JP2012085320A - Information processor, information processing method, and computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a configuration for performing rigorous validity check of a player to execute processing of a content code.SOLUTION: A secure VM executing content reproduction acquires a content code recorded on an information recording medium, and executes processing, e.g. security check according to the content code, conversion of content data, embedding of player information in the content. Furthermore, the secure VM executes digital signature generation processing by applying a secret key set for each player to the configuration data of a content code, and executes verification processing for the digital signature by applying a public key set for each player when the data processing program in the content code is executed.

Description

  The present invention relates to an information processing apparatus and method, and a computer program. Further, in detail, in the data processing using the content code recorded on the information recording medium together with the content as the content usage control program, it is ensured that an appropriate content code corresponding to each information processing apparatus or a player such as a reproduction application is obtained. The present invention relates to an information processing apparatus and method configured to be selected and executed, and a computer program.

  Various software data such as audio data such as music, image data such as movies, game programs, and various application programs (hereinafter referred to as “Content”) are recorded on a recording medium such as a blue laser using a blue laser. -It can be stored as digital data on a ray disc, DVD (Digital Versatile Disc), MD (Mini Disc), or CD (Compact Disc). In particular, a Blu-ray disc using a blue laser is a disc capable of high-density recording, and can record a large volume of video content as high-quality data.

  Digital contents are stored in these various information recording media (recording media) and provided to users. A user plays back and uses content on a playback device such as a personal computer (PC) or disc player.

  Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to adopt a configuration that restricts the use of the contents, that is, permits the use of the contents only to authorized users and prevents unauthorized copying or the like. It is the target.

  According to the digital recording device and the recording medium, for example, recording and reproduction can be repeated without deteriorating images and sound, and illegally copied content is distributed via the Internet, and the content is copied to a CD-R or the like. Problems such as the distribution of so-called pirated discs and the use of copy contents stored on hard disks such as PCs have become widespread.

  A large-capacity recording medium such as a DVD or a recording medium using a blue laser that has been developed in recent years can record a large amount of data, for example, one movie to several movies as digital information on one medium. Is possible. As video information and the like can be recorded as digital information in this way, it is an increasingly important issue to prevent unauthorized copying and to protect the copyright holder. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been put into practical use.

  One technique for protecting the copyright holder by preventing unauthorized copying of content is content encryption processing. However, even if the content is encrypted, if an encryption key leaks, the content that has been decrypted illegally will flow out. As a prior art that discloses one configuration for solving such a problem, there is a configuration described in Patent Document 1. Patent Document 1 discloses a configuration in which unauthorized reproduction of content is prevented by recording part of the content replaced with dummy data.

  When reproducing the content in which the content is replaced with dummy data, it is necessary to replace the dummy data with normal content data again. This data conversion processing needs to be performed without causing leakage of normal content to the outside, and it is preferable to prevent leakage of processing information such as the arrangement position of dummy data and a conversion method.

  As described above, when playing back content, it is necessary to execute content decryption processing, data conversion processing, and the like, and an information processing apparatus or playback (player) program that intends to use the content must have a valid license. There may be a case where a security check such as a legitimacy confirmation process such as a received device or program is performed. Such data processing is performed by executing a content code recorded on an information recording medium together with the content as a content usage control program. An example of content use processing using a content code is described in Patent Document 1, for example.

  The content code is set as a file independent of the content and is recorded on the information recording medium. Accordingly, it is possible to perform a process of moving only the content code to another information recording medium or a process of copying. If a content code is leaked, illegally distributed, and illegally used, many contents may be illegally reproduced and used, which may cause great damage.

  In addition, it is assumed that devices and applications of various manufacturers are applied as devices and applications for executing content reproduction. However, when performing security checks and data conversion processing using content codes, there are various types of devices and applications. Select the appropriate content code that is compatible with players such as devices and applications from different manufacturers, perform security checks in accordance with the respective sequences, and perform a unique data conversion process corresponding to the player It is preferable. In particular, in data conversion, there is a case where processing for embedding player identification information in content is performed, and there is a problem in that embedding of correct player identification information is not executed if a correct content code corresponding to the player is not selected. .

JP 2002-311998 A

  The present invention has been made in view of such a situation, and realizes a strict management configuration of a content code recorded on an information recording medium together with content as a content usage control program, and data processing using the content code An object of the present invention is to provide an information processing apparatus, method, and computer program configured to surely select and execute an appropriate content code corresponding to each information processing apparatus and a player such as a reproduction application. It is.

The first aspect of the present invention is:
An information processing device,
A data processing unit that acquires a content code including a data processing program recorded in the information recording medium, stores the acquired content code in the first memory, and executes data processing according to the content code;
A second memory that stores a public key and a secret key that are set in correspondence with a player that is a content-use application executed in the information processing apparatus;
The data processing unit
Executing digital signature generation processing applying the secret key to the configuration data of the content code stored in the first memory;
Furthermore, the information processing apparatus executes a verification process using the public key for the digital signature when the data processing program in the content code is executed.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the data processing unit decrypts at least part of the configuration data of the content code by applying an encryption key acquired from the second memory, and the result of the decryption In this configuration, data processing according to the acquired content code is executed.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the content code includes a security check code corresponding to the information processing apparatus, and the data processing unit executes a security check process based on the content code. It is characterized by being.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the data processing unit acquires a player certificate storing the public key from the second memory, and executes a validity verification process of the player certificate. On the condition that the validity is confirmed, identification information corresponding to the information processing apparatus or the content use application is acquired from the record information of the player certificate, and the content code to be processed is selected according to the acquired information It is the structure which performs a process.

Furthermore, the second aspect of the present invention provides
An information processing method executed in an information processing apparatus,
The information processing apparatus has a second memory that is set in correspondence with a player that is a content use application executed in the information processing apparatus and stores a public key and a secret key;
A data processing unit of the information processing apparatus;
A process of acquiring a content code including a data processing program recorded in the information recording medium and storing the acquired content code in the first memory;
A digital signature generation process in which the secret key is applied to the configuration data of the content code stored in the first memory;
Further, the present invention is an information processing method for executing a verification process using the public key for the digital signature when executing a data processing program in the content code.

Furthermore, the third aspect of the present invention provides
A program for executing information processing in an information processing apparatus;
The information processing apparatus has a second memory that is set in correspondence with a player that is a content use application executed in the information processing apparatus and stores a public key and a secret key;
The program is stored in the data processing unit of the information processing apparatus.
A process of acquiring a content code including a data processing program recorded in the information recording medium and storing the acquired content code in the first memory;
A digital signature generation process in which the secret key is applied to the configuration data of the content code stored in the first memory;
Furthermore, when executing the data processing program in the content code, there is a program for executing a verification process using the public key for the digital signature.

  The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format to a computer system capable of executing various program codes, such as a CD, FD, or MO. It is a computer program that can be provided by a recording medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

According to the configuration of one embodiment of the present invention, a configuration for executing content code execution processing based on strict player validity confirmation is realized.
Specifically, the configuration of the content code in the configuration in which the content code recorded in the information recording medium is acquired and processing such as security check according to the content code, conversion of content data, and embedding of the player information in the content is executed. A digital signature generation process using a player-compatible secret key is executed for the data, and a verification process using a player-compatible public key for the digital signature is executed when the data processing program in the content code is executed. The configuration.
With this configuration, a configuration for executing content code execution processing based on strict player legitimacy confirmation is realized.

It is a figure explaining the structure and process of the storage data of an information recording medium, a drive apparatus, and information processing apparatus. It is a figure explaining the example of a setting of the content management unit set with respect to the storage content of an information recording medium. It is a figure explaining a response | compatibility with the content management unit and unit key set with respect to the storage content of an information recording medium. It is a figure explaining the data recorded on the information recording medium, and the data conversion process required in content reproduction. It is a figure explaining the process example of a content reproduction process. It is a figure explaining the data conversion process performed in the case of content reproduction. It is a figure which shows the directory structure of the data recorded on an information recording medium. It is a figure which shows the directory structure of the content, management data, etc. which are recorded on an information recording medium. It is a figure which shows the directory structure of the content code recorded on an information recording medium. It is a figure explaining the detail of the production | generation of a content code recorded on an information recording medium, and a recording process. It is a figure explaining the example of a data structure of a player certificate. It is a figure explaining the example of a setting of the encryption key distributed with respect to a player. It is a figure explaining the production | generation process of the content code stored in an information recording medium, and an encryption process structure. It is a figure explaining the production | generation process of the content code stored in an information recording medium, and an encryption process structure. It is a figure explaining the utilization processing sequence of the content code in an information processing apparatus. It is a figure explaining the utilization processing sequence of the content code in an information processing apparatus. It is a figure explaining the example of a setting of the encryption key distributed with respect to a player. It is a figure explaining the example of a setting of the encryption key distributed with respect to a player. FIG. 10 is a diagram illustrating a flowchart for explaining an execution sequence of processing accompanying content reproduction in the information processing apparatus. FIG. 25 is a diagram for describing an example hardware configuration of an information processing device. It is a block diagram explaining the structure of an information recording medium manufacturing apparatus.

Details of the information processing apparatus, method, and computer program of the present invention will be described below with reference to the drawings. The description will be made according to the following description items.
1. 1. Outline of data stored in information recording medium and processing in drive and host 2. Content management unit (CPS unit) 4. Outline of data structure and data conversion processing of content including modified data 4. Content reproduction processing Processing applying security check code 6. 6. Encryption key distribution configuration for information processing device and content code encryption and usage processing configuration Configuration of information processing apparatus 8. Information recording medium manufacturing apparatus and information recording medium

[1. Overview of data stored in information recording medium and processing in drive and host]
First, data stored in the information recording medium and an outline of processing in the drive and the host will be described. FIG. 1 shows the configuration of the information recording medium 100, the drive 120, and the host 140 in which content is stored. The host 140 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and performs processing using hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence.

  The information recording medium 100 is, for example, an information recording medium such as a Blu-ray disc, a DVD, and the like, which is a legitimate content manufactured at a disc manufacturing factory with the permission of a so-called content right holder having a copyright or distribution right An information recording medium (ROM disk or the like) storing various contents or an information recording medium (RE disk or the like) capable of recording data. In the following embodiments, a disk-type medium will be described as an example of the information recording medium. However, the present invention can be applied to configurations using information recording media of various modes.

  As shown in FIG. 1, an information recording medium 100 includes an encrypted content 101 that has been subjected to encryption processing and partial data replacement processing, and a tree-structured key distribution method known as one aspect of the broadcast encryption method. MKB (Media Key Block) 102 as an encryption key block generated based on the content key, title key file 103 composed of data (Encrypted CPS Unit Key) encrypted title key applied to content decryption processing, etc. The license information 104 including CCI (Copy Control Information) as copy / playback control information and the content code 105 including the data processing program executed when the encrypted content 101 is used are stored.

  The content code 105 includes a conversion table (Fix-up Table) 106 in which conversion data corresponding to replacement data of a predetermined area in the content is registered. Further, the validity of the player (playback apparatus) that executes content playback is included. A security check code 107 configured by a program for verifying the above and the like is included.

  The information processing apparatus that executes content playback first executes verification processing such as the validity of the player (playback device) in accordance with the security check code 107 included in the content code 105. In accordance with the included data conversion processing program, the conversion data recorded in the conversion table (Fix-up Table) 106 included in the content code 105 is extracted, and the content configuration data replacement processing is performed.

  Note that the conversion table (Fix-up Table) 106 and the security check code 107 have various types of processing in accordance with various playback devices and playback application types, that is, security check processing and conversion processing. Contains types of code. For example, a security check code and conversion table corresponding to a player made by company A, a security check code corresponding to a player made by company B, a conversion table, and the like. A player who intends to use the content selects a security check code or conversion table corresponding to his / her player from these security chuck codes and conversion tables, and executes processing.

  As described above, the content code 105 includes information and programs for executing various processes such as a startup process and a security check process in addition to the conversion process program to which the conversion data is applied. Details of the content code will be described in detail later. Note that the information storage medium stored data example shown in the figure is an example, and the stored data is slightly different depending on the type of the disk. Hereinafter, an overview of these various types of information will be described.

(1) Encrypted content 101
Various contents are stored in the information recording medium 100. For example, it consists of an AV (Audio Visual) stream of moving image content such as HD (High Definition) movie content which is high-definition moving image data, a game program of a format defined by a specific standard, an image file, audio data, text data, etc. Content. These contents are specific AV format standard data and are stored according to a specific AV data format. Specifically, for example, it is stored as Blu-ray disc ROM standard data according to the Blu-ray disc ROM standard format.

  Furthermore, for example, a game program as service data, an image file, audio data, text data, or the like may be stored. These contents may be stored as data having a data format that does not conform to a specific AV data format.

  The content types include various contents such as music data, image data such as moving images and still images, game programs, and WEB contents, and these contents can be used only by data from the information recording medium 100. Various types of information such as content information that can be used in combination with content information, data from the information recording medium 100, and data provided from a network-connected server are included. The content stored in the information recording medium is encrypted by assigning a different key (CPS unit key or unit key (or sometimes called a title key)) to each divided content in order to realize different usage control for each divided content. And stored. A unit for assigning one unit key is called a content management unit (CPS unit). Furthermore, the content is set as broken data in which a part of the configuration data is replaced with data different from the correct content data. The correct content playback is not executed only by the decryption process. If playback is performed, the broken data is converted. Processing to replace the data registered in the table is required. These processes will be described in detail later.

(2) MKB
An MKB (Media Key Block) 102 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method. The MKB 102 can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. This is a key information block. This is an application of an information distribution method in accordance with a so-called hierarchical tree structure, which makes it possible to acquire and invalidate a media key [Km] only when the user device (information processing apparatus) has a valid license. In the revoked user device, the media key [Km] cannot be acquired.

  The management center as a license entity cannot be decrypted with a device key stored in a specific user device due to a change in the device key used for encrypting key information stored in the MKB, that is, a media key necessary for content decryption cannot be obtained. An MKB having a configuration can be generated. Accordingly, it is possible to provide an encrypted content that can be decrypted only to a device having a valid license by removing (revoking) an unauthorized device at an arbitrary timing. The content decryption process will be described later.

(3) Title Key File As described above, each content or a set of a plurality of contents is encrypted by applying an individual encryption key (title key (CPS unit key)) for content usage management. It is stored in the recording medium 100. That is, AV (Audio Visual) stream, image data such as music data, moving image, still image, game program, WEB content, etc. constituting the content are divided into units as management units for content use. It is necessary to generate a different title key and perform decryption processing. Information for generating the title key is title key data. For example, the title key is obtained by decrypting the encrypted title key with a key generated by a media key or the like. In accordance with a predetermined encryption key generation sequence to which the title key data is applied, a title key corresponding to each unit is generated and the content is decrypted.

(4) Use Permission Information The use permission information includes, for example, copy / playback control information (CCI). That is, the copy restriction information for use control corresponding to the encrypted content 101 stored in the information recording medium 100 and the reproduction restriction information. This copy / playback control information (CCI) can be set in various ways, for example, when it is set as individual CPS unit information set as a content management unit, or when it is set corresponding to a plurality of CPS units. is there.

(5) Content code The content code 105 includes a conversion table (Fix-up Table) 106 in which conversion data corresponding to replacement data of a predetermined area in the content is registered, and legitimacy of a player (playback apparatus) that executes content playback. A security check code 107 which is a program for verifying the above is included.

  As described above, the conversion table and the security check code include various types of codes in order to enable processing according to the types of players as various playback devices. A player who intends to use the content selects a security chuck code or a conversion table corresponding to his / her player and executes a security check process and a data conversion process.

  A host as a playback application of a playback device that executes content playback sets a virtual machine (VM) that executes data conversion processing, and in the virtual machine (VM), a security check is performed according to the content code read from the information recording medium 100. Processing and data conversion processing are executed, and a registered entry of the conversion table (Fix-up Table) 106 is applied to execute data conversion processing of partial configuration data of content.

  The encrypted content 101 stored in the information recording medium 100 is subjected to predetermined encryption, and part of the content configuration data is composed of broken data different from correct data. When reproducing the content, a data overwriting process is required to replace the broken data with conversion data that is correct content data. A table in which the conversion data is registered is a conversion table (Fix-up Table) 106. A large number of pieces of broken data are scattered and set in the content, and when reproducing the content, it is necessary to replace (overwrite) the plurality of broken data with the conversion data registered in the conversion table. By applying this conversion data, for example, even when the encryption key is leaked and the content is decrypted illegally, the content cannot be reproduced by the presence of the replacement data only by decrypting the content. Unauthorized use of content can be prevented.

  The conversion table 106 includes conversion data (Forensic Mark) including data that enables analysis of the constituent bits of identification information that can identify the content playback apparatus or the content playback application, in addition to normal conversion data. Specifically, for example, “conversion data including identification marks (Forensic Mark)” in which identification information generated based on a player ID or player ID as identification data of a player (a device that executes a host application) is recorded. Is included. The conversion data including the identification mark is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content.

  The content code 105 includes information and programs for executing various processes such as a startup process and a security check process in addition to the data conversion process program to which the conversion table 106 is applied. Details of the content code will be described in detail later.

  Next, configurations of the host 140 and the drive 120 and an outline of processing will be described with reference to FIG. The reproduction process of the content stored in the information recording medium 100 is executed by transferring data to the host 140 via the drive 120.

  A reproduction (player) application 150 and a secure VM 160 are set in the host 140. The reproduction (player) application 150 is a content reproduction processing unit, and executes processing such as authentication processing with a drive, content decoding, and decoding processing executed in the content reproduction processing.

  The secure VM 160 executes processing to which the content code 105 is applied. The content code 105 includes a conversion table 106 and a security check code 107. The secure VM 160 selects the security check code 107 corresponding to its own player, executes security check processing, and further stores the conversion table 106. Execute replacement processing of partial data of used content. The secure VM 160 is set as a virtual machine in the host 140. A virtual machine (VM) is a virtual computer that directly interprets and executes an intermediate language, reads instruction code information in an intermediate language independent of the platform from the information recording medium 100, and interprets and executes it.

  The secure VM 160 is a data processing unit that acquires a content code 105 including a program or application information applied to use of the encrypted content 101 recorded on the information recording medium 100 and executes data processing according to the acquired content code 105. Function.

  The secure VM 160 acquires player information from the memory b161, which is a memory accessible by the secure VM, and selects and executes a content code corresponding to the player information from the information recording medium. A part of the content code is set as encrypted data, and an encryption key (node key) for decrypting the encrypted data is stored in the memory b161. The secure VM 160 applies the key selected from the memory b 161 and executes content code decryption processing.

  In the memory b161, an encryption key including a node key set corresponding to each node on the route from the leaf as the lowest layer node associated with the information processing device to the vertex node in the key tree having a hierarchical structure Stores the set. The secure VM 160 selects a node key from the memory b 161 according to the key designation information corresponding to the content code, and applies the selected key to execute the decryption process of the content code. Details of the encryption key set stored in the memory b161 and details of processing executed by the secure VM 160 will be described later.

  An information transmission or processing request between the playback (player) application 150 and the secure VM 160 includes an interrupt (INTRP) from the playback (player) application 150 to the secure VM 160, and a response (Call) from the secure VM 160 to the playback (player) application 150. It is executed by a sequence of processing. This is performed by a sequence of an interrupt (INTRP) from the application 150 to the secure VM 160 and a response (Call) process from the secure VM 160 to the playback (player) application 150.

  The main processing executed by the host 140 will be described. Prior to the use of the content, mutual authentication processing is executed between the drive 120 and the host 140. After the validity of both is confirmed by the establishment of this authentication processing, the encrypted content is transferred from the drive to the host, and the host side Then, the content is decrypted, and further the data conversion processing based on the above-described conversion table is executed to reproduce the content.

  The data processing unit 121 of the drive 120 executes authentication processing with the host that is executed when the content is used, data reading from the information recording medium, data transfer processing to the host, and the like.

  The reproduction (play or application) application 150 of the host 140 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and uses hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence. Perform the process.

  The host 140 includes a data processing unit 151 that performs mutual authentication processing with the drive 120, data transfer control, and the like, a decryption processing unit 153 that performs decryption processing of the encrypted content, and data based on the registration data of the conversion table 105 described above. A data conversion processing unit 154 that executes conversion processing and a decoding processing unit 155 that executes decoding (for example, MPEG decoding) processing are included.

  The decryption processing unit 153 applies various information stored in the memory a 156 and data read from the information recording medium 100, generates a key to be applied to content decryption, and executes decryption processing of the encrypted content 101. To do. The data conversion processing unit 154 applies the conversion data registered in the conversion table acquired from the information recording medium 100 according to the data conversion processing program acquired from the information recording medium 100, and replaces the content configuration data (overwrite) ). The decoding processing unit 155 executes decoding (for example, MPEG decoding) processing.

  The memory a156 of the information processing apparatus 150 stores a device key: Kd, key information applied to mutual authentication processing, key information applied to decryption, and the like. The details of the content decryption process will be described later. The device key: Kd is a key applied to the MKB process described above. The MKB can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. When decrypting the encrypted content, the information processing apparatus 150 executes the MKB process by applying the device key: Kd stored in the memory a156. The details of the content decryption process will be described later.

[2. About content management unit (CPS unit)]
As described above, the content stored in the information recording medium is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. That is, the content is divided into content management units (CPS units), subjected to individual encryption processing, and individual usage management.

  When using content, it is necessary to obtain a CPS unit key (also referred to as a title key) assigned to each unit. In addition, other necessary keys, key generation information, etc. are applied in advance. Playback is performed by executing data processing based on the decoding processing sequence. A setting mode of the content management unit (CPS unit) will be described with reference to FIG.

  As shown in FIG. 2, the content has a hierarchical structure of (A) an index 210, (B) a movie object 220, (C) a playlist 230, and (D) a clip 240. When an index such as a title accessed by the playback application is specified, for example, a playback program associated with the title is specified, and a playlist that defines the playback order of contents is selected according to the program information of the specified playback program.

  The play list includes play items as reproduction target data information. The AV stream or the command as the actual content data is selectively read out by the clip information as the playback section defined by the play item included in the playlist, and the AV stream playback and command execution processing are performed. There are a large number of playlists and play items, and a playlist ID and play item ID as identification information are associated with each.

  FIG. 2 shows two CPS units. These constitute a part of the content stored in the information recording medium. Each of CPS units 1 and 271 and CPS units 2 and 272 is set as a unit including a clip including a title as an index, a movie object as a playback program file, a playlist, and an AV stream file as content actual data. CPS unit.

  The content management units (CPS units) 1 and 271 include titles 1 and 211 and titles 2 212, playback programs 221 and 222, playlists 231 and 232, clips 241 and clips 242, and these two clips 241. , 242, AV stream data files 261, 262, which are actual data of content, are at least encryption target data, and in principle are encryption keys set in association with the content management units (CPS units) 1, 271. Is set as data encrypted by applying a title key (Kt1) (also called a CPS unit key).

  The content management units (CPS units) 2, 272 include applications 1, 213, a playback program 224, a playlist 233, and a clip 243 as indexes, and an AV stream data file 263 that is actual data of the content included in the clip 243. Is encrypted by applying a title key (Kt2) that is an encryption key that is an encryption key set in association with the content management units (CPS units) 2 and 272.

  For example, in order for the user to execute an application file or content reproduction process corresponding to the content management units 1 and 271, a title key as an encryption key set in association with the content management units (CPS units) 1 and 271: It is necessary to acquire Kt1 and execute the decoding process. In order to execute the application file or content reproduction process corresponding to the content management unit 2 272, the title key: Kt 2 as an encryption key set in association with the content management unit (CPS unit) 2 272 is acquired. Therefore, it is necessary to execute the decoding process.

  FIG. 3 shows a setting configuration of the CPS unit and a correspondence example of title keys. FIG. 3 shows a correspondence between CPS unit setting units as usage management units of encrypted content stored in the information recording medium and title keys (CPS unit keys) applied to each CPS unit. It is also possible to store and set a CPS unit for subsequent data and a title key in advance. For example, the data portion 281 is an entry for subsequent data.

  There are various CPS unit setting units such as content titles, applications, data groups, and the like, and a CPS unit ID as an identifier corresponding to each CPS unit is set in the CPS unit management table.

  In FIG. 3, for example, title 1 is CPS unit 1, and when decrypting encrypted content belonging to CPS unit 1, it is necessary to generate title key Kt1 and perform decryption processing based on the generated title key Kt1. .

  As described above, the content stored in the information recording medium 100 is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. For individual usage management for each content management unit (CPS unit), usage permission information (UR: Usage Rule) for each content management unit (CPS unit) is set. As described above, the use permission information is information including, for example, copy / reproduction control information (CCI) for content, and copy restriction information and reproduction restriction information of encrypted content included in each content management unit (CPS unit). It is.

  Note that the generation of the title key requires data processing using various information stored in the information recording medium. Specific examples of these processes will be described in detail later.

[3. Overview of content data structure including transformation data and data conversion process]
Next, the configuration of content including deformation data and an outline of data conversion processing will be described. As described above, the encrypted content 101 included in the information recording medium 100 is set as broken data in which a part of the configuration data is replaced with data different from the correct content data, and correct content reproduction is executed only by the decryption process. However, when playing back, it is necessary to replace the broken data with the conversion data registered in the conversion table.

  With reference to FIG. 4, an outline of a configuration of content stored in the information recording medium and reproduction processing will be described. The information recording medium 100 stores AV (Audio Visual) content such as a movie. These contents are encrypted and can be reproduced after being decrypted by a process using an encryption key that can be obtained only by a reproducing apparatus having a predetermined license. Specific content reproduction processing will be described later. The content stored in the information recording medium 100 has not only encryption but also a configuration in which content configuration data is replaced with modified data.

  FIG. 4 shows a configuration example of the recorded content 291 stored in the information recording medium 100. The recorded content 291 includes normal content data 292 that is not deformed and broken data 293 that is content that has been deformed and destroyed. Broken data 293 is data in which the original content is destroyed by data processing. Therefore, normal content reproduction cannot be performed by applying the content 291 including the broken data.

  In order to perform content playback, it is necessary to generate the playback content 296 by performing processing for replacing the broken data 293 included in the recorded content 291 with normal content data. Data for conversion (conversion data) as normal content data corresponding to each broken data area is converted into a conversion table (FUT (Fix-Up Table)) 106 in the content code 105 recorded in the information recording medium 100 (FIG. 1), conversion data is acquired from the conversion entry 295 registered in (1), and the process of replacing the data in the broken data area is executed to generate playback content 296 and execute playback.

  When generating the playback content 296, in addition to the process of replacing the broken data 293 with the conversion data 297 as normal content data, a part of the recorded content 291 can be identified by the content playback device or the content playback application. A process of replacing the constituent bits of the identification information (for example, player ID) with identifier setting conversion data 298 including data (Forensic Mark) that can be analyzed is performed. For example, when illegally copied content is leaked, it is possible to identify the source of illegal content by analyzing the identifier setting conversion data 298 in the leaked content.

  Note that the conversion entries as the configuration data of the conversion table including the conversion data may be distributed and recorded in a specific packet in the content configuration data. That is, the conversion data is stored in the conversion table 106 shown in FIG. 1 and is also distributed and recorded in the encrypted content 101 and is recorded in duplicate. Whether the information processing apparatus that executes content reproduction acquires the conversion data stored in the conversion table 106 and executes data replacement, or whether the distribution is recorded in the content and acquires the conversion entry to execute data replacement One of the processes is performed.

[4. Content playback processing]
Next, content reproduction processing executed by the host will be described with reference to FIG. In FIG. 5, the information recording medium 330 storing the encrypted content and the information recording medium 330 are set from the left, and the drive 340 for reading data is connected to the information recording medium 330 so as to be able to perform data communication with the drive. A host 345 that executes a playback application that acquires stored content via the drive 340 and executes playback processing is shown.

  The host 345 shown in FIG. 5 performs security based on a playback (player) application block 350 that executes content decryption, decoding, data conversion processing, and the like, and a security check code included in the content code recorded on the information recording medium. A secure VM 360 block having a secure VM 360 that executes a parameter calculation process applied to a check process and a conversion process based on a conversion table is shown separately.

  The information recording medium 330 includes an MKB (Media Key Block) 331, a title key file 332, an encrypted content 333, and a content code 334 as recording data. As described above with reference to FIG. 4, the encrypted content 333 is content that needs to be partially replaced with data acquired from the conversion table.

  The content code 334 includes a security check code 335 configured by a program for verifying the legitimacy of a player (playback apparatus) that executes content playback, and conversion data corresponding to replacement data of a predetermined area in the content. Is included in the conversion table (Fix-up Table) 336. The host 345 holds a device key 351 applied to MKB processing.

  A processing sequence in which the host 345 shown in FIG. 5 acquires and reproduces the stored content of the information recording medium 330 via the drive 340 will be described. First, prior to reading the content stored in the information recording medium 330, the host 345 and the drive 340 perform mutual authentication in step S101. This mutual authentication is a process for confirming whether the host and the drive are valid devices or application software. Various processes can be applied as the mutual authentication processing sequence. Through the mutual authentication process, the drive 340 and the host 345 share a session key (Ks) as a common secret key.

  In step S101, mutual authentication between the host drives is performed, and after sharing the session key (Ks), the playback (player) application 350 of the host 345 reads the MKB 331 recorded on the information recording medium 330 in step S102. The media key (Km) is acquired from the MKB by executing the process of the MKB 331 to which the device key 351 obtained by the drive and stored in the memory is applied.

  As described above, the MKB (Media Key Block) 331 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method, and is stored in a device having a valid license. This is a key information block that makes it possible to obtain a media key (Km), which is a key necessary for content decryption, only by processing (decryption) based on the device key (Kd).

  Next, in step S103, the title key file 332 read from the information recording medium 330 is decrypted by applying the media key (Km) obtained in the MKB process in step S102, and the title key (Kt) is obtained. To do. The title key file 332 stored in the information recording medium 330 is a file including data encrypted with a media key, and a title key (Kt) to be applied to content decryption can be acquired by processing using the media key. . For example, an AES encryption algorithm is applied to the decryption process in step S103.

  Next, the playback (player) application 350 of the host 345 reads the encrypted content 333 stored in the information recording medium 330 via the drive 340, stores the read content in the track buffer 352, and the buffer stored content. In step S104, decryption processing using the title key (Kt) is executed to obtain decrypted content.

  The decrypted content is stored in the plaintext TS buffer 353. (Plain TS) means a decrypted plaintext transport stream. Here, the decrypted content stored in the plaintext TS buffer 353 is content including the above-described broken data, and cannot be reproduced as it is, and it is necessary to perform predetermined data conversion (data replacement by overwriting).

  In step S105, the secure VM 361 executes a process of generating parameters and the like necessary for data conversion from the content code 334. Thereafter, in step S106, the table restoration & data conversion process is executed under the control of the real-time event handler 356. Under the control of the real-time event handler 356, the playback (player) application 350 outputs a parameter calculation request to the secure VM 361 as an interrupt (INTRP) in response to the switching of the segment as the content configuration data, and sequentially receives the parameters from the secure VM 361. Receiving, executing decoding or calculation of the conversion table block to acquire a plaintext conversion table block, and acquiring a conversion entry included in the acquired conversion table block.

The conversion entry contains conversion data, that is,
(A) Conversion data (b) Identifier setting conversion data (Forensic Mark)
The recording position designation information in the contents of the converted data is recorded, and in step S106, the reproduction (player) application 350 performs the data conversion process to be written in the designated position in real time in parallel with the content reproduction process or the external output process. Run as a process.

The secure VM 361 generates and outputs different parameters according to the content code, for example, applied to each segment as content configuration data. For example, when the parameter (SP1, SP2, SP3...) Is an exclusive OR (XOR) operation parameter with a conversion entry corresponding to a segment that is a predetermined content partial data unit, the table restoration processing in step S303 is as follows. ,
[Conversion entry 1] (XOR) [SP1],
[Conversion entry 2] (XOR) [SP2],
[Conversion entry 3] (XOR) [SP3],
::
These exclusive OR operations are executed to obtain conversion entries included in the conversion table block data. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

  In this way, the conversion entry included in the content 333 recorded on the information recording medium is stored by performing an exclusive OR operation with the parameters (SP1, SP2, SP3...). This parameter is sequentially acquired and output by the secure VM 361.

  In the table restoration & data conversion process in step S106, the conversion data is obtained from the restored conversion entry obtained by the operation applying the parameters (SP1, SP2, SP3...) Or the encryption process, and included in the content. Replace the broken data with the conversion data that is valid content configuration data, and execute the data overwrite process to replace the identifier setting conversion data with the partial data of the content, and change the data stored in the plaintext TS buffer 353 to the converted data To do. An outline of the data conversion process will be described with reference to FIG.

  The encrypted content 333 stored in the information recording medium is temporarily stored in the track buffer 352 on the host side. This is the track buffer storage data 401 shown in FIG. By decryption processing on the host side, decryption of the encrypted content as the track buffer storage data 401 is executed, and decryption result data is stored in the plaintext TS buffer 353. This is the decoding result data 402 shown in FIG.

  The decryption result data 402 includes broken data 403 that is not normal content configuration data. The host data conversion processing unit executes processing for replacing the broken data 403 with converted data 404 as correct content configuration data. This replacement process is executed, for example, as a rewrite (overwrite) process of a part of the data already written in the plaintext TS buffer 353.

  Further, the data conversion process executed by the host is not only the process of replacing the broken data with the conversion data which is normal content data, but also a part of the decryption result data 402 by the identifier setting conversion data 405 as shown in FIG. Execute processing to replace configuration data.

  The identifier is data that makes it possible to analyze the constituent bits of the identification information that makes it possible to identify the content playback apparatus or the content playback application as described above. Specifically, for example, configuration information of identification information (player ID) of an information processing apparatus as a player executing a host application, or an identification mark generated based on the player ID. The identifier setting conversion data is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content as described above.

  A large number of identifier setting conversion data 405 are set in the content, and for example, the player ID is determined by collecting and analyzing the plurality of identifier setting conversion data 405. The identifier setting conversion data 405 is data in which the constituent bits of normal content data are changed at a level that can be normally reproduced as content, and is data in which bits (identification mark constituent bits) can be determined by MPEG bitstream analysis.

  In the conversion table stored in the information recording medium, a large number of conversion data 404 and identifier setting conversion data 405 shown in FIG. 6 are registered, and the writing position information is also registered. By executing the data conversion process based on the conversion table storage information, the data stored in the plaintext TS buffer 353 is replaced with the converted data 406 shown in FIG.

  Thereafter, the converted TS (transport stream) is output to the outside via a network or the like and is played back on an external playback device. Alternatively, in step S107, conversion from the transport stream (TS) to the elementary stream (ES) is performed by processing by the demultiplexer, and further, decoding processing (step S108) is performed, and then via the display speaker. Played.

[5. Processing with security check code applied]
Prior to the start of the content reproduction process described above, the secure VM 361 performs a security check to which the security check code 335 in the content code 334 is applied. Note that the secure VM 361 further executes a security check to which the security check code 335 is applied even during the execution period of the content reproduction process as necessary.

  Under the control of the event handler 354, the secure VM 361 executes verification processing such as the validity of the player (playback device) according to the security check code 335 included in the content code 334. As described above, the conversion table (Fix-up Table) 336 and the security check code 335 are set to include various types of codes in order to execute processing according to the type of player as a playback device. It is said.

  The secure VM 361 acquires a player certificate (Player Certificate) stored in the storage unit of the playback device as the player information 355, player configuration information such as information about a port of the playback device, for example, a port of the playback device, and the like. The security check code corresponding to the player is selected from the security check codes 335 included in 334, and the security check process is executed. That is, at least one of identification information and attribute information corresponding to the information processing apparatus or the content use application is acquired as player information, a security check code corresponding to such player information is selected, and a security check based on the selected code is performed. Execute the process.

  As described above, when the content stored in the information recording medium is used, a security check is executed in the secure VM 361. In the security check in the secure VM 361, it is proved that the device is a legitimate device in which the use of the content is permitted, and after verifying based on the device configuration information that the illegal output of the content is not performed, the content Will be played.

  Such a security check may require different processing depending on the configuration of the playback device, the type of playback application, etc. For this reason, the security check code is a set of codes corresponding to various devices and applications. It is recorded in the content code.

  The recording mode of the content code in the information recording medium will be described with reference to the drawings. FIG. 7 is a diagram showing a directory structure of the entire data stored in the information recording medium. Data stored in the information recording medium is roughly divided into two types of data. One is a BDMV directory in which content related data including content management data, CPS unit key, content usage control information (CCI), content, etc. is set, and a BDSVM directory in which content codes including security check code, conversion table, etc. are set. Have

Detailed examples of these directories will be described with reference to FIGS. When content having the hierarchical structure described above with reference to FIG. 2 is stored in an information recording medium, various data or programs such as content codes are recorded as individual files, for example, as shown in FIG. It is stored in the information recording medium according to the directory setting.
(A) Index 210 in FIG. 2 is an index.bdmv file in the directory shown in FIG. 8 (B) Movie object 220 in FIG. 2 is a MovieObject.bdmv file in the directory shown in FIG. 8 (C) Playlist in FIG. 230 is a file under the PLAYLIST directory in the directory shown in FIG.
(D) The clip 240 in FIG. 2 corresponds to a pair of files under the CLIPINF directory and files under the STREAM directory having the same file number in the directory shown in FIG.
(E) In addition, an AUXDATA file storing audio data and font data, a META file storing metadata, a BDOJ file storing BD-J objects, and the like are stored in the information recording medium.

  As described above, the content stored in the information recording medium is set as broken data in which part of the content data is replaced with data different from the correct content data, and correct content playback is executed only by the decryption process. In the case of reproduction, it is necessary to replace broken data with data (conversion data) registered in the conversion table. In this replacement process, a content code stored in the information recording medium is applied, and a data conversion process using registration data of a conversion table (Fix-up Table) is executed.

  The conversion table and the content code including the security check code are also stored in the information recording medium as individual files. FIG. 9 shows the directory structure in which the content code is set. FIG. 9 shows a directory structure of content codes created for the AV content having the directory structure of FIG. 8, for example.

  As described above, the content code includes a security check code and a conversion table. As shown in FIG. 9, the content code stored in the information recording medium includes a plurality of individual files [nnnnn. svm]. Further, backup data as copy data is set in the BACKUP directory.

Each file of these content codes is, for example,
(A) Content code common to all contents & all players (device or playback application) (b) Content code specific to content (c) Content code specific to player (device or playback application) (d) Content & player (device or playback) App) It is classified into each category such as unique content code.

  By using the above category classifications (a) to (d), the content codes can be set as independent data files, and these content code files can be reused. In other words, it may be used in common for different contents and different players (devices or playback applications). Such a content code reuse configuration will be described with reference to FIG.

In FIG. 10, for example, content code files 601 to 604 are content code files held by each content code production entity or providing entity,
Content and player common content code file [00000. svm] 601,
Player-specific content code file [00001. svm] [00002. svm] 603,
Content-specific content code file [00003. svm] 602,
Content, player-specific content code file [00004. svm] 604,
These content code files are shown.

  These content code files 601 to 604 are given an electronic signature by each content code production entity or providing entity and stored in each entity.

  When producing an information recording medium in which new content is recorded, each entity can reuse these content code files 601 to 604 already used in other content recording information recording media.

  In order to prevent falsification of the content code, each content code file is provided to the management center, and an electronic signature is set and stored in the information recording medium 610 in the management center. The content code recorded on the information recording medium 610 is given an electronic signature by the management center (KIC) and a unique ID set by the management center. The content code 620 recorded on the information recording medium 610 includes a security check code 621 and a conversion table 622 as shown in the figure. As a specific directory structure, as shown in a directory structure 630, a content code generated by each entity is individually set.

  As described above, the content code can be reused corresponding to various contents, and an information recording medium is appropriately combined with a content code that needs to be changed according to each content and a reusable content code. Will be recorded.

Furthermore, as shown in FIG. 9, each content code file may be set according to the following classification.
Content code file [00000. svm]: code applied to discriminating player information content code file [00001. svm], [00002. svm]: a code selected according to the player information (for example, 00001.svm is a code for player A,
00002.svm is the code for player B)
Content code file [00003. svm]: Processing that does not depend on player information (for example, for a device that is released after the content is released, the default code described in 00003.svm is executed)

  As described above, different content codes classified into various types are stored in the information recording medium, and a player (playing device) that performs a security check using the content code has a security check code corresponding to his / her player. Select to perform a security check.

  The secure VM 361 shown in FIG. 5 selects a security check code corresponding to its own device and executes a security check process. In this case, the secure VM 361 inputs the player information 355 and performs security check processing using a security check code.

  The player information 355 includes, for example, a player certificate (Player Certificate) stored in the memory of the playback device, player configuration information such as information about a port of the playback device, and the like. Note that these types of information include various types of information such as information that the secure VM 361 can directly acquire from the memory, information that can be acquired by the playback application, and information that can be acquired by the OS.

  One of the security check processes executed by the secure VM is confirmation that the device has a valid player certificate. The player certificate is a certificate that proves the right to use the content, and is issued by a management entity that executes content management.

An example of the data structure of the player certificate is shown in FIG. As shown in FIG.
* Player certificate size,
* Certificate version,
* Player manufacturer identifier,
*Serial number,
* Signing date,
* Device (player) attribute information,
* Player public key,
*Electronic signature,
Have these data. In addition to these data, for example, a player model name, player model version information, and the like may be included.

  The secure VM 361 executes verification processing of the player certificate in accordance with the security check code read from the information recording medium, and after confirming the validity, can acquire information necessary for the subsequent security check from the certificate. it can. As a specific process, first, the secure VM 361 executes a player certificate signature verification process. For example, signature verification is executed by applying the public key of the management center that is the execution entity of the signature of the player certificate. The public key of the management center may be acquired in advance and stored in the memory of the device, or may be acquired from an information recording medium or acquired via a network.

  If the validity of the player certificate is not confirmed by the signature verification, the transition to the content reproduction with subsequent data conversion is stopped. When the validity of the player certificate is confirmed, a security check corresponding to the player is further executed. Basic player information such as the manufacturer can be obtained from the player certificate.

  In other words, the secure VM 361 executes the validity verification process of the player certificate, and on the condition that the validity is confirmed, the secure VM 361 uses the identification information corresponding to the information processing apparatus or the content use application from the record information of the player certificate. Processing for acquiring attribute information, that is, the manufacturer, type, version, serial number, etc. of the device or application is executed. Based on the acquired information, a security check code corresponding to the acquired information is selected, and a security check process based on the selected code is executed. Note that player information such as device configuration information required for the security check process is acquired by, for example, a playback application or secure VM information acquisition process.

[6. Encryption key distribution configuration for information processing device and content code encryption and usage processing configuration]
As described above, the secure VM 361 executes a parameter calculation process applied to a security check process based on a security check code included in a content code recorded on an information recording medium and a conversion process based on a conversion table. In this process, the secure VM 361 executes a validity verification process of the player certificate, and determines the information processing apparatus or the content use application from the record information of the player certificate on the condition that the validity is confirmed. The security check code corresponding to the discrimination information is selected, the security check process based on the selected code is executed, and in the data conversion process to which the conversion table (Fixup-Table) described above is applied, the parameters required for content conversion are calculated. Execute.

The replacement of data executed according to the conversion table is as described above.
(A) Conversion data (b) Identifier setting conversion data (Forensic Mark)
Conversion applying these data is executed.

  The security check using the security check code and the data conversion process executed according to the conversion table are processes that should be executed according to the content code selected based on the correct player information. However, there is a possibility that an unauthorized reproduction device may perform processing using unauthorized player information, for example, by copying a player certificate from another device. If the player type corresponding to the information processing device or the playback application is determined only by verifying the player certificate, and the security check process and data conversion process based on the content code corresponding to the player are performed, the contents that pass through the originally required security check are passed. In some cases, the identifier setting conversion data (Forensic Mark) that should be embedded in the content may be data including player information that is different from the correct one. There is a problem that even if such content embedded with illegal player information is tracked, an illegal player cannot be found.

  Also, for example, an information processing device such as a PC that requires extremely strict security checks copies a player certificate of a reproduction-only device that is allowed to use content only with a sparse security check, and stores it in the PC. There is also a possibility that the player certificate is executed by applying the player certificate of the reproduction-only device, and the content is used only by executing a sweet security check.

  As described above, when the information processing apparatus does not provide correct player information, content is illegally used and illegal tracking becomes difficult. That is, if incorrect player information is presented, correct security check may not be executed, correct data conversion based on the conversion table may not be performed, and player information may not be correctly embedded in content. Below, the structure which prevents such an unauthorized act is demonstrated.

  In other words, even when unauthorized player information is presented on the device side, the correct content code corresponding to each player is selected, and regular security check processing corresponding to the information processing device or playback application that uses the content is executed. Further, a configuration for executing correct player information embedding even in the data conversion processing to which the conversion table described above is applied will be described.

  In order to select and execute the correct content code corresponding to the player, in this processing example, a unique set of encryption keys according to a specific rule is distributed to each of a large number of information processing apparatuses that execute content playback. Furthermore, at least a part of the content code recorded on the information recording medium and executed by the secure VM is assumed to be encrypted data to which the encryption key distributed to the information processing apparatus is applied. The encryption key distribution configuration and processing example will be described below.

  First, the encryption key distribution configuration will be described with reference to FIG. The key management center distributes a predetermined encryption key set to each player, that is, an information processing apparatus that executes a playback application that executes content playback. The distribution target of the encryption key set can be set to either a reproduction application or an information processing apparatus that executes the reproduction application. However, the key management center holds registration information regarding the distribution destination of the encryption key set. For example, a registration table in which the unique identifier of each playback application or the unique identifier of the information processing apparatus is associated with the distributed encryption key set is held and managed.

  FIG. 12A illustrates a key set distributed to each player by the key management center. In the following description, “player” is a concept including both a reproduction application and an information processing apparatus that executes the reproduction application, and is a distribution target of an encryption key set distributed by the key management center.

  As shown in FIG. 12 (a), the key management center obtains a key [player manufacturing entity key (Manufacturing key)] set corresponding to a player manufacturing entity that manufactures a player that is an information processing apparatus or a playback application. A key tree is set as a vertex, and n (n = 256 in the example in the figure) subkeys are set from one vertex or branch point (node). For example, the second level key immediately below the player manufacturing entity key at the top of the key tree is 256 different group keys from G1-1 to G1-256 for each player model manufactured and sold by the player manufacturing entity. G1 is set.

Furthermore, the key of the third stage, and further derived from a model of the G1 layer, for example, the G2 model as a successor device, G2-1～G2-256 * 256 key, i.e. 256 ^two different group key G2 Is set. In the third row, 256 ³ different group keys G3 for each version for each model are followed by 256 ⁴ different group keys G4 in the ^fourth row, and the lowest layer node (leaf) is one player. A player unique key [Player_Specific_Key] corresponding to each player is set.

  Each player has a key corresponding to each node in the route from one node (leaf) at the lowest layer corresponding to the player to the vertex node in the hierarchical structure. For example, the group keys G1 and 631 are distributed to the right half leaf compatible player among the players corresponding to the lowermost leaf in the hierarchical structure shown in the figure, but are not distributed to the left half leaf compatible framer. . The group keys G2 and 632 are distributed to the player corresponding to the leaf on the right 1/4 in the player corresponding to the lowermost leaf in the hierarchical structure shown in FIG. It is not distributed to leaf-compatible flares. In this way, the encryption key set distributed to each player is set differently. A specific player storage key setting will be described later with reference to FIG. Each player is also assigned a player private key [Private_Key] and a public key certificate [Player_Cert] storing a player-compatible public key.

  Note that the keys set in the vertex nodes to leaves in the hierarchical structure shown in FIG. 12A are called hierarchical keys or node keys. The example of setting models and versions corresponding to each hierarchy is only an example, not limited to models and versions. For example, it is possible to set hierarchies by multiple layers such as licensees, platforms, models, versions, etc. You can also make settings such as grouping by, or grouping by manufacturing date and time. As described above, various settings can be made for each layer.

  A player identifier [PlayerID] is stored in a public key certificate [Player_Cert] that stores a player-compatible public key. The player identifier is an identifier that is different for each player. For example, each value of 0x0000000 to 0xFFFFFFFF is set as a player ID corresponding to each player.

  FIG. 12B shows keys managed by the player manufacturing entity, which are generated according to the rules determined in the player manufacturing entity, such as setting for each player manufactured by the player manufacturing entity. The player manufacturing entity holds management information in which each key is associated with the model and version of the play corresponding to the key.

  FIG. 12C shows a key set held by the player. As described above, each player holds a key corresponding to each node in the route from the lowest node (leaf) corresponding to the player to the top node of the hierarchical structure. In the key set shown in FIG. 12 (c), the player manufacturing entity key (Manufacture key) to the player unique key (Player_Specific_Key), and the player private key (Private_Key) and player public key certificate (PLAYER_CERT) are distributed from the key management center. Key data. Further, the player holds a player manufacturing entity key (Manufacture key #n) managed by the player manufacturing entity. Each key information is stored and stored in the memory of the information processing apparatus at the manufacturing stage of the information processing apparatus as a player. Or it is good also as a structure acquired via a network.

  Note that in the key set held by the player shown in FIG. 12C, a key to which a [*] mark is given, that is, a player manufacturing entity key (Manufacturer key) to a player specific key (Player_Specific_Key) distributed by the key management center, The player secret key (Private_Key) and the player manufacturing entity key (Manufacture key #n) distributed by the player manufacturing entity are keys that the player needs to hold securely, and it is necessary to prevent leakage. Public key certificates do not need to be kept secret.

  As described above, the set of encryption keys distributed to each player is a group key and a player specific key of each node from the leaf corresponding to the player in the hierarchical structure to the vertex node, and is set differently. . A specific player storage key setting will be described later with reference to FIG. Each player is also assigned a player private key [Private_Key] and a public key certificate [Player_Cert] storing a player-compatible public key.

Next, a description will be given of an encryption processing mode of the content code stored in the information recording medium with reference to FIG. As described above with reference to FIG. 10, the content codes can be classified into the following four categories.
(A) Content code used in common for all contents & all players (device or playback application) (b) Content code specific to content (c) Content code specific to player (device or playback application) (d) Content & player ( Device or playback app) specific content code

  As described above with reference to FIG. 9, each of these content codes is stored in an information recording medium as an individual file or integrated and stored as one file. The content code of each category may have a different entity for producing the code. For example, (b) a content code corresponding to content-specific data is set by a studio as a content producer. In addition, (c) player (device or playback application) specific data is often generated by a playback device as a player or an entity that produces a playback application.

A sequence until content codes generated by different entities are recorded on the information recording medium will be described with reference to FIG. FIG. 13 shows a process of recording content code configuration data corresponding to the above four categories on an information recording medium. That is,
(A) Content code used in common for all contents & all players (device or playback application): For example, a startup routine, a common routine (such as access to an external recording), a code for a player identification routine, and the like are included.
(B) Content code specific to content: For example, conversion table (Fix Up Table) information, title initialization (including Fix Up Table generation processing) processing code, and the like are included.
(C) Content code specific to the player (device or playback application): For example, a run native execution part, a native code, a code applied to a player specific check routine, and the like are included.
(D) Content code unique to the content & player (device or playback application): For example, codes such as discovery RAM (Discovery RAM execution part), discovery ram (Discovery RAM) comparison data, and the like are included.
These four different categories of content codes.

  These content codes may be produced by different entities such as studios for creating and editing content, authoring companies, and manufacturers of players (devices or playback applications).

  Each of these content code component generation entities is a key unique to the licensee / platform / model / version / etc. described above with reference to FIG. 12 in step S201, that is, previously described with reference to FIG. A content code is prepared on the assumption that a part of the content code is encrypted using a node key (group key [Gn] or player specific key).

  Further, each content code component generation entity generates content code encryption configuration information 642 having encryption configuration information of each content code, and sends the content code encryption information together with the generated content code to the key management center. As shown in the figure, the content code encryption configuration information 642 is configured by correspondence data of a content code number as content code identification information, encryption section information, and key designation information applied to the encryption section.

  The key management center executes encryption based on the content code encryption configuration information 642 for the content code received from each content code component generation entity. That is, the key management center acquires the key specified in the content code encryption configuration information 642 from the issued key database including the key information of the hierarchical configuration described with reference to FIG. The specified part of the content code specified in the configuration information 642 is encrypted.

  In this way, the encrypted content code 641 shown in FIG. 13 is generated, and this encrypted content code 641 is sent to the disc factory, which is an information recording medium manufacturing entity, and recorded on the disc. The content code encryption configuration information 642 is also sent to the disc factory and recorded on the disc. The content code encryption configuration information 642 is set to be included in the content code configuration data and recorded on the information recording medium, or to be recorded on the information recording medium as a unique independent file.

  As the encrypted content code 641, four content code files [00000. svm] to [00003. svm]. Each of these content codes includes encrypted data that is partially encrypted. The encryption key applied to these encryptions is, for example, the group key Gn described with reference to FIG. 12A, and encryption is performed by applying the key selected based on the content code encryption configuration information 642. ing.

  For example, the content code file 00000. If svm is encrypted by applying the group keys G1 and 631 shown in FIG. 12A, only the player holding the group keys G1 and 631 can decrypt the encrypted data. Among the players corresponding to the lowermost leaf of the hierarchical structure shown in FIG. The encryption part data of svm can be used. Since the player corresponding to the leaf on the left half does not hold the group key G1, 631, the content code 00000. The encryption part data of svm cannot be used.

  Similarly, for example, a content code file 00001. Assuming that svm is encrypted by applying the group keys G2 and 632 shown in FIG. 12A, only the player holding the group keys G2 and 632 can decrypt the encrypted data. Of the players corresponding to the lowermost leaf of the hierarchical structure shown in FIG. 12, only the player corresponding to the ¼ leaf on the right side has the content code 00001. The encryption part data of svm can be used.

  As described above, by encrypting the content code by applying the group key Gn or the player unique key, it is possible to limit the players that can be used by decrypting the content code. As described above, the content code includes a security check code for security check and a conversion table applied to content data conversion. Security check processing and data conversion processing are performed only for a specific player. It can be an executable setting.

  Therefore, when a player information presentation process using an invalid player certificate is performed by copying the player certificate from another player, the player-specific content code corresponding to the player information is acquired and processed. Even if it is attempted to execute, the content code cannot be decrypted by the group key included in the encryption key set stored in the player, and the player-specific content corresponding to the player information identified by the illegal player certificate The code is prevented from being improperly applied.

  Next, a method for generating different content codes will be described with reference to FIG. In step S211, each content code component generation entity encrypts a part of the content code using an original encryption key generated by applying a random number or the like when the content code is produced. Thereafter, the original encryption key used for encrypting the content code is the node key (group key [Gn] or player specific key) described above with reference to FIG. 12, that is, licensee / platform / model / version / etc. The key management center is requested to encrypt using a unique key.

  Each content code component generation entity sends the content code encrypted by applying the original encryption key, the original encryption key, and the content code encryption configuration information 642 having the encryption configuration information of each content code to the key management center. To do. As shown in the figure, the content code encryption configuration information 642 is configured by correspondence data of a content code number as content code identification information, encryption section information, and key designation information applied to the encryption section.

  In the key management center, encryption based on the content code encryption configuration information 642 is performed on the original encryption key received from each content code component generation entity. That is, the key management center acquires the key specified in the content code encryption configuration information 642 from the issued key database including the key information of the hierarchical configuration described with reference to FIG. The original encryption key received from the component generation entity is encrypted and stored in the content code.

  In the example shown in FIG. 14, the content code file [00000. The encryption key data 643 set in [svm] is a storage area for data obtained by encrypting the original encryption key. That is, with respect to a plurality of original encryption keys received from each content code component generation entity, the encryption keys selected based on the content code encryption configuration information 642, ie, described with reference to FIG. Each original encryption key is encrypted by applying any group key [Gn] in the hierarchical structure.

  Content code file [00000. svm] to [00003. The encrypted data set in [svm] is data obtained by encrypting each content code component generation entity with the generated original encryption key.

  For example, the content code file [00000. The encryption key data 643 set in [svm] is encrypted at the end of the encryption key encrypted with the group key [Gn] using the original encryption key (K03) applied to the encryption of the encrypted data included in the content code file 0003. Stored data.

  For example, if the original encryption key (K03) is encrypted by applying the group keys G1 and 631 shown in FIG. 12A, the encryption key is decrypted to obtain the original encryption key (K03). Only players holding the group keys G1 and 631 can be played, and only the player corresponding to the leaf in the right half of the players corresponding to the lowermost leaf in the hierarchical structure shown in FIG.

  As a result, the original encryption key (K03) is acquired, and the content code 00003. Only the player corresponding to the leaf in the right half among the players corresponding to the leaf in the lowest layer of the hierarchical configuration shown in FIG. 12 can use the encryption unit data of svm. Since the player corresponding to the left half leaf does not hold the group key G1, 631, the original encryption key (K03) cannot be obtained, and the content code 00003. The encryption part data of svm cannot be used. In this process example, the encryption process at the key management center is only the encryption of the original encryption key, and a quick process is possible. Further, since the content code sent from each content code component generation entity to the key management center is already encrypted with the original encryption key, the possibility of information leakage can be reduced.

  Next, content code processing in the player will be described with reference to FIG. The secure VM as data processing of the information processing apparatus that executes content reproduction acquires a content code including a data processing program recorded in the information recording medium, and executes data processing according to the content code. At least a part of the content code is encrypted by applying the node key as described with reference to FIGS.

  The secure VM acquires key designation information to be applied to decryption of the content code and encrypted data position designation information indicating the position of the encrypted data set in the content code from the stored data of the information recording medium. The node key is selected from the memory according to the above, the decryption target data is specified according to the encrypted data position designation information, and the decryption process using the selected node key is executed.

  FIG. 15 is a diagram for explaining the processing on the player side of the content code having the setting of FIG. 14, and the processing by the secure VM 652 to which the player storage key 650 described with reference to FIG. It is a figure to do. The content code stored in the information recording medium is read by the secure VM 652 and processed. The secure VM 652 stores the content code read from the information recording medium in the secure VM memory 651 and executes the process.

  The player storage key 650 includes the keys described above with reference to FIG. 12, that is, a player manufacturing entity key (Manufacture key) to a player secret key (Private_Key) and a public key certificate distributed by the key management center. In addition, a player manufacturing entity key (Manufacture key #n) distributed by the player manufacturing entity is shown.

  In step S251, the secure VM 652 first obtains the encryption key data [X] 662 set in the content code to be processed from the memory storage data 661 stored in the secure VM memory 651, and stores the content code in this content code. Based on the key designation information acquired from the included recording data or other data file, a key to be applied to the decryption process of the encryption key data [X] 662 is selected from the player storage key 650. The key designation information is information recorded on the information recording medium based on the content code encryption configuration information 642 described with reference to FIGS.

  In this processing example, it is assumed that the key designation information is information that designates a key ID = 4, that is, a player unique key (Player_Specific_Key). The secure VM 652 selects a player unique key (Player_Specific_Key) from the player storage key 650 based on the key designation information [key ID = 4], and executes the decryption process of the encryption key data [X] 662.

  By this decryption process, an original encryption key [K] obtained by encrypting a part of the content code is acquired. In step S252, the secure VM 652 applies the acquired original encryption key [K], decrypts the input data 663 corresponding to the content code encryption unit, and stores the decrypted result in the secure VM memory 651 as output data 664. Store. By this processing, the player can use a content code unique to the player, for example.

Note that such processing in the secure VM 652 includes, for example, an interrupt (INTRP) from the playback (player) application that executes the content playback processing to the secure VM and a response (Call) processing sequence from the secure VM to the playback (player) application. Executed by. The content code decoding process is executed, for example, by calling the following function.
CALL_AES (output destination address, input data address, number of AES processing blocks, key address, key ID)
The above function decrypts the 128-bit value (encrypted key data [X] 662 in FIG. 15) specified by the key address with the secret key of the player specified by the key ID (ID = 4 in FIG. 15). This is a function for executing a process for decrypting data corresponding to the number of AES processing blocks * 16 bytes from the input data address and outputting the decrypted data to the output destination address using the decryption result as a decryption key.

  Further, with reference to FIG. 16, an example of processing of different content codes in the player will be described. FIG. 16 is a diagram for explaining the signature processing to which the player secret key [Private_Key] in the player storage key 650 is applied.

  In step S272, the secure VM 652 calculates a hash value by applying a hash function such as SHA-1 to the input data 672 of the memory storage data 671 stored in the secure VM memory 651. As a previous step of calculating the hash value, player information and media information may be added in step S271. Next, in step S273, the player private key [Private_Key] is obtained from the player storage key 650, and an electronic signature for the hash value, for example, an electronic signature based on the EC-DSA algorithm, is applied, and data including the signature is output data 673. Stored in the secure VM memory 651. Thereafter, when executing the content code, it is possible to verify the legitimacy of the player by obtaining the output data 673 and executing the signature verification process.

This signature setting process is executed by calling the following function by the secure VM 652, for example.
CALL_PrivateKey (output destination address, input data address, signature target data length, option designation, key ID)
The above function extracts the data for the signature target data length from the input data address, converts the Media / Player information specified by Option to the byte string, converts it into a hash value with the SHA1 function, and stores the secret that the player has in the conversion result This function executes a process of signing with a key and writing to an output destination address.

  As described above, encryption is performed by distributing a set of node keys set to each node on the hierarchical structure described above with reference to FIG. 12A to the information recording medium and selectively applying the node keys. By generating a content code that has been processed and storing it in the information recording medium, it is possible to provide a content code that can be processed only by a specific selected player.

  The key distribution configuration for the player is not limited to the configuration described above with reference to FIG. These examples will be described with reference to FIGS. In the example shown in FIG. 17, the hierarchical structure is the same as the structure described above with reference to FIG. 12A, and each player has one node (leaf) in the lowest layer corresponding to the player. Holds a key corresponding to each node in the route from the top node to the top node of the hierarchical structure. That is, as shown in FIG. 17B, a player manufacturing entity key (Manufacturer key) to a player unique key (Player_Specific_Key), a player private key (Private_Key), and a player public key certificate (PLAYER_CERT) are received from the key management center. Distributed.

  In the example shown in FIG. 17, the key management center further sets a model key [Model key #n] and a version key [Version #n], and selects a model corresponding to the player and a key corresponding to the version from these keys. Select and provide to the player.

  Also in the example shown in FIG. 18, the hierarchical configuration is the same as the configuration described above with reference to FIG. 12A, and each player has one node (leaf) in the lowest layer corresponding to the player. Holds a key corresponding to each node in the route from the top node to the top node of the hierarchical structure. That is, as shown in FIG. 17B, a player manufacturing entity key (Manufacturer key) to a player unique key (Player_Specific_Key), a player private key (Private_Key), and a player public key certificate (PLAYER_CERT) are received from the key management center. Distributed.

  In the example illustrated in FIG. 18, the key management center further sets a model specific value [Model specific value #An] and a version specific value [Version specific value #An] as the system key [A], and responds to the player from these specific values. The model and version-specific eigenvalues are selected and provided to the player.

  A plurality of system keys can be defined. For example, the system key can be divided among greatly different systems such as a CE machine as a reproduction-only device and a PC. The model-specific value [Model-specific value #An] and version-specific value [Version-specific value #An] are stored by the player in a state encrypted with the system key and can be used as a model- or version-specific key by decrypting with the system key. To do. By setting in this way, for example, in the case of a secure system as a model (platform), it is possible to apply the same content code to the entire model regardless of the version. If the version is vulnerable, it can be said that the content code is applied only to a certain version of the model.

  In both FIG. 17 and FIG. 18, the processing configuration to which the node key in the hierarchical configuration is applied can perform the same processing as the processing described above with reference to FIGS. It is possible to set a content code that can be used only by the selected player, store it on the information recording medium, and provide it, and perform unauthorized processing by applying unauthorized content code by presenting unauthorized player information. It becomes possible to prevent.

  Next, with reference to the flowchart shown in FIG. 19, a content reproduction sequence involving a security check process to which a security check code in a content code is applied and a conversion process to which a conversion table is applied will be described.

  First, in step S301, the secure VM acquires a content code from the information recording medium, and determines whether or not a player information acquisition request is included in the content code. For example, in the case of the directory setting shown in FIG. 9, the content code file [00000. svm] is read and determined.

  If the content code does not include a player information acquisition request, the process proceeds to step S306. If the content code includes a player information acquisition request, the process advances to step S302 to acquire player information necessary for the security check according to the content code. These pieces of information include, for example, the player certificate described with reference to FIG.

  Next, in step S303, a content code corresponding to the player is obtained, and in step S304, a decryption key of the encrypted data included in the content code is obtained, and decryption is executed. For example, in the setting of the content code described with reference to FIG. 13, the secure VM uses the specified node key (group key or the like) from the encryption key set stored in the memory in the information processing apparatus. ) And decrypt the encrypted data of the content code. In the case of the content code setting shown in FIG. 14, as described above with reference to FIG. 15, the designated node key (group key or the like) is acquired from the encryption key set stored in the memory in the information processing apparatus. The encrypted data of the original encryption key included in the content code is decrypted to acquire the original encryption key, and then the encrypted data included in the content code is decrypted by applying the acquired original encryption key. The key designation information and the position information of the encrypted data are acquired from the content code or other data file.

  In step S305, it is determined whether or not the content code has been successfully decoded. If the content code has failed, the process is terminated and the process ends. In this case, it means that the correct key corresponding to the player corresponding to the content code has not been applied. In this case, processing using the content code, for example, security check processing or content data conversion processing based on the conversion table is not performed. It is not executed, and as a result, the use of the content is prohibited.

  If it is determined in step S305 that the content code has been successfully decoded, the process proceeds to step S306, and processing using the content code is executed. That is, the security check process or the data conversion process of the content based on the conversion table is executed, and the content is used.

  The process executed by the secure VM differs depending on the content code to be processed. For example, when the content code is a security check code, security check processing based on the content code is executed, and the content code is a data generation processing code applied to the data conversion processing of the configuration data of the information recording medium storage content Performs data generation to be applied to the data conversion processing of the information recording medium storage content based on the content code. In addition, when the content code is a data generation processing code applied to data conversion processing in which identification information corresponding to the information processing apparatus or the content use application is embedded in a part of the configuration data of the information recording medium storage content, Based on this, data generation to be applied to data conversion processing for embedding identification information is executed.

[7. Configuration of information processing apparatus]
Next, a hardware configuration example of an information processing apparatus that executes data processing using the above-described reproduction (player) application and secure VM will be described with reference to FIG. The information processing apparatus 800 performs an OS, content playback or recording application program, mutual authentication processing, various processing associated with content playback, such as security check processing based on the above-described security check code, data conversion processing using a conversion table, and the like. CPU 809 for executing data processing in accordance with various programs, ROM 808 as a storage area for programs and parameters, memory 810, input / output I / F 802 for inputting / outputting digital signals, input / output of analog signals, A / D, An input / output I / F 804 having a D / A converter 805, an MPEG codec 803 for performing MPEG data encoding and decoding processing, a TS / PS processing means 806 for performing TS (Transport Stream) / PS (Program Stream) processing, Authentication, encryption There are encryption processing means 807 for executing various encryption processes such as decryption processing of contents, a recording medium 812 such as a hard disk, a drive 811 for driving the recording medium 812, and inputting / outputting data recording / reproducing signals. Is connected.

  The information processing apparatus (host) 800 is connected to the drive by a connection bus such as ATAPI-BUS. A conversion table, content, and the like are input / output via the digital signal input / output I / F 802. The encryption process and the decryption process are executed by the encryption processing unit 807 by applying, for example, an AES algorithm.

  Note that a program for executing content reproduction or recording processing is stored in, for example, the ROM 808, and a memory 810 is used as a parameter, data storage, and work area as needed during execution of the program.

  In the ROM 808 or the recording medium 812, for example, the above-described player certificate, the public key of the management center that is applied to verifying the signature of the player certificate, and the host-compatible secret key that is applied to authentication processing with the drive, A public key certificate corresponding to the host and a revocation list as a public key certificate revocation list are stored.

  For content playback or external output of content, a data conversion processing program acquired from an information recording medium is applied to decrypt encrypted content, restore conversion table, write conversion data based on conversion table storage data, etc. The process according to the process sequence described above is executed.

[8. Information recording medium manufacturing apparatus and information recording medium]
Next, an information recording medium manufacturing apparatus and an information recording medium will be described. That is, an information recording medium manufacturing apparatus, method, and information recording medium applied in the above-described content reproduction process will be described.

  The information recording medium manufacturing apparatus is an apparatus that manufactures the information recording medium 100 that stores the recording data described above with reference to FIG. The information recording medium 100 stores a content code including a security check code and a conversion table. As described with reference to FIGS. 13 and 14, the content code is a content code including data encrypted by applying an original encryption key generated by various node keys or random numbers in part. .

  As shown in FIG. 21, the information recording medium manufacturing apparatus includes a content file generating unit 901 that generates a content file storing content data to be recorded on the information recording medium, and a security check processing program to be executed when the content is used. Content code file generation means 902 for generating a content code file storing a content code including the content code generated by the content file generation means 901 and the content code file generated by the content code file generation means 902 as an information recording medium 910 Recording means 903 for recording.

  The content code file generation unit 902 is configured to execute generation processing of a plurality of content code files corresponding to the type of the information processing apparatus or the content use application, as described above with reference to FIG. The content code stored in the content code file is encrypted by applying an original encryption key generated by various node keys or random numbers, as described above with reference to FIGS. Content code including the processed data.

  The content code file generation unit 902 encrypts each information processing apparatus or playback application by applying a node key corresponding to any node on the key tree having a hierarchical configuration in which each information processing apparatus or playback application is associated with the leaf that is the lowest layer node. A content code file storing a content code including encrypted data is generated. As a specific content code encryption mode, there is the mode described above with reference to FIGS. That is, the content code file generation unit 902 generates a content code file that stores a content code including code information encrypted data obtained by encrypting content code configuration data by directly applying a node key. Stores content information including code information encryption data in which code configuration data is encrypted with a unique encryption key (original encryption key) different from the node key, and encryption key data in which the unique encryption key is encrypted with the node key Generate a content code file.

  The content code file generation unit 902 includes a content code including at least one of a security check code corresponding to the information processing apparatus and a data generation processing code applied to the data conversion processing of the configuration data of the information recording medium storage content. Generation processing that generates a content code file that stores information, and that is applied to data conversion processing that embeds identification information corresponding to an information processing apparatus or content-use application in a part of the configuration data of information storage medium storage content A content code file storing a content code including a code is generated.

  Various data described with reference to FIG. 1 and the like are recorded on the information recording medium 910 generated by the information recording medium manufacturing apparatus. Specifically, a content file storing at least content data, a security check processing program to be executed when the content is used, and a data generation processing code applied to data conversion processing of the configuration data of the information recording medium storage content And a content code file storing a content code including at least one of the codes.

  The content code file recorded on the information recording medium 910 includes encrypted data obtained by encrypting the configuration data of the content code. As a specific content code encryption mode, there is the mode described above with reference to FIGS. That is, a content code file storing content code including code information encrypted data obtained by directly encrypting content code configuration data by applying a node key, or a unique encryption key different from the node key in content code configuration data A code information encrypted data encrypted with the (original encryption key) and a content code file storing a content code including the encryption key data obtained by encrypting the unique encryption key with the node key are stored.

  The content code file recorded on the information recording medium 910 is at least one of a security check code corresponding to the information processing device and a data generation processing code applied to the data conversion processing of the configuration data of the information recording medium storage content. A content code file storing a content code including a code, and data generation applied to a data conversion process in which identification information corresponding to an information processing device or a content application is embedded in a part of configuration data of information storage medium storage content A content code file storing a content code including a processing code is included.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

As described above, according to the configuration of the embodiment of the present invention, the configuration for executing the content code execution processing based on the strict player's validity confirmation is realized.
Specifically, the configuration of the content code in the configuration in which the content code recorded in the information recording medium is acquired and processing such as security check according to the content code, conversion of content data, and embedding of the player information in the content is executed. A digital signature generation process using a player-compatible secret key is executed for the data, and a verification process using a player-compatible public key for the digital signature is executed when the data processing program in the content code is executed. The configuration.
With this configuration, a configuration for executing content code execution processing based on strict player legitimacy confirmation is realized.

100 Information recording medium 101 Encrypted content 102 MKB
103 Title Key File 104 License Information 105 Content Code 106 Conversion Table 107 Security Check Code 120 Drive 121 Data Processing Unit 140 Host 150 Playback (Player Application)
151 Data processing unit 153 Decoding processing unit 154 Data conversion processing unit 155 Decoding processing unit 156 Memory a
160 Secure VM
161 memory b
210 Index 220 Movie object 230 Playlist 240 Clip 261, 262, 263 AV stream 271, 272 Content management unit (CPS unit)
281 Data portion 291 Recorded content 292 Content data 293 Broken data 295 Conversion entry 296 Playback content 297 Conversion data 298 Identifier setting conversion data 330 Information recording medium 331 MKB
332 Title key file 333 Encrypted content 334 Content code 335 Security check code 336 Conversion table 340 Drive 345 Host 350 Playback (player) application 351 Device key 352 Track buffer 353 Plain text TS buffer 354 Event handler 355 Player information 356 Real-time event handler 360 Secure VM block 361 Secure VM
401 Track buffer storage data 402 Decoding result data 403 Broken data 404 Conversion data 405 Identifier setting conversion data 406 Conversion processed data 601 to 604 Content code file 610 Information recording medium 621 Security check code 622 Content code 622 Conversion table 631, 632 Group key 641 Content code 642 Content code encryption configuration information 643 Encryption key data 650 Player storage key 651 Secure VM memory 652 Secure VM
661 Memory storage data 662 Encryption key data [X]
663 Input data 664 Output data 671 Memory storage data 672 Input data 673 Output data 800 Information processing device 801 Bus 802 Input / output I / F
803 MPEG codec 804 I / O I / F
805 A / D, D / A converter 806 TS / PS processing means 807 Cryptographic processing means 808 ROM
809 CPU
810 Memory 811 Drive 812 Recording medium 901 Content file generation means 902 Content code file generation means 903 Recording means 910 Information recording medium

Claims (6)

An information processing device,
A data processing unit that acquires a content code including a data processing program recorded in the information recording medium, stores the acquired content code in the first memory, and executes data processing according to the content code;
A second memory that stores a public key and a secret key that are set in correspondence with a player that is a content-use application executed in the information processing apparatus;
The data processing unit
Executing digital signature generation processing applying the secret key to the configuration data of the content code stored in the first memory;
Furthermore, an information processing apparatus that executes a verification process using the public key for the digital signature when executing a data processing program in the content code. The data processing unit
2. The configuration according to claim 1, wherein at least part of the configuration data of the content code is decrypted by applying an encryption key acquired from the second memory, and data processing according to the content code acquired as a result of the decryption is executed. Information processing device. The content code includes a security check code corresponding to the information processing device,
The data processing unit
The information processing apparatus according to claim 1, wherein the information processing apparatus is configured to execute a security check process based on the content code. The data processing unit
The player certificate storing the public key is acquired from the second memory, the validity verification process of the player certificate is executed, and on the condition that the validity is confirmed, from the record information of the player certificate 2. The information processing according to claim 1, wherein identification information corresponding to the information processing apparatus or the content use application is acquired, and processing for selecting a content code to be processed is executed according to the acquired information. apparatus. An information processing method executed in an information processing apparatus,
The information processing apparatus has a second memory that is set in correspondence with a player that is a content use application executed in the information processing apparatus and stores a public key and a secret key;
A data processing unit of the information processing apparatus;
A process of acquiring a content code including a data processing program recorded in the information recording medium and storing the acquired content code in the first memory;
A digital signature generation process in which the secret key is applied to the configuration data of the content code stored in the first memory;
An information processing method for executing a verification process using the public key for the digital signature when executing a data processing program in the content code. A program for executing information processing in an information processing apparatus;
The information processing apparatus has a second memory that is set in correspondence with a player that is a content use application executed in the information processing apparatus and stores a public key and a secret key;
The program is stored in the data processing unit of the information processing apparatus.
A process of acquiring a content code including a data processing program recorded in the information recording medium and storing the acquired content code in the first memory;
A digital signature generation process in which the secret key is applied to the configuration data of the content code stored in the first memory;
Furthermore, a program for executing a verification process using the public key for the digital signature when executing the data processing program in the content code.

Images