JP2011060312A - Information recording medium, and data - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a device for effectively preventing unauthorized use of content, and to provide a recording medium and method. <P>SOLUTION: Content including broken data different from proper content configuration data is recorded in the information recording medium. Conversion data as the proper content configuration data to be replaced by the broken data and a conversion table storing set position information with respect to content of the conversion data are stored in the information recording medium. In a content reproduction process, the content configuration data is replaced by the conversion data in accordance with the conversion table recorded in the information recording medium. Even if there is leakage of an encryption key corresponding to encrypted content recorded in the information recording medium, the content is not reproduced in a device capable of acquiring the conversion data, and unauthorized use of the content is prevented. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information recording medium and data. More specifically, the present invention relates to an information recording medium and data that eliminates illegal use of content and realizes strict content use management by performing data conversion processing on various contents that require content use management.

  Various software data such as audio data such as music, image data such as movies, game programs, and various application programs (hereinafter referred to as “Content”) are recorded on a recording medium such as a blue laser using a blue laser. -It can be stored as digital data on a Ray Disc (trademark), DVD (Digital Versatile Disc), MD (Mini Disc), or CD (Compact Disc). In particular, Blu-ray Disc (trademark) using a blue laser is a high-density recordable disc and can record a large volume of video content as high-quality data.

  Digital contents are stored in these various information recording media (recording media) and provided to users. A user plays back and uses content on a playback device such as a personal computer (PC) or disc player.

  Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to adopt a configuration that restricts the use of the contents, that is, permits the use of the contents only to authorized users and prevents unauthorized copying or the like. It is the target.

  According to the digital recording device and the recording medium, for example, recording and reproduction can be repeated without deteriorating images and sound, and illegally copied content is distributed via the Internet, and the content is copied to a CD-R or the like. Problems such as the distribution of so-called pirated discs and the use of copy contents stored on hard disks such as PCs have become widespread.

  A large-capacity recording medium such as a DVD or a recording medium using a blue laser that has been developed in recent years can record a large amount of data, for example, one movie to several movies as digital information on one medium. Is possible. As video information and the like can be recorded as digital information in this way, it is an increasingly important issue to prevent unauthorized copying and to protect the copyright holder. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been put into practical use.

  For example, a DVD player employs a content scramble system. In the content scramble system, for example, in a configuration in which video data, audio data, etc. are encrypted and recorded on a DVD-ROM (Read Only Memory), the content can be reproduced by releasing the scramble.

  In the descrambling process, it is necessary to execute a process to which specific data such as a key given to the licensed DVD player is applied. The license is given to a DVD player designed to comply with a predetermined operation rule such as not performing illegal copying. Therefore, a licensed DVD player uses a specific data such as a given key to re-scramble the data recorded on the DVD-ROM to reproduce images and sounds from the DVD-ROM. Can do.

  On the other hand, an unlicensed DVD player does not have specific data such as a key used for descrambling the scrambled data, and therefore cannot reproduce the data recorded on the DVD-ROM. As described above, in the content scramble system configuration, a DVD player that does not satisfy the conditions required at the time of license cannot reproduce a DVD-ROM on which digital data is recorded, so that unauthorized copying is prevented. It has become.

However, such a content scramble system has a problem in that the processing load on the information processing apparatus side as a user device that executes reproduction processing increases. In addition, among existing scramble systems, there are many systems in which the descrambling method has already been decoded and the decoding method is distributed via communication means such as the Internet. As described above, once the scramble technique is deciphered, there arises a problem of infringement of the copyright and use right of the content, such as illegal reproduction and copying of the content by an unauthorized descrambling process.
In addition, even if the content is encrypted, if an encryption key leaks, the content that has been decrypted illegally will flow out. As a prior art that discloses one configuration for solving such a problem, there is a configuration described in Patent Document 1. Patent Document 1 discloses a configuration in which dummy data is inserted between data in units of sectors to prevent unauthorized reproduction of content. However, in the configuration in which dummy data is removed during playback and playback is not performed, identification data of the playback device and playback application software cannot be embedded in output data.

JP-A-11-45508

  The present invention has been made in view of such a situation, and by adopting a simple processing configuration based on data conversion processing mainly for data replacement, the load on the information processing apparatus side can be reduced, and content can be reduced. An object of the present invention is to provide an information recording medium and data that can prevent unauthorized use.

The first aspect of the present invention is:
An information recording medium having recording data,
Processing for replacing conversion data to be replaced with a part of the recorded data, a conversion table in which setting position information for the content of the conversion data is recorded, and content configuration data applying the conversion table executed on a playback device The data processing program used for
Store as recorded data,
The conversion table is
(1) registration information including the conversion data;
(2) The registration information is
(2a) registration information including conversion data for converting broken data into legitimate content data, or
(2b) registration information including conversion data for embedding identification information of a playback device or a content playback application,
A type identifier that identifies
(3) A table in which replacement position information of conversion data is recorded,
By executing the data processing program in the playback device,
It is possible to change the execution mode of the process of acquiring the conversion table and replacing the content configuration data at the position of the replacement position information of the conversion data recorded in the conversion table with the conversion data according to the type identifier. It is in the information recording medium.

  Furthermore, in an embodiment of the information recording medium of the present invention, the data processing program is characterized in that the type identifier is registered information in a conversion table, and (2a) conversion data for converting broken data into legitimate content data. If the registration information includes the broken data that is different from the valid content that is the content configuration data, the conversion data that is the valid content data included in the registration information of the conversion table is executed. It is a program to be made.

  Furthermore, in one embodiment of the information recording medium of the present invention, the data processing program includes a conversion for embedding the type identifier, the registration information of the conversion table, and (2b) identifying information of the playback device or content playback application. If the registration information includes data, a partial area of the content, which is content configuration data, is registered in the conversion table registration information based on the configuration bits of the identification information of the content playback device or content playback application. It is a program that executes a process that replaces or does not replace the conversion data included in the data.

  Furthermore, in one embodiment of the information recording medium of the present invention, the registration information further includes reference bit position information indicating a bit position to be referred to of configuration bits of identification information of the playback device or content playback application, and the data The processing program is a program for executing a process for determining whether or not to perform a replacement process using conversion data according to a value of a bit position indicated by the reference bit position information.

  Furthermore, in an embodiment of the information recording medium of the present invention, the data processing program applies different parameters to each partial conversion table data in which conversion data corresponding to only partial configuration data of the content is recorded. It is a program that executes the above-described arithmetic processing or encryption processing, and executes conversion data acquisition processing that is replacement data.

  Furthermore, in an embodiment of the information recording medium of the present invention, the data processing program applies an exclusive OR that applies different parameters to a plurality of conversion data included in the one or more conversion tables in a predetermined reproduction unit. The present invention is characterized in that the program executes calculation processing and executes conversion data acquisition processing as replacement data.

  Furthermore, in an embodiment of the information recording medium of the present invention, the data processing program causes the different parameter calculation processing to be executed as intermittent processing synchronized with content reproduction or external output, and intermittently sequentially. The program is characterized in that conversion data corresponding to different content configuration data is obtained by arithmetic processing or encryption processing based on different parameters to be calculated.

  Furthermore, in one embodiment of the information recording medium of the present invention, the data processing program sequentially acquires a divided conversion table that is divided and recorded in a configuration packet of the content and sequentially acquires the content from the divided conversion table. It is a program for executing conversion data which is replacement data corresponding to only a part of the configuration data, and a process of acquiring recording position information of the conversion data.

Furthermore, the second aspect of the present invention provides
Content structure to which conversion data to be replaced of a part of content configuration data constituting content, a conversion table in which setting position information for the content of the conversion data is recorded, and the conversion table executed on the playback device are applied Data including a data processing program used for data replacement processing,
The conversion table is
(1) registration information including the conversion data;
(2) The registration information is
(2a) registration information including conversion data for converting broken data into legitimate content data, or
(2b) registration information including conversion data for embedding identification information of a playback device or a content playback application,
A type identifier that identifies
(3) A table in which replacement position information of conversion data is recorded,
By executing the data processing program in the information processing apparatus,
It is possible to change the execution mode of the process of acquiring the conversion table and replacing the content configuration data at the position of the replacement position information of the conversion data recorded in the conversion table with the conversion data according to the type identifier. It is in the data.

  The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format to a computer system capable of executing various program codes, such as a CD, FD, or MO. It is a computer program that can be provided by a recording medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  According to the configuration of an embodiment of the present invention, content including modified data is recorded on an information recording medium, and further, conversion data that is legitimate content configuration data to be replaced with the modified data, and the content of the converted data Since the conversion table in which the setting position information is recorded is stored in the information recording medium, and in the content reproduction process, the content configuration data is replaced with the conversion data in accordance with the conversion table recorded in the information recording medium. Even when the encryption key corresponding to the encrypted content recorded on the information recording medium is leaked, the content cannot be reproduced in an apparatus that cannot obtain the conversion data, and unauthorized use of the content is prevented.

  In addition, according to the configuration of the embodiment of the present invention, the conversion data including the data that can analyze the constituent bits of the identification information that can identify the content reproduction device or the content reproduction application is applied as the conversion data. Even if illegal contents are leaked, it is possible to identify the source of illegal contents by analyzing the conversion data.

  In addition, according to the configuration of the embodiment of the present invention, since the calculation process or the encryption process using different parameters is set for each divided table obtained by dividing the conversion table storing the conversion data, Even when parameter leakage occurs, only a part of the content is allowed to be reproduced, and the possibility of leakage of the entire content can be reduced.

It is a figure explaining the structure and process of the storage data of an information recording medium, a drive apparatus, and information processing apparatus. It is a figure explaining the example of a setting of the content management unit set with respect to the storage content of an information recording medium. It is a figure explaining a response | compatibility with the content management unit and unit key set with respect to the storage content of an information recording medium. It is a figure explaining the directory structure set with respect to the storage content of an information recording medium. It is a figure explaining the directory structure of a conversion table and a data conversion process program. It is a figure which shows the process example 1 of a content reproduction process. It is a figure explaining the mutual authentication processing sequence between a drive and a host. It is a figure explaining the application process of the conversion data performed in the case of content reproduction. It is a figure explaining the data structure of the data conversion table recorded on an information recording medium. It is a figure which shows the process example 2 of a content reproduction process. It is a figure which shows the process example 3 of a content reproduction process. It is a figure explaining the data structure of the conversion table in which the obfuscation process is made | formed by the conversion table block (FUT block) unit. It is a figure explaining the data structure of the conversion table in which the obfuscation process is made | formed by the conversion table block (FUT block) unit. It is a figure which shows the process example 4 of a content reproduction process. It is a figure which shows the process example 5 of a content reproduction process. It is a figure which shows the process example 6 of a content reproduction | regeneration process. It is a figure explaining a data structure in case a conversion table is stored in the transport stream packet containing a content. It is a figure which shows the process example 7 of a content reproduction | regeneration process. It is a figure explaining the data structure of the divided | segmented conversion table. It is a figure explaining the structural example by which it distributes to the specific packet in the structure data of encryption content, and a conversion table is recorded. It is a figure explaining an example of the writing structure of conversion data. It is a figure which shows the modification of the process example 7 of a content reproduction process. It is a figure which shows the process example 8 of a content reproduction process. It is a figure which shows the whole data structure of a conversion table. It is a figure which shows the data structure of one conversion table block (FUT block) in the some conversion table block (FUT block) contained in a conversion table. It is a figure which shows the data structure of the conversion data entry in a conversion table block (FUT). It is a figure which shows the modification of the process example 8 of a content reproduction process. It is a figure which shows the modification of a conversion table. FIG. 3 is a diagram for describing a hardware configuration example of an information processing apparatus that executes an application as a host.

Hereinafter, details of the present invention will be described with reference to the drawings. The description will be made according to the following description items.
1. 1. Outline of data stored in information recording medium and processing in drive and host 2. Content management unit (CPS unit) Content reproduction processing (3.1) Content reproduction processing example 1
(3.2) Content reproduction processing example 2
(3.3) Content reproduction processing example 3
(3.4) Content reproduction processing example 4
(3.5) Content reproduction processing example 5
(3.6) Content reproduction processing example 6
(3.7) Content Playback Processing Example 7
(3.8) Content Playback Processing Example 8
4). 4. Configuration of information processing apparatus Information recording medium manufacturing apparatus and information recording medium

[1. Overview of data stored in information recording medium and processing in drive and host]
First, data stored in the information recording medium and an outline of processing in the drive and the host will be described. FIG. 1 shows the configuration of the information recording medium 100, the drive 120, and the host 150 in which content is stored. The host 150 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and performs processing using hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence.

  The information recording medium 100 is, for example, an information recording medium such as a Blu-ray disc, a DVD, and the like, which is a legitimate content manufactured at a disc manufacturing factory with the permission of a so-called content right holder having a copyright or distribution right. An information recording medium (ROM disk or the like) storing various contents or an information recording medium (RE disk or the like) capable of recording data. In the following embodiments, a disk-type medium will be described as an example of the information recording medium. However, the present invention can be applied to configurations using information recording media of various modes.

(1) Encrypted content 101
Various contents are stored in the information recording medium 100. For example, it consists of an AV (Audio Visual) stream of moving image content such as HD (High Definition) movie content which is high-definition moving image data, a game program of a format defined by a specific standard, an image file, audio data, text data, etc. Content. These contents are specific AV format standard data and are stored according to a specific AV data format. Specifically, for example, Blu-ray Disc ROM standard data is stored in accordance with the Blu-ray Disc (trademark) ROM standard format.

(1) Encrypted content 101
Various contents are stored in the information recording medium 100. For example, it consists of an AV (Audio Visual) stream of moving image content such as HD (High Definition) movie content which is high-definition moving image data, a game program of a format defined by a specific standard, an image file, audio data, text data, etc. Content. These contents are specific AV format standard data and are stored according to a specific AV data format. Specifically, for example, it is stored as Blu-ray disc ROM standard data according to the Blu-ray disc ROM standard format.

  Furthermore, for example, a game program as service data, an image file, audio data, text data, or the like may be stored. These contents may be stored as data having a data format that does not conform to a specific AV data format.

  The content types include various contents such as music data, image data such as moving images and still images, game programs, and WEB contents, and these contents can be used only by data from the information recording medium 100. Various types of information such as content information that can be used in combination with content information, data from the information recording medium 100, and data provided from a network-connected server are included. The content stored in the information recording medium is encrypted by assigning a different key (CPS unit key or unit key (or sometimes called a title key)) to each divided content in order to realize different usage control for each divided content. And stored. A unit for assigning one unit key is called a content management unit (CPS unit). Furthermore, the content is set as broken data in which a part of the configuration data is replaced with data different from the correct content data. The correct content playback is not executed only by the decryption process. If playback is performed, the broken data is converted. Processing to replace the data registered in the table is required. These processes will be described in detail later.

(2) MKB
An MKB (Media Key Block) 102 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method. The MKB 102 can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. This is a key information block. This is an application of an information distribution method in accordance with a so-called hierarchical tree structure, which makes it possible to acquire and invalidate a media key [Km] only when the user device (information processing apparatus) has a valid license. In the revoked user device, the media key [Km] cannot be acquired.

  The management center as a license entity cannot be decrypted with a device key stored in a specific user device due to a change in the device key used for encrypting key information stored in the MKB, that is, a media key necessary for content decryption cannot be obtained. An MKB having a configuration can be generated. Accordingly, it is possible to provide an encrypted content that can be decrypted only to a device having a valid license by removing (revoking) an unauthorized device at an arbitrary timing. The content decryption process will be described later.

(3) Title Key File As described above, each content or a set of a plurality of contents is encrypted by applying an individual encryption key (title key (CPS unit key)) for content usage management. It is stored in the recording medium 100. That is, AV (Audio Visual) stream, image data such as music data, moving image, still image, game program, WEB content, etc. constituting the content are divided into units as management units for content use. It is necessary to generate a different title key and perform decryption processing. Information for generating the title key is title key data. For example, the title key is obtained by decrypting the encrypted title key with a key generated by a media key or the like. In accordance with a predetermined encryption key generation sequence to which the title key data is applied, a title key corresponding to each unit is generated and the content is decrypted.

(4) Use Permission Information The use permission information includes, for example, copy / playback control information (CCI). That is, the copy restriction information for use control corresponding to the encrypted content 101 stored in the information recording medium 100 and the reproduction restriction information. This copy / playback control information (CCI) can be set in various ways, for example, when it is set as individual CPS unit information set as a content management unit, or when it is set corresponding to a plurality of CPS units. is there.

(5) Conversion Table As described above, the encrypted content 101 stored in the information recording medium 100 is subjected to predetermined encryption, and part of the content configuration data is based on broken data different from the correct data. It is configured. When reproducing the content, a data overwriting process is required to replace the broken data with conversion data that is correct content data. A table in which the conversion data is registered is a conversion table (Fix-up Table) 105. A large number of pieces of broken data are scattered and set in the content, and when reproducing the content, it is necessary to replace (overwrite) the plurality of broken data with the conversion data registered in the conversion table. By applying this conversion data, for example, even when the encryption key is leaked and the content is decrypted illegally, the content cannot be reproduced by the presence of the replacement data only by decrypting the content. Unauthorized use of content can be prevented.

  The conversion table 105 includes conversion data including data that makes it possible to analyze the constituent bits of the identification information that can identify the content playback apparatus or the content playback application, in addition to the normal conversion data. Specifically, for example, a player ID as identification data of a player (an apparatus that executes a host application) or “conversion data including an identification mark” in which identification information generated based on the player ID is recorded is included. The conversion data including the identification mark is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content. Details of processing using these conversion data will be described later.

  Although FIG. 1 shows an example in which the conversion table 105 is set as an independent data file, the conversion table is not included as an independent file, but is included in the configuration packet of the encrypted content 101 in a scattered manner. Also good. These configurations and processes will be described later.

(6) Data Conversion Processing Program The data conversion processing program 106 is a program including processing instructions for executing data conversion processing based on registered data in the conversion table (Fix-up Table) 105, and is executed by a host that executes content reproduction. Used. It is executed in the data conversion processing unit 154 of the host 100 in FIG.

  In the host, a virtual machine (VM) that executes data conversion processing is set, the data conversion processing program 106 read from the information recording medium 100 is executed in the virtual machine (VM), and a conversion table (Fix-up Table) is executed. The registration data 105 is applied, and the data conversion process of the partial configuration data is executed on the decrypted content. Details of these processes will be described later.

  Next, configurations of the host 150 and the drive 120 and an outline of processing will be described with reference to FIG. The reproduction processing of the content stored in the information recording medium 100 is executed by transferring data to the host 150 via the drive 120. Prior to the use of the content, mutual authentication processing is executed between the drive 120 and the host 150. After the validity of both is confirmed by the establishment of this authentication processing, the encrypted content is transferred from the drive to the host, and the host side Then, the content is decrypted, and further the data conversion processing based on the above-described conversion table is executed to reproduce the content.

  In the mutual authentication executed between the host 150 and the drive 120, refer to a revocation (invalidation) list issued by the management center indicating whether each device or application is registered as an unauthorized device or application. A process for determining validity is executed.

  The drive 120 has a memory 122 for storing a host CRL (Certificate Revocation List) storing revocation (invalidation) information of a host certificate (public key certificate). On the other hand, the host 150 has a memory 152 for storing a drive CRL (Certificate Revocation List) storing revocation (invalidation) information of a drive certificate (public key certificate). The memory is a non-volatile memory (NVRAM). For example, when the CRL read from the information recording medium 100 is a newer version, each data processing unit 121, 151 stores a new version host in the memory 122.152. Update processing for storing the CRL or the drive CRL is performed.

  The management center sequentially updates CRLs such as the host CRL and the drive CRL. That is, when a new unauthorized device is detected, an updated CRL is issued by adding the certificate ID or device ID issued to the unauthorized device as a new entry. Each CRL is assigned a version number, and can be compared with the old and new. For example, when the CRL read from the information recording medium loaded in the drive is newer than the CRL stored in the memory 122 in the drive, the drive executes a CRL update process. Similarly, the host 150 updates the drive CRL.

  In addition to the CRL update process, the data processing unit 121 of the drive 120 executes an authentication process with the host that is executed when the content is used, a data read process from the information recording medium, and a data transfer process to the host.

  As described above, the host 150 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and performs processing using hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence. Do.

  The host 150 includes a data processing unit 151 that performs mutual authentication processing with the drive 120, data transfer control, and the like, a decryption processing unit 153 that performs decryption processing of the encrypted content, and data based on the registration data of the conversion table 105 described above. A data conversion processing unit 154 that executes conversion processing and a decoding processing unit 155 that executes decoding (for example, MPEG decoding) processing are included.

  The data processing unit 151 executes a host-drive authentication process. In the authentication process, the drive is not a revoked drive with reference to the drive CRL stored in the memory a152 as a nonvolatile memory (NVRAM). Make sure. The host also performs an update process for storing a new version of the drive CRL in the memory a152.

  The decryption processing unit 153 applies various information stored in the memory b 156 and data read from the information recording medium 100 to generate a key to be applied to content decryption, and executes decryption processing of the encrypted content 101. To do. The data conversion processing unit 154 applies the conversion data registered in the conversion table acquired from the information recording medium 100 according to the data conversion processing program acquired from the information recording medium 100, and replaces the content configuration data (overwrite) ). The decoding processing unit 155 executes decoding (for example, MPEG decoding) processing.

  The memory b156 of the information processing apparatus 150 stores a device key: Kd, key information applied to mutual authentication processing, key information applied to decryption, and the like. The details of the content decryption process will be described later. The device key: Kd is a key applied to the MKB process described above. The MKB can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. When decrypting the encrypted content, the information processing apparatus 150 executes the MKB process by applying the device key: Kd stored in the memory b156. The details of the content decryption process will be described later.

[2. About content management unit (CPS unit)]
As described above, the content stored in the information recording medium is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. That is, the content is divided into content management units (CPS units), subjected to individual encryption processing, and individual usage management.

  When using content, it is necessary to obtain a CPS unit key (also referred to as a title key) assigned to each unit. In addition, other necessary keys, key generation information, etc. are applied in advance. Playback is performed by executing data processing based on the decoding processing sequence. A setting mode of the content management unit (CPS unit) will be described with reference to FIG.

  As shown in FIG. 2, the content has a hierarchical structure of (A) an index 210, (B) a movie object 220, (C) a playlist 230, and (D) a clip 240. When an index such as a title accessed by the playback application is specified, for example, a playback program associated with the title is specified, and a playlist that defines the playback order of contents is selected according to the program information of the specified playback program.

  The play list includes play items as reproduction target data information. The AV stream or the command as the actual content data is selectively read out by the clip information as the playback section defined by the play item included in the playlist, and the AV stream playback and command execution processing are performed. There are a large number of playlists and play items, and a playlist ID and play item ID as identification information are associated with each.

  FIG. 2 shows two CPS units. These constitute a part of the content stored in the information recording medium. Each of CPS units 1 and 271 and CPS units 2 and 272 is set as a unit including a clip including a title as an index, a movie object as a playback program file, a playlist, and an AV stream file as content actual data. CPS unit.

  The content management units (CPS units) 1 and 271 include titles 1 and 211 and titles 2 212, playback programs 221 and 222, playlists 231 and 232, clips 241 and clips 242, and these two clips 241. , 242, AV stream data files 261, 262, which are actual data of content, are at least encryption target data, and in principle are encryption keys set in association with the content management units (CPS units) 1, 271. Is set as data encrypted by applying a title key (Kt1) (also called a CPS unit key).

  The content management units (CPS units) 2, 272 include applications 1, 213, a playback program 224, a playlist 233, and a clip 243 as indexes, and an AV stream data file 263 that is actual data of the content included in the clip 243. Is encrypted by applying a title key (Kt2) that is an encryption key that is an encryption key set in association with the content management units (CPS units) 2 and 272.

  For example, in order for the user to execute an application file or content reproduction process corresponding to the content management units 1 and 271, a title key as an encryption key set in association with the content management units (CPS units) 1 and 271: It is necessary to acquire Kt1 and execute the decoding process. In order to execute the application file or content reproduction process corresponding to the content management unit 2 272, the title key: Kt 2 as an encryption key set in association with the content management unit (CPS unit) 2 272 is acquired. Therefore, it is necessary to execute the decoding process.

  FIG. 3 shows a setting configuration of the CPS unit and a corresponding example of the title key. FIG. 3 shows a correspondence between CPS unit setting units as usage management units of encrypted content stored in the information recording medium and title keys (CPS unit keys) applied to each CPS unit. It is also possible to store and set a CPS unit for subsequent data and a title key in advance. For example, the data portion 281 is an entry for subsequent data.

  There are various CPS unit setting units such as content titles, applications, data groups, and the like, and a CPS unit ID as an identifier corresponding to each CPS unit is set in the CPS unit management table.

  In FIG. 3, for example, title 1 is CPS unit 1, and when decrypting encrypted content belonging to CPS unit 1, it is necessary to generate title key Kt1 and perform decryption processing based on the generated title key Kt1. .

  As described above, the content stored in the information recording medium 100 is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. For individual usage management for each content management unit (CPS unit), usage permission information (UR: Usage Rule) for each content management unit (CPS unit) is set. As described above, the use permission information is information including, for example, copy / reproduction control information (CCI) for content, and copy restriction information and reproduction restriction information of encrypted content included in each content management unit (CPS unit). It is.

  Note that the generation of the title key requires data processing using various information stored in the information recording medium. Specific examples of these processes will be described in detail later.

Next, with reference to FIG. 4, the directory structure corresponding to the content having the hierarchical structure shown in FIG. 2 will be described.
(A) The index 210 in FIG. 2 is the index.bdmv file in the directory shown in FIG. 3. (B) The movie object 220 in FIG. 2 is the MovieObject.bdmv file in the directory shown in FIG. 3. (C) The playlist in FIG. 230 is a file under the PLAYLIST directory in the directory shown in FIG.
(D) The clip 240 in FIG. 2 corresponds to a pair of files under the CLIPINF directory and files under the STREAM directory in the directory shown in FIG. 3 having the same file number.

  As described above, the content stored in the information recording medium is set as broken data in which part of the content data is replaced with data different from the correct content data, and correct content playback is executed only by the decryption process. In the case of reproduction, it is necessary to replace the broken data with the data registered in the conversion table. For this replacement process, the data conversion process program 106 stored in the information recording medium is applied, and the data conversion process based on the registered data in the conversion table (Fix-up Table) 105 is executed.

As described above, the conversion table 105 and the data conversion processing program 106 are recorded on the information recording medium. FIG. 5 shows the conversion table corresponding to the content having the directory structure shown in FIG. 4 and the directory structure of the data conversion processing program. FIG. 5 shows the directory structure of the data conversion processing program created for the AV content having the directory structure of FIG. 4 and the conversion table.
[ContentCode.svm] shown in FIG. 5 is a data conversion processing program,
[FixUpXXXXX.tbl] shown in FIG. 5 is a conversion table defined for each clip. (XXXXX matches the file number of the clip information file)

[3. Content playback processing]
A plurality of cases in which mutual authentication processing between the drive and the host is executed, and content reproduction processing is executed by transferring content stored in the information recording medium attached to the drive from the drive to the host on the condition that authentication is established An example of the process will be described.

(3.1) Content playback processing example 1
First, content reproduction processing example 1 will be described with reference to FIG. In FIG. 6, the information recording medium 310 storing the encrypted content and the information recording medium 310 are set from the left, and the drive 330 for executing data reading is connected to the information recording medium 310 so as to be capable of data communication with the drive. A host 350 that executes a playback application that acquires stored content via a drive 330 and executes playback processing is shown. The host 350 is executed in an information processing apparatus such as a PC.

  The information recording medium 310 stores an MKB (Media Key Block) 311, a title key file 312, encrypted content 313, a conversion table 314, and a data conversion processing program 315. The host 350 holds a device key 351 applied to MKB processing.

  A processing sequence in which the host 350 shown in FIG. 6 acquires and reproduces the content stored in the information recording medium 310 via the drive 330 will be described. First, prior to reading the stored contents of the information recording medium 310, the host 350 and the drive 330 execute mutual authentication in step S101. This mutual authentication is a process for confirming whether the host and the drive are valid devices or application software. Various processes can be applied as the mutual authentication processing sequence. One example will be described with reference to FIG.

  FIG. 7 is an example of a mutual authentication sequence according to the public key cryptosystem. First, in step S121, the drive 330 transmits a drive public key certificate stored in its own memory (NVRAM) and a randomly generated random number to the host. In step S122, the host 350 also transmits the host public key certificate stored in its own memory (NVRAM) and a randomly generated random number to the drive.

  In step S123, the drive 330 verifies the validity of the host public key certificate received from the host and the revocation status of the host based on the host certificate revocation list (host CRL: Certificate Revocation list). In step S123, the drive 330 first executes signature verification set in the host public key certificate. ECDSA_V shown in FIG. 7 indicates execution of signature verification (Verification) based on elliptic curve cryptography. This signature verification is executed by applying a public key corresponding to the secret key of the key management entity. The drive holds a public key of a key management entity for signature verification in a memory (NVRAM), and executes signature verification by applying this. The signature verification verifies that the host public key certificate has not been tampered with. If the signature verification reveals that the host public key certificate has been tampered with, the processing is stopped.

  Furthermore, the drive 330 confirms with reference to the host CRL that this certificate has not been revoked based on the host public key certificate that has been clearly determined not to be falsified. The host CRL is a list of revoked certificate IDs for public key certificates issued to the host. The host CRL is acquired from a memory in the drive or an information recording medium.

  The drive 330 obtains an ID from the host public key certificate that has been clarified that it has not been tampered with, and determines whether or not this ID matches the ID registered in the host CRL. When the matching ID exists in the host CRL, it is determined that the host is a revoked (invalidated) host, and the subsequent processing is stopped. If the ID acquired from the host public key certificate is not recorded in the host CRL, it is determined that the host is not properly revoked, and the processing is continued.

  On the other hand, also in the host 350, based on the drive public key certificate received from the drive 330 in step S124, the validity of the drive public key certificate (tampering verification) and the revocation of the drive to which the drive CRL is applied are confirmed. Perform presence / absence determination. The processing is continued only when it is confirmed that the drive public key certificate is valid and has not been revoked. The drive CRL is acquired from a memory in the host or an information recording medium.

  Next, the drive 330 and the host 350 notify the respective authentication results as a drive response (S125) and a host response (S126). When notifying the authentication result, both sides generate an ECDH (Elliptic Curve Diffie Hellman) value as a value to which the elliptic curve cryptography is applied, and notify each other.

  Upon receiving the drive authentication result and the ECDH value from the host 350, the drive 330 verifies the host response in step S127, confirms the establishment of the drive authentication, and applies the received ECDH value to the common key. Generate a session key as. Also in the host 350, when the host authentication result and the ECDH value are received from the drive 330, in step S128, the drive response is verified, the establishment of the host authentication is confirmed, and a session as a common key is determined based on the ECDH value. Generate a key.

  Through such mutual authentication processing, the drive 330 and the host 350 share a session key as a common key.

  Returning to FIG. 6, the description of the sequence of content use processing will be continued. In step S101, mutual authentication between the host drives is performed and the session key (Ks) is shared. Then, in step S102, the host 350 acquires the MKB 311 recorded on the information recording medium 310 via the drive. Then, the processing of the MKB 311 to which the device key 351 stored in the memory is applied is executed, and the media key (Km) is acquired from the MKB.

  As described above, the MKB (Media Key Block) 311 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method, and is stored in a device having a valid license. This is a key information block that makes it possible to obtain a media key (Km), which is a key necessary for content decryption, only by processing (decryption) based on the device key (Kd).

  Next, in step S103, the media key (Km) acquired in the MKB process in step S102 is applied, the title key file read from the information recording medium 310 is decrypted, and the title key (Kt) is acquired. . The title key file stored in the information recording medium 310 is a file including data encrypted by a media key, and a title key (Kt) to be applied to content decryption can be acquired by processing using the media key. For example, an AES encryption algorithm is applied to the decryption process in step S103.

  Next, the host 350 reads the encrypted content 313 stored in the information recording medium 310 via the drive 330, stores the read content in the track buffer 352, and the title key is stored in step S104 in step S104. A decryption process to which (Kt) is applied is executed to obtain decrypted content.

  The decrypted content is stored in the plaintext TS buffer 353. (Plain TS) means a decrypted plaintext transport stream. Here, the decrypted content stored in the plaintext TS buffer 353 is content including the above-described broken data, and cannot be reproduced as it is, and it is necessary to perform predetermined data conversion (data replacement by overwriting).

  This data conversion process is indicated by block 371 in FIG. A block 371 in FIG. 6 corresponds to the process of the data conversion processing unit 154 of the host 150 shown in FIG. An outline of the data conversion process will be described with reference to FIG.

  The encrypted content 313 shown in FIG. 6 is encrypted content stored in the information recording medium, and this encrypted content is temporarily stored in the track buffer 352 on the host side. This is the track buffer storage data 401 shown in FIG.

  By decryption processing on the host side, decryption of the encrypted content as the track buffer storage data 401 is executed, and decryption result data is stored in the plaintext TS buffer 353. This is the decoding result data 402 shown in FIG.

  The decryption result data 402 includes broken data 403 that is not normal content configuration data. The host data conversion processing unit executes a process of replacing the broken data 403 with converted data 404 as correct content configuration data acquired from the conversion table 314 recorded in the information recording medium 310 shown in FIG. This replacement process is executed, for example, as a rewrite (overwrite) process of a part of the data already written in the plaintext TS buffer 353.

  Further, the data conversion process executed by the host is not only the process of replacing the broken data with the conversion data that is normal content data, but also the conversion data 405 including the identification mark as shown in FIG. A process of replacing some configuration data is executed.

  The identification mark is data that makes it possible to analyze the constituent bits of the identification information that makes it possible to identify the content playback apparatus or content playback application. Specifically, for example, configuration information of identification information (player ID) of an information processing apparatus as a player executing a host application, or an identification mark generated based on the player ID. The conversion data including the identification mark is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content.

  A large number of pieces of conversion data 405 including identification marks are set in the content, and, for example, the player ID is determined by collecting and analyzing the conversion data 405 including the plurality of identification marks. The conversion data 405 including the identification mark is data in which the constituent bits of the normal content data are changed at a level that can be normally reproduced as the content, and the bit (identification mark constituent bits) can be determined by MPEG bit stream analysis.

  In the conversion table stored in the information recording medium, a large number of conversion data 404 and conversion data 405 including identification marks shown in FIG. 8 are registered, and the writing position information is also registered. By executing the data conversion process based on the conversion table storage information, the data stored in the plaintext TS buffer 353 is replaced with the converted data 406 shown in FIG. 8 (3).

  Returning to FIG. 6, processing in the dotted line block 371, that is, data conversion processing on the host side will be described. The data conversion process is executed by, for example, the secure VM 356 set as a virtual machine in the host. A virtual machine (VM) is a virtual computer that directly interprets and executes an intermediate language, and interprets and executes instruction code information in an intermediate language that does not depend on the platform.

  The secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310 and executes the processing. The secure VM 356 is controlled by the event handler 354 and converts the data obtained from the information recording medium 310 by inputting the ID information of the player (information processing apparatus) executing the host application as the player information 355. The processing program 315 is executed. The event handler 354 executes process monitoring. Emulator check to determine whether the process executed by the secure VM 356 is correctly performed, monitor the process and status of other host applications and the player (information processing apparatus) as the host application execution device, and process errors and fraud If processing or the like is detected, the data conversion processing by the secure VM 356 is stopped.

  The secure VM 356 applies the conversion table read from the information recording medium 310 and executes the conversion process of the data stored in the plaintext TS buffer 353. That is, in the data conversion process in step S105 shown in FIG. 6, the broken data 403 is replaced with the conversion data 404 which is valid content configuration data for the decryption result data 402 shown in FIG. A data overwriting process for replacing the data 405 with the partial data of the content is executed to change the data stored in the plaintext TS buffer 353 to the converted data 406.

  Thereafter, the converted TS (transport stream) is output to the outside via a network or the like and is played back on an external playback device. Alternatively, in step S106, conversion from the transport stream (TS) to the elementary stream (ES) is performed by processing by the demultiplexer, and further, decoding processing (step S107) is performed, and then via the display speaker. Played.

The data structure of the data conversion table recorded on the information recording medium will be described with reference to FIG. The data conversion table recorded on the information recording medium has a data configuration shown in FIG. 9, for example. That is,
Number of Fix-Up Entry: Number of converted data entries (Number of Fix-Up Entry)
Fix-Up Entry Length: Number of bytes of conversion data entry (Byte Length of one Fix-Up Entry () = (N + 6))
SPN (Source Packet Number): Absolute Transformed Packet Number from the beginning of AV Stream File
Byte Offset: Byte offset indicating the start position of writing the converted data in the packet specified by SPN (Start byte position of transformed data in the packet)
player_id_bit_position: Indicate bit position of Player ID for forensic
Fix-Up Data: Value to be overwritten (N byte is transformed in one TS Packet)
Have these data.

In one content, a lot of broken data is scattered and the conversion data recorded in the conversion table is overwritten at the position of the broken data. In addition, for conversion data having an identification mark such as a player ID, a large number of writing positions are set in one content data. The conversion table includes (a) conversion data (b) “conversion overwrite data” as entity data of conversion data with an identification mark,
These are set as a table in which the designation information of the writing position of these data is recorded.

  It should be noted that how often the replacement area for conversion data (including conversion data including identification marks) is set and the size of the conversion data can be set in various ways. Are different sizes. For example, in a configuration in which two conversion data or conversion data with an identification mark is set per 1 GOP (Group Of Pictures) constituting MPEG content, if the conversion data (including conversion data with an identification mark) is 8 bytes, about In the case of a table of about 400 KB and 16 bytes, the table size is about 600 KB.

  Further, in a configuration in which five conversion data or conversion data with an identification mark is set per 1 GOP (Group Of Pictures) constituting the MPEG content, when the conversion data (including conversion data with an identification mark) is 8 bytes, When the table is about 1 MB and 16 bytes, the table size is about 1.5 MB.

The secure VM of the host 350 follows the conversion table 314 recorded on the information recording medium 310.
(A) Conversion data (b) Processing for writing identification mark-containing conversion data at a specified position in the conversion table. The data writing is executed as the overwriting process of the conversion data for the data stored in the plaintext TS buffer 253 or the conversion data with the identification mark. As a result of this processing, the data stored in the plaintext TS buffer 253 is described above. The data shown in FIG. 8 (3) is replaced.

  External output of content or content playback from a player (information processing apparatus such as a PC) equipped with a host is executed as processing based on the converted data shown in FIG.

  Since the conversion data is correct content configuration data, and the conversion data with an identification mark is also data that is applied to playback of the correct content, correct content playback is possible by decoding playback based on these data. In addition, for example, when this content is illegally copied and a large amount of copy data is leaked to the outside, it is possible to obtain the player ID by analyzing the conversion data with the identification mark, and the illegal content data is leaked. The source can be specified.

(3.2) Content reproduction processing example 2
Next, content reproduction processing example 2 will be described with reference to FIG. FIG. 10 shows, from the left, an information recording medium 310 in which encrypted content is stored, an information recording medium 310 that is set, and a drive 330 that executes data reading. It shows a host 350 that executes a playback application that acquires the recorded content via the drive 330 and executes playback processing. The host 350 is executed in an information processing apparatus such as a PC.

  In FIG. 10, an MKB (Media Key Block) recorded on the information recording medium 310 and a title key file are omitted. The host 350 holds a device key to be applied to the MKB processing, applies an MKB (Media Key Block) recorded on the information recording medium 310 and a title key file, and has been described with reference to FIG. The title key (Kt) is calculated by executing exactly the same processing. These processes are also omitted in FIG. The information recording medium further stores an encrypted content 313, a conversion table 314, and a data conversion processing program 315.

  The content reproduction processing example 2 shown in FIG. 10 is characterized in that the processing of the block 381 indicated by the dotted frame is executed as real-time processing, and the processing of the block 382 is executed as batch processing before content reproduction or output. That is, the secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310 before starting the reproduction of the content or the external output of the content, and controls the event handler 354 and inputs the player information 355. Based on this, the decoding process of the conversion table 314 read from the information recording medium 310 is executed.

  The conversion table 314 recorded in the information recording medium 310 is obfuscated by an operation such as AES encryption or exclusive OR operation, and the secure VM 356 performs decryption processing or data conversion according to the data conversion processing program 315, or A predetermined calculation process is executed to obtain a conversion table as plain text data. The processing up to this point is executed in a lump before starting the reproduction of the content or the external output of the content.

Subsequent processing is executed as real-time processing executed in parallel with content reproduction and content external output processing. That is, the content decryption process in step S201, the data conversion process in step S202, that is, the conversion data registered in the conversion table 314 recorded in the information recording medium 310, that is,
(A) Conversion data (b) Data conversion processing for writing conversion data with an identification mark at a designated position recorded in the conversion table 314, and further, external output processing of converted TS (transport stream), or step S203 The demultiplexer processing in FIG. 1, that is, the conversion processing from the transport stream (TS) to the elementary stream (ES), the decoding processing in step S204, and these processing are executed as real-time processing in parallel with content reproduction or external output.

  By adopting such a processing sequence, real-time processing that does not affect content reproduction and external output processing is realized even when the processing of the conversion table 314 by the secure VM 356 takes time.

(3.3) Content reproduction processing example 3
Next, content reproduction processing example 3 will be described with reference to FIG. FIG. 11 also shows the information recording medium 310, the drive 330, and the host 350 in which encrypted content is stored from the left as in FIG. In FIG. 11, as in FIG. 10, the MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG.

  In the content reproduction processing example 3 shown in FIG. 11, the processing of the block 381 indicated by the dotted frame is executed as real-time processing, and the processing of the block 383 is intermittently executed before and during the content reproduction or output processing. It is characterized by being executed as a low-frequency process. The secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310 and intermittently controls the event handler 354 and inputs the player information 355 before and during the content reproduction or output processing. Based on this, the decoding process of the conversion table 314 read from the information recording medium 310 is executed.

  The conversion table 314 recorded in the information recording medium 310 is converted into a partial conversion table block (FUT (Fix-Up Table) block) as partial configuration data of the conversion table 314, for example, by an operation such as AES encryption or exclusive OR operation. Obfuscation has been done. In accordance with the data conversion processing program 315, the secure VM 356 executes a decryption process or a predetermined calculation process in units of each conversion table block (FUT block), and acquires a block unit conversion table as plain text data. These processes are executed intermittently before and during the content reproduction or output process.

The data structure of the conversion table that has been obfuscated in conversion table block (FUT block) units will be described with reference to FIGS. The data conversion table recorded on the information recording medium has a data configuration shown in FIG. 12, for example. That is,
Number of FUT blocks: Number of conversion table blocks
Length of FUT block: Number of bytes in one conversion table block
Number of Fix-Up Entry in FUT block: Number of conversion data entries in one FUT block
Length of one Fix-Up Entry: Number of bytes in one conversion data entry
First SPN for FUT block: Packet number as the data write position of the first entry of each conversion table block
FUT: Conversion table block (FUT block) as a partial conversion table that is individually encrypted or arithmetically processed and obfuscated
Have these data.

An example of the data structure of a conversion table block (FUT block) as each partial conversion table is shown in FIG. Each table block has the following data. That is,
SPN (Source Packet Number): Absolute Transformed Packet Number from the beginning of AV Stream File
Byte Offset: Byte offset indicating the start position of writing the converted data in the packet specified by SPN (Start byte position of transformed data in the packet)
FM_flag: flag that sets whether or not to perform conversion processing by applying conversion data with an identification mark, for example, 0: conversion is performed in all players, 1: the bit value of the corresponding bit position of the player ID is “1” For example, the conversion is performed only when it is.
player_id_bit_position: Indicate bit position of Player ID for forensic
Fix-Up Data: Value to be overwritten (N byte is transformed in one TS Packet)
Have these data.

  The table block (FUT block) as each partial conversion table shown in FIG. 13 is set as data that has been individually encrypted or arithmetically processed. The secure VM 356 shown in FIG. 11 reads out the data conversion processing program 315 including the instruction code information from the information recording medium 310, intermittently before the content reproduction or output processing and during the processing execution, the control of the event handler 354, the player information Based on the input of 355, the decoding process or the calculation process of the conversion table 314 read from the information recording medium 310 is executed in units of table blocks (FUT blocks) as a partial conversion table to obtain a partial conversion table as plain text data. To do. These processes are executed intermittently before and during the content reproduction or output process.

Subsequent processing is executed as real-time processing executed in parallel with content reproduction and content external output processing. That is, the content decryption process in step S201, the data conversion process in step S202, that is, the conversion data registered in the conversion table 314 recorded in the information recording medium 310, that is,
(A) Conversion data (b) Data conversion processing for writing conversion data with an identification mark at a designated position recorded in the conversion table 314, and further, external output processing of converted TS (transport stream), or step S203 The demultiplexer processing in FIG. 1, that is, the conversion processing from the transport stream (TS) to the elementary stream (ES), the decoding processing in step S204, and these processing are executed as real-time processing in parallel with content reproduction or external output.

  By adopting such a processing sequence, similarly to the processing example 2 described with reference to FIG. 10, even when the processing of the conversion table 314 by the secure VM 356 takes a long time, the content playback and external output processing can be performed. Real-time processing without impact is realized. In addition, the secure VM does not collectively generate conversion data necessary for content reproduction or external output, and is configured to sequentially generate conversion data corresponding to certain content partial data. If an unauthorized process is detected, the generation of the conversion data is stopped by stopping the process of the secure VM 356 based on the unauthorized process detection information of the event handler 354, and the unauthorized content reproduction or external output is terminated halfway. Is possible.

(3.4) Content reproduction processing example 4
Next, content reproduction processing example 4 will be described with reference to FIG. FIG. 14 also shows the information recording medium 310, the drive 330, and the host 350 storing the encrypted content from the left as in FIGS. The MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG. The information recording medium further stores an encrypted content 313, a conversion table 314, and a data conversion processing program 315.

  In the content reproduction processing example 4 shown in FIG. 14, the processing of the block 381 indicated by the dotted line frame is executed as real time processing, and the processing of the block 382 indicated by the dotted line frame is the content reproduction or the processing as described with reference to FIG. Execute as batch processing before external output processing. The secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310, and decodes the conversion table 314 read from the information recording medium 310 based on the control of the event handler 354 and the input of the player information 355. Execute the process.

  The secure VM 356 executes decryption processing or predetermined calculation processing according to the data conversion processing program 315, and acquires a conversion table as plain text data. As a result of this processing, the acquired plaintext conversion table is stored in the table storage unit 362.

The data conversion process in step S202 is executed under the control of the real-time event handler 361 in parallel with content reproduction or external output. Under the control of the real-time event handler 361, conversion data registered in the conversion table as plain text data stored in the table storage unit 362, that is,
(A) Conversion data (b) Data conversion processing for writing the identification mark-containing conversion data into the designated position recorded in the conversion table is executed.

  The processing sequence in this processing example is the same as the processing sequence described above with reference to FIG. 10, and the content decoding processing in step S201, the data conversion processing in step S202, the demultiplexer processing in step S203, and the decoding in step S204. The processing according to the processing order is executed as real-time processing in parallel with content reproduction or external output.

  By using the processing sequence in this processing example, as in the processing example 2 described with reference to FIG. 10, even when the processing of the conversion table 314 by the secure VM 356 takes time, the content playback and external output processing Real-time processing that does not affect the process is realized.

(3.5) Content reproduction processing example 5
Next, content reproduction processing example 5 will be described with reference to FIG. FIG. 15 shows the information recording medium 310, the drive 330, and the host 350 in which encrypted content is stored from the left. The MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG.

  In the content reproduction processing example 5 shown in FIG. 15, the processing of the block 381 indicated by the dotted frame is executed as real-time processing, and the processing of the block 383 indicated by the dotted frame is performed as shown in FIG. It is executed as an intermittent low frequency process performed intermittently before and during the external output process. The secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310, and decodes the conversion table 314 read from the information recording medium 310 based on the control of the event handler 354 and the input of the player information 355. The process is partially intermittently executed.

  The conversion table 314 is temporarily stored in the preload table storage unit 364 in the host 350, and the secure VM 356 acquires the table data stored in the preload table storage unit 364, and performs decryption processing or A predetermined calculation process is executed to partially and sequentially generate a conversion table as plain text data.

  The secure VM 356 intermittently generates a plaintext conversion table composed of partial data by decoding only partial configuration data of the conversion table including conversion data applied to a part of the content data. As a result of this processing, the acquired plaintext partial conversion table is stored in the partial table storage unit 363.

The data conversion process in step S202 is executed under the control of the real-time event handler 361 in parallel with content reproduction or external output. Under the control of the real-time event handler 361, conversion data registered in the partial conversion table as plaintext data stored in the partial table storage unit 363, that is,
(A) Conversion data (b) Data conversion processing for writing identification mark-added conversion data at a designated position recorded in the conversion table is executed as real-time processing in parallel with content reproduction processing or external output processing.

  The processing sequence in this processing example is the same as the processing sequence described above with reference to FIG. 11, and the content decoding processing in step S201, the data conversion processing in step S202, the demultiplexer processing in step S203, and the decoding in step S204. The processing according to the processing order is executed as real-time processing in parallel with content reproduction or external output.

  By adopting the processing sequence in this processing example, even in the case where processing of the conversion table 314 by the secure VM 356 takes time as in the processing example 3 described with reference to FIG. Real-time processing that does not affect the content is realized, and the secure VM does not generate conversion data necessary for content reproduction and external output in a batch, and sequentially generates conversion data corresponding to certain content partial data. For example, when an unauthorized process is detected during content playback, the process of the secure VM 356 is stopped based on the unauthorized process detection information, so that the generation of conversion data is stopped and unauthorized content playback is performed. And external output can be terminated halfway.

(3.6) Content reproduction processing example 6
Next, content reproduction processing example 6 will be described with reference to FIG. FIG. 16 shows the information recording medium 310, the drive 330, and the host 350 in which encrypted content is stored from the left. The MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG. In this processing example, as shown in FIG. 16, the information recording medium 310 stores encrypted content 318 including a conversion table and a data conversion processing program 315. The process of the block 381 indicated by the dotted line frame is executed as a real-time process, and the process of the block 385 indicated by the dotted line frame is executed as an intermittent process.

  That is, in this processing example, the conversion table is recorded by being distributed to specific packets in the configuration data of the encrypted content. For example, the conversion table is stored in the transport stream packet including the content with the settings as shown in FIG. FIG. 17A shows the structure of content data. This content structure indicates content data including a decoded transport stream (TS) packet. The transport stream is composed of TS (transport stream) packets having a predetermined number of bytes. The conversion table is divided and recorded in a plurality of some of these TS packets. For example, the conversion table is recorded in TS packets 391, 392,. As the TS packet for storing the conversion table, for example, a TS packet including a PMT (program map table) set in a distributed manner in the content is used.

  The divided conversion table data has, for example, the same configuration as the conversion table block (FUT block) described above with reference to FIG. In the conversion table, conversion data (or conversion data with an identification mark) for performing a replacement process on the decrypted content and a recording position of the conversion data are recorded.

  For example, as shown in FIG. 17B, the recording position of the conversion data recorded in each conversion table is set in the vicinity of the TS packet including each conversion table. For example, in the example shown in FIG. 17B, packets 394 and 395 having a conversion data recording area are set in the vicinity of the packet 391 including the conversion table. With this setting, when content is decrypted and played back in real time, the data replacement process using the converted data can be executed as a continuous process after the decryption process, and the TS in which the conversion table is recorded. The conversion data can be acquired by the packet detection and analysis process, and the process of writing (overwriting) the conversion data to the position recorded in the table can be efficiently executed.

  In the content reproduction processing example 6 shown in FIG. 16, the processing of the block 381 indicated by the dotted frame is executed as real-time processing, and the processing of the block 383 is intermittently executed before and during the content reproduction or output processing. Run as a low-frequency process.

  The secure VM 356 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310 and intermittently controls the event handler 354 and inputs the player information 355 before and during the content reproduction or output processing. Based on this, parameters (P1, P2, P3...) Necessary for converting the conversion table recorded together with the content on the information recording medium 310 into a plaintext conversion table are generated and output. This process is performed intermittently.

  Parameters P1, P2, P3,... Are operations or ciphers applied to divided conversion tables corresponding to a predetermined content data unit, for example, divided conversion tables 1, 2, 3,. It is a processing parameter. Each of the divided conversion tables 1, 2, 3... Is subjected to computation or encryption processing using different parameters P 1, P 2, P 3.

  For example, specifically, an exclusive OR (XOR) operation parameter applied to the divided conversion tables 1, 2, 3,... The secure VM 356 executes processing for intermittently generating and outputting parameters (P1, P2, P3...) Necessary for making the conversion table 314 into a plaintext conversion table in accordance with the data conversion processing program 315.

In the real-time processing block 381, the encrypted content 318 including the conversion table is decrypted in step S301, each conversion table is separated by the processing of the demultiplexer in step S302, and step S303 is controlled by the real-time event handler 361. The table restoration & data conversion process is executed. Under the control of the real-time event handler 361, the parameters (P1, P2, P3) intermittently output from the secure VM 356 are applied, the conversion table is decrypted or calculated, the plaintext conversion table is acquired, and the acquired part Conversion data registered in the conversion table, that is,
(A) Conversion data (b) Data conversion processing for writing conversion data with an identification mark at a designated position recorded in the conversion table is executed as real-time processing in parallel with content reproduction processing or external output processing.

For example, when the parameters P1, P2, P3,... Are exclusive OR (XOR) operation parameters with conversion data corresponding to a predetermined content part data unit, the table restoration processing in step S303 is as follows:
[Conversion table 1] (XOR) [P1],
[Conversion table 2] (XOR) [P2],
[Conversion table 3] (XOR) [P3],
::
These exclusive OR operation processes are executed to acquire each plaintext conversion table data. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

  As described above, the conversion table included in the content 318 recorded on the information recording medium is divided into the conversion table in which the conversion data corresponding to each content part and the conversion data position information are recorded. P1, P2, P3... Are stored by being subjected to an exclusive OR operation. This parameter is sequentially acquired and output by the secure VM 356.

  The processing after the table restoration & data conversion processing in step S303 is the same as the processing described above with reference to FIG. 11 and others, and is performed as real-time processing executed in parallel with content reproduction and content external output processing. That is, the demultiplexer process in step S304, the decode process in step S305, and these processes are executed as real-time processes in parallel with content reproduction or external output.

  In this processing example, the configuration data of the conversion table corresponding to the entire content is divided, different parameters are associated with each conversion table, and the secure VM 356 intermittently outputs these parameters. Therefore, for example, even if a part of parameters is leaked, it is impossible to restore the entire content, and more robust content usage management is realized. Also in this processing example, as in the processing example described with reference to FIG. 10 and others, real-time processing that does not affect the content reproduction and external output processing is realized. Also, for example, when an unauthorized process is detected during content playback, the generation of conversion data is stopped by canceling the processing of the secure VM 356 based on the unauthorized process detection information of the event handler 354, and unauthorized content playback or External output can be terminated halfway.

(3.7) Content Playback Processing Example 7
Next, content reproduction processing example 7 will be described with reference to FIG. FIG. 18 shows the information recording medium 310, the drive 330, and the host 350 in which encrypted content is stored from the left. The MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG. In this processing example, as in the content reproduction processing example 6 described above with reference to FIG. 16, as shown in FIG. 18, the information recording medium 310 includes an encrypted content 318 including a conversion table, and data conversion processing. A program 315 is stored. The process of the block 381 indicated by the dotted line frame is executed as a real time process, and the process of the block 383 indicated by the dotted line frame is executed as an intermittent process.

  That is, in the present processing example as well as the content reproduction processing example 6 described above with reference to FIG. 16, the conversion table is recorded by being distributed in specific packets in the configuration data of the encrypted content. For example, the conversion table is stored in the transport stream packet including the content with the settings as shown in FIG. The data structure of the divided conversion table will be described with reference to FIG.

The conversion table shown in FIG. 19 has a data structure of a divided conversion table, and has a data entity and recording position information for only conversion data (including conversion data with an identification mark) for a specific content partial area. The data of the conversion table shown in FIG. 19 includes the following data.
SP_No: Secret parameter (SP) identifier (ID) [applied to XOR operation]
type_indicator: Type identifier [00: No conversion, 01b: Processing by conversion data, 10b, 11b: Processing by conversion data with identification mark]
FM_ID_bit_position: identification bit position of player ID corresponding to conversion data with identification mark
relative_SPN: Conversion data application packet position (number of packets from the programmable map table (PMT) storage packet)
byte_position: Conversion data recording position in the packet
overwrite_value: Conversion data (including conversion data with identification mark)
relative_SPN_2: Second conversion data application packet position (number of packets from the PMT packet)
byte_position_2: Conversion data recording position in the packet (corresponding to the second conversion data)
overwrite_value_2: Second conversion data (including conversion data with identification mark)
It consists of these data.

  The conversion table shown in FIG. 19 is distributed and recorded in specific packets in the configuration data of the encrypted content, as shown in FIG. 20A, as in the processing example 6 described above. For example, as shown in FIG. 20A, the conversion table is stored in a transport stream packet including content. FIG. 20A shows content data composed of a decoded transport stream (TS) packet. The transport stream is composed of TS (transport stream) packets having a predetermined number of bytes. The conversion table is divided and recorded in a plurality of some of these TS packets. For example, the conversion table is recorded in the TS packets 501, 502,. As the TS packet for storing the conversion table, for example, a TS packet including a PMT (program map table) set in a distributed manner in the content is used.

  In the divided conversion table data, as described with reference to FIG. 19, conversion data (or conversion data with an identification mark) for performing a replacement process on the decrypted content and a recording position of the conversion data are recorded. ing.

  The conversion table shown in FIG. 19 is set as a conversion table in which conversion data to be replaced in part of content data and setting position information for the content of the conversion data are recorded. Data conversion is performed by executing a data conversion processing program including a data replacement processing execution instruction.

The information [type_indicator] included in the conversion table is the registration information of the conversion table,
(A) registration information regarding conversion data for converting broken data into legitimate content data, or
(B) registration information regarding conversion data with an identification mark for embedding identification information of a playback device or content playback application,
This is a type identifier for identifying which of the registration information items (a) and (b).

  When the registration information area of the conversion table is a registration information area related to conversion data with an identification mark for embedding the identification information of the playback device or content playback application, the table registration information includes the content playback device or content playback application. Conversion data to be selectively applied based on the identification information, that is, conversion data with an identification mark is registered.

  The registration information [FM_ID_bit_position] of the conversion table is position information of bits to be referred for determining the processing mode in the identification information of the playback device or playback application consisting of a plurality of bits.

  For example, when the bit value of the bit to be referred to for determining the processing mode is 1 in the identification information of the playback device or playback application consisting of a plurality of bits, the content configuration data is converted by the conversion data with the identification mark registered in the conversion table. Is replaced, and when the bit value of the bit to be referred to is 0, the processing mode is determined such that the replacement is not executed, and the data conversion is executed.

  It is also possible to set so that conversion is executed when the reference bit is 0 and conversion is not executed when the reference bit is 1. Alternatively, the conversion data when the reference bit is 0 and the conversion data when the reference bit are 1 are set as different conversion data, and the conversion data is appropriately selected and set according to the bit value of the reference bit. Good.

  Note that the conversion table is set as an obfuscated conversion table by arithmetic processing or encryption processing in which different parameters are applied to each partial conversion table data in which conversion data corresponding to only partial configuration data of content is recorded. The

  For example, as shown in FIG. 20B, the recording position of the conversion data recorded in each conversion table is set in the vicinity of the TS packet including each conversion table. For example, in the example shown in FIG. 20B, the packets 511 and 512 having the conversion data recording area are set in the vicinity of the packet 501 including the conversion table. For example, each of these packets is set in units of 1 GOP.

  With this setting, when content is decrypted and played back in real time, the data replacement process using the converted data can be executed as a continuous process after the decryption process, and the TS in which the conversion table is recorded. The conversion data can be acquired by the packet detection and analysis process, and the process of writing (overwriting) the conversion data to the position recorded in the table can be efficiently executed.

  In this processing example, each conversion table is recorded on the information recording medium after being subjected to computation or encryption processing to which different secret parameters (SP1, SP2, SP3...) Are applied.

  For example, specifically, each conversion table is stored in each packet after being subjected to exclusive OR (XOR) operation processing to which different secret parameters (SP1, SP2, SP3...) Are applied. The secret parameter is composed of, for example, 128-bit data. The secure VM 356 shown in FIG. 18 reads the data conversion processing program 315 including the instruction code information from the information recording medium 310, intermittently controls the event handler 354, player information before content reproduction or output processing and during processing execution. Based on the input of 355, secret parameters (SP1, SP2, SP3...) Necessary for making the conversion table recorded together with the content on the information recording medium 310 into a plaintext conversion table, that is, exclusive OR (XOR) calculation Parameters (SP1, SP2, SP3...) Are generated and output. The output secret parameters (SP1, SP2, SP3...) Are stored in the SP register 371. This process is performed intermittently and sequentially.

  The secure VM 356 shown in FIG. 18 includes a secret parameter designation number (SPNo.) In addition to the secret parameters (SP1, SP2, SP3...) And an identification mark ID (FM_ID) set corresponding to the player ID. Are generated according to the data conversion processing program 315, and these values are output. These values are also stored in the SP register 371.

  In the real-time processing block 381, the encrypted content 318 including the conversion table is decrypted in step S401, each conversion table is separated by the demultiplexer process in step S402, and step S403 is controlled by the real-time event handler 361. In step S404, table restoration & data conversion processing is executed. In step S403 and step S404, the table restoration & data conversion process is controlled by the real-time event handler 361 monitoring events that occur during content playback or external output. For example, when an unauthorized process is detected, the process is stopped.

  In step S403, using the secret parameter (SPn) intermittently output from the secure VM 356 and stored in the SP register 371, an operation (for example, exclusive OR operation) with the conversion table separated from the content by the demultiplexer is performed. Execute to get the conversion table.

Furthermore, in step S404, together with the secret parameter (SPn), the secret parameter designation number (SPNo.) And identification mark ID (FM_ID) that are intermittently output from the secure VM 356 and stored in the SP register 371 are acquired. Then, referring to each of these values, the processing mode to which the conversion table is applied is determined, and the conversion data recorded in the conversion table, that is,
(A) Conversion data (b) Processing for writing identification mark-containing conversion data at a designated position recorded in the conversion table. These processes are executed as a real-time process in parallel with the content reproduction process or the external output process.

For example, secret parameters SP1, SP2, SP3... Are exclusive OR (XOR) operation parameters with divided conversion tables 1, 2,... Including conversion data corresponding to a predetermined content part data unit. If there is, the table restoration process by the calculation in step S403 is:
[Conversion table 1] (XOR) [SP1],
[Conversion Table 2] (XOR) [SP2],
[Conversion Table 3] (XOR) [SP3],
::
These exclusive OR operation processes are sequentially executed. By these operations, each plaintext conversion table data is acquired. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

  An example of the conversion data writing configuration will be described with reference to FIG. The secret parameters SP1, SP2, SP3,... Are switched, for example, every about 10 seconds of normal content playback time. That is, one fixed secret parameter is set as a parameter that can be applied only to playback content for about 10 seconds. In FIG. 21, content playback sections 0 to T, T to 2T, 2T to 3T,... Indicate contents sections to which the same secret parameter can be applied.

  As described above, in the present processing example, the section to which the same secret parameter is applied is only about 10 seconds of content in normal playback, and even if one secret parameter leaks, playback of content of only 10 seconds is possible. As a result, strong content leakage prevention is realized.

  The processing after the table restoration & data conversion processing in step S403 and step S404 is the same as the processing example described above with reference to FIG. 16, and is a real-time processing executed in parallel with the content reproduction and content external output processing. Done. That is, the demultiplexer process in step S405, the decode process in step S406, and these processes are executed as real-time processes in parallel with content reproduction or external output.

  In the processing example shown in FIG. 18, the table restoration & data conversion processing in step S403 and step S404 is set in the real-time event handler 361, and the real-time event handler 361 monitors events that occur during content playback or external output. Thus, the table restoration & data conversion process is controlled. However, the event monitoring may not be performed and only the control for executing the data conversion process in real time may be used. In this case, for example, as shown in FIG. 22, the real-time event handler 361 can be omitted from the configuration shown in FIG.

  In this processing example, the configuration data of the conversion table corresponding to the entire content is divided, a different secret parameter (SPn) is associated with each conversion table, and each secret conversion parameter is determined for each divided conversion table. The exclusive logical sum operation is performed and stored in the information recording medium, and these secret parameters are output intermittently by the secure VM 356. For example, even if a part of the secret parameter leaks, it is stored in the conversion table. All of the converted data cannot be acquired, and as a result, it is impossible to restore the entire content, and more robust content usage management is realized.

  Also in this processing example, as in the processing example described with reference to FIG. 10 and others, real-time processing that does not affect the content reproduction and external output processing is realized. Also, for example, when an unauthorized process is detected during content playback, the generation of conversion data is stopped by canceling the processing of the secure VM 356 based on the unauthorized process detection information of the event handler 354, and unauthorized content playback or External output can be terminated halfway

(3.8) Content Playback Processing Example 8
Next, content reproduction processing example 8 will be described with reference to FIG. FIG. 23 shows the information recording medium 310, the drive 330, and the host 350 in which encrypted content is stored from the left. The MKB (Media Key Block), the title key file, and the processing to which these are applied are the same as those in the processing example 1 described above with reference to FIG. The information recording medium further stores an encrypted content 313, a conversion table 314, and a data conversion processing program 315.

  In the content reproduction processing example 8 shown in FIG. 23, similarly to the processing example 7 described above, the secret parameter (SP) is applied, and a part of the conversion table is restored to the plaintext table for processing. In the previous processing example 7, the conversion table divided into a plurality of pieces is subjected to exclusive OR (XOR) calculation processing to which different secret parameters (SP1, SP2, SP3...) Are individually applied and stored in the packet. In this processing example, the encrypted content 313 and the conversion table 314 are recorded in the information recording medium 310 as separate files.

  In this processing example, the processing of the block 381 indicated by the dotted line frame is executed as real-time processing, and the processing of the block 385 indicated by the dotted line frame is executed as intermittent processing. That is, the secret parameter (SP) and the like are intermittently and sequentially supplied from the secure VM 356 in time for content reproduction or external output processing. In this processing example, the secure VM 356 also executes acquisition processing of the conversion table from the information recording medium 310 and storage processing for the XORed table storage unit 372 shown in the figure. The secure VM 356 stores the conversion table in the XORed table storage unit 372 as a process for intermittently storing partial data of the conversion table corresponding to the secret parameter (SP) to be output in the XORed table storage unit 372. It may be executed, or may be stored in the XORed table storage unit 372 in a lump before content reproduction processing or external output.

  In this processing example, the conversion table is set as one independent file data, but a plurality of conversion table blocks (FUT blocks) are stored in the conversion table file. Each of the plurality of conversion table blocks (FUT blocks) is subjected to exclusive OR (XOR) operation processing to which different secret parameters (SP1, SP2, SP3...) Are individually applied and stored.

The data structure of the conversion table will be described with reference to FIGS.
FIG. 24 shows the entire data structure of the conversion table.
FIG. 25 shows a data configuration of one conversion table block (FUT block) among a plurality of conversion table blocks (FUT blocks) included in the conversion table.
FIG. 26 shows the data structure of the conversion data entry in the conversion table block (FUT).

As shown in FIG. 24, the conversion table includes the following data.
Number of FUT blocks: Number of conversion table blocks
Length of FUT block: Conversion table block byte length
SP_No: Secret parameter (SP) number (corresponding to SP generated by VM)
First SPN for FUT block: The packet position to which the translation table block is assigned
FUT block (): Conversion table block (each block is processed (obfuscated) with different parameters)

  The conversion table includes a plurality of conversion table blocks (FUT), and these conversion table blocks (FUT) are exclusive ORed (XOR) with different secret parameters (SP1, SP2, SP3,...). Arithmetic processing is performed and stored.

FIG. 25 illustrates one data configuration example of a plurality of conversion table blocks (FUT blocks) included in the conversion table illustrated in FIG. As shown in FIG. 25, the conversion table block (FUT block) includes the following data.
Number of FixUpEntry in this block: Number of conversion data (including conversion data with identification mark)
Base SPN for FixUpEntry: Base packet position (packet No.) serving as an index of conversion data recording position
FixUpEntry (): Conversion data entry (processed with the secret parameter (obfuscated))

FIG. 26 shows a data configuration example of the conversion data entry (FixUpEntry) included in the conversion table block shown in FIG. As shown in FIG. 26, the conversion data entry (FixUpEntry) includes the following data.
type_indicator: Type identifier [00: No conversion, 01b: Processing by conversion data, 10b, 11b: Processing by conversion data with identification mark]
FM_ID_bit_position: identification bit position of player ID corresponding to conversion data with identification mark
relative_SPN: Conversion data application packet position (number of packets from the programmable map table (PMT) storage packet)
byte_position: Conversion data recording position in the packet
overwrite_value: Conversion data (including conversion data with identification mark)
relative_SPN_2: Second conversion data application packet position (number of packets from the PMT packet)
byte_position_2: Conversion data recording position in the packet (corresponding to the second conversion data)
overwrite_value_2: Second conversion data (including conversion data with identification mark)
It consists of these data.

  The conversion table is set as a conversion table in which conversion data that is a part of the content data to be replaced and setting position information for the content of the conversion data is recorded, and content conversion data replacement processing by applying this conversion table Data conversion is performed by executing a data conversion processing program including an execution instruction.

The information [type_indicator] included in the conversion data entry (FixUpEntry) information included in the conversion table block shown in FIG.
(A) registration information regarding conversion data for converting broken data into legitimate content data, or
(B) registration information regarding conversion data with an identification mark for embedding identification information of a playback device or content playback application,
This is a type identifier for identifying which of the registration information items (a) and (b).

  When the registration information area of the conversion table is a registration information area related to conversion data with an identification mark for embedding the identification information of the playback device or content playback application, the table registration information includes the content playback device or content playback application. Conversion data to be selectively applied based on the identification information, that is, conversion data with an identification mark is registered.

  The registration information [FM_ID_bit_position] is position information of bits to be referred for determining the processing mode in the identification information of the playback device or playback application composed of a plurality of bits. For example, when the bit value of the bit to be referred to for determining the processing mode is 1 in the identification information of the playback device or playback application consisting of a plurality of bits, the content configuration data is converted by the conversion data with the identification mark registered in the conversion table. Is replaced, and when the bit value of the bit to be referred to is 0, the processing mode is determined such that the replacement is not executed, and the data conversion is executed.

  As described above, it is also possible to set so that conversion is performed when the reference bit is 0 and conversion is not performed when the reference bit is 1. Alternatively, the conversion data when the reference bit is 0 and the conversion data when the reference bit are 1 are set as different conversion data, and the conversion data is appropriately selected and set according to the bit value of the reference bit. Good.

  The conversion table in this processing example includes a plurality of conversion table blocks (FUT), and these conversion table blocks (FUT) are mutually exclusive by different secret parameters (SP1, SP2, SP3...). A logical sum (XOR) operation process is performed and stored. That is, in this processing example, the conversion table is stored as one independent file data in the information recording medium. However, as described with reference to FIGS. 24 to 26, a plurality of conversion table blocks ( Each of the plurality of conversion table blocks (FUT) is subjected to exclusive OR (XOR) operation processing to which different secret parameters (SP1, SP2, SP3...) Are individually applied and stored. Is done. The secret parameter is composed of, for example, 128-bit data.

  The secure VM 356 shown in FIG. 23 reads out the data conversion processing program 315 including the instruction code information from the information recording medium 310, intermittently controls the event handler 354, player information before content reproduction or output processing and during processing execution. Based on the input of 355, secret parameters (SP1, SP2, SP3...) Necessary for converting the conversion table block (FUT block) included in the conversion table 314 recorded on the information recording medium 310 into a plaintext conversion table. That is, exclusive OR (XOR) operation parameters (SP1, SP2, SP3...) Are generated and output. The output secret parameters (SP1, SP2, SP3...) Are stored in the SP register 371. This process is performed intermittently and sequentially.

  Each conversion table block (FUT block) is data including conversion data corresponding to only a part of the content and writing position information of the conversion data, as in the case of the divided conversion table described in the previous processing example 7. As described with reference to FIG. 21, for example, in normal reproduction, conversion data corresponding to a content portion of about 10 seconds is included.

  The secure VM 356 shown in FIG. 23 has a secret parameter designation number (SPNo.) In addition to the secret parameters (SP1, SP2, SP3...), And an identification mark ID (FM_ID) set corresponding to the player ID. Are generated according to the data conversion processing program 315, and these values are output. These values are also stored in the SP register 371.

  In the real-time processing block 381, the encrypted content 318 is decrypted in step S451, and one of the conversion table blocks stored in the XORed table storage unit 372 is acquired in step S452, and the secret stored in the SP register 371 is acquired. An exclusive OR (XOR) operation of the parameter (SPn) is executed to obtain a conversion table block (FUT) as plain text data.

In step S453, together with the secret parameter (SPn), the secret parameter designation number (SPNo.) And identification mark ID (FM_ID) that are intermittently output from the secure VM 356 and stored in the SP register 371 are acquired. Then, referring to each of these values, the processing mode to which the conversion table is applied is determined, and the conversion data recorded in the conversion table, that is,
(A) Conversion data (b) Processing for writing identification mark-containing conversion data at a designated position recorded in the conversion table. These processes are executed as a real-time process in parallel with the content reproduction process or the external output process under the control of the real-time handler 361. A real-time event handler 361 monitors an event that occurs during content playback or external output, and controls processing. For example, when an unauthorized process is detected, the process is stopped.

A specific conversion table utilization process will be described. First, the type identifier [type_indicator] in the conversion table shown in FIG. 26 is confirmed, and when this type identifier [type_indicator] indicates that conversion data with an identification mark is inserted (type_indicator == 10b, 11b) Referring to [FM_ID_bit_position] in the conversion table, that is, the bit position information of the ID that determines the processing mode of the conversion data with the identification mark, this is the target of the identification bit of the ID (FM_ID) consisting of a plurality of bits. Identify the location. On this occasion,
If the type identifier [type_indicator] is 10b, 0 bit is set.
If the type identifier [type_indicator] is 11b, 64 bits
Add to FM_ID_bit_position. In this way, FM_ID can be expressed even if fewer bits are allocated. Then, the data of the bit position of the specified FM_ID is acquired. And
If the FM_ID bit is 1, perform transformation by replacing the content data to which the conversion data is applied,
If the FM_ID bit is 0, no transformation is performed (or vice versa).
By this processing, data corresponding to the player ID can be embedded in the reproduction data. Here, when the transformation is performed, it is more difficult to remove the FM_ID data by performing the transformation at two locations of the first conversion data [overwrite_value] and the second conversion data [overwrite_value_2] set in the conversion table. In addition, the burden on the playback device can be reduced as compared with the case where each [overwrite_value] is restricted. On the other hand, when the type identifier [type_indicator] is 01b, it is conversion data that is not conversion data with an identification mark, for example, conversion data applied to replacement of broken data. There is no need to check the FM_ID.

The exclusive OR operation (XOR) in step S452 is, for example, an exclusive OR (XOR) operation parameter in which the secret parameters SP1, SP2, SP3,... Are set corresponding to each conversion table block (FUT block). If there is, the table restoration process in step S452 is:
[Conversion table block (FUT block) 1] (XOR) [SP1],
[Conversion table block (FUT block) 2] (XOR) [SP2],
[Conversion table block (FUT block) 3] (XOR) [SP3],
::
The exclusive OR operation process is performed. Through these operations, each plaintext conversion table block data is acquired. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

  Based on these conversion table blocks, conversion data writing and conversion data writing processing with an identification mark are executed for the partial configuration data of the content. The applicable content section of each conversion table block is the same as in the previous processing example 7, and is a partial data area of the content playback sections 0 to T, T to 2T, 2T to 3T,. That is, each of these sections is a content section to which the same secret parameter can be applied.

  In this way, in this processing example, as in the previous processing example 7, the section to which the same secret parameter is applied is only about 10 seconds of content in normal playback, and even if one secret parameter leaks by any chance Only 10 seconds of content can be played back, and strong content leakage prevention is realized.

  The processing after the data conversion processing in step S453 is the same as processing example 7, and is performed as real-time processing executed in parallel with content reproduction and content external output processing. That is, the demultiplexer process in step S454, the decode process in step S455, and these processes are executed as real-time processes in parallel with content reproduction or external output.

  In the processing example shown in FIG. 23, the real-time event handler 361 is set for table restoration and data conversion processing in steps S452 and S453, and the real-time event handler 361 monitors events that occur during content playback or external output. Thus, the table restoration & data conversion process is controlled. However, the event monitoring may not be performed and only the control for executing the data conversion process in real time may be used. In this case, for example, as shown in FIG. 27, the real-time event handler 361 can be omitted from the configuration shown in FIG.

  In this processing example, a different secret parameter (SPn) is associated with each converted data block (FUT block) obtained by dividing the configuration data of the conversion table corresponding to the entire content, and each secret parameter is converted for each converted data block (FUT block). Since the secure VM 356 intermittently outputs these secret parameters while performing an exclusive OR operation according to the above, the secure VM 356 intermittently outputs these secret parameters, for example, even if a part of the secret parameters leaks. It is not possible to acquire all the stored conversion data, and as a result, it is impossible to restore the entire content, and more robust content usage management is realized.

  Also in this processing example, as in the processing example described with reference to FIG. 10 and others, real-time processing that does not affect the content reproduction and external output processing is realized. Also, for example, when an unauthorized process is detected during content playback, the generation of conversion data is stopped by canceling the processing of the secure VM 356 based on the unauthorized process detection information of the event handler 354, and unauthorized content playback or External output can be terminated halfway

  Although the data configuration as an example of the conversion table has been described with reference to FIGS. 24 to 26, the conversion table can have various data configurations. For example, the configuration of the conversion table described with reference to FIG. 24 may be configured as shown in FIG. FIG. 28 shows an example in which the same structure as in FIG. 24 is recorded in another format. The secret parameter (SP) number can be substituted with the block number of the conversion table block, and [First SPN for FUT block] is defined by [First "Base in FUT block ()" defined in FIG. The value of “SPN for FixUpEntry”] can be substituted. Since ["Base SPN for FixUpEntry"] is not obfuscated by exclusive OR (XOR) with the secret parameter (SP) value, the value is checked even when there is no secret parameter (SP) value, and at random access, etc. Can be used to determine which conversion table block (FUTblock ()) is used. As described above, the table shown in FIG. 28 has a simpler structure than that of FIG. 24 and can provide the same information as the conversion table of FIG.

[4. Configuration of information processing apparatus]
Next, a hardware configuration example of an information processing apparatus that executes an application as a host will be described with reference to FIG. The information processing apparatus 800 includes a CPU 809 that executes data processing in accordance with various programs such as an OS, a content reproduction or recording application program, and a mutual authentication processing program, a ROM 808 as a storage area for programs, parameters, and the like, a memory 810, and a digital signal Input / output I / F 802, an analog signal input / output I / F 804 having an A / D / D / A converter 805, MPEG data encoding / decoding processing MPEG codec 803, TS ( TS / PS processing means 806 for executing Transport Stream) / PS (Program Stream) processing, encryption processing means 807 for executing various encryption processing such as mutual authentication and decryption processing of encrypted content, recording medium 812 such as a hard disk, recording Drive media 812, re-record data It has a drive 811 for performing input and output of signals, each block being connected to a bus 801.

  The information processing apparatus (host) 800 is connected to the drive by a connection bus such as ATAPI-BUS. A conversion table, content, and the like are input / output via the digital signal input / output I / F 802. The encryption process and the decryption process are executed by the encryption processing unit 807 by applying, for example, an AES algorithm.

  Note that a program for executing content reproduction or recording processing is stored in, for example, the ROM 808, and a memory 810 is used as a parameter, data storage, and work area as needed during execution of the program.

  The ROM 808 or the recording medium 812 stores, for example, a management center public key, a host-compatible secret key, a host-compatible public key certificate, and a drive CRL as a revocation list.

  For content playback or external output, apply a data conversion processing program obtained from an information recording medium to decrypt encrypted content, restore conversion tables, write conversion data based on conversion table storage data, etc. The processing according to the processing sequence of the processing examples 1 to 8 described above is executed.

[5. Information recording medium manufacturing apparatus and information recording medium]
Next, an information recording medium manufacturing apparatus and an information recording medium will be described. That is, an information recording medium manufacturing apparatus, method, and information recording medium applied in the above-described content reproduction process will be described.

The information recording medium manufacturing apparatus is an apparatus that manufactures the information recording medium 100 that stores the recording data described above with reference to FIG.
The information recording medium manufacturing apparatus
A conversion table that includes content including broken data different from the legitimate content configuration data, and conversion data that is legitimate content configuration data to be replaced with the broken data, and records setting position information for the content of the conversion data; and a conversion table A data processing unit that generates a data conversion processing program including a replacement processing execution instruction for content configuration data to which
Content including broken data, a conversion table, a data recording unit for recording a data conversion processing program on an information recording medium,
Have

  The data processing unit in one embodiment of the information recording medium manufacturing apparatus is configured to execute generation of a conversion table in which conversion data to be selectively applied is set based on identification information of the content playback apparatus or the content playback application. The data recording unit executes conversion table recording processing including conversion data to be selectively applied based on the identification information. In addition, the data processing unit in the information recording medium manufacturing apparatus obfuscates an arithmetic process or a cryptographic process in which different parameters are applied to each partial conversion table data in which conversion data corresponding to only partial content data of the content is recorded. The converted conversion table is generated, and the data recording unit executes the obfuscated conversion table recording process.

  Further, the data processing unit in one embodiment of the information recording medium manufacturing apparatus generates content data in which obfuscated conversion tables are scattered and arranged in a stream packet having content including broken data as configuration data. The data recording unit executes a recording process of content data arranged by interspersing the obfuscated conversion table.

Such an information recording medium generated by the manufacturing apparatus is as described with reference to FIG.
(A) content including broken data different from legitimate content configuration data;
(B) a conversion table having conversion data that is legitimate content configuration data to be replaced with broken data, and recording setting position information for the content of the conversion data;
(C) A data conversion processing program including a content processing data replacement processing execution instruction to which the conversion table is applied,
The information recording medium is stored as recording data.

In one embodiment, the conversion table recorded on the information recording medium includes conversion data that is a part of the content data to be replaced, a conversion table that records setting position information for the content of the conversion data, and a conversion table. The data conversion processing program including the content processing data replacement processing execution instruction to which is applied is stored as recorded data, and the registration information of the conversion table is
(P) registration information regarding conversion data for converting broken data into legitimate content data, or
(Q) registration information regarding conversion data with an identification mark for embedding identification information of a playback device or content playback application,
It has a type identifier for identifying which of the registration information (p) and (q).

  Further, when the registration information of the conversion table is registration information regarding conversion data with an identification mark for embedding the identification information of the playback device or content playback application, the content playback device or content playback is further added as the table registration information. The conversion data to be selectively applied based on the application identification information is included. Further, the conversion table is set to include position information of bits to be referred for determining the processing mode in the identification information of the playback device or playback application composed of a plurality of bits.

  As described above, as one embodiment, the conversion table is an arithmetic process or an encryption process in which different parameters are applied to each partial conversion table data in which conversion data corresponding to only part of the content configuration data is recorded. For example, the obfuscated conversion tables are interspersed and stored in the stream packet having the content including the broken data recorded on the information recording medium as the constituent data.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the configuration of the embodiment of the present invention, the content including the broken data different from the valid content configuration data is recorded on the information recording medium, and the valid content configuration to be replaced with the broken data is further recorded. Data conversion data and a conversion table in which setting position information for the content of the conversion data is recorded are stored in an information recording medium, and content configuration data according to the conversion table recorded in the information recording medium during content playback processing Is converted to converted data, so even if the encryption key corresponding to the encrypted content recorded on the information recording medium is leaked, the content is played back on the device that cannot acquire the converted data. And unauthorized use of the content is prevented.

  In addition, according to the configuration of the embodiment of the present invention, the conversion data including the data that can analyze the constituent bits of the identification information that can identify the content reproduction device or the content reproduction application is applied as the conversion data. Even if illegal contents are leaked, it is possible to identify the source of illegal contents by analyzing the conversion data.

  In addition, according to the configuration of the embodiment of the present invention, since the calculation process or the encryption process using different parameters is set for each divided table obtained by dividing the conversion table storing the conversion data, Even when parameter leakage occurs, only a part of the content is allowed to be reproduced, and the possibility of leakage of the entire content can be reduced.

100 Information recording medium 101 Encrypted content 102 MKB
103 Title Key File 104 License Information 105 Conversion Table 106 Data Conversion Processing Program 120 Drive 121 Data Processing Unit 122 Memory 150 Host 151 Data Processing Unit 152 Memory a
153 Decoding processing unit 154 Data conversion processing unit 155 Decoding processing unit 156 Memory b
210 Index 220 Movie object 230 Playlist 240 Clip 261, 262, 263 AV stream 271, 272 Content management unit (CPS unit)
281 Data section 310 Information recording medium 311 MKB
312 Title key file 313 Encrypted content 314 Conversion table 315 Data conversion processing program 330 Drive 350 Host 351 Device key 352 Track buffer 353 Plain text TS buffer 354 Event handler 355 Player information 356 Secure VM
361 Real-time event handler 363 Partial table storage unit 364 Preload table storage unit 371 SP register 372 XORed table storage unit 391, 392 TS packet 394, 395 Packet having conversion data recording area 401 Track buffer storage data 402 Decoding result data 403 Broken data 404 Conversion data 405 Conversion data including identification mark 406 Conversion processed data 501, 502, 511, 512 Packet 800 Information processing device 801 Bus 802 Input / output I / F
803 MPEG codec 804 I / O I / F
805 A / D, D / A converter 806 TS / PS processing means 807 Cryptographic processing means 808 ROM
809 CPU
810 Memory 811 Drive 812 Recording medium

Claims (9)

An information recording medium having recording data,
Processing for replacing conversion data to be replaced with a part of the recorded data, a conversion table in which setting position information for the content of the conversion data is recorded, and content configuration data applying the conversion table executed on a playback device The data processing program used for
Store as recorded data,
The conversion table is
(1) registration information including the conversion data;
(2) The registration information is
(2a) registration information including conversion data for converting broken data into legitimate content data, or
(2b) registration information including conversion data for embedding identification information of a playback device or a content playback application,
A type identifier that identifies
(3) A table in which replacement position information of conversion data is recorded,
By executing the data processing program in the playback device,
It is possible to change the execution mode of the process of acquiring the conversion table and replacing the content configuration data at the position of the replacement position information of the conversion data recorded in the conversion table with the conversion data according to the type identifier. Information recording medium. The data processing program is
The type identifier is registered information of the conversion table,
(2a) If the registration information includes conversion data for converting broken data into legitimate content data,
The program according to claim 1, wherein the program executes a process of replacing broken data different from valid content that is content configuration data with conversion data that is valid content data included in registration information of the conversion table. Information recording media. The data processing program is
The type identifier is registered information of the conversion table,
(2b) When the registration information includes conversion data for embedding the identification information of the playback device or content playback application,
A program for executing a process of replacing or not replacing a partial area of content, which is content configuration data, with conversion data included in registration information of the conversion table based on a configuration bit of identification information of a content playback device or content playback application The information recording medium according to claim 1, wherein the information recording medium is provided. The registration information further includes reference bit position information indicating a bit position to be referred to of configuration bits of identification information of the playback device or content playback application,
The data processing program is
The information recording medium according to claim 3, wherein the information recording medium is a program that executes a process of determining whether or not to execute a replacement process using conversion data according to a value of a bit position indicated by the reference bit position information. The data processing program is
An arithmetic process or an encryption process applying different parameters to each partial conversion table data in which conversion data corresponding to only a part of the content data is recorded, and obtaining conversion data as replacement data The information recording medium according to claim 1, wherein the information recording medium is a program to be executed. The data processing program is
A program that executes an exclusive OR operation process that applies different parameters in a predetermined reproduction unit to a plurality of conversion data included in the one or more conversion tables, and executes an acquisition process of conversion data that is replacement data The information recording medium according to claim 1, wherein the information recording medium is provided. The data processing program is
The calculation processing of the different parameters is executed as intermittent processing synchronized with content reproduction or external output,
7. The information recording according to claim 5, wherein the information recording is a program for acquiring conversion data corresponding to different content configuration data by arithmetic processing or encryption processing based on different parameters to be calculated sequentially and intermittently. Medium. The data processing program is
The division conversion table distributed and recorded in the content configuration packet is sequentially obtained, and conversion data that is replacement data corresponding to only part of the content configuration data is converted from the division conversion table, and the conversion data The information recording medium according to claim 1, wherein the information recording medium is a program for executing a process of acquiring the recording position information. Content structure to which conversion data to be replaced of a part of content configuration data constituting content, a conversion table in which setting position information for the content of the conversion data is recorded, and the conversion table executed on the playback device are applied Data including a data processing program used for data replacement processing,
The conversion table is
(1) registration information including the conversion data;
(2) The registration information is
(2a) registration information including conversion data for converting broken data into legitimate content data, or
(2b) registration information including conversion data for embedding identification information of a playback device or a content playback application,
A type identifier that identifies
(3) A table in which replacement position information of conversion data is recorded,
By executing the data processing program in the information processing apparatus,
It is possible to change the execution mode of the process of acquiring the conversion table and replacing the content configuration data at the position of the replacement position information of the conversion data recorded in the conversion table with the conversion data according to the type identifier. Data.

Images