JP3209221B2 - optical disk - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an optical disk, an optical disk system, and an encryption communication method.

[0002]

2. Description of the Related Art In recent years, with the spread of networks such as the Internet and optical ROM disks, distribution of network software using optical ROM disks has begun. The study of e-commerce is also in progress.

As a conventional technique, a soft electronic distribution system using a CD-ROM as a medium has been put to practical use. In this case, a method of giving a password and decrypting the software recorded and encrypted in advance on the CD-ROM is generally used.

[0004]

However, CD-ROMs
In the case of, the ID of each disk cannot be set individually since additional recording cannot be performed on the disk. Therefore, if used simply,
One password decrypts all disks manufactured from the same master. For this reason, CD-ROM
In the case of using the ID, it is necessary to create an ID unique to each disk on the hard disk of the personal computer or to send the ID created at the center to the user by mail.

In an electronic distribution system using a conventional optical disk or optical disk system, it is required to easily supply an ID or an encryption key to the optical disk or the system. An object of the present invention is to realize an easy supply of an ID and an encryption key to an electronic distribution system using a ROM disk.

[0006]

In order to solve this problem, a write-once area (hereinafter abbreviated as BCA) in which a barcode is overwritten is provided in a pit portion of an optical disk, and a different ID for each disk is provided in the BCA area during manufacture of the optical disk. When necessary, the encryption key for communication and the decryption key of the decryption key for communication are recorded separately, so that the user can receive the user ID number and the communication The transmission encryption key and the reception decryption key are automatically distributed, and some procedures that make the conventional system complicated can be omitted. In this way, the encrypted communication and the identification of the disk containing the content are simultaneously realized.

[0007]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described based on embodiments. In the text, the additional recording area using the BCA method is referred to as BC.
The data recorded by area A and BCA is called BCA data. The first identification information is ID or disk I
Also called D.

FIG. 1 shows a typical process of a disc with BCA. First, the first cipher 805 obtained by encrypting the content 777 by the cipher encoder 803 using the first cipher key 802 such as a public key is modulated by an 8-16 modulator 917 such as a mastering device. The pits are recorded in the first recording area 919 of the master 800 as uneven pits. Using the master 800, a disk-shaped transparent substrate 918 is formed by a forming machine 808a, and a reflection film forming machine 8 is formed.
08b, an A1 reflective film is formed to produce 0.6 mm thick single-sided disks 809a and 809b, and a bonding machine 808c
Second recording area 92 of completed disc 809 bonded by
In the trimming device 807, the disk ID 921, the decryption key 922 of the first encryption, or the second encryption key 923 for Internet communication is modulated by the PE-RZ modulator 807a which combines PE modulation and RZ modulation, and the pulse laser 807b. BCA trimming is performed to manufacture a disk 801 with BCA. Since the bonded disk is used, the BCA contained therein cannot be falsified and can be used for security purposes.

Before starting the description, BCA will be briefly described.

[0010] As shown in FIG.
The aluminum reflective film 809 is trimmed on the layer disc 800 with a pulse laser 808 to form a stripe-shaped low reflective portion 8.
10 is recorded based on the PE modulation signal. Fig. 2 (2)
As shown in the figure, a BCA stripe is formed on the disk.
In the portion A, since there are no reflected signals, as shown in FIG. 2 (3), the missing portions 810a and 810 where the modulated signal is intermittently lost.
b, 810c occurs. The modulated signal is sliced at a first slice level 915. On the other hand, since the signal level of the missing portion 810a and the like is low, the slice can be easily sliced at the second slice level 916. As shown in the recording / reproducing waveform diagram of FIG.
The formed barcodes 923a and 923b can be reproduced by level slicing at the second slice level 916 with a normal optical pick as shown in FIG. 3 (5), and the LPF as shown in FIG. 3 (6). The waveform is shaped by the filter, PE-RZ demodulated, and a digital signal is output as shown in (7). The demodulation operation will be described with reference to FIG. First, the disc 801 with BCA is bonded so that two transparent substrates and the recording layer 801a are located inside.
01a has one layer, and there are two layers of recording layers 801a and 801b. In the case of two layers, a BCA flag 922 indicating whether BCA is recorded in the control data of the first recording layer 801a near the optical head 6 is recorded. Since the BCA is recorded on the second layer 801b, the optical head 6 is first focused on the first recording layer 801a and moved to the radial position of the control data 924 on the innermost circumference of the second recording area 919. Since the control data is main information, it is EFM or 8-15 or 8-16 modulated. Only when the BCA flag 922 in the control data is “1”, the one-layer / two-layer part switching unit 827
Then, the BCA is reproduced by focusing on the second recording layer 801b. When sliced by the level slicer 590 at a general first slice level 915 as shown in FIG. 2 (3), it is converted into a digital signal. This signal is converted to EFM 925 or 8-15 modulation 926 or 8-
The signal is demodulated by a demodulator of 16 modulation 92, error-corrected by an ECC decoder 36, and main information is output. The control data in the main information is reproduced, and the BCA is read only when the BCA flag 922 is 1. BCA flag 922 is 1
At this time, the CPU 923 issues an instruction to the one-layer / two-layer part switching unit 827 and drives the focus adjustment unit 828 to switch the focus from the first recording layer 801a to the second recording layer 801b. At the same time, 920 radial positions of the second recording area, that is, in the case of the DVD standard, 2
BC recorded between 2.3mm and 23.5mm
A moves the optical head 6 to read BCA. BCA
In the area, a signal as shown in FIG. 2 (3) where the envelope is partially missing is reproduced. 2nd level slicer 9
29, the second slice level 916 having a light amount lower than the first slice level 915 is set.
The missing portion of the reflection portion of A can be detected, and a digital signal is output. The signal is subjected to PE-RZ demodulation in the second demodulation section 930 and ECC decoding is performed in the ECC decoder 930d to output BCA data as sub-information. In this way, the first demodulator 928 of 8-16 modulation
Then, the main information is demodulated and reproduced by the second demodulation unit 930 of PE-RZ modulation, that is, the sub information, that is, the BCA data.

FIG. 5 (a) shows the reproduced waveform before the filter 943 passes, and FIG. 5 (b) shows the processing dimensional accuracy of the slit of the low reflection portion 810. It is difficult to reduce the width of the slit to 5 to 15 μm or less. Also, if the data is not recorded on the inner circumference of 23.5 mm, the recorded data will be destroyed. From this DVD
In the case of, the shortest recording cycle = 30 μm and the maximum radius = 23.5
The maximum capacity after formatting is 188 bytes due to the limitation of mm
tes or less.

The modulation signal is recorded in pits using the 8-16 modulation method, and is recorded in the high-frequency signal section 9 shown in FIG.
A high frequency signal like 33 is obtained. On the other hand, the BCA signal is a low-frequency signal like the low-frequency signal section 932. As described above, when the main information is in the DVD standard, a maximum of about 4.5 MH
5A, and the sub-information is a low-frequency signal 933 having a period of 8.92 μs, that is, about 100 KHz, so that the sub-information can be frequency-separated using the LPF 943. Easy. The frequency separating means 934 including the LPF 943 as shown in FIG.
The two signals can be easily separated. In this case, L
The PF 943 has an effect that a simple configuration is sufficient.

The above is the outline of BCA.

Next, the entire system of the encryption software unlocking system will be described with reference to FIG. 6 focusing on the operations of password issue, encryption communication and orderer authentication. First, since the steps of the press factory are manufactured in substantially the same procedure as in the case of FIG. 1, the illustration of the master 800 and the completed disk 809 is omitted.

In the press factory 811, the plaintext 810 of the first to n-th contents is subjected to data encryption or scrambling of the video signal by the encryption encoder 812 using the first to n-th encryption keys 813, respectively. 800. After a reflection film is formed on a disc-shaped substrate 809 manufactured by pressing the master disc 800, two disc-shaped substrates are bonded to each other, and a completed disc 809 is produced. The ID 815 and / or the first encryption key 816 (public key) and / or the second encryption key 817 (public key) different for each disk and the connection address 818 of the second computer are recorded in the BCA area 814 on the completed disk 809. The BCA-equipped disk 801 is distributed to users.

Since the contents of this disc are encrypted, it is necessary to obtain a password from a password issuing center, that is, an online store or a mall, by paying a price or the like to reproduce the contents. This procedure will be described.

In the user's first computer 909, when the distributed disk 801 with BCA is reproduced by the reproducing device 819, the BCA reproducing unit 820 including the PE-RZ demodulating unit is reproduced.
, ID 815, first encryption key 816, second encryption key 8
17. The data of the connection address 818 is reproduced. In order to get a password, the password issuance center 82
The second computer 821a is connected to the connection address 818 of the second computer 821a, which is the first server, via the communication unit 822 via the network 823 such as the Internet.
The ID is transmitted to 21a.

Here, the procedure of the encrypted communication will be described.
The second computer 821a is connected to the user's playback device 819.
ID 815 is received. Then, the second computer of the password issuing center 821 called “mall” or “electronic store”, that is, the server 821 a has the encryption key database DB 824. In this database, a secret key which is a decryption key corresponding to the ID of the disk or the first encryption key 816 of the ID, that is, a first decryption key 825 is stored.
And a table of IDs are stored. Therefore, the server can search for the first decryption key 825 based on the received ID. Thus, the first computer to the second computer 8
The encrypted communication to 21a is established. In this case, the first encryption key and the first decryption key are not public key encryption but are the same key if they are common keys of common key encryption.

The user stores, for example, in the disk 801
One of the 1000 encrypted contents stored
For example, when the user wants to use the content whose content number 826 is n, the content number 826, that is, n, is encrypted by a first encryption encoder 827 including a public key encryption function using a public key that is a first encryption key 816. The encrypted code is transmitted to the second computer 821a. As described above, the second computer 821a searches for and knows the first decryption key 825 for decrypting this encryption. Therefore, this code can be plainly written. Thus, there is an effect that the privacy of the user's order information is protected by encryption.

In this case, the first encryption key 816 may be signed using a secret key of public key encryption. This method is called "digital signature". For a detailed description of the operation, refer to an encryption technical book, for example, “E-Mail Security by.”
"Br Di Schneier 1995"
digital signature "and the like.

Returning to the cipher communication, this cipher is
2 and the network 823 to the first encryption decoder 827 of the password issuing center 821. Thus, the encryption is decrypted in the first encryption decoder 827 using the first encryption key 825 paired with the first encryption key 816.

In this case, since the public key has only one specific disk, an unauthorized order from a third-party disk can be eliminated. That is, since authentication of one disk can be performed, authentication of the user who owns the disk can be performed. Thus, the content number n is proved to be a specific individual order, so that an unauthorized order by a third party can be excluded.

At this time, if the public key 816 is kept secret,
This technique can also be used technically to transmit billing information such as credit card numbers that require high security. However, in stores usually called "malls,"
Because there is no security guarantee, electronic payment does not handle user billing information. Only credit card-based and bank-based billing centers 828 can handle user financial information. Currently, security standards such as SET are being standardized, and there is a high possibility that financial information encryption will be realized using RSA 1024-bit public key encryption.

Next, an encryption communication procedure of accounting information in the case of the present invention will be described. First, using the second encryption key 817 of the public key encryption played back by the BCA playback unit 820, the billing information 830 such as a personal credit card number is stored in the second encryption encoder 8.
At 31, the data is encrypted by a public key cryptosystem such as RSA and transmitted from the communication unit 822 to the encryption decoder 832 of the third computer 828 via the second computer 821. In this case, when a digital signature is to be made, the second encryption key 81 is used.
7 uses a secret key 829.

The ID or the second decryption key 829 corresponding to the second encryption key 817 is searched from the encryption key database DB 824a in the same manner as the procedure for the encryption key of the second computer 821a of the password issuing center 821, and this is used. Thus, the accounting information encrypted in the second encryption decoder 832 can be decrypted.

Note that the second encryption encoder 831 uses the secret key 8
29, the second encryption decoder 8
At 32, the signature of the user can be confirmed. In this way, the charging center 828 can safely obtain the charging information such as the user's credit card number, bank card number, and bank password using the Internet. In an open network such as the Internet, security is a problem. However, in this system, since an encryption key (public key) for cryptographic communication or a secret key of a digital signature is recorded in the BCA, cryptographic communication or authentication is not possible. It can be done reliably. For this reason, there is an effect that illegal charging and an illegal order by an unauthorized third party can be prevented. Further, since a different public key can be used for each disk, that is, for each user, the confidentiality of communication is improved, and the possibility that the user's billing information is leaked to a third party is reduced.

Returning to FIG. 6, a password issuing procedure and a password unlocking procedure will be described. At the password issuing center 821, the password is generated by the password generation unit 834 using an arithmetic expression such as public key encryption, based on three pieces of information: the ID, the content number that the user wants to unlock, and time information indicating the usage permission period of the user. Generate
The data is transmitted to the first computer 909. To describe the simplest configuration example, the second computer encrypts information obtained by mixing the decryption key disk ID for decrypting the n-th content and the time information with the public key of the public key encryption, and creates a secret key for decrypting the information. The mixed n-th password 834a is created by the password generator 834 and transmitted to the first computer 909. The first computer receives the n-th password and decrypts the disc ID, the time information, and the decryption key of the n-th content with the secret key. Here, the ID 835a of the BCA reproduced from the disc, the current second time information 835b, the permitted ID 833a, and the first time information 83
The password calculation unit 836 calculates whether or not 3 matches. If they match, it is permitted and the n-th decryption key 83
6a is output to the encryption decoder 837, and the encryption 837a of the n-th content is decrypted to obtain the n-th content 83.
8 is output. The output period is the first time information 833.
And the second time information 835b is limited to the time when they match. On the first computer 909 side, the password calculation unit 836 calculates three pieces of information of the ID, the password 835, and the time information from the clock 836b indicating the current time.
If D and the time information are correct, the correct decryption key is output as the operation result, so that the n-th cipher is
7, the plaintext data of the n-th content 838 or the descrambled video signal or audio signal is output.

In this case, the second time information 8 of the clock 836b
If 35b does not match the first time information 833 of the password, the cipher will not be correctly decrypted and will not be reproduced. Use of the time information makes it possible to apply to a time-limited type rental system in which a movie can be played for only three days when using the rental.

Although the procedure has been described with reference to the block diagram in FIG. 6, a flowchart of this procedure will be described later with reference to FIGS.

Next, a device for the capacity of the encryption key will be described. By inserting both the first encryption key 816 and the second encryption key 817 into the BCA as shown in FIG. 7 (a), the transaction between the "mall" and the "billing center" is performed. The two security effects described above can be obtained.

In this case, standardization such as SET is planned for security with the charging center.
A1024 That is, the 128-byte encryption key is
It will be stored in the encryption key area 817a. Then
Since BCA has only 188 bytes, only 60 bytes remain for the encryption key of the transaction with “mall”. 2
An elliptic function public key cryptosystem is known as a cryptographic function having a size of 0 bytes and the same security as that of 128 bytes of RSA1024.

In the present invention, an elliptic function is used for the first encryption key area 816a. The elliptic function provides security equivalent to RSA1024 in 20 bytes. Therefore, there is an effect that both the first encryption key 816 and the second encryption key 717 can be accommodated in the BCA area of 188 bytes by using the elliptic function.

As described above, by applying BCA to an optical ROM disk, an ID number unique to the disk,
The first and second encryption keys and connection addresses can be recorded. In this case, if you use the Internet, you will be automatically connected to the mall,
Security such as product purchase authentication and confidentiality and authentication and confidentiality at the time of payment is realized only by distributing the disk on which the encryption key is recorded to the BCA. Therefore, according to the method of the present invention, it is possible to omit and streamline the conventional operation of using an IC card, a floppy or a letter to distribute an ID and an encryption key to a user without lowering security. effective. The URL, which is the Internet connection address, is not fixed but is changed. A URL is recorded on the master, and it is sufficient to connect to the URL. However, changing the master when it is changed is inefficient in terms of time and cost. BCA
Is recorded in advance, and only when the connection address 931 is reproduced from the BCA, the connection is performed by giving priority to the BCA connection address 931 over the connection address of the master.
There is an effect that connection is made to the changed connection address 931 without creating a new master.

FIG. 6 shows a case where the first public key and the first public key are recorded in the BCA.

In FIG. 8, there are two types of implementations, one in which the first encryption key 816 of the public key and the third decryption key 817a of the private key are recorded in the BCA, and the other in which the encryption key is generated and encrypted communication is performed. Here is an example. Since the procedure is the same as that in FIG. 6, only different points will be described. First, in the press factory, the first encryption key 81
6 and the third decryption key 817a are recorded in the BCA. The third decryption key 817a is used for receiving a code encrypted with a public key from a charging center. In this case, there is an effect that security of reception is improved.

First, a more specific example of encrypted communication for generating an encryption key will be described with reference to FIG. First encryption key 816
Is a public key, the third decryption key 817a for reception is
Must be recorded. On the other hand, BCA has a small capacity. The public key requires processing time. Therefore, in FIG. 8, the first computer 836 uses a random number generator or the like to generate an encryption key
In step a, a public key encryption / decryption key pair or a common key is generated. An example of a common key will be described. The common key K838 is encrypted by the first encryption key 816 and the first encryption encoder 842, and sent to the second computer 821a. In the second computer, using the main decryption key 844, the main encryption decoder 843 decrypts the encryption to obtain a common key K838a. Since both have the common key K, by passing the common key K to the second encryption encoder 842a and the second encryption decoder 847a, encrypted communication from the store to the user, that is, from the second computer 821a to the first computer 836 can be performed. Naturally the common key K
To the second encryption encoder 827a and the second encryption decoder 84
By passing the information to 5a, the user can also perform encrypted communication from the store, that is, from the first computer 836 to the second computer 821a. The effect of the method of recording the first encryption key, which is the public key, in the BCA and generating the encryption key will be described. First,
The recording of the decryption key can be omitted only by recording the first encryption key. Therefore, the capacity with less BCA is not reduced. Next, since the decryption key is recorded in the BCA, security is improved. In the case of a common key, the key may be changed every time.

Since the operation time is short, there is an effect that the processing time is short. In this case, the encryption key generation unit 838a
Generates a pair of a public key encryption key and a decryption key instead of a common key, transmits the encryption key to the second computer 821a and uses it as the encryption key of the second encryption encoder 842a, and uses the decryption key as the second encryption key. If it is used as a decryption key for the decoder 847, the processing time will be longer, but security can be further improved as compared with the common key. It is desirable to use a public key when the performance of the CPU for processing is high. When a new public key is generated, no security problem occurs because only the public key of the first encryption key is recorded in the BCA. B
CA capacity is not consumed. In addition, since there is no need to change the encryption key, maintenance becomes easy.

When the common key K838a is defined by the second computer 821a of the password issuing center 821, the common key is encrypted by the third encryption encoder 840 using the third encryption key 839 and transmitted to the personal computer 836.
On the personal computer 836 side, the third encryption decoder 841 uses the third decryption key 837, which is a secret key reproduced from the BCA, to obtain a common key K838b. In this case, since the third decryption key 817a, which is a secret key, has only this user, there is an effect that the contents of communication from the center to the user are prevented from leaking to a third party. The format in this case is shown in FIG. The third decryption key 839b can be accommodated in the BCA because an elliptic function requires only 20 bytes.

Next, referring to FIG.
An embodiment for reducing the cost of producing a master using CA will be described.

When there are n, for example, 1000 plaintext contents 850, the contents are encrypted by the encryption encoder 852 using the 1st to mth encryption keys 851 respectively. The decrypted program 854a for the encrypted first to m-th content 853, the first to m-th content, and the second encryption decoder 861a for decrypting the second encryption were recorded as pits with irregularities on the master. Then, after forming a reflection film by molding on one substrate, the two substrates are bonded to each other to complete the optical disc 801. At this time, disk 1
Disc-specific identification information different from the first disc,
A second code obtained by encrypting D855 and decryption information 854 such as a password or decryption key for unlocking the nth content, for example, the first content, by the second encryption encoder 860 is recorded in the BCA in advance. Then, in the playback device, the BCA playback unit 820 plays back the second cipher. Since the second encryption decoder 861 is reproduced from the data reproducing unit 862 which reproduces normal recorded data other than the BCA, the second encryption is decrypted using this, and the ID 855a and the n-th password 854a are reproduced. You. The encryption decoder 855b uses the ID 855a and the password 854 by using the decryption program 854a for the n-th content reproduced by the data reproducing unit 862.
The first cipher is decrypted using a to obtain the plaintext 855c and the identification information 855a of the n-th content. In the case of a personal computer, the content and the ID are recorded on the hard disk 863. The ID 855a checks whether there is the same ID on the network at the time of starting the program and activates the network protection. Therefore, there is a secondary effect that illegal installation of software can be prevented. That is,
If a single master contains 1,000 encrypted contents and records decryption information such as a password corresponding to specific software, an optical ROM disk of one specific content can be created. Is equivalent. 100 for one master
The same effect as cutting a master of zero types of software can be obtained, and there is an effect that the cost and labor for creating the master can be reduced.

FIG. 10 describes a procedure for encrypting content using BCA when recording content on a RAM disk. First, the BCA playback unit 82 is read from the RAM disk 856.
0, the BCA data is reproduced, the ID 857 is output, and the ID is transmitted to the encryption unit 859 via the interfaces 858a and 858b and the network. In the encryption unit 859, the content 860 is encrypted or the video / audio signal is scrambled by the encryption encoder 861 using the key including the ID 857. The encrypted content is sent to a recording / reproducing device and is recorded by a recording circuit 862 on a RAM disk 856.
Will be recorded.

Next, when reproducing this signal, the data reproducing section 865 demodulates the main data, reproduces the encrypted signal, and decrypts it in the encryption decoder 863. At this time, information including the ID 857 is reproduced from the BCA area of the RAM disk 856 by the BCA reproducing unit 820 and sent to the encryption decoder 863 as a part of the key. At this time, if the copy is authorized, the encryption key recorded on the RAM disk is the authorized disk ID, and the ID of the RAM disk is also the authorized disk ID, so the encryption is decrypted or descrambled.
The plaintext 864 of the nth content is output. In the case of video information, an MPEG signal is expanded to obtain a video signal.

In this case, the encryption is performed using the disk ID as a key. Since there is only one disk ID in the world, an effect is obtained that it can be copied to only one RAM disk.

Here, if a copy is made from this legitimate RAM disk to another RAM disk, ID1 which is the first legitimate disk ID is different from ID2 which is the disk ID of another illegal RAM disk. Incorrect RA
When the BCA of the M disk is reproduced, ID2 is reproduced.
However, since the content is encrypted with ID1,
Even if the encryption decoder 863 tries to release the key with ID2, the encryption is not decrypted because the key is different. Thus,
There is an effect that the signal of the illegally copied RAM disk is not output and the copyright is protected. The present invention is a Disk
Since the ID method is used, the regular RA copied once
There is an effect that the encryption of the M disk can be unlocked even if it is reproduced by any drive. However, the encryption unit 859 may be an IC card equipped with an encryption encoder instead of the center.

The copy protection method will be described with reference to the block diagram of FIG. 11 and the flowchart of FIG. At step 877a, the installation program is operated. From the optical disc 801 bonded in step 877b,
The ID of the sub information is output from the CA reproducing unit 820. In step 877d, the content and the network check software 870 are reproduced from the main information by the data reproducing unit 865. The content and the ID 857 are recorded on the HDD 872. ID to prevent unauthorized tampering in step 877c
857 performs a specific secret cryptographic operation and is recorded on the HDD 857 as a soft ID. Thus, the personal computer 87
6 has a soft ID 8 along with the content in the HDD 872.
73 is recorded. Here, step 877f in FIG.
The case where the program is started will be described. When starting the program, in step 877g, the HDD 872
Plays the software ID 873 of the
Through another computer 87 on the network 876
The software ID 873a in the HDD 872a of 6a is checked. In step 877h, the software I of another PC
It is checked whether D873a and its own software ID 873 have the same number.
Proceed to 7j and stop the activation of the program of the personal computer 876 or display a warning message on the screen.

If the software IDs 873a of the other personal computers are not the same, it is determined that there is no evidence that the content has been installed on a plurality of computers at least on the network and that there is no illegal copy, and the flow advances to step 877k.
Allow the program to start. In this case, the software ID 873 may be transmitted to another personal computer via a network. In this personal computer, an illegal installation can be detected by checking the duplication of the software ID of each personal computer. If there is any fraud, a warning message is sent to the computer.

In this way, by recording the ID in the BCA and recording the network check program in the pit recording area, it is possible to prevent a plurality of software having the same ID on the same network from being installed. Thus, simple unauthorized copy protection is realized.

By providing a writable writing layer 850 made of a white material as shown in FIG. 13, not only can characters be printed or a password can be written with a pen, but also the writing layer 850 can be made thicker. Therefore, an effect of preventing damage to the substrate of the optical disk can be obtained. BCA area 8 on this write layer 850
By printing characters 851 and general barcodes 852, which are plain text and converted to alphanumeric characters, of the disc ID 815, which is a part of the BCA data 849 recorded by trimming in 01a, a retailer or user can read the BCA on a playback device. POS barcode reader and ID by visual recognition without taking
Can be checked and collated. A visually recognizable ID is unnecessary when the user notifies the center of the ID via a personal computer. However, if the user verbally conveys the ID to the center by telephone, the same ID as the BCA ID must be printed in a format that can be visually recognized on the disc, so that the user can read the ID visually and insert the disc into a personal computer. The ID can be transmitted to the center without any change. The manufacturing steps of the optical disc will be described with reference to the flowchart of FIG. In step 853d, a disk is formed from the master to create a substrate on which pits are recorded. Step 85
3e, an aluminum reflective film is formed. 2 at step 853f
The two disk substrates are bonded with an adhesive to complete a DVD disk or the like. In step 853g, label printing for screen printing is performed on one side of the disc. At this time, unique identification information is recorded on the master using a bar code. Step 853
In step h, identification information such as an ID that differs for each disc in the POS barcode format is printed by an inkjet barcode printer or a thermal transfer barcode printer. In step 853i, the barcode is read by a barcode reader, and in step 853j, BCA data corresponding to the identification information is printed on the second recording area of the disc. According to this manufacturing method, the BCA data is recorded after confirming the disc identification information after completing all the steps including the POS barcode except for the BCA. BCA cannot be read unless the disc is reproduced, but POS barcodes can be read with a commercially available barcode reader due to their low density. At every step in the factory, the disk ID can be identified. By recording the disc ID with a POS barcode before BCA trimming, erroneous recording of the BCA and POS barcode can be almost completely prevented.

A method of using BCA, which can perform secondary and tertiary recording in the BCA method, will be described. As shown in FIG. 15, the software maker can also secondary record the piracy prevention mark and the verification code as shown in step (2). In the step (2), a disk 944b may be created in which a different ID number or an encryption key for secret communication with a user is recorded for each disk. The discs 944c and 944d can be reproduced without inputting a password.

As another application, in step (3), information such as an encrypted or scrambled MPEG video signal is recorded on a disk 944e. The detailed operation of the MPEG scramble will not be described. In step (4), the software company creates a disk 844f in which the sub-public key for decrypting the ID number and the descrambling information is secondarily recorded by BCA. This disc cannot be played alone. In step (5), after receiving the price of the disk at the store, a password is created using the sub-secret key paired with the sub-public key, and the password is tertiarily recorded on the disk. Or give the receipt with the password printed to the user. after this,
Since the disk 844g has a password recorded thereon, the user can reproduce it. When this method is used, the scramble of the video is not released even if the unpaid disk is shoplifted, so that the picture is not normally reproduced, so that the shoplifting becomes meaningless and reduced.

In a store such as a rental video, a password is permanently BCA-recorded, and if a shoplifting is performed, the password is used. In this case, as shown in step (6), BCA
Is read by a POS barcode reader, a password for descrambling is issued in step 951g, and printed on a receipt in step 951i, and a step 951j.
Hand over to customer. At step 951k, the customer inputs the receipt password to the player using the numeric keypad at step 951k.
In step 951p, the content is reproduced only for a predetermined day. If you want to use other software when you rent it by giving only the password for a part of the software on the disk, you can notify the password of the software at step 951u and enter it at step 951k by telephone, and You can play the software. Although an example of a rental video store has been described, a password may be printed and handed over at a POS terminal when encrypted personal computer software is sold at a personal computer software store.

The cell dealers in steps (5) and (6) in FIG.
The operation in the rental shop will be described more specifically with reference to FIG. The cell store receives the encrypted or scrambled disk 944f from the software maker and confirms the payment from the user, and then checks the bar code recording device 94.
5 to the password issuing center 9 via the POS terminal 946.
52. In the case of a small-scale system, a password issuing center, that is, a system including a sub-secret key of a sub-public key may be provided in the POS terminal. The password issuing center inputs the disk ID number and time information in step 951q, performs an operation in step 951s, encrypts the information using the sub secret key in step 951t, issues a password in step 951g, and
BCA barcode recording device 94 via OS terminal 846
The password is sent to 5, and the recorded disk 944g is given to the customer. This disk 944g can be reproduced as it is.

Next, in the case of a rental shop or a PC software shop, first, a ROM in which the encryption and the scramble have not been released.
The disk 944f is displayed at the store. Customer has a specific ROM
When the disk 944f is designated, the user holds the circular barcode reader 950 having a built-in rotary optical head 953 that scans in a spiral manner in the hand and presses the disk bar 950 on the center of the disk 900 in a transparent case.
The bar code of the reflection layer by the non-reflection portion 915 of f is read, and the disk ID number is read. By printing the product barcode of the disc ID as shown by 852 in FIG. 13, the barcode can be read by a normal POS terminal barcode reader. It may be read from a circular barcode recorded and pressed in advance on the master. The information including these disc IDs is processed by the POS terminal 946, the fee is settled from the credit card, and the password corresponding to the ID number is issued from the password issuing center in step 951g as described above. For rental use, step 9 to limit the number of days that can be viewed
Add the date information as used in
Encrypt the number and create a password. In the case of this password, since it operates only on a specific date, there is an effect that, for example, a lending period of three days can be set in the password.

The password for descrambling issued in this way is printed on a receipt 949 together with the rental date, return date and rental title fee in step 951i, and is passed to the customer together with the disc. The customer brings back the disk 944j and the receipt 949, and inputs the password to the first computer 90 in FIG.
The password 835 is calculated as an ID number 835a by inputting it into the ten-key input unit 954 of No. 9 and input to the encryption decoder 837, where it is divided using the decryption key. Only when the password is correct, the data of the program is descrambled by the encryption decoder 837 and the video output is output.

In this case, when time information is included in the password, the password is collated with the date data of the clock section 836b, and descrambling is performed for the period of the coincident date. The input password is stored together with the corresponding ID number in the nonvolatile memory 755a of the memory 755, and once the user inputs the password, the user is descrambled without having to input the password again. Thus, there is an effect that the key of the disk can be opened and closed electronically during distribution.

Referring to FIG. 16, a detailed description will be given of a method of decrypting software on a disk on which the software is recorded as encrypted data.

Step 865 shows the entire flow of distributing the encrypted data and the individual ID to the user. First, in step 865a, the secret first area is stored in the ROM area of one master disk.
M data encrypted with an encryption key and m encrypted data
The program that decodes two data is recorded. In step 865b, a plurality of completed ROM disks are created by forming a substrate from the master and bonding the two substrates to which the reflection film has been added. In step 865c, decryption information (disc identification information and / or decryption key for encrypted data, which is different for each pressed disk) necessary for decrypting the encrypted data is stored in the non-rewritable sub-recording area (referred to as BCA) of the completed disk. Recording is performed using a modulation method different from the area. In step 865d, the user plays the distributed disk, selects desired encrypted data n, and starts decryption processing. In step 865e, the user's first computer reproduces the encrypted data and the decryption program from the ROM area and reads the decryption information from the sub recording area (BCA). If the second decryption information is not obtained online at step 865f, the decryption auxiliary information such as the ID is displayed on the screen at step 871a in FIG. Step 871b
Then, the user obtains the second decryption such as the password corresponding to the ID and inputs the second decryption to the first computer. Step 87
At 1c, a specific operation of a public key cryptographic function is performed using the disc identification information, the second decryption information, and the encrypted data n. If the result is correct in step 871d, step 871f
Then, the n-th data is written in plain text, and the user can operate the software of the data n.

Next, using the flowchart of FIG.
A method of encryption communication that is essential for the Internet or the like using CA will be described. Step 868 is a routine of a method for distributing the communication program and the communication encryption key to the user. First, in step 868a, at least a communication program and connection information are recorded in the ROM area of one master. In step 868b, a substrate is formed from the master, and two substrates are bonded to create a plurality of completed ROM disks. In step 868c, different disc identification information and an encryption communication encryption key for each pressed disc are recorded in the unrewritable sub-recording area (BCA) of the completed disc. In some cases, the connection address of the second computer and / or the decryption key for encrypted communication are recorded by a modulation method different from that of the ROM area. In step 868d, the user's first computer reproduces the communication program and the encryption program from the ROM area, and reads the disk identification information and the communication encryption key from the sub recording area. Proceeding to FIG. 19, step 867a
If there is a connection address in the BCA area, the connection is made to the second computer based on the connection address such as the URL of the BCA area in step 867b, and if there is no connection address, the connection is made to the computer having the connection address in the ROM area in step 867c. Connecting. In step 867d, the transmission data is input. In step 867e, if there is an encryption communication encryption key in the BCA area, in step 867g, the transmission data is encrypted using the encryption communication encryption key in the BCA area, and the third encryption Create If not, step 8
At 67f, data is encrypted using an encryption key for encrypted communication in the ROM area or HDD, and a third encryption is created.

Next, in FIG. 20, the second computer 910 will be described.
The routine for generating the decryption key of the encryption received from
Described in 69. First, in the first computer, step 8
If a communication decryption key is required in step 69a, step 869 is used.
b, it is checked whether or not the BCA has a communication decryption key.
Using a program for generating an encryption key / decryption key reproduced from the M area, a user's key input or data of a random number generator is paired by a second encryptor reproduced from the ROM area.
A communication encryption key / second communication decryption key is newly generated. In step 869d, a fourth cipher is created by encrypting the "second communication encryption key and / or user data" using the communication encryption key recorded in the BCA and encryption software obtained from the ROM area. In step 869e, the fourth cipher is:
Disc identification information and / or user address
The connection address obtained by reproducing from the disc is transmitted to the second computer. In the process of the second computer, in step 869f, the fourth encryption, the disc identification information, and the user address are received. In step 869g, a communication decryption key paired with the disc identification information is selected from the decryption key database, and the fourth encryption is decrypted using the selected communication decryption key to obtain a plaintext of the second communication encryption key. In step 869h, the second
Using the communication encryption key, a fifth encryption of the server data including a part of the user data is transmitted to the first computer via the Internet 908. Step 869i
Then, the fifth cipher (and the disc identification information) is received and decrypted by using the second communication decryption key and the decryption function recorded in the ROM area to obtain the plaintext of the server data. In this way, bidirectional cryptographic communication is realized between the first and second computers by the method of step 869 in FIG.

Step 870 in FIG. 21 describes a charging information receiving routine. At step 870a,
When the accounting information is input, a third encryption key of the public key encryption for accounting communication is requested to the second computer. Step 8
At 70b, the second computer requests a third encryption key from the third computer. Although the exchange step is omitted, the third computer 911 stores the ID and the third encryption key in the second
Send to computer 910. At step 870c,
The second computer receives the ID and the third encryption key, and in step 870e, transmits the seventh encryption obtained by encrypting the third encryption key using the second communication encryption key or the like to the first computer. In step 870f, the first computer receives the seventh encryption, and in step 870g, decrypts the received seventh encryption using the above-described second communication decryption key, and obtains the third encryption key (the public key of the public key function). Get) In step 870h, the third encryption key is recorded on the HDD as necessary. This will be used for the next transmission. In step 870i, when charging information having a high secret value, such as a credit card number or a settlement password, is input, in step 870j, the eighth encryption obtained by encrypting the charging information using the third encryption key is transmitted to the second computer. Via a third computer. The second computer receives the eighth cipher at step 870k and retransmits it to the third computer. Since only the third computer 912 which is a financial institution has the decryption key of the third encryption,
It cannot be decrypted by computer electronic stores. In step 870m, the third computer searches the encryption key database for a third decryption key corresponding to the third encryption key using the identification information of the disk or the like, and retrieves the third decryption key corresponding to the secret key of the public key encryption.
The eighth cipher is decrypted with the decryption key to obtain the plaintext of the billing information. In step 870n, it is checked whether or not the payment can be collected from financial information such as the credit information of the user and the balance of the deposit. In step 870p, the result of the investigation is notified to the second computer. The second computer, a so-called electronic store, determines in step 870q whether or not the payment can be collected, and if not, in step 870r, does not send out the product or send a key for decrypting the encryption software. When it is determined that the payment can be collected, in the case of the key providing system as shown in FIG. 16, the process proceeds to step 870s, and the decryption key of the encryption software, that is, the product is transmitted to the user's second computer via the Internet 908. In the first computer, step 870t
In step 870u, the decryption key of the encryption software is received.
To decrypt the n-th encryption software, and step 8
At 70w, you get soft plaintext. Thus, a content key providing system is realized.

The method of step 870 in FIG. 21 requests the third computer, that is, a financial institution, to issue and issue a public key of a third encryption key, which is required to have high security, that is, billing information, as necessary. It is not necessary to record in the BCA in advance. Therefore, RSA2048 25 is used as the third encryption key.
There is an effect that a 6-byte stronger RSA-based encryption key can be used without consuming the BCA capacity. Further, since it is not necessary to record in advance in the BCA of all disks, the total number of issued third encryption keys is reduced,
The CPU time of the computer required for calculating the third encryption key is reduced. In addition, since the third cipher is not in the BCA and is not disclosed, security is slightly improved. B in this case
The role of the CA, as shown in FIGS.
This is a record of the identification information of the secret communication disk using a 4-grade encryption key. With one BCA disk, the effect is high because encrypted communication with the second computer is realized.

Next, the step 872 of the encrypted communication when both the communication encryption key and the communication decryption key are recorded in the BCA will be described with reference to FIG. In step 872g, the first computer 909 encrypts the user data with the communication encryption key reproduced from the BCA, the ninth encryption, the basic identification information recorded in the ROM area when the master is created, and the ninth encryption recorded in the BCA area. The disc identification information to the second computer 91
Send to 0. In the second computer, step 872
At b, the ninth encryption, the disc identification information, and the basic identification information are received. In step 872c, a communication decryption key paired with the disc identification information is retrieved from the decryption key database, and the ninth cipher is decrypted to obtain a plaintext of the user data. In step 872e, a second encryption key corresponding to the disc identification information is selected from the encryption key database, and the server data and the third encryption key received from the third computer in the procedure described with reference to FIG. The tenth cipher that has been transmitted to the first computer. In step 872f, the first computer receives the tenth cipher, and in step 872g
Then, the received seventh cipher is decrypted using the above-described second decryption key for communication recorded in the BCA, and the server data and the third
Obtain the plaintext of the encryption key (public key of the public key function). In step 872h, the third encryption key is recorded on the HDD as necessary. When charging information is input in step 872i, the process proceeds to step 872j, and the eighth encryption and the first encryption obtained by encrypting the charging information are transmitted to the third computer via the second computer by using the third encryption key. In step 872m, the second computer retransmits the eleventh cipher to the third computer. In the third computer, step 87
At 2m, a third encryption key paired with the identification information of the disk or the like is searched from the database for the third encryption key, and the eighth encryption is decrypted to obtain the plaintext of the billing information. In step 872n, a check is made to see if the user can be charged.
In step 872p, the survey result is transmitted to the second computer. In step 872q, the second computer checks whether the user can collect the charge. When it is determined that the payment can be collected In the case of the key providing system as shown in FIG. 16, the process proceeds to step 872s, where the decryption key of the encryption software is
That is, the product is transmitted to the user's second computer via the Internet. In the first computer, step 872
At step t, the decryption key of the encryption software is received.
To decrypt the n-th encryption software, and step 87
Get soft plaintext with 2w. Thus, a content key providing system is realized.

The feature of the effect of the method of step 872 in FIG. 22 is that since both the encryption key and the decryption key are recorded in the BCA area, the transmission of the decryption key and the encryption key necessary for reception from the second computer is performed. Is that there is no need for Since the capacity of BCA is a maximum of 188 bytes, for a cryptographic function such as a public key, 512 bytes of RSA and 2 bytes of 64 bytes, 12
Since only 8 bytes are required, recording can be performed. The RSA 512 can perform grade bidirectional encryption. As shown in FIG. 7, elliptic functions can accommodate 7 to 8 elliptic functions, so that the effect is even higher.

The operation and effect when the first encryption key and the third encryption key are recorded in the BCA in advance will be described with reference to FIG. Steps 872a to 872w in FIG. 22 and steps 873a to 873w in FIG. 23 have substantially the same configuration, and therefore only different steps will be described.

First, since the third encryption key for protecting the security of financial information such as billing information is recorded in the BCA, in step 873e, the second and third computers make the third
Generation and transmission of the encryption key is not required. Step 873e,
The transmission and reception of the twelfth cipher are performed at 873f and 873g. In step 873j, the third encryption key is read from the BCA area, and the user's billing information is sent to the third computer via the second computer. The method of FIG. 23 has an effect that the procedure is simplified because generation, transmission and reception of the third encryption key are not required at all.

In the case of the electronic payment system, there are usually a plurality of charging centers as in the case of starting credit.
Therefore, a plurality of third encryption keys, which are public keys, are required. As described with reference to FIG. 7 (b), when the RSA encryption function is used, RSA1024 or more, that is, 128 bytes or more is required. Therefore, only one third encryption key 817b is included in 188 bytes of BCA. However, an elliptic function cryptographic key (elliptical cryptography) that has recently appeared has a small capacity and can provide security equivalent to that of RSA. In recent years, RSA function RS
A1024 is the minimum standard for security of financial information. The RSA function requires 128 bytes, but to achieve the same security, the elliptical encryption requires 20 bytes.
It is said that about 22 bytes is enough. Therefore, as shown in FIG. 7 (c), a plurality of, up to seven to eight, third ciphers for handling financial information can be accommodated in the BCA. By using the elliptical encryption, a BCA-based electronic payment system corresponding to a plurality of financial centers that are practically essential is realized. Although the description has been focused on the third cipher, even if it is used as the public key of the first cipher key, the effect of the elliptical cipher is the same because high security between a plurality of electronic stores is maintained.

Next, the RAM disk recording / reproducing apparatus using the BCA described with reference to FIG. 10 will be described in more detail with reference to FIG. As one embodiment, the so-called Pay
The recording procedure on the RAM disk in the per view system will be described. First, a software company such as a CATV company uses a program transmitter 883 to encrypt content 880 such as movie software in a first encryptor using a first encryption key 882, generates a first encryption 900, and generates a C code of each user.
Transmit to a decoder 886, such as an ATV decoder. When the decoder 886 sends a request for a specific program to the key issuing center 884 via the network, the key issuing center 8
Reference numeral 84 denotes first decoding information such as a specific software, a system ID number of a specific decoder, and a descrambling key for specific time restriction information 903, and a first decoding information 901 including a recording permission card 901 for a RAM disk. The decoding information 885a is transmitted to the first decoding unit 887 of the first decoder 886.
Send to The first decryption unit 887 decrypts the first cipher 900 from the system ID 888 and the first decryption information 885a,
In the case of a video signal, a once-descrambled signal is further scrambled by another cipher for copy protection, and is output from the third cipher output unit 889.
Thus, the original TV signal is copy-guarded but can be viewed. Here, when the recording permission code 901a is NO,
Cannot record on RAM disk 894. However, in the case of OK, data can be recorded only on one RAM disk 894.
This method will be described.

In the decoder 886, the IC card 902 is inserted, and the B of the RAM disk 894 of the RAM recorder is read.
The CA is read by the BCA reproducing unit 895 and the disc ID 90 is read.
5 is sent to the IC card 902. The IC card 902 checks the current time information 904 and the recording permission code 901a obtained from the disk IC 905 and the decoder 886,
A copy check 907 of the shake hand method is performed bidirectionally with the third encryption output unit 889, and if the recording permission code and the copy check are OK, the second sub-encryptor 891 in the IC card 902 issues the second encryption key 906. . Second encryptor 8
At 90, the third cipher is re-encrypted to generate a second cipher in which the content 880 is encrypted with the disc ID of the specific one disc, sent to the RAM recorder 892, and stored in the recording means 893 at 8-15 Modulated by the first modulating unit using 8-16 modulation, and RAM
In the first recording area 894a of the disc 894, the second encryption 91
2 is recorded. Thus, the data on the RAM disk 894 is encrypted with the specific disk ID number.

Next, this disc is played back by ordinary reproducing means 896.
When the reproduction signal is demodulated by the first demodulation unit 896a of 8-16 modulation, the second cipher of the content is output. The second decryption unit 897 includes a plurality of second decryption keys 898a, 898b, 898
c. This means that each program supply company such as each CATV station has a decryption key corresponding to the encryption key of each IC card which is different. In this case, the decoding key identification information of the decoder 886 or the IC card 902 is stored in the first recording area 8 at the time of recording.
94a. The playback device reads the decryption key identification information 913 from the first recording area 894a, and the decryption key selection unit 914 uses the decryption key 898a to 898z based on the second decryption key 898 corresponding to each encryption key.
a is automatically selected, and the second cipher is decrypted by the second decryptor 897 using the disk ID 905a as one key. An IC card containing a specific decryption key may be used.
In the case of a video, a normal video descrambled by the TV 899a can be obtained.

In the system shown in FIG. 24, a disc ID 905 is stored in an IC card inserted in a decoder at home of each user.
And encrypt the image data etc., so the software company 8
83 does not need to individually change the encryption of the content to be delivered to each user. Accordingly, when pay-per-view scrambled video is broadcast to a large number of viewers such as satellite broadcast or CATV, it is possible to permit each user to record on only one RAM disk.

In the system shown in FIG. 24, the data is recorded on one disk, and at the same time, the RAM of the second disk, ie, another disk ID
When trying to copy or record illegally on a disc, BC
In the case of A, since a two-layer disc is used, the disc ID cannot be falsified, so that illegal copying to the second disc is prevented at the same time. Next, the pseudo recording permission code 901a and the third encryption are transmitted to the decoder and the IC card in another time zone, and the data is encrypted with the specific disk ID. Recording on a RAM disk with a different disk ID is conceivable. Such misconduct is also
The decoder time information management unit 902 in the C card compares the time of the time restriction information 903 of the key issuing center 884 or the time of the content time information with the current time of the time information unit 904a in the decoder, and The IC card 902 permits encryption of the second cryptographic operation unit 990 if it is OK.

In this case, a shake hand time check method in which the second encryptor 890 and the first decryption unit 887 communicate check data bidirectionally may be used.

In the case of the shake hand method, the second cryptographic operation unit 890 including an IC card, the first decryption unit 887 and the third
The encryption unit 889 confirms the encrypted data in both directions. Therefore, illegal copying in another time zone that is not the same as the content transmission time is prevented.

Thus, the decoder 886 of each user
In, the content of the software company is recorded on only one of the RAM disks 894 having a specific disk ID that exists only in the world. This disc can be reproduced by any RAM disc player. There is an effect that the copyright of the software company is protected even when the data is recorded on the RAM disk by the method shown in FIG.

In the description of the figures in the main text, encryption is performed by the encryption encoder and decryption is performed by the encryption decoder. However, an encryption algorithm and a decryption algorithm, which are programs in the CPU, are actually used.

[0076]

As described above, the ID and the encryption key and the decryption key of the encryption are recorded in the BCA area of the optical disk in advance, so that the decryption of the encrypted contents can be realized by a simpler procedure. In addition, communication confidentiality is achieved without a conventional registration procedure. By storing the network check program in the content, multiple installations of the same ID software on the same network can be prevented.
Thus, there are various effects of improving security.

[Brief description of the drawings]

FIG. 1 is a process diagram of an optical disc according to an embodiment of the present invention.

FIG. 2 is a sectional view of trimming by a pulse laser according to an embodiment of the present invention.

FIG. 3 is a signal reproduction waveform diagram of a trimming unit according to the embodiment of the present invention.

FIG. 4 is a block diagram of a reproducing apparatus according to an embodiment of the present invention.

5A is a diagram showing a reproduced signal waveform of a BCA portion of the present invention. FIG. 5B is a diagram showing a dimensional relationship of the BCA portion of the present invention.

FIG. 6 is a diagram showing an encryption communication method and an encryption key method using a password according to the embodiment of the present invention.

FIG. 7 is a format diagram of the BCA of the present invention.

FIG. 8 is a diagram showing a method of encrypted communication and a method of decryption using a password according to the embodiment of the present invention.

FIG. 9 is an operation procedure diagram of a disc in which the use of the content part according to the embodiment of the present invention is permitted.

FIG. 10 is a block diagram when BCA is recorded on a RAM disk according to the embodiment of the present invention.

FIG. 11 is a block diagram of an unauthorized copy prevention method according to an embodiment of the present invention;

FIG. 12 is a flowchart for preventing unauthorized copying according to the embodiment of the present invention;

FIG. 13 is a top view and a cross-sectional view of an optical disc on which a product barcode is printed on a BCA according to an embodiment of the present invention.

FIG. 14 is a block diagram of a POS payment system using a ROM disk with BCA and a POS terminal according to an embodiment of the present invention.

FIG. 15 is a flowchart of decryption of a press factory, a software company, and a store according to an embodiment of the present invention.

FIG. 16 is a flowchart of an encryption / decryption step of encrypting / decrypting encrypted data using a disk ID or the like according to the embodiment of the present invention;

FIG. 17 is a flowchart of an encryption / decryption step of encrypting / decrypting encrypted data using a disk ID or the like according to the embodiment of this invention;

FIG. 18 is a flowchart of distribution and encryption communication of a communication encryption key using BCA according to the embodiment of the present invention.

FIG. 19 is a flowchart of distribution and encryption communication of a communication encryption key using BCA according to the embodiment of the present invention.

FIG. 20 is a flowchart of distribution of a communication encryption key using BCA and encryption communication according to an embodiment of the present invention.

FIG. 21 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 22 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 23 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 24 shows one RA using BCA according to the embodiment of the present invention.
Block diagram of a recording / reproducing method for restricting recording on an M disk

[Explanation of symbols]

 801 Disk with BCA 802 Fixed key 803 Encryption encoder 804 Recording means 805 Content 806 ID 807 Trimming device 808a Molding machine 808b Reflective film maker 808c Laminating machine 809 Complete disk 809a Single-sided disk 809b Single-sided disk 811 Press field 813 Press field 813 815 Disk ID 816 First encryption key (secret key) 817 Second encryption key (secret key) 818 Connection address 819 Playback device 820 BCA playback unit 821 Password issuing center 822 Communication unit 823 Network 824 Encryption key DB 825 First decryption key 826 Content number 827 First encryption decoder 828 Charging center 829 Second decryption key 830 Charging information 831 Second encryption encoder 832 Second encryption decoder 833 Inter-information 834 password generation unit 835 password 835 personal computer 837 third decryption key 838 common key 839 third encryption key 840 third encryption encoder 841 third encryption decoder 842 main encryption encoder 843 main encryption decoder 844 main decryption key 845 first encryption decoder 846 Cryptographic encoder 847 Cryptographic decoder 849 BCA data 850 Writing layer 851 Character 852 General barcode 852 Decoder 860 Second cryptographic encoder 861 Second cryptographic decoder 862 Data reproduction unit 863 ROM area 864 Additional recording area 865 Decoding flowchart 890 Second cryptographic operation unit 894a First recording area 908 Internet 909 First computer 910 Second computer 911 Third computer 912 Second encryption 913 Decryption key identification information 9 4 Decryption key selection means 915 First slice level 916 Second slice level 917 PE-RZ modulator 918 Transparent substrate 919 First recording area 920 Second recording area 921 Disk ID 922 BCA flag 923 CPU 924 Control data 925 EFM demodulation 926 8 -15 modulation demodulation 927 8-16 modulation demodulation 928 first demodulation unit 930 second demodulation unit 931 connection address

──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Mitsuro Moriya 3-1-29-1 Hikarigaoka, Ikoma City, Nara Prefecture (72) Yoshiya Takemura 2-8-11 Beppu, Settsu-shi, Osaka (56) References JP Hei 5-257816 (JP, A) Osamu Akashi and two others, "Information distribution by FlaeMarket method", Multimedia communication and distributed processing workshop (Information Workshop, Vol. 95, No. 2, pp. 243-250), published by the Information Processing Society of Japan, published October 25, 1995. (58) Fields investigated (Int. Cl. ⁷ , DB name) G11B ^7/ 00-7/013 G06F 12/14 G11B 19/04 G11B 20/10 G11B 20/12

Claims (3)

(57) [Claims] 1. Disc identification information unique to an optical disc
When, and that a plurality of encryption keys are recorded, and an optical disc for recording information, a portion of the first recording area capable of recording for recording information, at least on the optical disc unique disc identification information is recorded In an optical disc provided with a second recording area, the second recording area is
Several stripe patterns that are long in the radial direction
An optical disc, comprising: 2. The optical disk according to claim 1, wherein the second recording area is readable but cannot be re-recorded. 3. The disc identification information of the second recording area
Is a step after forming the recording film of the optical disc,
Inner side than the control data that records the
A stripe specific to the optical disc in the first recording area
2. The optical disk according to claim 1, wherein a pattern is formed .