JP2009100265A - Data processing apparatus, data processing method, data processing program, recording medium with the data processing program recorded thereon, and integrated circuit - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To achieve protection of a content in simple data processing configuration. <P>SOLUTION: A data processing apparatus comprises: a plain-text section 11 for restoring plain-text stream from an encrypted stream; a distribution information output section 13 for outputting distribution information indicating procedures for distributing the plain-text stream; an internal memory 14 as a protected storage section that is protected from external access; an external memory 20 as a non-protected storage section provided outside; a separation section 16 for distributing the plain-text stream into the internal memory 14 and the external memory 20 and separately storing them; and a coupling section 17 for coupling respective partial data stored in the internal memory 14 and the external memory 20 on the basis of the distribution information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a data processing device that restores stream data from an encrypted stream including encrypted stream data, a data processing method, a data processing program, a recording medium that records the data processing program, and an integrated circuit.

  2. Description of the Related Art In recent years, with the development of multimedia-related technologies, technologies related to apparatuses and methods for compressing and encoding image data, audio data, and the like and processing digital data generated by compression encoding have rapidly advanced. In particular, the increase in capacity of these recording media such as hard disks, optical discs, and memory cards as recording media used in information equipment is rapidly progressing. Accompanying the increase in the capacity of such recording media, it has become common to record long-term video and audio signals such as movie programs in a digital format in the field of consumer video equipment. In addition, by using a digital recording technique for recording in such a digital format, it is possible to record a movie program or the like while achieving higher image quality and higher sound quality as compared with conventional analog recording.

  On the other hand, by using such a digital recording technique, it is possible to easily create a copy of a moving image or audio signal without degrading image quality or sound quality. For this reason, for example, a copy of content that is subject to copyright protection can be created easily and without deterioration, and how to prevent unauthorized copying is a problem. In order to solve such problems, techniques related to copyright protection for the purpose of preventing illegal copying have been proposed.

  As one of such technologies relating to copyright protection, there is a technology relating to encryption in which information is encrypted and recording and communication are performed in order to conceal information in recording and communication. For this reason, a technique for recording stream data including content data such as digital moving images in an encrypted manner on a recording medium such as a DVD that is a kind of optical disk or an SD memory card that is a kind of memory card has been proposed. ing. With such a technique, the content is concealed and the copyright of the content is protected.

  The data processing apparatus having a recording / playback function for recording stream data including image data or the like on the recording medium as described above and playing back the stream data stored on the recording medium also includes compression of content data. An integrated circuit such as an LSI is mounted as a data processing unit such as decompression processing or encryption / decryption processing. Further, in order to perform such data processing, a configuration in which an external memory for temporarily storing data being processed is provided outside the LSI.

  By the way, in such a configuration in which data processing is performed by connecting an LSI and an external memory, for example, image data to be subjected to encryption / decryption processing by the LSI or data during decryption processing is stored in the LSI. It will be transferred to and from the external memory. For this reason, it is possible to illegally read data transferred to the external memory. On the other hand, by performing data processing using only the internal memory provided in the LSI, it is possible to prevent such injustices. However, large-capacity data such as image data can be stored only in the internal memory. There were limits to processing. For this reason, conventionally, there has been proposed a technique for performing data processing using an external memory and preventing illegal data reading (see, for example, Patent Document 1).

  FIG. 9 is a configuration diagram of a conventional data processing apparatus for data protection. As shown in FIG. 9, a conventional data processing apparatus converts stream data recorded on a recording medium outside the apparatus such as a DVD or a memory card into a recording medium interface unit (hereinafter referred to as “recording medium I / F unit” as appropriate). Read from 910). Further, in the conventional data processing apparatus, the LSI 900 executes data processing while temporarily storing data being processed in the external memory 920. The data processing apparatus shown in FIG. 9 shows an example in which the recording medium I / F unit 910 reads scrambled data recorded on the recording medium. The scrambled data is data generated by further performing scramble processing on stream data generated by compressing and encoding image data according to the MPEG (Moving Picture Expert Group) system. The LSI 900 executes a reproduction process that restores content data such as images and sounds from such scrambled data.

  When the scramble data is supplied to the LSI 900, the descramble processing unit 91 performs a descrambling process on the scramble data. As a result, the descrambling unit 91 generates stream data based on the MPEG system, and transfers this stream data to the internal memory 94 by the internal CPU 90. Further, the stream data transferred to the internal memory 94 is transferred to the external memory 920 by the memory control unit 95 and temporarily stored in the external memory 920.

  In transferring such stream data to the external memory 920, the memory control unit 95 sets address data indicating a transfer destination area of the external memory 920 and supplies the address data to the external memory 920. Further, the data type detection unit 96 detects type information that is information indicating the frame type and the like from the internal CPU 90, and further associates the stream data corresponding to the type information with the address of the external memory 920 that stores the stream data. To do. When the type information detected by the data type detection unit 96 indicates an I frame, the execution control unit 97 instructs the encryption unit 98 to execute an encryption process. In response to this, the encryption unit 98 performs encryption processing on the stream data transferred from the internal memory 94 to the external memory 920 by the memory control unit 95. Further, the encrypted stream data is stored in the storage area of the external memory 920 indicated by the address data. On the other hand, when the type information detected by the data type detection unit 96 indicates a frame other than the I frame, the execution control unit 97 instructs the encryption unit 98 not to execute the encryption process. In this case, the stream data stored in the internal memory 94 passes through the encryption unit 98 and is transferred to the external memory 920 as it is.

  In addition, when the stream data transferred to the external memory 920 is transferred to the internal memory 94, a plain culture (Decryption) process is performed in the plain culture unit 99 as necessary. That is, when reading stream data from the external memory 920, the data type detection unit 96 detects type information indicating the type of each frame associated with the read address data by the memory control unit 95. . When the type information detected by the data type detection unit 96 indicates an I frame, the execution control unit 97 instructs the plain culture unit 99 to execute the plain culture process, and the plain culture unit 99 reads A plain culture process is applied to the stream data. Further, when the type information indicates a frame other than the I frame, the execution control unit 97 instructs the plain culture unit 99 not to execute the plain culture process, and the read stream data is sent to the plain culture unit 99 as it is. It passes through and is transferred to the internal memory 94.

  The stream data transferred to the internal memory 94 as described above is subjected to decoding processing by the decoder 92, thereby restoring content data such as images and sounds. The restored image and audio content data is output from the output unit 93.

  As described above, the conventional data processing apparatus shown in FIG. 9 partially encrypts and transfers data transferred between the external memory 920 and the LSI 900 according to the detection output of the data type detection unit 96. We give a plain culture treatment. For this reason, the conventional data processing apparatus can reduce the load in the encryption process and the plain culture process, that is, the data processing amount, as compared with the case where the encryption process and the plain culture process are performed on all the transfer data. Further, the conventional data processing apparatus uses the fact that the stream data based on the MPEG system cannot decode the image data for other frames unless the image data for the I frame is decoded. We are also trying to preserve sex. That is, by performing encryption processing on stream data corresponding to an I frame among stream data transferred between the internal memory 94 and the external memory 920 of the LSI 900, an image in a data processing apparatus using the external memory 920 is obtained. Data confidentiality can be achieved.

  In addition, a technique based on a distributed storage technique has been proposed in which a data string such as stream data is distributed and stored in a plurality of storage units to protect the data. As an example of such a technique, for example, a conventional stream recording apparatus proposed in Patent Document 2 acquires a stream including audio data, and audio data is present among a plurality of packets constituting the acquired stream. A decimation unit that distributes packets including range identification data indicating a range to be assigned to the first group, and distributes the remaining packets to the second group, and a first storage area that substantially prevents access from other than the decimation unit A first storage means having a second storage area; and a second storage means having a second storage area. The thinning means stores the thinning target packets belonging to the first group in the first storage area and stores the packets belonging to the second group in the second storage area.

With such a configuration, the conventional stream recording apparatus is substantially prevented from accessing the thinning-out target packet, and even if an attempt is made to reproduce the sound based on the contents stored in the second storage area, the sound is not heard. Since playback cannot be performed correctly, content composed of audio can be protected.
JP 2001-69481 A JP 2003-289336 A

  However, in the conventional data processing apparatus such as Patent Document 1, it is necessary to provide the encryption unit 98 and the plain culture unit 99 for data transfer between the LSI 900 and the external memory 920, and the amount of hardware increases. At the same time, in the conventional data processing apparatus, although there are partial encryption processing and plain culture processing, there is a problem that processing load and transfer time for performing these processing also increase. Furthermore, in order to detect whether or not the stream data transferred to the external memory 920 is an I frame, a data type detection unit 96, an encryption unit 98, and an execution control unit 97 that performs switching control of the plain culture unit 99 are also provided. There was a need. As a result, the amount of hardware increases, and there is a problem that processing becomes complicated due to such control.

  Further, even in a conventional stream recording apparatus such as Patent Document 2, it is necessary to provide a circuit and a processing unit for detecting a packet including range identification data indicating a range in which audio data exists. There was a problem that the increase and the processing became complicated.

  In particular, for example, MPEG-2, MPEG-4, H.264, or the like is used as a compression encoding method for images. Different standards such as H.264 have been proposed, and there are various standards for audio as well. In order to correspond to each stream data based on such different standards, in order to detect data types and specific packets, Processing becomes more complicated.

  Further, as described above, by using only the internal memory provided in the LSI and processing the content data that is subject to copyright protection, a data type detection unit such as a conventional data processing device Unauthorized data reading or the like can be prevented without providing 96 or the like. However, in order to process a large amount of data such as image data using only the internal memory, there is a problem that the capacity of the internal memory increases.

  The present invention has been made in order to solve the above-described problem, and in a data processing apparatus that performs data processing in a protected area while using an unprotected storage unit such as an external memory, a compression coding standard is provided. Data processing apparatus, data processing method, data processing program, and data processing for suppressing the increase in the amount of hardware and processing load and protecting the contents subject to copyright An object is to provide a recording medium on which a program is recorded, and an integrated circuit.

  A data processing apparatus according to the present invention is a data processing apparatus that restores stream data from an encrypted stream including encrypted stream data, and decrypts the encrypted stream by decrypting the obtained encrypted stream. From the external culture access, the flat culture section that restores the plain culture stream corresponding to the stream data, the distribution information output section that outputs the distribution information that indicates the distribution procedure for the plain culture stream, and is protected from external access. Protected storage unit for storing data, non-protection storage unit for storing data, plain culture stream is divided into partial data, and partial data is divided into protection storage unit and non-protection storage unit based on distribution information Distributing information that is separated and stored separately, partial data stored in the protected storage unit, and partial data stored in the non-protected storage unit Based bonded, is characterized in that a coupling portion for restoring the stream data.

  According to such a data processing device, it is only necessary to separate and store the plain culture stream into partial data according to the distribution information, without depending on the encoding method or data format, and the portion stored in the unprotected storage unit. The content cannot be completely restored only by the data, and the partial data stored in the protection storage unit cannot be easily accessed. Furthermore, since the distribution information is also protected from external access, it is possible to increase the effect of preventing illegal acts such as illegally reading stream data. For this reason, according to such a data processing device, the confidentiality of the content is ensured with a simple configuration without depending on compression coding standards, etc., and without causing an increase in hardware amount or processing load. And copyright protection.

  Furthermore, the data processing apparatus of the present invention is characterized in that the distribution information is information generated based on a secret algorithm.

  According to such a data processing device, since the distribution information is information generated based on a secret algorithm, it is possible to more securely protect against illegal acts such as illegally decoding the distribution information, and to improve security. Can be increased.

  Furthermore, in the data processing device of the present invention, the distribution information may be information indicating a distribution procedure for distributing partial data at random.

  According to such a data processing device, since the distribution information is information that randomly distributes partial data, it is almost impossible to guess the procedure indicated by the distribution information, and the distribution information is illegally decoded. Thus, it is possible to more securely protect against such illegal acts and further enhance security.

  The data processing apparatus of the present invention includes a memory for storing data, and divides the memory into a protected area protected from external access and an unprotected area accessible from the outside, and a protection storage unit is provided. It is also characterized in that it is a protected area of the memory and the non-protected storage unit is an unprotected area of the memory.

  According to such a data processing device, the content cannot be completely restored only with the partial data stored in the non-protected area, and the partial data stored in the protected area cannot be easily accessed. Confidentiality and copyright protection.

  The data processing apparatus of the present invention further includes a receiving unit that acquires recording data including an encrypted stream and encrypted distribution information that is encrypted distribution information from a recording medium, The encrypted stream and the encrypted distribution information included in the recording data acquired by the receiving unit are decrypted to flatten the encrypted stream and the encrypted distribution information, and the plain culture stream corresponding to the stream data The distribution information is restored, and the distribution information output unit supplies the distribution information restored by the plain culture unit to the separation unit and the combination unit.

  Furthermore, the data processing apparatus of the present invention includes a recording processing unit that records recording data on a recording medium, and the recording processing unit divides the stream data into a plurality of partial data to generate distribution information, and further encrypts the data. Thus, the encrypted distribution information may be generated and recorded on the recording medium as recording data including the encrypted distribution information together with the encrypted stream.

  According to such a data processing device, since it is possible to generate different distribution information for each encrypted stream to be recorded on the recording medium without providing a storage unit for storing different distribution information, With a simple configuration, it is possible to improve the security by changing the distribution information. Further, since the distribution information is recorded on the recording medium as encrypted distribution information, security for the distribution information can be ensured. For this reason, even with such a data processing device, it is possible to ensure the confidentiality of the content with a simple configuration without depending on compression coding standards and without increasing the amount of hardware and processing load. Copyright protection can be achieved.

  Furthermore, the data processing device of the present invention is divided into a protection processing unit that is difficult to access from the outside and a non-protection processing unit that is accessible from the outside. It is also characterized in that at least a flat culture section, a distribution information output section, a protection storage section, a separation section, and a coupling section are arranged in the section.

  According to such a data processing device, the plain culture part, the distribution information output part, the separation part, and the joining part are also arranged in the protection processing part that is difficult to access from the outside together with the protection storage part. A data bus for transmitting data such as minute information that needs to be protected is also arranged in the protection processing unit, and the confidentiality of the content can be further improved.

  Furthermore, the data processing apparatus of the present invention is characterized in that the protection processing unit is a packaged integrated circuit and the non-protected storage unit is an external memory provided outside the integrated circuit.

  According to such a data processing apparatus, since the protection processing unit is arranged in the integrated circuit that is very difficult to access from the outside, the confidentiality of the content can be further improved.

  Furthermore, the data processing apparatus of the present invention is characterized in that the protection storage unit is an internal memory provided in the integrated circuit.

  According to such a data processing device, since the protection storage unit is arranged in the integrated circuit that is very difficult to access from the outside, the confidentiality of the content can be further improved.

  Furthermore, the data processing apparatus of the present invention is characterized in that the protection processing unit further includes a decoder that decodes the stream data restored by the combining unit to restore the decoded data.

  According to such a data processing apparatus, since the plain culture stream is processed by the protection processing unit and is not output to the outside of the protection processing unit, the confidentiality of the content can be further improved.

  Furthermore, in the data processing apparatus of the present invention, the recording processing unit stores the key data for encryption / decryption protected from external access, and encrypts the distribution information with the key data to encrypt the distribution. It is also characterized in that the information is generated, and the Heibun Culture Department restores the distribution information by decrypting the encrypted distribution information with the key data.

  According to such a data processing apparatus, since the key data for encrypting the distribution information is also arranged in the protection processing unit, the security can be further improved.

  Furthermore, in the data processing device of the present invention, the integrated circuit further includes a key storage unit that stores key data for encryption / decryption, and the recording processing unit uses the key data stored in the key storage unit to distribute information. The encrypted distribution information is generated by encrypting the encrypted information, and the plain culture department can restore the distribution information by decrypting the encrypted distribution information with the key data stored in the key storage section. It is a feature.

  According to such a data processing apparatus, since the key data for encrypting the distribution information is stored in the key storage unit in the integrated circuit, security can be further improved.

  Furthermore, the data processing apparatus of the present invention is characterized in that the key data is data based on information unique to the integrated circuit.

  According to such a data processing apparatus, the key data for encrypting the distribution information may be data based on the information unique to the integrated circuit, and thus the security can be further improved with a simple configuration.

  Further, in the data processing device of the present invention, the distribution information is index information for special reproduction of the stream data, and the reception unit encrypts the encrypted distribution information together with the encrypted stream recorded on the recording medium. It is also characterized by acquiring encrypted index information that is converted index information.

  According to such a data processing apparatus, since index information recorded in advance on a recording medium or the like can be used as distribution information, means for detecting frame type information from stream data is not necessary. Also, index information that does not depend on compression coding standards or the like can be used. For this reason, it is possible to suppress the increase in the amount of hardware and the processing load and to protect the copyright of the content.

  Furthermore, in the data processing apparatus of the present invention, the plain culture department restores the index information by decrypting the encrypted index information included in the acquired recording data, and the distribution information output section restores the restored index information. It is also characterized in that the information on the entry frame is output, and the separating unit sorts the restored plain culture stream into one partial data and the other partial data based on the information on the entry frame.

  According to such a data processing apparatus, information on entry frames included in index information recorded in advance on a recording medium or the like can be used as distribution information, so that frame type information is detected from stream data. No means are needed. Also, index information that does not depend on compression coding standards or the like can be used. For this reason, it is possible to suppress the increase in the amount of hardware and the processing load and to protect the copyright of the content.

  Furthermore, in the data processing device of the present invention, the separation unit stores at least one partial data including a packet storing the data of the entry frame in the protection storage unit based on the information about the entry frame, Another feature is that the partial data is stored in the non-protected storage unit.

  According to such a data processing device, an important packet necessary for decoding other frames and other packets can be easily separated based on information on entry frames. For this reason, it is possible to suppress the increase in the amount of hardware and the processing load and improve the confidentiality of the content.

  Further, in the data processing device according to the present invention, the separation unit stores at least one partial data including a packet storing the data of the entry frame in the non-protected storage unit based on the information about the entry frame, The partial data is also stored in the protection storage unit.

  According to such a data processing device, an important packet necessary for decoding other frames and other packets can be easily separated based on information on entry frames. For this reason, it is possible to suppress the increase in the amount of hardware and the processing load and improve the confidentiality of the content.

  Furthermore, in the data processing device of the present invention, the entry frame is an I frame of stream data including encoded image data, and the information regarding the entry frame is a packet number in which the encoded image data of the I frame is stored. It is also characterized by information including

  According to such a data processing device, a packet storing important I-frame data necessary for decoding other frames and other packets can be easily separated based on information about entry frames. For this reason, it is possible to suppress the increase in the amount of hardware and the processing load and improve the confidentiality of the content.

  Furthermore, the data processing apparatus of the present invention is characterized in that the encrypted stream and the encrypted index information are recorded on the recording medium as the same file.

  According to such a data processing device, since it is possible to separate into partial data using index information recorded in advance on a recording medium, the amount of hardware and processing load increase without depending on compression coding standards, etc. It is possible to easily protect the copyright of the content while suppressing the content.

  Furthermore, the data processing apparatus of the present invention is characterized in that the encrypted stream and the encrypted index information are recorded on the recording medium as different files.

  According to such a data processing device, since it is possible to separate into partial data using index information recorded in advance on a recording medium, the amount of hardware and processing load increase without depending on compression coding standards, etc. It is possible to easily protect the copyright of the content while suppressing the content.

  Furthermore, the data processing apparatus of the present invention is characterized in that the recording medium is an SD memory card and the index information is recorded in the media object information file.

  According to such a data processing apparatus, since it can be separated into each partial data by using index information recorded in advance on an SD memory card which is a recording medium, the amount of hardware is not dependent on compression coding standards and the like. In addition, it is possible to easily protect the copyright of content while suppressing an increase in processing load.

  In the data processing device of the present invention, the separation unit distributes the partial data into the protected data to be stored in the protected storage unit and the unprotected data to be stored in the non-protected storage unit based on the distribution information, and Protected data is stored, and the non-protected storage unit stores random data in an area corresponding to the protected data together with the unprotected data.

  Furthermore, in the data processing device of the present invention, the separation unit distributes the partial data into the protected data to be stored in the protected storage unit and the unprotected data to be stored in the non-protected storage unit based on the distribution information, The protection data may be stored, and the non-protection storage unit may store the non-protection data so as to be continuous.

  According to such a data processing apparatus, in the data stored in the non-protected storage unit, the location corresponding to the protected data becomes unclear, so that the content protection effect can be further enhanced.

  In addition, the integrated circuit of the present invention uncovers the encrypted stream that has been acquired, and clears the encrypted stream and restores the plain culture stream corresponding to the stream data, and protects it from external access. A distribution information output unit that outputs distribution information indicating a distribution procedure for a plain culture stream, a protection storage unit that stores data, and a plain culture stream that is divided into partial data. The data is separated into the other partial data, separated, the partial data is stored in the protection storage unit, and the other partial data is output to the outside, and the partial data stored in the protection storage unit and the external The other partial data fetched from the above is combined based on the distribution information, and a combining unit for restoring the stream data is provided.

  According to such an integrated circuit, the plain culture section, the distribution information output section, the protection storage section, the separation section, and the coupling section are arranged in the integrated circuit that is very difficult to access from the outside. A data bus for transmitting data that needs to be protected, such as distribution information, is also arranged in the protection processing unit, so that the confidentiality of the content can be secured and copyright protection can be achieved.

  The data processing program of the present invention is a data processing program for a data processing apparatus that restores stream data from an encrypted stream including encrypted stream data, by decrypting the obtained encrypted stream. Clearly encrypt the encrypted stream, restore the plain culture stream corresponding to the stream data, output the distribution information indicating the distribution procedure for the plain culture stream, and divide the plain culture stream into partial data. The step of distributing the partial data based on the minute information to the protected storage unit and the non-protected storage unit protected from external access and storing them separately, the partial data stored in the protected storage unit and the portion stored in the non-protected storage unit Combining the data with the distribution information and restoring the stream data It is characterized in that.

  According to such a data processing program, the content cannot be completely restored only with partial data stored in the unprotected storage unit, and the partial data stored in the protected storage unit cannot be easily accessed. Can be executed.

  The recording medium of the present invention records the data processing program.

  According to the recording medium storing such a data processing program, the content cannot be completely restored only by the partial data stored in the non-protected storage unit, and the partial data stored in the protected storage unit cannot be easily accessed. A data processing program capable of executing processing in the data processing device can be provided.

  The data processing method of the present invention is a data processing method of a data processing apparatus for restoring stream data from an encrypted stream including encrypted stream data, by decrypting the obtained encrypted stream. Clearly encrypt the encrypted stream, restore the plain culture stream corresponding to the stream data, output the distribution information indicating the distribution procedure for the plain culture stream, and divide the plain culture stream into partial data. The step of distributing the partial data based on the minute information to the protected storage unit and the non-protected storage unit protected from external access and storing them separately, the partial data stored in the protected storage unit and the portion stored in the non-protected storage unit Combining the data based on the distribution information and restoring the stream data It is.

  According to such a data processing method, the content cannot be completely restored only with partial data stored in the non-protected storage unit, and the partial data stored in the protected storage unit cannot be easily accessed. Can be executed.

  The data processing apparatus of the present invention, for example, stores partial data of a plain culture stream in an internal memory based on distribution information indicating a predetermined distribution procedure in a protection processing unit protected from external access such as an integrated circuit. In such a configuration, the data is divided and stored in a protected storage unit such as the above and a non-protected storage unit such as an external memory. As described above, since the data processing apparatus of the present invention only needs to set the distribution information, it is not necessary to provide an encryption unit or a plain culture unit in data transmission to the non-protected storage unit. Therefore, there is no need to provide a data type detection unit or an execution control unit for detecting frame type information. Further, even with such a simple configuration, the content cannot be completely restored only with partial data stored in the non-protected storage unit, and the partial data stored in the protected storage unit cannot be easily accessed. Minute information is also protected from external access. For this reason, according to the data processing apparatus of the present invention, it is possible to suppress the increase in the amount of hardware and the processing load without depending on the compression coding standard and the like, and to protect the content subject to copyright. The intended data processing apparatus can be provided. Similarly, the data processing method, the data processing program, the recording medium on which the data processing program is recorded, and the integrated circuit of the present invention also depend on the amount of hardware and processing without depending on the compression coding standard. While suppressing an increase in load, it is possible to protect content that is subject to copyright.

  Hereinafter, a data processing apparatus according to an embodiment of the present invention will be described with reference to the drawings.

(Embodiment 1)
FIG. 1 is a block diagram showing an example of a data processing apparatus according to Embodiment 1 of the present invention. As shown in FIG. 1, the data processing apparatus according to the present embodiment reads recording data recorded on a recording medium 30 such as a DVD or a memory card, and temporarily stores data being processed by the LSI 100 in the external memory 20. The data processing is executed. In the present embodiment, as the data processing unit, the LSI 100 executes data processing such as encryption or decryption processing while using the external memory 20, and the restored content data is output from the LSI 100. A configuration example will be described. In the present embodiment, the LSI 100 is packaged or modularized, functions as a protection processing unit that is difficult to access from the outside, and the outside of the LSI 100 including the external memory 20 is accessible from the outside. Functions as a protection processing unit.

  In the present embodiment, an example is given in which the recording medium 30 targeted by the data processing apparatus is a portable recording medium, and the content recorded on the recording medium 30 can be reproduced by mounting the recording medium 30 on the data processing apparatus. It can be carried out. FIG. 1 shows a configuration example for a memory card such as an SD memory card as the recording medium 30. In addition, an example is given in which content data is recorded on the recording medium 30 as encrypted stream data that is encoded, packetized, and encrypted data. In other words, content data composed of images and audio signals is encoded according to a compression encoding method such as the MPEG method, and the encoded data is converted into, for example, stream data packetized for each predetermined amount of data. Is done. Furthermore, in the present embodiment, in order to protect the content data recorded on the recording medium 30, this stream data is encrypted (encrypted stream) as appropriate (hereinafter referred to as “encrypted stream”). Has been converted. On the recording medium 30, an encrypted stream generated through such processing is recorded as stream data for data processing by the data processing unit.

  Further, as shown in FIG. 1, on the recording medium 30, such an encrypted stream is recorded in the data area, and management information for managing the recording medium 30 is recorded in the header area.

  The data processing apparatus attaches such a recording medium 30 to the recording medium I / F (interface) unit 21 shown in FIG. 1 to reproduce the content recorded on the recording medium 30 in the form of an encrypted stream. Do.

  As shown in FIG. 1, the data processing apparatus performs data processing on a recording medium I / F unit 21 that reads recording data from a recording medium 30 and recording data read by the recording medium I / F unit 21. An LSI 100 that is an integrated circuit and an external memory 20 as an unprotected storage unit that stores data in data processing of the LSI 100 are provided. The common bus 22 is a common bus for performing data transfer and data communication between the respective units in the apparatus. Data transfer between the recording medium I / F unit 21 and the LSI 100 is also possible via the common bus 22. Done. The recording media I / F unit 21 functions as a receiving unit that acquires recording data from the recording medium.

  The external memory 20 is a semiconductor memory that is provided outside the LSI 100 inside the data processing apparatus and does not have, for example, a large capacity protection mechanism. The external memory 20 is provided for temporarily storing unprotected data, which is unprotected data that is not inconvenient even when read from the outside, in each process executed by the LSI 100. In the present embodiment, the external memory 20 is described as an unprotected memory that can be accessed from the outside, but it may be a memory with simple protection.

  Next, as shown in FIG. 1, the LSI 100 includes a plain culture unit 11, a distribution information output unit 13, an internal memory 14, a separation unit 16, a combining unit 17, and a decoder 12. The plain culture unit 11 performs plain culture processing for decrypting the encrypted stream recorded on the recording medium 30, and the encoded and packetized content data, that is, the plain culture stream data corresponding to the stream data ( Hereinafter, this is referred to as a “plain culture stream” as appropriate. The distribution information output unit 13 is protected from external access, and outputs distribution information indicating a distribution procedure for the plain culture stream. The internal memory 14 stores protection data as protected data in the data processing of the LSI 100 as a protection storage unit protected from external access. The separation unit 16 divides the plain culture stream into partial data that is partial data, and sorts the partial data into the internal memory 14 and the external memory 20 based on the distribution information from the distribution information output unit 13. Remember me. In the present embodiment, processing is performed in units of packets as partial data to be classified as described above, and the separation unit 16 stores the partial data to be an internal packet in the internal memory 14 and the partial data to be an external packet to the external memory 20. Take an example of memorizing. The combining unit 17 combines the internal packet recorded in the internal memory 14 and the external packet recorded in the external memory 20 based on the distribution information to restore the plain culture stream. The decoder 12 performs a decoding process that is a decoding process for the encoding (Encode) on the plain culture stream restored by the combining unit 17 to restore the content data.

  Furthermore, the LSI 100 includes a CPU 10 as a processor that executes control of each process and part of the processing in the LSI 100, and a memory control unit 15 that controls data writing and reading with the external memory 20. Further, the LSI 100 also has an internal common bus 19 as a common bus, and data transfer between the respective units as shown in FIG. 1 in the LSI 100 is performed via the internal common bus 19.

  In the LSI 100 configured as described above, each data of the recording medium 30 attached to the recording medium I / F unit 21 is transferred from the recording medium I / F unit 21 to the LSI 100 via the common bus 22 in accordance with an instruction from the CPU 10. Transferred.

  The plain culture unit 11 executes a decryption process for decrypting the encrypted stream of the recording medium 30 transferred as described above. Further, the flat culture section 11 outputs data flattened by the plain culture processing as a plain culture stream. The plain culture stream generated in this way is stream data composed of a plurality of packets obtained by encoding content data according to a compression encoding method such as the MPEG method and packetizing the encoded data. That is, the plain culture unit 11 restores stream data as a plain culture stream by executing a plain culture process. Such a plain culture stream is supplied to the separation unit 16. Instead of directly supplying the encrypted stream from the recording medium I / F unit 21 to the plain culture unit 11, all or part of the encrypted stream is temporarily stored in the external memory 20, and the stored encrypted stream is It may be in the form of reading and processing. FIG. 1 shows an example in which the encrypted stream is temporarily stored in the external memory 20.

  The distribution information output unit 13 outputs distribution information indicating a distribution procedure for distributing the plain culture stream to the internal memory 14 and the external memory 20 for separate storage. As such distribution information, the distribution information output unit 13 may store distribution information, or the distribution information output unit 13 generates distribution information. It may be. The distribution information may be information that protects from external access and indicates a prescribed procedure. That is, although details will be described below, the data processing apparatus according to the present embodiment is characterized in that it is only necessary to set distribution information having such a simple configuration in order to protect content data. . The distribution information may be, for example, information generated based on a secret algorithm or information indicating a distribution procedure for randomly distributing a packet of a plain culture stream. In the case of information generated based on an algorithm in which the distribution information is concealed, it is possible to strongly protect against illegal acts such as illegally decoding the distribution information, and security can be improved. Also, if the distribution information is random information using random numbers etc., it is almost impossible to guess the procedure indicated by the distribution information, and it is possible to more securely protect against illegal acts that decipher the distribution information. , Security can be improved.

  In addition to the plain culture stream from the flat culture unit 11, distribution information is supplied from the distribution information output unit 13 to the separation unit 16. Based on such distribution information, the separation unit 16 determines whether each packet of the plain culture stream supplied from the plain culture unit 11 is a packet that is an internal packet or a packet that is an external packet. judge. In accordance with this determination, the separation unit 16 separates the packets so as to be distributed as internal packets or external packets. In this manner, the separation unit 16 sorts the restored plain culture stream into an internal packet that is one partial data and an external packet that is the other partial data based on the distribution information. Further, the separation unit 16 transfers the separated internal packet to the internal memory 14 and transfers the separated external packet to the external memory 20.

  The internal memory 14 is, for example, a semiconductor memory provided in the LSI 100, and is provided for temporarily storing data of each process executed by the LSI 100. In particular, the present invention is intended to protect the copyright of content, and it is preferable that the internal memory 14 provided in the LSI 100 as a protection processing unit is protected from the outside of the LSI 100 and is difficult to access. . For this reason, in the present embodiment, the internal memory 14 is not configured to be connected to, for example, the internal common bus 19 accessible from the outside, but is separated from the outside and is difficult to access. The example of a structure connected only to 17 is shown. That is, the internal memory 14 stores the internal packet transferred from the separation unit 16, and the stored internal packet is read out under the control of the combining unit 17. The internal memory 14 may be configured to store data other than the internal packet. However, from the viewpoint of content protection described above, the internal memory 14 is configured so that access from the outside is not facilitated. It is preferable.

  The memory control unit 15 is a control unit for transferring, for example, DMA (Direct Memory Access) between the internal common bus 19 and the external memory 20. The memory control unit 15 outputs an address, a write signal, a read signal, and the like to the external memory 20 and performs control such that each data is written to or read from a predetermined area. That is, the external packet separated by the separation unit 16 is first supplied to the internal common bus 19. Further, the external packet supplied to the internal common bus 19 under the control of the memory control unit 15 is stored in a predetermined area of the external memory 20. Also, each data including an external packet stored in the external memory 20 is read out to the internal common bus 19 under the control of the memory control unit 15.

  The combining unit 17 is supplied with the internal packet stored in the internal memory 14 and the external packet stored in the external memory 20. The combining unit 17 refers to the distribution information from the distribution information output unit 13, determines the packet number of the supplied internal packet and external packet, and outputs the internal packet or the external packet according to the determined packet number order. To do. In this way, the common culture stream identical to the plain culture stream restored by the flat culture unit 11 is output from the combining unit 17. The combining unit 17 supplies the plain culture stream generated in this way to the decoder 12.

  The decoder 12 performs a decoding process on the supplied plain culture stream. That is, the decoder 12 performs decoding (Decode) on the encoded data (Encode) included in each packet of the plain culture stream, and decodes the content data corresponding to the image or audio signal. Restore data.

  The data processing apparatus according to Embodiment 1 of the present invention restores content data from the encrypted stream recorded on the recording medium 30 with the above configuration.

  Next, the operation of the data processing apparatus configured as described above will be described.

  FIG. 2 is a flowchart showing the decryption processing procedure of the data processing apparatus according to the present embodiment. By executing the procedure as shown in FIG. 2, the data processing method of the present embodiment can be realized. Hereinafter, the operation of the data processing apparatus will be described with reference to FIG. 2 shows an example in which an encrypted stream is temporarily stored in the external memory 20 from the recording medium 30, and the stored encrypted stream is transferred to the LSI 100 for processing. Further, in order to execute a decoding process that is a decoding process based on the data processing method of the encrypted stream as shown in FIG. 2, the CPU 10 performs a data process stored in, for example, a program memory that is a recording medium on which a program is recorded. The program is sequentially read, and processing as described below is executed according to the read data processing program.

  First, when the recording medium 30 is mounted on the data processing apparatus and the reproduction of content is instructed by a user or the like, for example, the CPU 10 performs such control via a control unit that controls the entire data processing apparatus. Receive instruction information. The CPU 10 starts control for executing the decoding process as shown in FIG. 2 in accordance with such instruction information.

  First, the CPU 10 instructs the recording medium I / F unit 21 to read an encrypted stream corresponding to the instruction from the recording medium 30. As a result, the recording data including the encrypted stream is transferred from the recording medium 30 to the LSI 100 via the recording medium I / F unit 21. The CPU 10 further instructs the memory control unit 15 to store the transferred recording data in the external memory 20. As a result, the encrypted stream is read from the recording medium 30, and the encrypted stream is temporarily stored in a predetermined area of the external memory 20 (step S104).

  Thereafter, decoding processing is executed in the LSI 100 while using the external memory 20. When the CPU 10 determines the processing status in the LSI 100 and determines that the encrypted stream for the plain culture process is stored in the external memory 20 and the plain culture process by the plain culture unit 11 or the like is executable, the plain culture process is executed. Control to start. On the other hand, when the CPU 10 determines that the plaintext stream for decoding processing is stored in the external memory 20 and the internal memory 14 and decoding processing by the combining unit 17 or the decoder 12 can be executed, the decoding processing is executed. Control is started (step S106).

  When the CPU 10 determines that the normal culture process is executable, the CPU 10 instructs the memory control unit 15 to read the encrypted stream stored in the external memory 20, and is controlled by the memory control unit 15. The encrypted stream is transferred from the external memory 20 to the LSI 100 (step S202). The encrypted stream transferred from the external memory 20 to the LSI 100 is further supplied to the plain culture unit 11 via the internal common bus 19.

  Next, the plain culture unit 11 executes a plain culture process for decrypting the supplied encrypted stream, and outputs the data generated by the plain culture process as a plain culture stream (step). S204). The plain culture unit 11 supplies such a plain culture stream to the separation unit 16.

  In addition to the plain culture stream from the flat culture unit 11, the separation information is notified from the distribution information output unit 13 to the separation unit 16. For example, the distribution information is information that indicates a procedure for making an internal packet or an external packet in association with a packet number. That is, for example, the separation unit 16 classifies each packet according to the distribution information such that packets with packet numbers 1, 2, and 3 are designated as external packets and packet numbers 4 and 5 are designated as internal packets. Go. Thus, for example, the separation unit 16 detects the packet number of each packet of the plain culture stream that is sequentially supplied and determines whether the packet is an internal packet or an external packet. The separation unit 16 separates the internal packet and the external packet according to the determination based on the distribution information (step S206). Further, the separation unit 16 transfers the separated internal packet to the internal memory 14 and transfers the separated external packet to the external memory 20.

  As described above, the data processing apparatus according to the present embodiment is configured to transfer partial packets constituting the plain culture stream to the external memory 20 as partial data based on the distribution information having a simple configuration. That is, the data processing apparatus according to the present embodiment does not depend on the encoding method or the data format, and simply stores the plain culture stream into partial data according to the distribution information and stores it in the external memory 20. The content cannot be completely restored only with the partial data, and the partial data stored in the internal memory 14 cannot be easily accessed. For this reason, the data processing apparatus according to the present embodiment suppresses an increase in the amount of hardware and processing load and does not depend on compression coding standards and the like, and protects content that is subject to copyright. Can be planned.

  The internal packet data transferred from the separation unit 16 to the internal memory 14 is stored in a predetermined area of the internal memory 14 (step S208). The external packet data transferred from the separation unit 16 to the external memory 20 is stored in a predetermined area of the external memory 20 through the internal common bus 19 and controlled by the memory control unit 15 (step S210).

  When the CPU 10 determines the processing status in the LSI 100 and further stores an encrypted stream for plain-text processing in the external memory 20, and determines that the processing from step S202 to step S208 or step S210 is further executed, Such processing from step S202 to step S208 or step S210 is further repeated. Thereby, each packet of the plain culture stream is separated and stored in the internal memory 14 and the external memory 20 so as to be distributed into the internal packet and the external packet according to the distribution information.

  When the CPU 10 determines that the decoding process can be executed, the CPU 10 starts control for executing the decoding process. First, the combining unit 17 is supplied with the internal packet stored in the internal memory 14 and the external packet stored in the external memory 20. The combining unit 17 refers to the distribution information from the distribution information output unit 13, detects the packet number of the supplied internal packet and external packet, and determines each packet number (step S302). As a result of determining the packet number, the combining unit 17 first reads the packet having the previous packet number from the internal memory 14 or the external memory 20 (step S304 and step S306). Further, the combining unit 17 outputs the internal packet or the external packet according to the packet number order of the read packet. In this way, the packets separated and stored in the internal memory 14 and the external memory 20 are combined (step S308), whereby the plain culture stream is restored. This plain culture stream is supplied to the decoder 12, and the decoder 12 performs a decoding process (step S310). In other words, the encoded data included in each packet of the plain culture stream is decoded by the decoder 12, and the content data corresponding to the image and the audio signal is output from the decoder 12. If the CPU 10 determines the processing status in the LSI 100 and further stores the plaintext stream for decoding processing in the external memory 20 and the internal memory 14, and returns to step S106 when it is determined that such decoding processing is to be continued. If the plain culture process and the decoding process as described above are continued and it is determined that such a decoding process is to be terminated, the decoding process as described above is terminated (step S312).

  In addition to the CPU 10 performing the above-described processing according to the data processing program, the processing of the plain culture unit 11, the processing of the separation unit 16, the processing of the combining unit 17, the decoding processing for restoring the encoded data, It may be configured to execute part or all of the processing such as processing for controlling the external memory.

  As described above, the data processing apparatus according to the present embodiment, in the LSI 100 protected from external access, based on the distribution information of the distribution information output unit 13 protected from the outside, Each packet serving as partial data is divided and stored in a protected storage unit such as the internal memory 14 and a non-protected storage unit such as the external memory 20. As described above, since the data processing apparatus according to the present embodiment only needs to set distribution information, it is not necessary to provide an encryption unit, a plain culture unit, or the like in data transmission to the unprotected storage unit. There is no need to provide a data type detection unit or an execution control unit for detecting frame type information from a stream or the like. Further, even with such a simple configuration, the content cannot be completely restored only with the external packet stored in the external memory 20, and the internal packet stored in the internal memory 14 cannot be easily accessed. Information is also protected from outside access. For this reason, the data processing apparatus according to the present embodiment suppresses an increase in the amount of hardware and processing load and does not depend on compression coding standards and the like, and protects content that is subject to copyright. The intended data processing apparatus can be provided.

  In the above description, an example in which stream data that is encoded and packetized data or plain culture stream is processed in units of packets having internal and external packets has been described. A configuration in which the length or byte length is used as a unit, the data is distributed as internal and external data, and the combining unit 17 combines the data based on the distribution information.

  Further, for example, the internal data and the external data may be sorted in order according to an arbitrary byte length, and a series of information such as the byte length for each order may be stored in the LSI 100 as distribution information. Good. That is, for example, xx bytes from the beginning are external data, the next yy bytes are internal data, the next zz bytes are external data, and so on, and xx, yy, zz,. Minute information may be used. These xx, yy, zz, etc. may be predetermined or random numbers. The distribution information may be an algorithm that generates predetermined xx, yy, zz, and the like. Alternatively, xx, yy, zz, and the like may be generated as random numbers of the same species by a single separation and combination.

  In the above description, an example has been described in which stream data composed of compression-coded and packetized data is processed. However, encryption that encrypts unencoded image data and the like has been described. It may be a form that processes data.

  Further, as a storage form for storing non-protected data such as external packets and external data in the external memory 20, for example, random data is embedded in an area corresponding to the protected data together with the non-protected data and stored in the external memory 20. Or, the gap between the data is reduced and stored in the external memory 20 so that the non-protected data is continuous, and the location where the random number data is embedded inside the LSI 100 or the location where the data is packed is stored. By adopting the configuration, in the data stored in the external memory 20, the location corresponding to the protection data becomes unclear, so that the content protection effect can be enhanced.

(Embodiment 2)
FIG. 3 is a block diagram showing an example of a data processing apparatus according to Embodiment 2 of the present invention. In the present embodiment, recording data including an encrypted stream composed of encrypted stream data is recorded on a recording medium, and the recording data recorded on the recording medium is acquired, and the plain culture corresponding to the stream data is acquired. An example of a data processing apparatus that restores a stream and further restores content data will be described. 3, components having the same reference numerals as those in FIG. 1 have the same functions as those in FIG. 1, and detailed descriptions thereof are omitted.

  As shown in FIG. 3, the data processing apparatus of the present embodiment records the recording data on the recording medium 30 and reads the recording data recorded on the recording medium 30, and the LSI 110 temporarily processes the external memory 20. Data processing is executed while saving the data inside. In the present embodiment, as the data processing unit, the LSI 110 executes processing such as encryption of the supplied stream data and data processing such as decryption processing for encryption and encoding while using the external memory 20. An example of a configuration in which the restored content data is output from the LSI 110 will be described. Also in this embodiment, the LSI 110 is packaged or modularized and functions as a protection processing unit that is difficult to access from the outside, and the outside of the LSI 110 including the external memory 20 is accessible from the outside. Functions as a protection processing unit.

  Also, as shown in FIG. 3, on the recording medium 30, such an encrypted stream is recorded in the data area, and management information is recorded in the header area. Further, at the time of recording the encrypted stream, designation information for designating predetermined data in the encrypted stream is generated. In addition, as such designation information, for example, information for special reproduction of the content is generated, and the generated information is recorded in the index area as index information. In the present embodiment, an example in which such index information is used as the designation information will be described. The index information is information for special playback such as fast-forward playback, slow playback, scene search, or scene jump. The index information includes, for example, information that divides the content into several parts and specifies a packet number that includes the head data of each division. More specifically, it includes information indicating the packet number storing the encoded data of the I frame in the MPEG system or the like. Note that an I frame is a unit of image data obtained by compressing and encoding data in the screen for one frame, and is a frame that can independently restore the image of that frame. Note that a stream encoded by the MPEG system includes P frames and B frames that cannot be restored without other frames (reference frames) in addition to the I frame described above. Details of each frame will be described below. By using such index information, for example, playback of one frame including head data is performed sequentially for each head frame, so that fast-forward playback of images can be performed. That is, fast-forward playback can be realized by restoring and displaying an I-frame image corresponding to each index information. In particular, this embodiment is characterized in that such index information is used as the distribution information described above.

  The data processing apparatus records the encrypted stream and the above-described index information on the recording medium 30 by mounting the recording medium 30 on the recording medium I / F (interface) unit 21 shown in FIG. The content recorded on the recording medium 30 in the form of an encrypted stream is reproduced.

  Next, as shown in FIG. 3, the LSI 110 records in addition to the plain culture unit 11, the distribution information output unit 13, the internal memory 14, the separation unit 16, the coupling unit 17, and the decoder 12. A processing unit 40 is provided. Further, the LSI 110 also includes a CPU 10, a memory control unit 15, and an internal common bus 19.

  The recording processing unit 40 encrypts the supplied stream data and generates an encrypted stream. Further, the recording processing unit 40 divides the stream data into a plurality of partial data, generates information relating to the division as distribution information, and generates the encrypted distribution information by encrypting the generated distribution information. . In the present embodiment, an example in which the recording processing unit 40 uses the above-described index information as such distribution information will be described. The recording processing unit 40 transfers recording data including encrypted index information as encrypted distribution information to the recording media I / F unit 21 together with the generated encrypted stream. Further, the recording data transferred in this way is recorded on the recording medium 30 in accordance with an instruction from the CPU 10. Also, as shown in FIG. 3, the encrypted stream is recorded in the data area of the recording medium, and the encrypted index information is recorded in the index area.

  Further, in order to execute such processing, the recording processing unit 40 includes an index information generation unit 41 that generates index information, and a key storage unit that is protected from external access and stores key data for encryption / decryption. 43 and an encryption unit 42 that encrypts stream data and index information using the key data stored in the key storage unit 43 to generate an encrypted stream and encrypted index information. The key data for encrypting the index information is key data based on information unique to the LSI 110 or standard-defined secret key data.

  On the other hand, the plain culture unit 11 performs a plain culture process for decrypting the encrypted stream recorded on the recording medium 30 to restore the plain culture stream, and the key for the index information stored in the key storage unit 43. Based on the data, it also performs plain culture processing on the encrypted index information. The plain culture stream restored by the flat culture unit 11 is supplied to the separation unit 16. The index information restored by the flat culture unit 11 is supplied to the distribution information output unit 13. The distribution information output unit 13 generates distribution information using the index information, and notifies the generated distribution information to the separation unit 16 and the combining unit 17. The separation unit 16 divides the supplied plain culture stream into partial data that is partial data, and the partial data is divided into the internal memory 14 and the external memory 20 based on the distribution information from the distribution information output unit 13. Sort and store separately. Also in the present embodiment, processing is performed in units of packets as partial data to be classified in this way, and the separation unit 16 stores the partial data to be internal packets in the internal memory 14 and the partial data to be external packets to the external memory 20. Take an example of memorizing. The combining unit 17 combines the internal packet recorded in the internal memory 14 and the external packet recorded in the external memory 20 based on the distribution information to restore the plain culture stream. The decoder 12 performs a decoding process on the plain culture stream restored by the combining unit 17 to restore the content data.

  In the LSI 110 configured as described above, data is transferred to and from the recording medium 30 attached to the recording medium I / F unit 21 via the common bus 22 in accordance with an instruction from the CPU 10.

  The read encrypted index information is temporarily stored in the external memory 20 or the internal memory 14 by the CPU 10. FIG. 3 shows an example in which the read encrypted index information is temporarily stored in the external memory 20. Further, as described above, the index information is information for special reproduction, and includes, for example, information that divides the content into several parts and indicates packet numbers including the head data of each division. The separation unit 16 uses such index information as distribution information, and determines whether each packet of the plain culture stream supplied from the plain culture unit 11 is a packet specified by the index information. In accordance with this determination, the separation unit 16 separates the packet so as to be distributed as an internal packet when the packet is specified by the index information and as an external packet when the packet is other than the packet. Further, the separation unit 16 transfers the separated internal packet to the internal memory 14 and transfers the separated external packet to the external memory 20. By performing such processing, the separation unit 16 converts the plain culture stream as stream data into, for example, internal packets as partial data including frames necessary for decoding other frames and decoding of other frames. Separated into external packets as partial data not including necessary frames. Further, the separation unit 16 stores the internal packet in the internal memory 14 as a protected storage unit, and stores the external packet in the external memory 20 as a non-protected storage unit.

  The data processing apparatus according to the second embodiment of the present invention records the recording data including the encrypted stream composed of the encrypted stream data on the recording medium 30 with the above configuration, and The content data is restored from the recorded encrypted stream.

  Next, the operation of the data processing apparatus configured as described above will be described.

  FIG. 4 is a diagram showing an example of the structure of the plain culture stream restored by the plain culture unit 11 and the structure of the index information. FIG. 5 is a flowchart showing the decryption processing procedure of the data processing apparatus according to the present embodiment. By executing the procedure as shown in FIG. 5, the data processing method in the data processing apparatus can be realized. FIG. 6 is a diagram illustrating an operation example in which the separation unit 16 separates the plain culture stream using the index information having the configuration illustrated in FIG. 4 with respect to the plain culture stream having the configuration illustrated in FIG. The operation of the data processing apparatus will be described below with reference to these drawings.

  First, a plain culture stream and index information corresponding to stream data will be described with reference to FIG. As described above, content data is recorded on the recording medium 30 as an encrypted stream that is encoded, packetized, and encrypted data. That is, in the process of converting content data into an encrypted stream, first, image data included in the content is converted into encoded data for each frame. As in the MPEG system, a basic algorithm for image compression encoding that is widely used at present is a compression encoding that combines a motion compensated prediction system with a discrete cosine transform (abbreviated as “DCT”) system. It is a method. In such a compression coding method, DCT coding of intra-frame data itself for an image, that is, intra-screen coding data, and DCT coding for motion-compensated inter-screen prediction data, that is, inter-screen prediction. Image compression encoding combining both the encoded data and the encoded data is performed. In general, a frame to be subjected to intra-frame encoding is referred to as an I frame, a frame to be subjected to inter-frame forward prediction encoding is referred to as a P frame, and a frame to be subjected to inter-screen bidirectional prediction encoding is referred to as a B frame. In addition, for example, an image unit called GOP (Group Of Picture) in the MPEG-2 system is configured by combining a plurality of screens divided on the basis of an I frame. Further, since the I frame is composed of encoded data encoded in the screen, the image of the frame can be restored only by the encoded data corresponding to the I frame. On the other hand, in order to restore the P frame and the B frame generated by the inter-screen prediction, the image data of the reference frame is necessary. Therefore, the image cannot be restored only by the encoded data.

  FIG. 4 shows how encoded data in such an I frame, P frame, and B frame is packetized. That is, as shown in FIG. 4, each packet is composed of a header portion storing header information and a payload portion storing data, and encoded data is stored in the payload portion. FIG. 4 shows a state in which encoded data is stored as follows. First, the encoded data of the I frame is stored in each payload portion of the packets having the packet numbers 1, 2, 3, and 4. The encoded data of the next P frame is stored in the payload portions of the packets having packet numbers 5 and 6. Further, the encoded data of the next B frame is stored in the payload portion of the packet having the packet number 7, and the encoded data of each frame is sequentially stored in this manner. Thus, the stream data is composed of a plurality of frames. Further, stream data obtained by encoding and packetizing content data is constituted by a plurality of packets each storing such encoded data. The recording medium 30 records an encrypted stream that is data obtained by further encrypting such stream data. Further, the plain culture process, which is such stream data, is restored by subjecting the encrypted stream to plain culture processing by the plain culture unit 11 of the LSI 110.

  Furthermore, the recording medium 30 stores encrypted index information obtained by encrypting index information that is information for special reproduction. FIG. 4 shows an example of entry information included in the index information. The entry information is information that divides the content into several parts and designates the packet number including the head data of each division. FIG. 4 shows an example in which each I frame is an entry frame having the division head, and the packet information storing the encoded data of such an entry frame is used as the entry information. That is, as shown in FIG. 4, in the entry information divided by each entry, each entry has a packet number of the first packet storing the encoded data of the I frame as the entry frame, the number of packets of these packets, and Information such as a reproduction time that is the reproduction time is stored. For example, in FIG. 4, entry 1 stores 1 which is the first packet number of packets of packet numbers 1, 2, 3 and 4 storing encoded data of I frame, and 4 which is the number of those packets. ing. Entry 2 stores 11 which is the leading packet number of packets of packet numbers 11 and 12 storing the encoded data of the next I frame, and 2 which is the number of those packets. Using such entry information, for example, by reproducing only the packet indicated by each entry, special reproduction such as fast-forwarding can be performed. In particular, since the I frame can restore the image of the frame only with the encoded data, such special reproduction can be easily realized.

  Next, FIG. 5 shows an operation of taking these data from the recording medium 30 on which the encrypted stream and the encrypted index information as described with reference to FIG. 4 are recorded and restoring the content data by this data processing apparatus. A description will be given according to the decoding processing procedure shown. 3 shows an example in which the encrypted index information and the encrypted stream are temporarily stored in the external memory 20 from the recording medium 30, and the stored data is transferred to the LSI 110 for processing. Further, in order to execute a decoding process that is a decoding process based on the data processing method of the encrypted stream as shown in FIG. 5, the CPU 10 performs a data process that is stored in a program memory that is a recording medium on which the program is recorded. The program is sequentially read, and processing as described below is executed according to the read data processing program.

  First, when the recording medium 30 is mounted on the data processing apparatus and the reproduction of content is instructed by a user or the like, for example, the CPU 10 performs such control via a control unit that controls the entire data processing apparatus. Receive instruction information. The CPU 10 starts control for executing the decoding process as shown in FIG. 5 in accordance with such instruction information.

  First, the CPU 10 instructs the recording medium I / F unit 21 to read the encrypted stream and the encrypted index information according to the instruction from the recording medium 30. As a result, the encrypted index information and the encrypted stream are transferred from the recording medium 30 to the LSI 110 via the recording medium I / F unit 21. The CPU 10 further instructs the memory control unit 15 to store the transferred data in the external memory 20. Thereby, the encrypted index information is read from the recording medium 30, and the encrypted index information is temporarily stored in a predetermined area of the external memory 20 (step S110). Further, the encrypted stream is read from the recording medium 30, and the encrypted stream is temporarily stored in a predetermined area of the external memory 20 (step S112). Next, the CPU 10 instructs the plain culture unit 11 to take in the encrypted index information temporarily stored in the external memory 20, and the encrypted index information is plainly written by the plain culture unit 11 (step S114). At this time, the plain culture unit 11 performs a plain culture process on the encrypted index information based on the key data for the index information stored in the key storage unit 43. Also, the index information restored by the plain culture unit 11 is notified to the distribution information output unit 13.

  Thereafter, decoding processing is executed in the LSI 110 while using the external memory 20. When the CPU 10 determines the processing status in the LSI 110 and determines that the encrypted stream for the plain culture process is stored in the external memory 20 and the plain culture process by the plain culture unit 11 or the like is executable, the plain culture process is executed. Control to start. On the other hand, when the CPU 10 determines that the plaintext stream for decoding processing is stored in the external memory 20 and the internal memory 14 and decoding processing by the combining unit 17 or the decoder 12 can be executed, the decoding processing is executed. Control is started (step S116).

  When the CPU 10 determines that the normal culture process is executable, the CPU 10 instructs the memory control unit 15 to read the encrypted stream stored in the external memory 20, and is controlled by the memory control unit 15. The encrypted stream is transferred from the external memory 20 to the LSI 110 (step S212). The encrypted stream transferred from the external memory 20 to the LSI 110 is further supplied to the plain culture unit 11 via the internal common bus 19.

  Next, the plain culture unit 11 executes a plain culture process for decrypting the supplied encrypted stream, and outputs the data generated by the plain culture process as a plain culture stream (step). S214). The plain culture unit 11 supplies such a plain culture stream to the separation unit 16.

  In addition to the plain culture stream from the plain culture unit 11, the separation unit 16 is notified of distribution information based on the index information corresponding to this plain culture stream from the distribution information output unit 13. That is, when the plain culture stream as shown in FIG. 4 is supplied, for example, the information of entry 1 corresponding to the packets of packet numbers 1, 2, 3 and 4 storing the encoded data of the I frame, the packet The information of entry 2 corresponding to the packets with the numbers 11 and 12 is notified from the distribution information output unit 13 to the separation unit 16. Thus, in the data processing apparatus of this embodiment, such entry information is used as distribution information. The separation unit 16 detects the packet number of each packet of the plain culture stream that is sequentially supplied, and determines whether or not the detected packet number is a packet specified by the entry information. In accordance with this determination, the separation unit 16 is an internal packet when it is a packet specified by entry information, that is, a packet storing encoded data of an entry frame, and is a packet storing encoded data other than the entry frame. In this case, the packet is separated so as to be distributed as an external packet (step S216). Further, the separation unit 16 transfers the separated internal packet to the internal memory 14 and transfers the separated external packet to the external memory 20.

  The internal packet data transferred from the separation unit 16 to the internal memory 14 is stored in a predetermined area of the internal memory 14 (step S218). The external packet data transferred from the separation unit 16 to the external memory 20 is stored in a predetermined area of the external memory 20 through the internal common bus 19 and controlled by the memory control unit 15 (step S220).

  When the CPU 10 determines the processing status in the LSI 110 and further stores an encrypted stream for plain processing, and determines that the processing from step S212 to step S218 or step S220 is further executed. Such processing from step S212 to step S218 or step S220 is further repeated. Thereby, each packet of the plain culture stream is separated and stored in the internal memory 14 and the external memory 20 so as to be distributed into the internal packet and the external packet according to the entry information.

  When the CPU 10 determines that the decoding process can be executed, the CPU 10 starts control for executing the decoding process. First, the combining unit 17 is supplied with the internal packet stored in the internal memory 14 and the external packet stored in the external memory 20. The combining unit 17 detects the packet numbers of the supplied internal packet and external packet, and determines the packet numbers (step S312). As a result of determining the packet number, the combining unit 17 first reads a packet having the previous packet number from the internal memory 14 or the external memory 20 (steps S314 and S316). Further, the combining unit 17 outputs the internal packet or the external packet according to the packet number order of the read packet. In this manner, the packets separated and stored in the internal memory 14 and the external memory 20 are combined (step S318), thereby restoring the plain culture stream. This plain culture stream is supplied to the decoder 12 and is decoded by the decoder 12 (step S320). In other words, the encoded data included in each packet of the plain culture stream is decoded by the decoder 12, and the content data corresponding to the image and the audio signal is output from the decoder 12. When the CPU 10 determines the processing status in the LSI 110 and further stores the plain culture stream for decoding processing in the external memory 20 and the internal memory 14, and returns to step S116, it returns to step S116. If the plain culture process and the decoding process as described above are continued and it is determined that such a decoding process is to be terminated, the decoding process as described above is terminated (step S322).

  In addition to the CPU 10 performing the above-described processing according to the data processing program, the processing of the recording processing unit 40, the processing of the plain culture unit 11, the processing of the distribution information output unit 13, and the processing of the separation unit 16 The configuration may also be such that some or all of the processing such as the processing of the combining unit 17, the decoding processing for restoring the encoded data, and the processing for controlling the external memory is also executed.

  FIG. 6 is a diagram illustrating an operation example in which the separation unit 16 separates the plain culture stream as described above.

  Next, detailed operations for executing the processing from step S212 to step S218 or step S220 shown in FIG. 5 will be described with reference to FIG. FIG. 6 shows an example in which a plain culture stream as shown in FIG. 4 is supplied to the separation unit 16. In this case, entry information such as entry 1 and entry 2 as shown in FIG. 4 is notified from the distribution information output unit 13 to the separation unit 16 as distribution information.

  In FIG. 6, a plain culture stream as shown in FIG. 4 is supplied to the separation unit 16, and entry information as shown in FIG. 4 is notified from the distribution information output unit 13. Then, the separation unit 16 first determines an internal packet based on the packet number that is the packet number 1 of the entry 1 and the number of packets that is the number of packets 4. That is, the separation unit 16 detects the packet numbers of the sequentially supplied packets, compares the detected packet number with the packet number 1 specified by the entry 1, and the detected packet number is specified by the entry 1. If it is determined that the packet number is 1, the packet number 1 is transferred to the internal memory 14 as an internal packet. Further, based on the number of packets 4 specified by entry 1, the separation unit 16 transfers the three packets following the packet with the packet number 1 to the internal memory 14 as internal packets. In this manner, the separation unit 16 determines the packet storing the encoded data of the entry frame based on the packet number and the packet number of the entry information, and the packet storing the encoded data of the entry frame is used as the internal packet in the internal memory 14. Saved in. That is, as shown in FIG. 6, the packets of packet numbers 1, 2, 3, and 4 that are four packets from the packet number 1 specified in entry 1 are stored in the internal memory 14 as internal packets.

  Next, the distribution information output unit 13 notifies the separation unit 16 of the packet number that is the packet number 11 of the entry 2 and the number of packets that is the number of packets 2. The separation unit 16 detects the packet number of the next packet to be supplied, and compares the detected packet number with the packet number 11 specified in the entry 2. Next to the packets with the packet numbers 1, 2, 3 and 4, the packet with the packet number 5 is supplied. Therefore, the separation unit 16 determines that the detected packet number 5 is different from the packet number 11 specified by the entry 2 and is encoded data other than the entry frame. A packet is transferred to the external memory 20 as an external packet. Similarly, the separation unit 16 determines that the encoded data other than the entry frame is stored in the packets with the packet numbers 6, 7, 8, 9 and 10 of the plain culture stream shown in FIG. Are transferred to the external memory 20 as external packets.

  Similarly to the case of entry 1, the separating unit 16 uses the packet number 11 of the entry 2 and the number of packets 2 so that the packets of the plain culture stream packet numbers 11 and 12 shown in FIG. The corresponding packet is determined and transferred to the internal memory 14 as an internal packet.

  When the separation unit 16 performs such an operation, as shown in FIG. 6, the internal packet storing the encoded data of the I frame is stored in the internal memory 14 inside the LSI 110 that is difficult to access from the outside. Further, the external packet storing the encoded data of the P frame and the B frame is stored in the accessible external memory 20.

  As described above, the data processing apparatus of the present embodiment and the data processing method of the encrypted stream according to the procedure as shown in FIG. 5 are recorded in advance on the recording medium 30 inside the LSI 110 as the protection processing unit. By using the encrypted index information for special playback, each packet of the plain culture stream is distributed and recorded in the internal memory 14 as the protected storage unit and the external memory 20 as the non-protected storage unit. is there. For this reason, the data processing apparatus and data processing method according to the present embodiment includes an encryption unit, a plain culture unit, and the like within the LSI 110, and frame type information from a plain culture stream. There is no need to provide a data type detection unit or an execution control unit for detection. Furthermore, even with such a simple configuration, the content cannot be completely restored only with the external packet stored in the external memory 20, and the internal packet stored in the internal memory 14 cannot be easily accessed. The index information as distribution information is encrypted in the recording medium, and the restored index information is protected from external access. For this reason, the data processing apparatus according to the present embodiment suppresses an increase in the amount of hardware and processing load and does not depend on compression coding standards and the like, and protects content that is subject to copyright. The intended data processing apparatus can be provided. In addition, the data processing apparatus according to the present embodiment does not provide a storage unit for storing different distribution information, and uses different indexes as the distribution information for each encrypted stream recorded on the recording medium. Since information can be generated, it is possible to improve security by making the distribution information different with a simple configuration.

  In the above description, as in step S216 in FIG. 5, when the packet stores the encoded data of the entry frame, the packet is an internal packet, and when the packet stores the encoded data other than the entry frame. Has been described with reference to an example of separation so that it is distributed as an external packet, but conversely, when it is a packet storing encoded data of an entry frame, it is an external packet and a packet storing encoded data other than the entry frame In such a case, the configuration may be such that it is distributed as an internal packet.

  Next, a more specific example of the index information used for distributing each packet of the plain culture stream to the internal memory and the external memory will be described. Here, an example of an SD memory card will be described as the recording medium 30.

  FIG. 7 is a directory configuration diagram of content and management information files configured in the SD memory card as the recording medium 30. Data including content such as an encrypted stream targeted by the present invention is stored in a content directory (PRGxxx) in a program unit in a media object data file (MOVnnn.MOD, where nnn is a media object data file number in hexadecimal). As recorded. Information about each media object data is recorded in a media object information file (MOVnnn.MOI). The index information in the present invention is also included in such media object information. Further, if there is still image data (PICnnn.JPG) or text data (TXTnnn.TXT) that is played back simultaneously with the media object data, PICnnn. JPG and TXTnnn. Recorded in a TXT file. Further, when a plurality of moving image data are simultaneously reproduced, which media object data file is to be simultaneously reproduced is described in a scene description data file (SCNnnn.SML). The management information of the entire program is recorded in a management data file (MGR_DATA), a program manager file (PRG_MGR), and a playlist management file (PLST_MGR) in the management directory (MGR_INFO).

  In the media object information file (MOVnnn.MOI), “DataType”, “DataSize”, “PlayBackDuration”, “TxtAttr”, “TstType”, “TstInterval”, “FrameTime”, as index information for special playback, etc. “NumTstEntry1” or “NumTstEntry2”, “NumModui”, “MODU_INFO (specifically, ModiTbl [size is NumModui])”, “ModuNumber”, “EntryFet”, “NetFr” Such information is stored.

  In such information, “DataType” indicates the type of the media object information file. “DataSize” indicates the data size of the media object information file. “PlayBackDuration” indicates the playback time of the media object. “TxtAttr” indicates an attribute such as a character code used for text data. “TstType” indicates the type of the time search table, and is used when the structure of the time search table and the meaning of the component values change according to the file format of the media object data file. The time search table is a table that stores information for specifying a time search entry as a marker for facilitating the search. “TstInterval” indicates the time resolution of the time search table. “FrameTime” indicates the time of one frame expressed in fractions. “NumTstEntry1” or “NumTstEntry2” indicates the number of entries in the time search table. “NumModui” indicates the number of information tables of a media object data unit (MODU, hereinafter, simply referred to as “MODU” as appropriate), which is a unit of compression encoding that can always be reproduced from that position. “MODU_INFO (specifically, ModiTbl [size is NumModui])” indicates an information table of the MODU. “ModuNumber” indicates a corresponding MODU number for each entry point. “EntryFrameDiff” indicates the number of frames from the previous entry frame to the time search entry. “ModuOffset” indicates the position (byte) of the corresponding MODU. “PacketSize” indicates the size of one packet. “NumFrame” indicates the number of frames in one packet.

  The information table “MODU_INFO” of MODU includes information such as “EntrySize”, “ModuPbTime”, “ModuSize”, and the like.

  In such information, “EntrySize” indicates the size of the entry frame. “ModuPbTime” indicates the number of frames constituting the MODU. “ModuSize” indicates the size of the MODU.

  FIG. 8 is a diagram showing a configuration of a media object data file such as an encrypted stream recorded on an SD memory card as the recording medium 30. The SD memory card as the recording medium 30 records each stream data in program units such as athletic meet shooting or movie recording. Also, as shown in FIG. 8, each program includes one or more media objects. That is, for example, the athletic meet shooting program (PRG001) includes a media object (MOV001) that records the opening ceremony of the athletic meet, a media object (MOV002) that records 100-meter running, and a media that records the closing ceremony of the athletic meet. A media object such as an object (MOV003) is recorded. Further, each media object includes a plurality of media object data units MODU. Each MODU is an image unit similar to the GOP in the MPEG-2 system, and usually starts with an I frame as described above. That is, an I frame as shown in FIG. 4 is used as an entry frame, and one media object data unit MODU is formed from the beginning of the I frame to immediately before the next I frame starts. FIG. 8 shows an example of a media object (MOV002) composed of MODU # 1 to MODU # 7, which starts with entry frames indicated by E1 to E7, respectively.

  When recording the content data on the SD memory card having the directory and file structure as shown in FIGS. 7 and 8, the recording device checks all program numbers in the root directory and newly creates a program number yyy. And create a content directory (PRGyyy). Next, when the recording apparatus detects an instruction to start recording, the input content data is converted into an encrypted stream and the like, and media object data MOV001.MOV is stored in PRGyyy. Record as a MOD file. In addition, the recording device records the media object information file MOV001. Including information on the entry frame of each media object data unit MODU. Create MOI. Next, when the recording apparatus detects an instruction to stop recording, MOV001. Recording of the MOD file is completed, and various related information is transferred to the media object information file MOV001. Record in MOI. The MODU information MODU_INFO, the value of the number of entries “NumTstEntry”, and the entry information (“ModuNumber”, “EntryFrameDiff”, “ModuOffset”, etc.) are recorded in the recorded MOV001. Determined by examining the MOD file. Thereafter, the recording device repeats the above process while updating the media object data file number every time recording is instructed. In this way, the content data is stored in the SD memory card as the recording medium 30 in the form of an encrypted stream or the like in the media object data file MOVnnn. Recorded as MOD. At the same time, the related information of the media object including information on the entry frame is stored in the media object information file MOVnnn. Recorded in MOI.

  In playback of an SD memory card in which content is recorded in such a recording format, for example, when fast-forward playback is performed, the media object information file MOVnnn. Referring to the information related to the entry recorded in the MOI, the media object data file MOVnnn. Fast-forward playback can be performed by sequentially reading the entry frames Em recorded in the MOD. That is, the media object information file MOVnnn. With reference to the MOI, the entry frame size “EntrySize” recorded in the MODU information table “ModuiTbl” constituting the MODU information “MODU_INFO” from the corresponding MODU position “ModuOffset” is assigned to the # m-th MODU. Read data for the number of bytes shown. When the reading is finished, the head moves to the beginning of the entry frame of the next MODU. Similarly, the media object data MOVnnn. Read MOD. Furthermore, fast-forward playback can be realized by repeating similar playback, such as moving to the next MODU.

  Further, in this data processing apparatus, when restoring content data from the recording medium 30 that is an SD memory card in which content is recorded in the recording format as described above, the LSI 110 receives the media object information file MOVnnn. Using the information about the entry recorded in the MOI, the media object data file MOVnnn. A process for restoring content data from the encrypted stream recorded in the MOD is performed. At this time, based on the operation of the present data processing apparatus as described above, the separation unit 16 of the LSI 110 performs the media object information file MOVnnn. Using the information about the entry such as the position “ModuOffset” of each MODU recorded in the MOI and the entry frame size “EntrySize”, the packet data corresponding to the entry frame is stored in the internal memory 14, Data is stored in the external memory 20. The data processing apparatus executes the content data decoding process while operating in this way.

  As can be seen from the specific example of restoring the content data from the encrypted stream recorded on the SD memory card, the data processing apparatus and the data processing method of the present embodiment have the media object information file MOVnnn. Using the entry information included in the index information for special reproduction already recorded in the MOI, each packet is selectively recorded in the internal memory 14 and the external memory 20 separately.

  Therefore, even with the data processing apparatus or data processing method of the present embodiment, if the plain culture stream is stored separately as partial data according to the index information as distribution information, it does not depend on the encoding method or data format. In addition, the content cannot be completely restored only by the partial data stored in the external memory 20, and the partial data stored in the internal memory 14 cannot be easily accessed. Furthermore, since the index information is encrypted in the recording medium 30 and is protected from external access in the LSI 110, it is possible to enhance the effect of preventing illegal acts such as illegally reading stream data.

  As described above, also in the data processing apparatus according to the present embodiment, inside the LSI 110 protected from external access, based on the index information of the distribution information output unit 13 protected from the outside, Each packet serving as partial data is divided and stored in a protected storage unit such as the internal memory 14 and a non-protected storage unit such as the external memory 20. As described above, since the data processing apparatus according to the present embodiment only needs to set the index information, it is not necessary to provide an encryption unit or a plain culture unit in data transmission to the unprotected storage unit. Therefore, it is not necessary to provide a data type detection unit or an execution control unit for detecting frame type information. Further, even with such a simple configuration, the content cannot be completely restored only with the external packet stored in the external memory 20, and the internal packet stored in the internal memory 14 cannot be easily accessed. Also, the recording medium is encrypted and protected from external access inside the LSI. For this reason, the data processing apparatus according to the present embodiment suppresses an increase in the amount of hardware and processing load and does not depend on compression coding standards and the like, and protects content that is subject to copyright. The intended data processing apparatus can be provided.

  In this embodiment, an example using index information encrypted and recorded on a recording medium as distribution information has been described. However, instead of index information, for example, random information or information indicating a predetermined procedure is used. May be encrypted as distribution information, and the encrypted distribution information may be recorded on a recording medium. That is, for example, the stream data is divided into a plurality of partial data having a random data length, the distribution information is information on the classification, and the separation unit 16 converts the partial data into the internal memory 14 and the external data based on such distribution information. A configuration may be adopted in which the data is distributed to the memory 20 and stored separately. Further, instead of a configuration for processing stream data, a configuration may be used in which encrypted data obtained by encrypting unencoded image data or the like is processed. In order to realize such a configuration, for example, a predetermined bit length or byte length is used as a unit, the data is distributed as internal and external data, and the combining unit 17 combines the data based on the distribution information. May be.

  In addition, as annotated in the first embodiment, in this embodiment, the internal data and the external data are sorted in order according to an arbitrary byte length, and a series of information such as the byte length for each order is allocated. A form may be stored in the LSI 110 as minute information. In addition, as a storage mode for storing non-protected data such as external packets and external data in the external memory 20, random data is embedded in the area corresponding to the protected data and stored in the external memory 20 together with the non-protected data, or The content protection effect can be enhanced by adopting a configuration in which the gap between data is reduced and stored in the external memory 20 so that non-protected data continues.

  In the present embodiment, the data processing apparatus has been described with an example including the recording processing unit 40 that records the recording data on the recording medium. However, the recording processing unit 40 is not provided, and the encrypted stream and the encrypted data are not included. A configuration having only a function of restoring content from a recording medium on which minute information is recorded may be used.

  Further, in the present embodiment, an example has been described in which key data for encryption / decryption is stored in the key storage unit 43. However, key data for encryption / decryption can be set from the outside. It may be a simple configuration. In this case, the key data is preferably encrypted.

  Furthermore, in each of the above-described embodiments, an example of a data processing apparatus that reproduces content recorded on a recording medium that is a portable recording medium such as a DVD or an SD memory card has been described. The recording medium may be a recording medium installed in an apparatus such as an HDD (Hard Disc Drive). Further, it may be a recording medium or a recording device connected via a network such as the Internet or a USB cable or IEEE1394. Further, the data processing apparatus may be in the form of a data processing apparatus that reproduces content data that is supplied as an Internet stream or broadcast as an encrypted stream including index information. In addition, the data processing apparatus once stores content data supplied as an encrypted stream including index information as Internet distribution or broadcast, in a portable, recording medium or recording apparatus installed in the apparatus or via a network. It may be in the form of a data processing device that records and reproduces the recorded content data.

  In each of the above-described embodiments, the configuration example in which an external memory, for example, a semiconductor memory provided outside the LSI is described as an example. However, the external memory may be, for example, an HDD installed in the apparatus. . Further, this data processing apparatus is not provided with such an external memory, and the separated external packet is recorded on a recording medium or a recording apparatus connected via a network such as the Internet or a USB cable or IEEE1394. It may be a configuration. In addition, it is a portable type in which an encrypted stream for playback is recorded, and is configured in such a manner that a separated external packet is recorded in a recording medium or a recording device or the like in a free space installed inside the apparatus or via a network. May be.

  In each of the above embodiments, as an example of realizing a protection processing unit that is a means protected from external access, a plain culture unit, a distribution information output unit, an internal memory, a separation unit, a combining unit, a decoder, The example of LSI, which is an integrated circuit that integrates the above functions, has been described. For example, these functions are implemented by a plurality of integrated circuits, and packaged or modularized to protect them from being difficult to access from the outside. The configuration as described above may be used. In short, any configuration that prevents access to the plain culture stream or internal packet restored by the plain culture department may be used.

  In each of the above embodiments, an example in which functions such as the plain culture unit, the distribution information output unit, the internal memory, the separation unit, the coupling unit, and the decoder are arranged in the integrated circuit as the protection processing unit has been described. However, the data processing apparatus may be configured without the protection processing unit. In this case, the data processing apparatus is provided with a protected storage unit that is protected from external access and an unprotected storage unit that is accessible from the outside, such as an external memory, as mere recording means. Then, the separation unit separates the stream data into, for example, protected data including frames necessary for decoding other frames and non-protected data not including frames necessary for decoding other frames. Further, the protection data is stored in the protection storage unit, and the non-protection data is stored in the non-protection storage unit. Further, in order to perform such separation by the separation unit, for example, entry frame information of the index information as described above is used. The present invention may have such a configuration, and even with such a simple configuration, the image data cannot be completely restored only with the non-protected data stored in the non-protected storage unit. Can be secured. In this case, the protection processing unit and the non-protection processing unit may be realized as separate recording means, and one recording means is protected from external access and externally accessible part. It may be realized by dividing into two.

  Further, in each of the above embodiments, as shown in FIG. 7, a stream or data including content such as an encrypted stream is stored in the media object data file MOVnnn. The media object information recorded as MOD and including the index information is the media object information file MOVnnn. An example has been described in which each file is recorded on a recording medium as a different file so as to be recorded as an MOI. However, a recording medium that records a stream containing data or data and index information as the same file is described. There may be.

  Further, in each of the above-described embodiments, the description has been given by taking the configuration example in which the internal packet important from the viewpoint of content protection is recorded in the internal memory provided in the LSI protected from unauthorized access. In the external memory, a protected area that is difficult to illegally access from the outside by not mapping to a logical address or user space, etc. and a non-protected area that can be accessed from the outside are provided and separated by the control of the separation unit The packet including the packet storing the entry frame data is recorded as a protected packet in the protected area of the external memory, and the other separated packets are recorded as unprotected packets in the unprotected area of the external memory. Also good.

  Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. Other embodiments such as the following are also included in the present invention.

  (1) The data processing apparatus and the data processing method are not limited to a configuration for receiving an encrypted stream from a recording medium, and may be configured to receive a plain culture stream. In the first place, the other party does not need to be a recording medium, and any device that can deliver contents such as a mobile phone may be used.

  (2) The data processing apparatus and the data processing method are not limited to the configuration in which the separation unit separates in units of frames, and may be configured not to separate in units of frames. For example, a part of the I frame (only the center part or the like) may be recorded in the protection storage unit or the protection area. Thereby, the usage-amount of a protection area can be suppressed more. As another example of a configuration that does not separate in units of frames, it is determined whether the packet includes a DCT coefficient or a packet that does not include a DCT coefficient, and an important packet including the DCT coefficient is set as protection data, and the other is not protected. The configuration may be such that the data is separated.

  (3) The data processing apparatus and the data processing method are not limited to the configuration in which the protected storage unit or the non-protected storage unit temporarily records the stream data. Good. In this case, it is desirable that the protected storage unit and the non-protected storage unit be realized not by a volatile memory but by a non-volatile memory or HDD that can record long-term data.

  (4) In each of the above embodiments, the configuration in which the designation information is not attached to the P and B frames has been described. However, in the data processing apparatus and the data processing method, the designation information is also attached to the P and B frames. Such a configuration may be used. However, in this case, it is necessary to add information indicating the I frame to the I frame designation information.

  (5) The data processing apparatus and the data processing method are not limited to the configuration in which the separation unit separates in units of packets, and may be configured to separate in other units. If the content cannot be completely decoded with the data stored in the non-protected storage unit, it may be separated in any unit.

  (6) Specifically, each of the above devices is a computer system including a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. Each device achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (7) A part or all of the constituent elements constituting each of the above-described devices may be configured by one system LSI (Large Scale Integration). The system LSI is a super multifunctional LSI manufactured by integrating a plurality of components on one chip, and specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  Further, each part of the constituent elements constituting each of the above devices may be individually made into one chip, or may be made into one chip so as to include a part or all of them.

  Although the system LSI is used here, it may be called IC, LSI, super LSI, or ultra LSI depending on the degree of integration. Further, the method of circuit integration is not limited to LSI's, and implementation using dedicated circuitry or general purpose processors is also possible. An FPGA (Field Programmable Gate Array) that can be programmed after manufacturing the LSI or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.

  Furthermore, if integrated circuit technology comes out to replace LSI's as a result of the advancement of semiconductor technology or a derivative other technology, it is naturally also possible to carry out function block integration using this technology. Biotechnology can be applied.

  (8) A part or all of the components constituting each of the above devices may be configured as an IC card that can be attached to and detached from each device or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

  (9) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.

  The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. Further, the digital signal may be recorded on these recording media.

  In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.

  The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

  In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.

  (10) The embodiment and the other examples may be combined.

  According to the present invention, for example, content can be reproduced while protecting the content from a recording medium on which content data on which protection of copyright or the like is important is recorded. Therefore, the present invention provides a data processing apparatus that decodes content data from an encrypted stream recorded on a recording medium such as a DVD or a memory card, and reproduces content from the recording medium having such a decoding function. Such as a playback device, or a recording / playback device that also has a function of recording content on a recording medium, and a broadcast that has a function of playing back content from a recording medium on which content such as images and sounds is recorded. It can be used for receiving devices, communication devices, information devices and others.

1 is a block diagram of a data processing apparatus according to Embodiment 1 of the present invention. The flowchart which showed the procedure of the decoding process of the data processor in Embodiment 1 of this invention The block diagram of the data processor in Embodiment 2 of this invention The figure which shows the structure of the plain culture stream and the structure of index information The flowchart which showed the procedure of the decoding process of the data processor in Embodiment 2 of this invention The figure which shows one operation example which isolate | separates the plain culture stream of a separation part. Directory structure diagram of contents and management information file configured in the SD memory card The figure which shows the structure of the media object data file of SD memory card Configuration diagram of a conventional data processing device

Explanation of symbols

10 CPU
DESCRIPTION OF SYMBOLS 11,99 Plain culture part 12,92 Decoder 13 Distribution information output part 14,94 Internal memory 15,95 Memory control part 16 Separation part 17 Connection part 19 Internal common bus 20,920 External memory 21,910 Recording media interface (I / F) unit 22 common bus 30 recording medium 40 recording processing unit 41 index information generating unit 42 encryption unit 43 key storage unit 90 internal CPU
91 Descramble processing unit 93 Output unit 96 Data type detection unit 97 Execution control unit 98 Encryption unit 100, 110, 900 LSI

Claims (36)

A data processing apparatus for restoring the stream data from an encrypted stream including encrypted stream data,
A plain culture part that unfolds the encrypted stream by decrypting the obtained encrypted stream and restores the plain culture stream corresponding to the stream data;
A distribution information output unit that outputs distribution information that is protected from external access and indicates a distribution procedure for the plain culture stream;
A protected storage unit for storing data protected from external access;
An unprotected storage unit for storing data;
A separation unit that divides the plain culture stream into partial data, and distributes and stores the partial data in the protected storage unit and the non-protected storage unit based on the distribution information;
A data processing comprising: a combining unit that combines the partial data stored in the protected storage unit and the partial data stored in the non-protected storage unit based on the distribution information, and restores the stream data apparatus. The data processing apparatus according to claim 1, wherein the distribution information is information generated based on a secret algorithm. The data processing apparatus according to claim 1, wherein the distribution information is information indicating the distribution procedure for distributing the partial data at random. It is divided into a protection processor that is difficult to access from the outside and a non-protection processor that is accessible from the outside.
The unprotected storage unit is arranged in the unprotected processing unit,
4. The system according to claim 1, wherein the protection processing unit includes the plain culture unit, the distribution information output unit, the protection storage unit, the separation unit, and the coupling unit. The data processing device according to item. 5. The data processing apparatus according to claim 4, wherein the protection processing unit is a packaged integrated circuit, and the non-protected storage unit is an external memory provided outside the integrated circuit. 6. The data processing apparatus according to claim 5, wherein the protection storage unit is an internal memory provided in the integrated circuit. The data processing apparatus according to claim 6, wherein the protection processing unit further includes a decoder that decodes the stream data restored by the combining unit to restore the decoded data. A memory for storing data,
Dividing the memory into a protected area protected from external access and an unprotected area accessible from the outside;
The data according to any one of claims 1 to 3, wherein the protected storage unit is the protected area of the memory, and the non-protected storage unit is the non-protected area of the memory. Processing equipment. 2. The data processing apparatus according to claim 1, wherein the distribution information is information relating to the division of the stream data into a plurality of partial data. A receiving unit that acquires recording data including the encrypted distribution information that is the encrypted stream and the encrypted distribution information from a recording medium;
The plain culture unit decrypts the encrypted stream and the encrypted distribution information by decrypting the encrypted stream and the encrypted distribution information included in the recording data acquired by the receiving unit. Culture and restore the plain culture stream and the distribution information corresponding to the stream data,
The data processing apparatus according to claim 9, wherein the distribution information output unit supplies the distribution information restored by the plain culture unit to the separation unit and the combining unit. It is divided into a protection processor that is difficult to access from the outside and a non-protection processor that is accessible from the outside.
The unprotected storage unit is arranged in the unprotected processing unit,
11. The data processing according to claim 10, wherein the receiving unit, the plain culture unit, the distribution information output unit, the protection storage unit, the separation unit, and the combining unit are arranged in the protection processing unit. apparatus. The data processing apparatus according to claim 11, wherein the protection processing unit is a packaged integrated circuit, and the non-protected storage unit is an external memory provided outside the integrated circuit. The data processing apparatus according to claim 12, wherein the protection storage unit is an internal memory provided in the integrated circuit. The data processing apparatus according to claim 13, wherein the protection processing unit further includes a decoder that decodes the stream data restored by the combining unit to restore the decoded data. A recording processing unit for recording the recording data on a recording medium;
The recording processing unit divides the stream data into a plurality of partial data to generate the distribution information, and further encrypts the encrypted distribution information to generate the encrypted distribution information, along with the encrypted stream. The data processing apparatus according to claim 10, wherein the data is recorded on the recording medium as the recording data including the distribution information. It is divided into a protection processor that is difficult to access from the outside and a non-protection processor that is accessible from the outside.
The unprotected storage unit is arranged in the unprotected processing unit,
16. The protection processing unit according to claim 15, wherein at least the recording processing unit, the plain culture unit, the distribution information output unit, the protection storage unit, the separation unit, and the combination unit are arranged. Data processing equipment. The data processing apparatus according to claim 16, wherein the protection processing unit is a packaged integrated circuit, and the non-protected storage unit is an external memory provided outside the integrated circuit. The data processing apparatus according to claim 17, wherein the protection storage unit is an internal memory provided in the integrated circuit. The data processing apparatus according to claim 18, wherein the protection processing unit further includes a decoder that decodes the stream data restored by the combining unit to restore the decoded data. The recording processing unit stores key data for encryption / decryption protected from external access, and generates the encrypted distribution information by encrypting the distribution information with the key data,
The said culture | cultivation part restore | restores the said distribution information by deciphering the encryption distribution information with the said key data, The one of the Claims 15-19 characterized by the above-mentioned. Data processing equipment. The integrated circuit further comprises a key storage unit for storing key data for encryption / decryption,
The recording processing unit generates the encrypted distribution information by encrypting the distribution information with the key data stored in the key storage unit,
20. The peace culture unit restores the distribution information by decrypting the encrypted distribution information using the key data stored in the key storage unit. The data processing device according to any one of the above. The data processing apparatus according to claim 21, wherein the key data is data based on information unique to an integrated circuit. The distribution information is index information for special reproduction of the stream data,
The said receiving part acquires the encryption index information which is the said index information encrypted as encryption distribution information with the said encryption stream recorded on the said recording medium. Item 23. The data processing device according to any one of items up to item 22. The plain culture part restores the index information by decrypting the encrypted index information included in the acquired recording data,
The distribution information output unit outputs information on the entry frame of the restored index information,
24. The data processing apparatus according to claim 23, wherein the separation unit sorts the restored plain culture stream into one partial data and the other partial data based on information on the entry frame. . The separation unit stores one partial data including at least a packet storing the data of the entry frame in the protection storage unit based on information on the entry frame, and stores the partial data other than the one partial data in the non-data 25. The data processing device according to claim 24, wherein the data processing device is stored in a protection storage unit. The separation unit stores one partial data including at least a packet storing the data of the entry frame in the unprotected storage unit based on information on the entry frame, and stores the partial data other than the one partial data in the unprotected storage unit. 25. The data processing device according to claim 24, wherein the data processing device is stored in a protection storage unit. The entry frame is an I frame of the stream data including encoded image data, and the information regarding the entry frame is information including a packet number storing the encoded image data of the I frame. The data processing apparatus according to any one of claims 24 to 26, wherein: 28. The data processing apparatus according to claim 27, wherein the encrypted stream and the encrypted index information are recorded on the recording medium as the same file. 28. The data processing apparatus according to claim 27, wherein the encrypted stream and the encrypted index information are recorded on the recording medium as different files. 30. The data processing apparatus according to claim 29, wherein the recording medium is an SD memory card, and the index information is recorded in a media object information file. The separation unit distributes the partial data into protected data to be stored in the protected storage unit and unprotected data to be stored in the non-protected storage unit based on the distribution information, and the protected data is stored in the protected storage unit. The random number data is stored in an area corresponding to the protected data together with the non-protected data in the unprotected storage unit. Data processing device. The separation unit distributes the partial data into protected data to be stored in the protected storage unit and unprotected data to be stored in the non-protected storage unit based on the distribution information, and the protected data is stored in the protected storage unit. 16. The data processing apparatus according to claim 1, wherein the non-protected storage unit stores the non-protected data so that the non-protected data is continuous. A plain culture part that decrypts the encrypted stream by decrypting the obtained encrypted stream and restores a plain culture stream corresponding to the stream data;
A distribution information output unit that outputs distribution information that is protected from external access and indicates a distribution procedure for the plain culture stream;
A protective storage unit for storing data;
The plain culture stream is divided into partial data, divided into one partial data and the other partial data based on the distribution information, and the one partial data is stored in the protection storage unit, and the other partial data is stored. A separation unit for outputting the partial data to the outside;
An integration comprising: a combining unit that combines the one partial data stored in the protection storage unit and the other partial data taken from outside based on the distribution information, and restores the stream data circuit. A data processing program of a data processing apparatus for restoring the stream data from an encrypted stream including encrypted stream data,
Clearing the encrypted stream by decrypting the obtained encrypted stream and restoring the plain culture stream corresponding to the stream data; and
Outputting distribution information indicating a distribution procedure for the plain culture stream;
Dividing the plain culture stream into partial data, and dividing and storing the partial data based on the distribution information into a protected storage unit and a non-protected storage unit protected from external access;
A data processing program comprising: combining the partial data stored in the protected storage unit and the partial data stored in the non-protected storage unit based on the distribution information, and restoring the stream data . A recording medium on which the data processing program according to claim 34 is recorded. A data processing method of a data processing apparatus for restoring the stream data from an encrypted stream including encrypted stream data,
Clearing the encrypted stream by decrypting the obtained encrypted stream and restoring the plain culture stream corresponding to the stream data; and
Outputting distribution information indicating a distribution procedure for the plain culture stream;
Dividing the plain culture stream into partial data, and dividing and storing the partial data based on the distribution information into a protected storage unit and a non-protected storage unit protected from external access;
A data processing method comprising: combining the partial data stored in the protected storage unit and the partial data stored in the non-protected storage unit based on the distribution information, and restoring the stream data .