17, wherein the second decryption algorithm decrypts a ciphertext generated by the second encryption algorithm. 19. The first arithmetic means stores a subgroup key in advance, performs a first conversion on the unique key using the subgroup key, generates a modified unique key,
Applying the first encryption algorithm to the first authentication information using the generated modified unique key to generate the first operation authentication information; wherein the first authentication means is the same subgroup key as the subgroup key Is stored in advance, and a modified decryption unique key is generated by performing an inverse transformation of the first transformation on the unique key secretly transmitted using the subgroup key, using the generated modified decryption unique key. The first authentication information includes the first
The digital copyright protection system according to claim 18, wherein the first decryption authentication information is generated by performing a decryption algorithm. 20. The first authentication information generation unit generates a random number, uses the generated random number as first authentication information, and the second authentication information generation unit generates a random number, and uses the generated random number as a second authentication information. 20. The information as information.
A digital work protection system according to item 1. 21. In the copyrighted work transfer phase, the recording medium device includes: an area storing digital copyrighted information generated by applying a cryptographic algorithm to a digital copyrighted work using the unique key; Output means for reading out the digital work information from the area and outputting the read digital work information to the access device, when both the recording medium device and the access device are authenticated as valid; The access device that reads information from the area receives the digital work information from the recording medium device, and performs a decryption algorithm on the digital work information received using the secret transmitted unique key. Means for decrypting a digital work, and reproducing the generated decrypted digital work 4. A decryption unit that decrypts a cipher text generated by the encryption algorithm.
A digital work protection system according to item 1. 22. In the copyrighted work transfer phase, a copyrighted work acquiring means for acquiring a digitally copyrighted work from outside, and applying a cryptographic algorithm to the acquired digitalized work using the secretly transmitted unique key, Copyright information generating means for generating product information and outputting it to the recording medium device, wherein the recording medium device receives the digital copyright information and includes the area for storing the received digital copyright information. 4. The digital work protection system according to claim 3, wherein: 23. In the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having legitimacy, the access device divides the digital work into one or more. Generating a data block, generating a data block key for each of the generated data blocks, encrypting the data block using the unique key and the data block key corresponding to the data block, and generating an encrypted data block. Generating and transferring the generated encrypted data block to the recording medium device, or receiving one or more encrypted data blocks constituting the encrypted digital work from the recording medium device, A data block key is generated for each encrypted data block, and a data block key corresponding to the unique key and the encrypted data block is generated. Decrypting the encrypted data block received using the data block key to generate a data block, wherein the data block has a logical unit length or a physical unit length, and the encrypted data block The digital work protection system according to claim 1, wherein the block has a logical unit length or a physical unit length. 24. In the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having legitimacy, the access device sets a file for each file constituting the digital copyrighted work. Generating a key, encrypting the file using the unique key and the file key to generate an encrypted file, transferring the generated encrypted file and information about the file key to the recording medium device, or Receiving, from the recording medium device, a file constituting the encrypted digital work and information relating to a file key, and for each received file, receiving using the unique key and information relating to the file key. 2. The digital work protection system according to claim 1, wherein the digital work is reproduced by decrypting the file. Stem. 25. In the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having legitimacy, the access device sets a file for each file constituting the digital copyrighted work. Generating a key, encrypting the file using the file key to generate an encrypted file, encrypting the file key using the unique key to generate an encrypted file key,
Transferring the generated encrypted file and the encrypted file key to the recording medium device, or, from the recording medium device, an encrypted file in which a file constituting the digital work is encrypted;
A file key generated for each file is received with an encrypted file key, and for each received encrypted file, a file key is generated by decrypting the encrypted file key using the unique key. The digital work protection system according to claim 24, wherein the digital work is reproduced by decrypting the received encrypted file using the generated file key to generate a file. 26. The recording medium device generates a seed based on a current time and outputs the seed to the access device, wherein the seed is an initial value of a random number, and the access device receives the seed. The digital copyright protection system according to claim 24, wherein a random number is generated using the seed as an initial value, and the generated random number is used as a file key. 27. In the authentication of the recording medium device by the access device in the authentication phase, the access device transmits first authentication information to the recording medium device, and the recording medium device Generating a seed based on the above, combining the seed with the first authentication information, encrypting the combined result of the seed and the first authentication information using the unique key, and transmitting the result to the access device; Here, the seed is an initial value of a random number, and the access device decrypts the combined result of the encrypted seed and the first authentication information using the secretly transmitted unique key to obtain a decrypted seed. First decryption authentication information is generated, and when the first authentication information matches the first decryption authentication information, the recording medium device is authenticated as having validity, and in the copyrighted work transfer phase, Access device, a digital work protection system according to claim 24, characterized in that the decryption seed to generate a random number as an initial value, the generated random number as a file key. 28. In the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having validity, the access device accepts an input of a user key from an operator, and A modified key is generated based on the received user key and the unique key secretly transmitted from the storage medium, and the digital work is encrypted using the modified key and transferred to the recording medium device. Or generating the digital work by receiving the encrypted digital work from the recording medium device and decoding the encrypted digital work received using the modified key. The digital work protection system according to claim 1. 29. In the copyrighted work transfer phase, when both the recording medium device and the access device are authenticated as having validity, the access device accepts an input of a user key from an operator, and A file key is generated for each file constituting the digital work, a modified key is generated based on the user key and the file key, and the file is encrypted using the modified key to generate an encrypted file. And transferring the generated encrypted file and the deformed key to the recording medium device, or an encrypted file in which a file constituting the digital work is encrypted, and the user key and the file key. Receiving the deformed key generated based on the user key, accepting the input of the user key from the operator, generating a file key based on the user key and the deformed key, 2. The digital work protection system according to claim 1, wherein the digital work is reproduced by decrypting the received encrypted file using the file key to generate a file. 30. In the authentication of the access device by the recording medium device in the authentication phase, the recording medium device transmits second authentication information to the access device, and the access device transmits a master key to the access device. Encrypts the second authentication information using the master key, and transmits the encrypted second authentication information to the recording medium device. The recording medium device decrypts the encrypted second authentication information using a master key to generate second decrypted authentication information. 2. The digital copyright protection system according to claim 1, wherein when the second authentication information and the second decryption authentication information match, the access device authenticates that the access device has legitimacy. 3. 31. The digital work protection system further includes an encryption unique key creation device, wherein the digital work protection system further includes the encryption unique key creation device having a unique encryption key owned by the recording medium device. Encrypting the key to generate an encrypted unique key, the recording medium device has an encrypted unique key setting phase for storing the generated encrypted unique key, and in the authentication phase, the recording medium device The storage device transmits the stored encrypted unique key to the access device, the access device decrypts the obtained encrypted unique key to generate a unique key, and uses the generated unique key to generate the recording medium device. 2. The digital work protection system according to claim 1, wherein authentication of the validity of the digital work is performed. 32. A recording medium device having an area for storing digital work information, wherein the recording medium device is a constituent element of a digital work protection system, and the digital work protection system is A recording medium device, and an access device that reads information from the area or writes information to the area, realizes utilization of a digital work between the recording medium device and the access device, Transmits the possessed unique key to the access device in secret, the recording medium device and the access device respectively perform an authentication phase for authenticating the validity of the other device using the unique key, and the recording medium device and When both the access device and the access device are authenticated, the access device uses the unique key to perform digital signature processing. A work transfer phase of encrypting the crop and transferring it to the recording medium device, or decoding the encrypted digital work transferred from the recording medium device using the unique key, The recording medium device, wherein the unique key is key information unique to the recording medium device. 33. In the authentication phase, in the authentication of the validity of the recording medium device by the access device, the recording medium device includes a first calculation unit, the access device includes a first authentication information generation unit, A first authentication unit, wherein the first authentication information generation unit generates first authentication information,
Outputting the generated first authentication information to the recording medium device; receiving the first authentication information; performing a first operation on the first authentication information using the unique key; (1) generating the operation authentication information, outputting the generated first operation authentication information to the access device, wherein the first authentication unit uses the secret key to transmit the first authentication information, 33. The recording medium device according to claim 32, wherein the recording medium device authenticates whether the recording medium device has legitimacy based on the first operation authentication information. 34. In authenticating the validity of the access device by the recording medium device in the authentication phase, the access device includes a second calculating unit, the recording medium device includes a second authentication information generating unit, A second authentication unit, wherein the second authentication information generation unit generates second authentication information,
Outputting the generated second authentication information to the access device, the second operation means receives the second authentication information, and performs a second operation on the second authentication information using the secretly transmitted unique key. To generate the second operation authentication information, and output the generated second operation authentication information to the recording medium device. The second authentication unit uses the unique key to generate the second authentication information, The recording medium device according to claim 33, wherein the access device authenticates whether or not the access device has legitimacy based on the second operation authentication information. 35. An access device for reading information from or writing information to said area of a recording medium device having an area for storing digital work information, wherein said access apparatus constitutes a digital work protection system. The digital work protection system comprises the recording medium device and the access device, and realizes use of the digital work between the recording medium device and the access device. The recording medium device secretly transmits the possessed unique key to the access device, and the recording medium device and the access device respectively use the unique key to authenticate the validity of the other device, and an authentication phase, If both the recording medium device and the access device are authenticated as having legitimacy, the access device may Encrypting the digital work using the key and transferring the encrypted digital work to the recording medium device, or decrypting the encrypted digital work transferred from the recording medium device using the unique key. The access device, wherein the unique key is key information unique to the recording medium device. 36. In the authentication of the validity of the recording medium device by the access device in the authentication phase, the recording medium device includes a first calculation unit, the access device includes a first authentication information generation unit, A first authentication unit, wherein the first authentication information generation unit generates first authentication information,
Outputting the generated first authentication information to the recording medium device; receiving the first authentication information; performing a first operation on the first authentication information using the unique key; (1) generating the operation authentication information, outputting the generated first operation authentication information to the access device, wherein the first authentication unit uses the secret key to transmit the first authentication information, The access device according to claim 35, wherein the access device authenticates whether or not the recording medium device has legitimacy based on the first operation authentication information. 37. In authenticating the validity of the access device by the recording medium device in the authentication phase, the access device includes a second arithmetic unit, the recording medium device includes a second authentication information generating unit, A second authentication unit, wherein the second authentication information generation unit generates second authentication information,
Outputting the generated second authentication information to the access device, the second operation means receives the second authentication information, and performs a second operation on the second authentication information using the secretly transmitted unique key. To generate the second operation authentication information, and output the generated second operation authentication information to the recording medium device. The second authentication unit uses the unique key to generate the second authentication information, 37. The access device according to claim 36, wherein the access device authenticates whether the access device has legitimacy based on the second operation authentication information. 38. An encryption unique key creation device, wherein the encryption unique key creation device is a component of a digital work protection system, and wherein the digital work protection system includes the encryption unique key. A recording medium device having a region for storing an encrypted digital work, and an access device for reading information from or writing information to the region, wherein the recording medium device and the access device Realizing the use of the digital work between the encryption medium and the encryption unique key creation device encrypts the unique key owned by the recording medium device to generate an encryption unique key, and the recording medium device generates the encrypted unique key. An encryption unique key setting phase for storing the encrypted unique key, and the recording medium device transmits the stored encrypted unique key to the access device, and The access device decrypts the acquired encrypted unique key to generate a unique key, and authenticates the validity of the recording medium device using the generated unique key. An authentication phase for performing authentication of the access device validity using, and when both the recording medium device and the access device are authenticated as having validity, the access device performs digital processing using the unique key. A work transfer phase of encrypting and transferring the work to the recording medium device, or decrypting the encrypted digital work transferred from the recording medium device using the unique key. The encryption unique key creating device, wherein the key is key information unique to the recording medium device. 39. A recording medium device having an area for storing digital copyrighted work information, and an access device for reading information from or writing information to the region, wherein the recording medium device and the access device are connected to each other. A digital work protection method used in a digital work protection system that realizes use of a digital work between, wherein a unique key owned by the recording medium device is secretly transmitted to the access device, and the recording medium device and By the access device, an authentication step in which the authenticity of the other device is performed using the unique key, and when the recording medium device and the access device are both authenticated, In the access device, a digital work is encrypted using the unique key and transferred to the recording medium device. Or a work in which an encrypted digital work transferred from the recording medium device is decrypted using the unique key. The unique key is key information unique to the recording medium device. A digital work protection method, characterized in that: 40. A recording medium device having an area for storing digital copyrighted work information, and an access device for reading information from or writing information to the area, wherein the recording medium device and the access device are connected to each other. A computer-readable recording medium that records a digital work protection program used in a digital work protection system that realizes use of a digital work between the programs, wherein the program is a unique program owned by the recording medium device. An authentication step in which a key is secretly transmitted to the access device, and the recording medium device and the access device respectively perform authentication of the validity of the other device using the unique key; and If both the device and the access device are authenticated, the access device The digital work is encrypted using the unique key and transferred to the recording medium device, or the encrypted digital work transferred from the recording medium device is decrypted using the unique key. A recording medium, comprising: a copyrighted work transfer step, wherein the unique key is key information unique to the recording medium device.