JP4598437B2 - Decryption information generation device and program thereof, distribution content generation device and program thereof, and content decryption device and program thereof - Google Patents

Description

  The present invention relates to a decryption information generation apparatus, a program thereof, and distribution capable of identifying an unauthorized user of content and suppressing damage caused by leakage of user key information used when decrypting encrypted content The present invention relates to a content generation apparatus and its program, and a content decryption apparatus and its program.

In recent years, various contents such as video and audio have been distributed on the Internet (network).
However, when buying and selling content distributed on the Internet, a legitimate user who purchased the content may distribute the purchased content illegally, causing damage to the content distributor (provider). Is increasing. In order to deal with such a problem, there is a method using an encryption technique called “trailer tracing method” as a method for identifying which user has distributed illegally distributed content. (Refer nonpatent literature 1).

  In this unauthorized user tracking method, content purchased by a user is encrypted, and a secret key that is a key for decrypting the encrypted content is generated using a user-specific identifier and a polynomial. Yes. That is, when the polynomial is f (x), f (ID) obtained by substituting the user-specific identifier ID into the variable x is the user's secret key. For this reason, when a user illegally creates a copy of a secret key, the identifier ID used to create the secret key f (ID) is determined to identify which user has made the fraud can do. The coefficient of the polynomial is confidential information of the content distributor (provider) and is information that is strictly managed and stored.

  Another problem when distributing content is that information that should be kept secret (private key) of users who use the content is leaked, and a third party impersonates the user with the secret key. May cause damage. For such a problem, an encryption technique called “Key-Insulated Public-Key Cryptosystems” is used as a method of minimizing damage even if a secret key is leaked. There is a method to use (see Non-Patent Document 2).

In this key isolation public key encryption method, the secret key is updated in the user terminal according to the time, thereby preventing damage after the secret key update. In the key isolation public key encryption method, even when the secret key is updated, it is not necessary to update the public key.
Kaisa Nyberg, “Advanceds in Cryptology-EUROCRYPT '98”, Lecture Notes in Computer Science, vol 1403, pp. 145-157 Lars Knudsen, “Advanceds in Cryptology-EUROCRYPT 2002”, Lecture Notes in Computer Science, vol 2332, pp. 65-82

However, in the conventional illegal user tracking method, it is possible to specify which user has made an illegal operation, but there are the following problems.
In this unauthorized user tracking method, when a user's private key is leaked to an unauthorized user who is a third party, the unauthorized user can impersonate (spoof) the authorized user. As a countermeasure, it is conceivable to update the coefficient of the polynomial for generating the secret key and further update the secret key so that the user and the provider are not damaged after the update. However, when updating the coefficient of a polynomial, since the coefficient of the polynomial is provider's secret information, it is necessary to update the secret key of all authorized users on the provider side, and the update procedure is troublesome. There is.

In addition, in the conventional key isolation public key encryption method, it is possible to minimize damage to the user against leakage of the user's private key, but there are the following problems.
In this key isolation public key encryption method, the user's private key is updated according to the time, but since the public key is not updated, there is no need to exchange information between the user and the provider efficiently. The private key can be updated. However, unlike the unauthorized user tracking method, the key quarantine public key encryption method does not use the user identifier when decrypting the encrypted content. There is a problem that it cannot be identified.

  In addition, it is possible to identify a fraudulent user by combining the conventional fraudulent user tracking method and the key quarantine public key encryption method in series. It is conceivable to keep the minimum. However, since these methods individually encrypt the contents, the provider side must perform encryption twice and the user side must perform decryption twice. In the CPU (Central Processing Unit) There is a problem that the calculation load becomes large.

  The present invention has been made in view of the above problems, and when distributing content, even if the user who illegally distributed the content is identified and the secret key of the user is leaked, the present invention is damaged. It is an object of the present invention to provide a decryption information generation device and program thereof, a distribution content generation device and program thereof, and a content decryption device and program thereof. Furthermore, the present invention provides a decryption information generation apparatus and its program, a distribution content generation apparatus and its program, which can suppress an increase in the amount of CPU computation when performing encryption on the provider side and decryption on the user side, It is another object of the present invention to provide a content decryption apparatus and its program.

The present invention was created to achieve the above object. First, the decryption information generation device according to claim 1 is configured to provide public information disclosed for decrypting encrypted content; A decryption information generating device for generating secret information that is secret information in a content decrypting device that decrypts content and update information for updating the secret information as decryption information of the content, wherein initial information storage means And a secret key generation unit, a public key generation unit, a key encryption unit, and an update information generation unit.

  According to such a configuration, the decoding information generation apparatus stores, in the initial information storage unit, at least the initial coefficient that is prepared in advance and the generation source selected from the multiplicative group that forms a group with respect to the multiplicative method as the initial information. Keep it. Then, the decryption information generation device uses the secret key generation unit based on the initial coefficient stored in the initial information storage unit and identification information (for example, a user identifier) unique to each user who uses the content. The initial secret key that is a unique secret key for each user is generated as secret information. This secret information is information that is secretly stored in the terminal (user terminal) on the user side that uses the content, and is information that serves as an initial value when the secret key is updated.

Further, the decryption information generation device uses the public key generation means to raise the generation source stored in the initial information storage means by a power that is a plurality of coefficients that are associated with specific information predetermined by the provider. Then, a public key including a power value corresponding to the inherent coefficient is generated. Here, by calculating the power value of the generator of the multiplicative group, it is possible to ensure the security of the cryptographic system due to the difficulty of the discrete logarithm calculation. The public key generated by this public key generation means is a key (public key for tracking an unauthorized person) for identifying which user has made an unauthorized act, similar to the secret key in the conventional illegal user tracking method. . Incidentally, specific information is any value provider determined, if the value of the provider can manage may be used any value.

  The decryption information generation device encrypts the encryption key for encrypting the content based on the public key generated by the public key generation unit and the specific information by the key encryption unit. Generate public information including information. Further, the decryption information generation device takes the difference between the initial coefficient used in the secret key generation means and the unique coefficient used in the public key generation means by the update information generation means, and associates this difference with the unique information. To generate update information. By referring to this update information, the user using the content can update the initial secret key to a secret key associated with the unique information.

  In this way, the decryption information generation device can generate a public key (traffic person tracking public key) for tracking an unauthorized person based on the unique information determined by the provider. Then, by referring to the update information that is the difference between the unique coefficient when the public key is generated and the initial coefficient when the initial secret key is generated, the content user side from the content distributor side The private key can be updated without acquiring the private key directly.

  According to a second aspect of the present invention, there is provided the decryption information generating apparatus according to the first aspect, wherein the unique information used by the key encryption means is information indicating time.

  According to such a configuration, the decryption information generation device can generate a secret key at a certain time on the user side (user terminal) of the content by using the unique information used by the key encryption means as the time. It becomes possible. Note that this time may be a value obtained by quantifying the time used as a reference for managing keys on the content distributor side. For example, a numerical value of “year / month / day / hour / minute / second” is used as the time.

Further, the decryption information generation program according to claim 3 is provided to provide public information that is disclosed for decrypting encrypted content , secret information that is secret information in a content decryption device that decrypts the content , A configuration for causing a computer to function as a secret key generation unit, a public key generation unit, a key encryption unit, and an update information generation unit in order to generate update information for updating secret information as decryption information of the content; did.

According to such a configuration, the decryption information generation program uses the secret key generation unit to prepare initial coefficients that are a plurality of coefficients prepared in advance, and identification information (for example, a user identifier) unique to each user who uses the content. Based on the above, an initial secret key that is a unique secret key for each user is generated as secret information. Then, the decryption information generation program uses the public key generation means to generate eigencoefficients, which are a plurality of coefficients in which the generation source selected from the multiplicative group that forms a group with respect to the preliminarily prepared multiplicative groups is associated with the specific information determined in advance by the provider. By generating a power, the public key including a power value corresponding to the specific coefficient is generated.

The decryption information generation program encrypts the encryption key for encrypting the content based on the public key generated by the public key generation unit and the specific information by the key encryption unit. Generate public information including information. Further, the decryption information generation program takes the difference between the initial coefficient used in the secret key generation means and the unique coefficient used in the public key generation means by the update information generation means, and associates this difference with the unique information. Update information is generated.
As a result, the secret key can be updated based on the predetermined unique information even if there is no direct exchange between the content distributor and the content user.

  According to a fourth aspect of the present invention, there is provided a distribution content generating apparatus for generating distribution content including encrypted content and public information published to decrypt the encrypted content. The content generation apparatus includes an encryption key generation unit, a content encryption unit, and a public information synthesis unit.

  According to this configuration, the distribution content generation apparatus generates an encryption key for encrypting the content by the encryption key generation unit. Then, the distribution content generation device encrypts the content with the encryption key by the content encryption unit, and generates the encrypted content.

Then, the distribution content generation device generates the distribution content by combining the public information generated by the decryption information generation device based on the encryption key and the encrypted content by the public information combining unit. For example, distribution content is generated by adding public information as header information of encrypted content. Thus, the distribution content is formed as a file or stream in which the encrypted content and the public information are integrated.
Note that the decryption information generation device that generates the public information may be provided in the distribution content generation device, or may be connected to each other via a network.

  Further, the distribution content generation program according to claim 5 is for generating the distribution content including the encrypted content and the public information disclosed for decrypting the encrypted content. The computer is configured to function as an encryption key generation unit, a content encryption unit, and a public information synthesis unit.

According to such a configuration, the distribution content generation program generates an encryption key for encrypting the content with the encryption key generation unit, and encrypts the content with the encryption key by the content encryption unit. Generate a structured content. This content encryption means encrypts content by a general encryption method, for example, a common key encryption method. Then, the distribution content generation program generates distribution content by combining the public information generated by the decryption information generation device based on the encryption key and the encrypted content by the public information synthesizing unit. Thus, the distribution content is formed as a file or stream in which the encrypted content and the public information are integrated.

Further, the content decryption device according to claim 6 is a disclosure that is disclosed for decrypting the encrypted content, which is the decryption information generated by the decryption information generation device according to claim 1 or claim 2. Content for distribution generated by the content generation device for distribution according to claim 4, based on information, secret information that is secret information in the content decryption device , and update information for updating the secret information A content decrypting device that decrypts the initial secret key storage means, the public information separating means, the unique information separating means, the update information obtaining means, the secret key updating means, the encryption key decrypting means, and the content decrypting means Means.

According to such a configuration, the content decryption apparatus stores the initial secret key, which is a user-specific secret key, generated as secret information by the decryption information generation apparatus in the initial secret key storage unit. Then, the content decryption device separates the public information combined with the distribution content by the public information separation unit, and further separates the specific information determined by the provider from the public information by the specific information separation unit. As a result, the content decrypting apparatus can recognize which unique information is used to generate public information corresponding to the distribution content. For example, by setting the unique information as a value indicating time, it is possible to specify at what time the public information is generated.
Therefore, in the content decryption device, the update information acquisition unit acquires update information corresponding to the unique information from the provider side device , and the secret key update unit updates the initial secret key stored in the initial secret key storage unit. By updating with information, a secret key to be actually used is generated.

  Then, the content decryption device uses the encryption key decryption unit to convert the encrypted encryption key included in the public information separated by the public information separation unit based on the secret key updated by the secret key update unit. Decrypt. The content decrypting device decrypts the content encrypted with the decrypted encryption key by the content decrypting means.

  Furthermore, the content decryption device according to claim 7 is the content decryption device according to claim 6, wherein the initial secret key storage unit and the secret key update unit are detachable from the content decryption device. It was set as the structure prepared in.

  According to this configuration, the content decryption apparatus includes the initial secret key storage unit and the secret key update unit in the removable security module, so that the secret key is generated in the security module. That is, since the initial secret key that is an initial value for generating the secret key is not referred to from outside the security module, it is difficult to leak the initial secret key to the outside.

In addition, the content decryption program according to claim 8 is a disclosure that is disclosed for decrypting encrypted content, which is decryption information generated by the decryption information generation device according to claim 1 or claim 2. 5. The distribution content generation device according to claim 4 , based on the information, secret information that is secret information in the content decryption device that decrypts the content, and update information for updating the secret information. In order to decrypt the distributed content, the computer is configured to function as a public information separation unit, a unique information separation unit, an update information acquisition unit, a secret key update unit, an encryption key decryption unit, and a content decryption unit.

According to such a configuration, the content decryption program separates the public information combined with the distribution content by the public information separation unit, and further separates the specific information determined by the provider from the public information by the specific information separation unit. To do. Then, the content decryption program uses the update information acquisition unit to acquire update information corresponding to the unique information from the provider side device, and updates the initial secret key with the update information using the secret key update unit. A secret key is generated.
Then, the content decryption program stores the encrypted encryption key included in the public information separated by the public information separation means based on the secret key updated by the secret key update means by the encryption key decryption means. Decrypt. Then, the content decryption program decrypts the content encrypted with the decrypted encryption key by the content decryption means.

  According to the invention described in claim 1 or claim 3, in the user terminal, the content is obtained by referring to the decryption information (public information, secret information, and update information) generated by the decryption information generation device or the program thereof. The content user can generate and update a secret key corresponding to the unique information determined by the distributor. Thereby, even if the secret key is leaked, the previous secret key can be invalidated by updating the secret key, and damage to the user and the provider can be minimized.

  According to the second aspect of the invention, by setting the unique information determined on the content distributor side as a value indicating the time, the user terminal can update the secret key based on the time. . Accordingly, when the secret key is leaked, the secret key before a certain time can be invalidated, and the key update management on the content distributor side can be facilitated.

According to the invention described in claim 4 or claim 5, the content for distribution is formed as a file or stream in which the encrypted content and the public information are integrated, and the user terminal side supports the encrypted content. There is no need to search for public information. Further, the encryption key for decrypting the encrypted content can be decrypted only by the secret key unique to the user who uses the content. For this reason, even if encrypted content is illegally distributed, the secret key is generated from the identification information unique to the user, and it is possible to specify which user has made the fraud. It becomes possible.
In addition, according to the present invention, the content encryption need only be performed once compared with the case where the unauthorized user tracking method and the key quarantine public key encryption method are connected. The load can be reduced.

According to the invention described in claim 6 or claim 8, it is possible to update the secret key based on the unique information determined on the content distributor side. As a result, even if the secret key is leaked, the previous secret key can be invalidated by updating the secret key, and damage to the user can be minimized.
In addition, according to the present invention, compared to the case where the unauthorized user tracking method and the key quarantine public key encryption method are connected, the content only needs to be decrypted once. Can be reduced.

  According to the invention described in claim 7, since the initial secret key is held in the security module and the secret key is updated in the security module, it can be leaked even when the secret key is updated. Since there is only the update information, the security of the secret key can be improved.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[Content distribution system configuration]
First, the configuration of the content distribution system according to the embodiment of the present invention will be described with reference to FIG. FIG. 1 is a block diagram showing a configuration of a content distribution system. The content distribution system 1 includes a decryption information generation server 10, a content server 30, a content distribution server 50, and a gateway (GW) 5 connected to the content provider (distributor) side by an intranet 3. This is a system for distributing content to a user terminal 70 that is a terminal on the user side (purchaser) of the content via the.

  The decryption information generation server (decryption information generation apparatus) 10 generates decryption information that is information for decrypting the content for distribution generated by the content server 30. The decryption information generated by the decryption information generation server 10 includes public information combined with the content encrypted by the content server 30 and published, secret information managed by the user (user terminal 70), Update information for updating the secret information is included.

The decryption information generation server 10 generates a public key (hereinafter referred to as an unauthorized person tracking public key) as a key based on an unauthorized user tracking (Trator Tracing) method based on a coefficient of a randomly generated polynomial. Public information is generated by encrypting the encryption key obtained by encrypting the content in the server 30 by using the public key for tracking the unauthorized person.
Also, the decryption information generation server 10 generates user-specific secret information based on the coefficients of the initial polynomial used when generating the public information and the user-specific information (such as user ID).
Furthermore, the decryption information generation server 10 updates the polynomial coefficients as needed, and updates the unauthorized person tracking public key in accordance with the update. Also, the decryption information generation server 10 generates update information for updating the secret information managed by the user based on the updated polynomial coefficient and the initial polynomial coefficient used when generating the public information. To do.

  The public information includes a unique value (unique information) determined by the provider. On the user side, based on the unique value, update information, and user-specific secret information, A secret key for decrypting the encryption key encrypted with the public key is generated. In this embodiment, time is used as a unique value (unique information) determined by the provider.

  The content server (distribution content generation device) 30 generates content (distribution content) to be distributed to the user by encrypting the content and synthesizing it with the public information generated by the decryption information generation server 10. It is. The content server 30 stores a plurality of distribution contents in a storage unit (not shown), and transmits the distribution contents requested from the content distribution server 50 to the content distribution server 50.

  The content distribution server 50 acquires content requested from the user terminal 70 (distribution content) or update information from the content server 30 and transmits it to the user terminal 70.

  The user terminal (content decryption apparatus) 70 requests content (distribution content) desired by the user from the content distribution server 50 and decrypts the distribution content acquired from the content distribution server 50. The user terminal 70 obtains update information by requesting update information from the content distribution server 50 as well as obtaining user-specific secret information from the decryption information generation server 10 in advance. Then, the user terminal 70 generates a secret key based on the acquired secret information and update information, decrypts the encryption key obtained by encrypting the distribution content with the secret key, and further uses the encryption key. Decrypt the content.

The gateway (GW) 5 is a device for connecting each network of the intranet 3 and the Internet 7. The gateway 5 is, for example, an IP router (IP: Internet Protocol), and has a firewall function that prevents unauthorized access to the intranet 3.
Hereinafter, each configuration of the decryption information generation server 10, the content server 30, and the content distribution server 50, which are devices on the provider side, and a configuration of the user terminal 70, which is a device on the user side, will be sequentially described.

(Configuration of decryption information generation server)
First, the configuration of the decryption information generation server will be described with reference to FIG. 2 (see FIG. 1 as appropriate). FIG. 2 is a block diagram illustrating a configuration of the decryption information generation server. Here, the decryption information generation server 10 includes an initial information generation unit 11, an initial information storage unit 12, a secret key generation unit 13, a public key generation unit 14, a public key storage unit 15, and an update information generation unit 16. Update information transmission means 17, encryption key reception means 18, key encryption means 19, and public information transmission means 20.

The initial information generation unit 11 generates initial information used by a secret key generation unit 13, a public key generation unit 14, and an update information generation unit 16 described later. The initial information generated here is stored in the initial information storage means 12.
This initial information generation means 11 prepares in advance a value in which the value of (p−1) is divisible by q among the two prime numbers p and q, and from the sequence {1, 2,..., Q−1}. Let (n + 1) values be coefficients (initial coefficients) a _{i, 0} {0 ≦ i ≦ n}. The initial information generating means 11 randomly selects one generator g from a multiplicative group that forms a group with respect to the multiplication of the order q prepared in advance. The initial information generation unit 11 stores the prime numbers p and q, the generation source g, the coefficients a _{i, 0} {0 ≦ i ≦ n}, and the integer n in the initial information storage unit 12 as initial information. It should be noted that all the calculations performed by the following means are all performed on modulo p.

The initial information storage unit 12 stores the initial information generated by the initial information generation unit 11 (prime numbers p and q, generation source g, coefficient a _{i, 0} {0 ≦ i ≦ n} and integer n), It is a general storage device such as a hard disk.

The secret key generation unit 13 includes a coefficient (initial coefficient: a _{i, 0} {0 ≦ i ≦ n}) stored as initial information in the initial information storage unit 12 and user-specific information (for example, user ID). Based on the above, a user initial secret key (initial secret key) which is secret information unique to the user is generated. The user initial secret key is a decryption key that is paired with the public key for tracking the unauthorized person.
The secret key generation means 13 generates a user initial secret key SK _{uid, 0 according} to the following equation (1). Here, a _{i, 0} is a coefficient generated by the initial information generating means 11 and stored in the initial information storage means 12, and uid is information unique to the user (user ID, etc.).

  The user initial secret key generated by the secret key generation means 13 is stored in a security module such as a smart card and distributed to the user. The user initial secret key may be transmitted to the user terminal 70 via a network (Internet 7 or the like), or a general-purpose storage medium (external storage medium) such as a flexible disk or a memory stick. And may be delivered to the user by mail or other delivery means. However, the user initial secret key is preferably written and distributed inside the security module in order to prevent leakage.

The public key generation means 14 generates an unauthorized person tracking public key that is made public. The public key for illegal person tracking generated here is stored in the public key storage unit 15.
The public key generation unit 14 calculates (n + 1) values from the sequence {1, 2,..., Q−1} based on the prime number q and the integer n stored as initial information in the initial information storage unit 12. Coefficients (eigen coefficients) a _{i, t} {0 ≦ i ≦ n, which are randomly selected and the selected (n + 1) values are associated with specific values (unique information) t (time) determined by the provider }. Then, the public key generation means 14 is selected by the initial information generation means 11 and stored in the initial information storage means 12 as shown in the following expression (2), and the generation number g and the generation number g A public key e _t for tracking an unauthorized person is generated, which is composed of power values (y ₀ , y ₁ ,..., Y _n ) obtained by multiplying by a coefficient ( _{ai, t} ).
Then, the public key generation unit 14 outputs the used coefficients a _{i, t} {0 ≦ i ≦ n} to the update information generation unit 16.

  The public key storage means 15 stores the public key (illegal person tracking public key) generated by the public key generation means 14, and is a general storage device such as a hard disk. The unauthorized person tracking public key stored in the public key storage unit 15 is read from the key encryption unit 19.

The update information generation unit 16 generates update information for updating secret information (user secret key) in the user terminal 70.
The update information generation means 16 is generated by the coefficient corresponding to the specific information t (specific coefficient: a _{i, t} {0 ≦ i ≦ n}) used by the public key generation means 14 and the initial information generation means 11. And the coefficient (initial coefficient: a _{i, 0} {0 ≦ i ≦ n}) stored in the initial information storage means 12 for each coefficient corresponding to the variable i as shown in the following equation (3): Is used to generate update information (Δa _{i, t} {0 ≦ i ≦ n}).

The update information (Δa _{i, t} {0 ≦ i ≦ n}) generated by the update information generation means 16 is appended with unique information t predetermined on the provider side, which is identification information unique to the update information, It is output to the update information transmission means 17.

The update information transmitting unit 17 transmits the update information (including the unique information t) generated by the update information generating unit 16 to the content server 30 via the intranet 3.
The encryption key receiving unit 18 receives the encryption key used when the content server 30 encrypts the content via the intranet 3. The encryption key received here is output to the key encryption means 19.

The key encryption unit 19 encrypts the encryption key received by the encryption key receiving unit 18 with the public key for illegal person tracking generated by the public key generation unit 14. The key encryption unit 19 performs encryption based on the unique information t.
The key encryption unit 19 arbitrarily generates a random number r by a random number generation unit (not shown), and generates public information Head (t) in the unique information t as shown in the following equation (4). Here, K _s is the encryption key, g is the generator of the multiplicative group used in the initial information generating means 11, n is the sequence {1, 2,..., Q− in the initial information generating means 11 and the public key generating means 14. 1} indicates the integer value of (number-1) of coefficients selected from 1}. The generation source g and the integer value n are stored in the initial information storage unit 12.

The public information (Head (t)) generated by the key encryption unit 19 is output to the public information transmission unit 20.
The public information transmission unit 20 transmits the public information generated by the key encryption unit 19 to the content server 30 via the intranet 3.

By configuring the decryption information generation server 10 in this way, the decryption information generation server 10 can generate decryption information that is information for decrypting the distribution content.
Note that the decryption information generation server 10 can also be realized as a decryption information generation program that causes a general computer to function as each of the means described above. The decryption information generation program can be distributed via a communication line, or can be distributed by writing on a recording medium such as a CD-ROM.

(Content server configuration)
Next, the configuration of the content server will be described with reference to FIG. 3 (refer to FIG. 1 as appropriate). FIG. 3 is a block diagram showing the configuration of the content server. Here, the content server 30 includes an encryption key generation unit 31, an encryption key transmission unit 32, a content reception unit 33, a content encryption unit 34, a public information reception unit 35, and a public information synthesis unit 36. Update information receiving means 37, distribution content storage means 38, content request receiving means 39, distribution content transmitting means 40, update information request receiving means 41, and update information transmitting means 42.

  The encryption key generation unit 31 generates an encryption key for encrypting content. The encryption key generated here is output to the encryption key transmission unit 32 and the content encryption unit 34. The encryption key is an encryption key used in the content encryption unit 34, and is randomized using a pseudo random number generation unit, a hash function, etc. (not shown), and the key lengths are made uniform. Is.

The encryption key transmission unit 32 transmits the encryption key generated by the encryption key generation unit 31 to the decryption information generation server 10 via the intranet 3.
The content receiving unit 33 receives content for distribution. The content received here is output to the content encryption unit 34. For example, the content receiving unit 33 may read content from a recording medium (not shown), or may acquire content as communication data via a network (Internet 7 or the like). .

  The content encryption unit 34 encrypts the content for distribution received by the content reception unit 33 with the encryption key generated by the encryption key generation unit 31 to generate encrypted content. The encrypted content generated here is output to the public information synthesizing means 36 described later. Note that the content encryption unit 34 encrypts the content using a common key encryption method using the encryption key. Note that the content to be encrypted is assumed to be information with a large amount of data such as video, so here, the common key encryption method, which is faster than the public key encryption method, is used. I will do it. For example, a common common key encryption method such as AES (Advanced Encryption Standard) may be used.

  The public information receiving unit 35 receives public information generated by the decryption information generation server 10 via the intranet 3. The public information received here is output to the public information synthesis means 36.

  The public information synthesizing unit 36 synthesizes the encrypted content generated by the content encrypting unit 34 and the public information received by the public information receiving unit 35 (see the above formula (4)) to generate a distribution content. To do. The distribution content generated here is stored in the distribution content storage means 38 with unique content identification information (for example, a file name).

  The public information synthesizing unit 36 generates the distribution content by synthesizing the public information as the header information of the encrypted content. However, the public information and the encrypted content only need to be associated with each other, and can be managed as individual data. However, in order to simplify management of encrypted content, it is desirable to combine public information and encrypted content into one data (file, stream).

  The update information receiving unit 37 receives update information (including the unique information t) generated by the decryption information generation server 10 via the intranet 3. The update information received here is stored in the distribution content storage means 38.

  The distribution content storage unit 38 stores the distribution content generated by the public information combining unit 36 and the update information received by the update information reception unit 37, and is a general storage device such as a hard disk. . The distribution content stored in the distribution content storage unit 38 is read from the distribution content transmission unit 40. The update information stored in the distribution content storage unit 38 is read from the update information transmission unit 42.

  The content request receiving unit 39 receives a content request (content request) transmitted from the content distribution server 50 and including content identification information for specifying content for distribution via the intranet 3. The content request receiving unit 39 outputs the content identification information included in the content request to the distribution content transmitting unit 29.

  The distribution content transmission unit 40 reads out the distribution content corresponding to the content identification information output from the content request reception unit 39 from the distribution content storage unit 38 and transmits it to the requested content distribution server 50. It is.

  The update information request receiving means 41 receives a request for update information (update information request) transmitted from the content distribution server 50 and including the unique information t specifying the update information via the intranet 3. The update information request receiving unit 41 outputs the unique information t included in the update information request to the update information transmitting unit 42.

  The update information transmitting unit 42 reads update information corresponding to the unique information t output from the update information request receiving unit 41 from the distribution content storage unit 38 and transmits it to the requested content distribution server 50. is there.

  By configuring the content server 30 in this way, the content server 30 encrypts the content with the encryption key, and associates the encrypted encrypted content with the public information generated by the decryption information generation server 10. Content for distribution can be generated. Further, the content server 30 can store the update information generated by the decryption information generation server 10 and can transmit the update information to the content distribution server 50 when there is a request for update information.

  The content server 30 can also be realized as a distribution content generation program that causes a general computer to function as each of the above-described units. This distribution content generation program can be distributed via a communication line, or can be distributed by writing on a recording medium such as a CD-ROM.

(Content distribution server configuration)
Next, the configuration of the content distribution server will be described with reference to FIG. 4 (refer to FIG. 1 as appropriate). FIG. 4 is a block diagram showing the configuration of the content distribution server. Here, the content distribution server 50 includes a user request receiving unit 51, a content request transmitting unit 52, an update information request transmitting unit 53, a distribution content receiving unit 54, a distribution content transmitting unit 55, and update information. Receiving means 56 and update information transmitting means 57 are provided.

  The user request receiving means 51 transmits a request (content request) indicating the content desired by the user transmitted from the user terminal 70, and update information desired by the user transmitted from the user terminal 70. This request (update information request form) is received via a network (intranet 3 or the like). The content request includes at least content identification information for specifying the content and terminal identification information (for example, an IP address) indicating which user terminal 70 is requested. The update information request includes at least unique information t for specifying update information and terminal identification information indicating from which user terminal 70 the request is made.

  When the user request receiving unit 51 receives the content request, it outputs the content identification information to the content request transmitting unit 52 and outputs the terminal identification information to the distribution content transmitting unit 55. Further, when receiving the update information request form, the user request receiving means 51 outputs the unique information t to the update information request transmitting means 53 and outputs the terminal identification information to the update information transmitting means 57.

  The content request transmitting unit 52 transmits a content request (content request) including content identification information output from the user request receiving unit 51 to the content server 30 via the intranet 3.

  The update information request transmission unit 53 transmits a request for update information (update information request) including the unique information t output from the user request reception unit 51 to the content server 30 via the intranet 3.

  The distribution content receiving unit 54 receives the distribution content corresponding to the content identification information transmitted from the content request transmission unit 52 from the content server 30 via the intranet 3. The distribution content receiving unit 54 outputs the received distribution content to the distribution content transmitting unit 55.

  The distribution content transmission unit 55 transmits the distribution content received by the distribution content reception unit 54 to the user terminal 70 corresponding to the terminal identification information output from the user request reception unit 51.

  The update information receiving unit 56 receives update information corresponding to the specific information t transmitted from the update information request transmitting unit 53 from the content server 30 via the intranet 3. The update information receiving unit 56 outputs the received update information to the update information transmitting unit 57.

  The update information transmitting unit 57 transmits the update information received by the update information receiving unit 56 to the user terminal 70 corresponding to the terminal identification information output from the user request receiving unit 51.

By configuring the content distribution server 50 in this way, the content distribution server 50 acquires the distribution content or update information requested from the user terminal 70 from the content server 30, and the requested user terminal. 70 can be distributed.
The content distribution server 50 can also be realized as a content distribution program that causes a general computer to function as each of the means described above. This content distribution program can be distributed via a communication line, or can be written on a recording medium such as a CD-ROM for distribution.

  The configuration of each device on the provider side in the content distribution system 1 has been described above, but the present invention is not limited to this. For example, the decryption information generation server 10 may be incorporated into the content server 30 and newly configured as a content server 30B (not shown). Alternatively, the content server 30B (not shown) may be incorporated in the content distribution server 50 and newly configured as the content distribution server 50B (not shown).

  Further, for example, in order to distribute the load in the content distribution system 1, a plurality of content servers 30 (content servers 30B, 30C,...) Depending on the type of request (content request or update information request), the type of content, etc. : Not shown) may be provided. In this case, the content distribution server 50 switches the content server (30B, 30C...) That requests the content and update information according to the type of request, the type of content, and the like, and transmits the content request and the update information request.

(User terminal configuration)
Next, the configuration of the user terminal will be described with reference to FIG. 5 (refer to FIG. 1 as appropriate). FIG. 5 is a block diagram showing the configuration of the user terminal. Here, the user terminal 70 includes a distribution content request unit 71, a distribution content reception unit 72, a public information separation unit 73, a unique information separation unit 74, a security module 75, and a secret key storage unit 76. Encryption key decryption means 77, content decryption means 78, update information request means 79, and update information reception means 80.

  The distribution content request means 71 requests the content distribution server 50 on the provider side via the Internet 7 for the content desired by the user (distribution content). For example, the distribution content requesting unit 71 includes content identification information by inputting content identification information (for example, a file name) for specifying the content desired by the user by an input unit (not shown). A content request is generated and transmitted to the content distribution server 50 to request distribution content.

  The distribution content receiving means 72 receives the distribution content requested by the user from the provider-side content distribution server 50 via the Internet 7. The distribution content received here is output to the public information separating means 73. It should be noted that public information Head (t) (see equation (4) above) is added (synthesized) as header information to the encrypted content (encrypted content) in the distribution content received here.

  The public information separating unit 73 separates the distribution content received by the distribution content receiving unit 72 into public information and encrypted content. The public information separated here is output to the unique information separation means 74 and the encryption key decryption means 77, and the encrypted content is output to the content decryption means 78.

  The unique information separating unit 74 separates the unique information determined by the provider from the public information separated by the public information separating unit 73. Here, the unique information separating unit 74 separates the time as the unique information t from the public information Head (t) shown in the equation (4). The separated unique information (time) t is output to the secret key update means 75b of the security module 75.

  The security module 75 is a smart card (IC (Integrated Circuit) card) having tamper resistance that is incorporated in the user terminal 70 so as to be detachable and prevents leakage of secret information. In this security module 75, secret information (user initial secret key) unique to the user is written in advance on the provider side and distributed to the user. The security module 75 includes a user initial secret key storage unit 75a and a secret key update unit 75b.

The user initial secret key storage means (initial secret key storage means) 75a stores a user initial secret key, which is secret information unique to the user, and is a storage device such as a semiconductor memory. In this user initial secret key storage means 75a, the user initial secret key SK _{uid, 0} (see the above formula (1)) generated by the secret key generation means 13 (see FIG. 2) of the decryption information generation server 10 is stored. Stored as confidential information.

The secret key update means 75b uses the updated user initial secret key SK _{uid, 0} stored in the user initial secret key storage means 75a based on update information received by the update information receiving means 80 described later. A secret key unique to the user (user secret key) SK _{uid, t} is generated. The user secret key generated here is written in the secret key storage means 76, and the user secret key is updated.

  The secret key update unit 75b includes the unique information (time) separated by the unique information separation unit 74, and the unique information (time) when the user private key stored in the private key storage unit 76 is generated. If the unique information is equal, the user secret key is not updated.

If the unique information is different, the secret key update means 75b outputs the unique information separated by the unique information separation means 74 to the update information request means 79 described later, whereby the update output from the update information receiving means 80 Using the information (Δa _{i, t} {0 ≦ i ≦ n}; see equation (3) above) and the user initial secret key SK _{uid, 0} stored in the user initial secret key storage means 75a, Update the private key (user private key). Note that the secret key update means 75b generates the user secret key SK _{uid, t} in the unique information _{t according} to the following equation (5) when generating (updating) the user secret key. Here, uid is user-specific information (such as a user ID).

As shown in the equation (5), the secret key update unit 75b can generate the user secret key SK _{uid, t} in the arbitrary unique information t. Note that the user secret key SK _{uid, t} shown in the equation (5) satisfies the following equation (6) from the equations (1) and (3). In this equation (6), a _{i, t} {0 ≦ i ≦ n} is used when the public key generation unit 14 of the decryption information generation server 10 generates a public key (a public key for tracking an unauthorized person). It is a coefficient.

  The secret key storage unit 76 stores a secret key (user secret key) that is secret information unique to the user, and is a general-purpose storage medium (external storage medium) such as a flexible disk or a memory stick. When the user secret key is updated in the secret key update unit 75b, the updated user secret key is stored in the secret key storage unit 76.

The encryption key decryption unit 77 decrypts the encryption key from the public information separated by the public information separation unit 73 based on the user secret key corresponding to the unique information t separated by the unique information separation unit 74. To extract. The decrypted encryption key is output to the content decrypting means 78. When the public information separated by the public information separation means 73 is Head (t) = ( t , x , x ₀ , x ₁ , x ₂ ,..., X _n ) The encryption key K _s is decrypted by the following equation (7). Here, uid is information unique to the user (user ID), and SK _{uid, t} is the user secret key in the unique information t (see the above formula (5)). Note that the validity of decryption of the encryption key K _{s in} equation (7) will be proved later.

  The content decrypting unit 78 decrypts the encrypted content using the encryption key decrypted by the encryption key decrypting unit 77. The content decrypting unit 78 decrypts the encrypted content after the public information is separated by the public information separating unit 73 using the encryption key. As a result, the encrypted content is decrypted into content that can be viewed and the like.

  The update information request unit (update information acquisition unit) 79 requests update information in the unique information t output from the secret key update unit 75 b to the content distribution server 50 on the provider side via the Internet 7. . The update information request unit 79 requests an update information by generating an update information request form including the unique information t output from the secret key update unit 75 b and transmitting it to the content distribution server 50.

The update information receiving means (update information acquiring means) 80 receives update information (Δa _{i, t} {0 ≦ i ≦ n}) in the unique information t from the content distribution server 50 on the provider side via the Internet 7. Is. The update information received here is output to the secret key update means 75b.

  By configuring the user terminal 70 in this way, the user terminal 70 does not receive the user private key itself from the provider, but only updates information necessary for updating the user private key. The user private key can be updated by receiving from. As a result, even when communication over the Internet 7 or the like is intercepted, only the update information is leaked, and the security of the user private key is maintained.

In addition, since the user terminal 70 holds the user initial secret key in the security module 75 and performs the calculation for updating the user secret key in the security module 75, the user initial secret key is external. Will not leak. This makes it difficult for a third party who does not have the user initial secret key to update the user secret key, and even if the user secret key in the specific information t is leaked, The security of the user private key can be increased.
Further, when the user terminal 70 decrypts the encryption key, even if the encrypted content and the key information used for the decryption are illegally distributed, as shown in the equation (7), Since it is necessary to use user-specific information (uid: user ID) when decrypting the encryption key, it is possible to identify the user who performed illegal distribution.

  The user terminal 70 can also be realized as a content decryption program that causes a general computer to function as each of the above-described means. This content decryption program can be distributed via a communication line, or can be distributed by writing on a recording medium such as a CD-ROM.

<Decryption of encryption key in user terminal>
Here, it is proved that the user terminal 70 can decrypt the encryption key by the expression (7) by the encryption key decryption means 77.
First, the public information Head (t) = ( t , x , x ₀ , x ₁ , x ₂ ,..., X _n ) separated by the public information separating means 73 is the public information Head (t ) of the above equation (4). ), The right side of the equation (7) satisfies the relationship of the following equation (8).

Furthermore, the (4) from the condition y = g ^r of the equation (8) the right side of the equation can be transformed into the following expression (9).

Then, by modifying the equation (9) according to the relationship of the equation (6), the right side of the equation (7) is equal to the encryption key K _s. Become.

[Operation of content distribution system]
Next, the operation of the content distribution system according to the embodiment of the present invention will be described with reference to FIGS.

(Decryption information generation operation)
First, referring to FIG. 6 (refer to FIGS. 1 and 2 as appropriate for the configuration), an operation of generating decryption information that is information for decrypting the content for distribution in the content distribution system 1 will be described. FIG. 6 is a flowchart showing an operation in which the decryption information generation server generates decryption information in the content distribution system.

First, the decryption information generation server 10 selects prime numbers p and q by which the value of (p−1) is divisible by q by the initial information generation means 11 (step S1), and the sequence {1, 2,. }, (N + 1) values are selected as coefficients (initial coefficients) a _{i, 0} {0 ≦ i ≦ n} (step S2). Then, the decryption information generation server 10 uses the initial information generation unit 11 to select one multiplicative group generation source g that forms a group with respect to the multiplication of the order q (step S3). Furthermore, the decryption information generation server 10 uses the initial information generation means 11 to select the primes p and q, the coefficients a _{i, 0} {0 ≦ i ≦ n}, the generation source g, and the integer n as initial values. Information is stored in the initial information storage means 12 (step S4).

Subsequently, the decryption information generation server 10 uses the secret key generation means 13 to convert the coefficient a _{i, 0} {0 ≦ i ≦ n} selected in step S2 and user-specific information (for example, user ID). Based on this, a user initial secret key (see the equation (1)) is generated (step S5).

  The user initial secret key generated in step S5 is distributed to the user terminal 70 (step S6). Here, it is assumed that the user initial secret key is stored in the security module 75, distributed to the user, and incorporated in the user terminal 70.

Next, the decryption information generation server 10 uses the public key generation means 14 to convert (n + 1) values from the sequence {1, 2,..., Q−1} to coefficients (inherent coefficients) a _{i, t} {0 ≦ i ≦ n} is selected (step S7). Then, the decryption information generation server 10 uses the public key generation unit 14 to generate the prime number p and the generation source g selected in Steps S1 and S2, and a power value obtained by multiplying the generation source g by a coefficient (a _{i, t} ) (y _0, y _1, ..., and generates a y _n) for traitor tracing public key consisting of a e _t (the (2) reference expression) (step S8), and stored in the public key storage unit 15 (step S9 ).

Further, the decryption information generation server 10 uses the update information generation means 16 to calculate the coefficient a _{i, 0} selected in step S2 and the coefficient a _{i, t} selected in step S7 for each coefficient corresponding to the variable i. By taking the difference, update information (see equation (3) above) is generated (step S10). Then, the update information transmitting unit 17 transmits the update information to the content server 30 and stores it in the distribution content storage unit 38 (see FIG. 3) (step S11).

  With the above operation, the decryption information generation server 10 generates a user secret key (user initial secret key), which is secret information unique to the user, as information for decrypting the content for distribution. Distribution to the terminal 70). Further, the decryption information generation server 10 can generate update information for updating the user secret key.

(Delivery content generation operation)
Next, referring to FIG. 7 (refer to FIG. 1 to FIG. 3 as appropriate for the configuration), the operation of generating content for distribution in the content distribution system 1 will be described. FIG. 7 is a flowchart showing an operation of generating distribution content in the content distribution system.

  First, the content server 30 receives content to be distributed from the outside (recording medium or the like) by the content receiving means 33 (step S20). Then, the content server 30 generates an encryption key for the common key encryption method by the encryption key generation unit 31 (step S21). Then, the content server 30 uses the content encryption unit 34 to encrypt the content using the encryption key, and generates encrypted content (step S22). Further, the content server 30 transmits the encryption key to the decryption information generation server 10 by the encryption key transmission unit 32 (step S23).

  Also, the decryption information generation server 10 receives the encryption key generated in step S21 from the content server 30 by the encryption key receiving means 18 (step S24). Then, the decryption information generation server 10 selects a random number by the key encryption means 19 (step S25). Then, the decryption information generation server 10 uses the key encryption means 19 to select the random number selected in step S25, the unauthorized person tracking public key stored in the public key storage means 15 (see formula (2) above), Based on the unique value (unique information) determined by the provider, the encryption key is encrypted to generate public information (see the above equation (4)) (step S26). The public information generated in step S26 is transmitted to the content server 30 by the public information transmitting means 20 (step S27).

Subsequently, the content server 30 receives the public information from the decryption information generation server 10 by the public information receiving unit 35 (step S28), and the public information synthesizing unit 36 adds the public information to the encrypted content generated in step S22. By synthesizing it as header information, content for distribution is generated (step S29). The distribution content is stored in the distribution content storage unit 38.
Through the above operation, the content server 30 can synthesize the public information generated by the decryption information generation server 10 with the encrypted encrypted content to generate the content for distribution.

(Content distribution operation for distribution)
Next, with reference to FIG. 8 (refer to FIGS. 1 and 3 to 5 as appropriate for the configuration), an operation of distributing content (content for distribution) in the content distribution system 1 will be described. FIG. 8 is a flowchart showing an operation of distributing distribution content in the content distribution system.

First, the user terminal 70 generates a content request including content identification information indicating the content desired by the user by using the distribution content request means 71 (step S30), and transmits it to the content distribution server 50 (step S30). S31).
Further, the content distribution server 50 receives the content request from the user terminal 70 by the user request receiving means 51 (step S32), and the content request transmitting means 52 receives the content request described in the content request. The identification information (content identification information such as a file name) is transmitted to the content server 30 as a content request (step S33).

  Then, the content server 30 receives the content request from the content distribution server 50 by the content request receiving unit 39 (step S34), and stores the corresponding content (distribution content) by the distribution content transmission unit 40. The data is read from the means 38 (step S35) and transmitted to the content distribution server 50 (step S36).

Then, the content distribution server 50 receives the distribution content from the content server 30 by the distribution content receiving unit 54 (step S37), and the distribution content transmission unit 55 uses the distribution content requested. To the person terminal 70 (step S38).
Then, the user terminal 70 receives the distribution content by the distribution content receiving means 72 (step S39).
With the above operation, the content distribution server 50 can transmit (distribute) the distribution content to the user terminal 70 that requested it.

(Decoding content for distribution)
Next, with reference to FIG. 9 (refer to FIGS. 1 and 3 to 5 as appropriate for the configuration), an operation of decrypting content (content for distribution) in the content distribution system 1 will be described. FIG. 9 is a flowchart showing an operation of decrypting distribution content in the content distribution system.

  First, the user terminal 70 receives the distribution content from the content distribution server 50 by the distribution content receiving means 72 (step S40). Then, the user terminal 70 separates the distribution content into the public information and the encrypted content by the public information separating means 73 (step S41). Further, the user terminal 70 separates the unique information determined by the provider from the public information separated in step S41 by the unique information separating means 74 (step S42).

The user terminal 70 is separated in step S42 from the unique information determined by the provider when the user secret key stored in the secret key storage means 76 is generated by the secret key update means 75b of the security module 75. The obtained unique information is compared (step S43). If the unique information is equal (“=”) in step S43, the process proceeds to step S56. In this case, the user private key is not updated.
On the other hand, if the unique information is different (“≠”) in step S43, the user terminal 70 generates an update information request including the unique information separated in step S42 by the update information request unit 79 (step S42). S44), and transmits to the content distribution server 50 (step S45).

Then, the content distribution server 50 receives the update information request from the user terminal 70 by the user request receiving means 51 (step S46), and is described in the update information request by the update information request transmitting means 53. The unique information is transmitted to the content server 30 as an update information request (step S47).
Then, the content server 30 receives the update information request from the content distribution server 50 by the update information request receiving means 41 (step S48), and the update information transmitting means 42 sends the corresponding update information from the distribution content storage means 38. The data is read (step S49) and transmitted to the content distribution server 50 (step S50).

Subsequently, the content distribution server 50 receives the update information from the content server 30 by the update information receiving means 56 (step S51), and the update information transmitting means 57 sends the update information to the user terminal 70 that requested it. (Step S52).
The user terminal 70 receives the update information from the content distribution server 50 by the update information receiving means 80 (step S53), and the update information and the user initial secret are received by the secret key update means 75b of the security module 75. The user secret key is updated (see the above formula (5)) with the user initial secret key stored in the key storage means 75a (step S54).

Further, the user terminal 70 stores the user secret key updated in step S54 by the secret key update unit 75b in the secret key storage unit 76 (step S55).
Then, the user terminal 70 uses the encryption key decryption unit 77 to decrypt the public information separated in step S41 as an encryption key using the user secret key (see the above equation (7)) (step S56). . Further, the user terminal 70 decrypts the encrypted content by the content decrypting unit 78 using the encryption key decrypted in step S56 (step S57). At this stage, the user can view the decrypted content.
Through the above operation, the user terminal 70 decrypts the encryption key with the user secret key updated only with the secret information (user initial secret key) held individually for each terminal, and encrypts with the encryption key. Content can be decrypted.

It is a block diagram which shows the structure of the content delivery system which concerns on this invention. It is a block diagram which shows the structure of a decoding information generation server (decoding information generation apparatus). It is a block diagram which shows the structure of a content server (content production apparatus for delivery). It is a block diagram which shows the structure of a content delivery server. It is a block diagram which shows the structure of a user terminal (content decoding apparatus). It is a flowchart which shows the operation | movement which a decoding information generation server produces | generates decoding information in a content delivery system. It is a flowchart which shows the operation | movement which produces | generates the content for delivery in a content delivery system. It is a flowchart which shows the operation | movement which distributes the content for delivery in a content delivery system. It is a flowchart which shows the operation | movement which decodes the content for delivery in a content delivery system.

Explanation of symbols

1 Content Distribution System 10 Decryption Information Generation Server (Decryption Information Generation Device)
DESCRIPTION OF SYMBOLS 11 Initial information generation means 12 Initial information storage means 13 Secret key generation means 14 Public key generation means 15 Public key storage means 16 Update information generation means 17 Update information transmission means 18 Encryption key reception means 19 Key encryption means 20 Public information transmission Means 30 Content Server (Distribution Content Generation Device)
Reference Signs List 31 Encryption key generation means 32 Encryption key transmission means 33 Content reception means 34 Content encryption means 35 Public information reception means 36 Public information composition means 37 Update information reception means 38 Content storage means for distribution 39 Content request reception means 40 For distribution Content transmission means 41 Update information request reception means 42 Update information transmission means 50 Content distribution server 51 User request reception means 52 Content request transmission means 53 Update information request transmission means 54 Distribution content reception means 55 Distribution content transmission means 56 Update information Receiving means 57 Update information transmitting means 70 User terminal (content decryption apparatus)
71 Distribution Content Requesting Unit 72 Distribution Content Receiving Unit 73 Public Information Separating Unit 74 Unique Information Separating Unit 75 Security Module 75a User Initial Secret Key Storage Unit (Initial Secret Key Storage Unit)
75b Private key update means 76 Private key storage means 77 Encryption key decryption means 78 Content decryption means 79 Update information request means (update information acquisition means)
80 Update information receiving means (update information acquiring means)

Claims (8)

The public information that is disclosed for decrypting the encrypted content , the secret information that is secret information in the content decryption device that decrypts the content, and the update information for updating the secret information, A decryption information generation device for generating the decryption information of
For prime numbers p and q whose value of (p−1) is divisible by q, initial coefficients a _{i, 0} {0 ≦ ₀ , which are (n + 1) coefficients selected from the sequence {1, 2,..., Q−1}. initial information storage means for storing i ≦ n} and a generator g selected from a multiplicative group forming a group with respect to the multiplication of order q , at least as initial information;
Based on the initial coefficient stored in the initial information storage means and identification information uid unique to each user who uses the content, an initial secret key SK _uid which is a secret key unique to the user _{, 0}

And the secret key generation means generates, you and the secret information by,
The generator g stored in the initial information storage means is raised to a power by an inherent coefficient a _{i, t} {0 ≦ i ≦ n} _, which is a plurality of coefficients associated with the specific information t predetermined by the provider. in, the public key e _t that includes a power value of the specific coefficient minutes

And the public key generating means for generating by,
Based public key e _t produced in said unique information t and the random number r by the public key generation unit,

A key encrypting means and said contents encrypting the encryption key K _s for encrypting, for generating the specific information including t the public information Head (t) by,
The difference Δa _{i, t} {0 ≦ i ≦ n} between the initial coefficient a _{i, 0} used in the secret key generation means and the unique coefficient a _{i, t} used in the public key generation means is update information generating means for generating as the update information,
A decryption information generation device comprising:   The decryption information generation apparatus according to claim 1, wherein the unique information used in the public key encryption means is information indicating time. The public information that is disclosed for decrypting the encrypted content , the secret information that is secret information in the content decryption device that decrypts the content, and the update information for updating the secret information, Computer to generate as decryption information
For prime numbers p and q whose value of (p−1) is divisible by q, initial coefficients a _{i, 0} {0 ≦ ₀ , which are (n + 1) coefficients selected from the sequence {1, 2,..., Q−1}. Based on i ≦ n} and identification information uid unique to each user who uses the content, an initial secret key SK _{uid, 0} which is a secret key unique to each user is obtained.

Secret key generation means for generating, generates as the secret information by,
The generator g selected from the multiplicative group that forms a group with respect to the multiplication of the order q is represented by eigencoefficients a _{i, t} {0 ≦ i ≦ n} _, which are a plurality of coefficients associated with eigeninformation predetermined by the provider. by power, the public key e _t containing exponential value of the intrinsic coefficient min

Public key generation means for generating by,
Based public key e _t produced in said unique information t and the random number r by the public key generation unit,

The content encrypts the encryption key K _s for encrypting, the unique information including t the public information Head (t) key encrypting means for generating a,
The difference Δa _{i, t} {0 ≦ i ≦ n} between the initial coefficient a _{i, 0} used in the secret key generation means and the unique coefficient a _{i, t} used in the public key generation means is Update information generating means for generating the update information;
A decryption information generation program characterized by being made to function as: A distribution content generation device that generates distribution content including encrypted content and public information that has been released to decrypt the encrypted content,
An encryption key generating means for generating an encryption key for encrypting the content;
Content encryption means for generating encrypted content by encrypting the content based on the encryption key generated by the encryption key generation means;
By combining the encrypted content generated by the content encryption unit and the public information generated by the decryption information generation apparatus according to claim 1 or 2 with the encryption key, Public information synthesis means to generate;
A content generating apparatus for distribution, comprising: In order to generate content for distribution that includes encrypted content and public information that has been published to decrypt the encrypted content,
An encryption key generating means for generating an encryption key for encrypting the content;
Content encryption means for generating encrypted content by encrypting the content based on the encryption key generated by the encryption key generation means;
By combining the encrypted content generated by the content encryption unit and the public information generated by the decryption information generation apparatus according to claim 1 or 2 with the encryption key, Public information synthesis means to generate,
A content generation program for distribution, characterized in that it is made to function as: The decryption information generated by the decryption information generation device according to claim 1 or 2, which is public information disclosed for decrypting the encrypted content, and secret information by the content decryption device A content decrypting device that decrypts the content for distribution generated by the content generating device for distribution according to claim 4 based on the secret information and the update information for updating the secret information,
An initial secret key storage means for storing an initial secret key SK _{uid, 0} which is a user-specific secret key generated as the secret information;
Public information separating means for separating the public information combined with the distribution content;
Unique information separating means for separating the unique information t determined by the provider from the public information separated by the public information separating means;
Update information acquisition means for acquiring the update information corresponding to the unique information separated by the unique information separation means from the provider side device ;
Based on the update information Δa _{i, t} acquired by the update information acquisition unit and the identification information uid unique to each user, the initial secret key SK _{uid, 0} stored in the initial secret key storage unit is obtained. The updated secret key SK _{uid, t}

And the secret key update means for generating by,
When the public information is Head (t) = (t, x, x ₀ , x ₁ , x ₂ ,..., X _n ), and the user-specific identification information is uid, it is generated by the secret key update means. The encrypted encryption key K _s included in the public information separated by the public information separation means based on the secret key SK _{uid, t}

And an encryption key decoding means for decoding by,
Content decrypting means for decrypting the encrypted content based on the encryption key decrypted by the encryption key decrypting means;
A content decrypting apparatus comprising:   7. The content decryption apparatus according to claim 6, wherein the initial secret key storage means and the secret key update means are provided in a security module that is removable from the content decryption apparatus. The public information disclosed for decrypting the encrypted content, which is the decryption information generated by the decryption information generation device according to claim 1 , and the secret by the content decryption device for decrypting the content In order to decrypt the distribution content generated by the distribution content generation device according to claim 4 , based on the secret information that becomes the information of the update information and the update information for updating the secret information,
Public information separating means for separating the public information combined with the distribution content;
Unique information separating means for separating the unique information t determined by the provider from the public information separated by the public information separating means;
Update information acquisition means for acquiring the update information corresponding to the unique information separated by the unique information separation means from the provider side device ;
An initial secret key SK _uid that is a user-specific secret key generated as the secret information based on the update information Δa _{i, t} acquired by the update information acquisition means and the identification information uid unique to each user. _{, 0} updated secret key SK _{uid, t}

Secret key update means for generating by,
When the public information is Head (t) = (t, x, x ₀ , x ₁ , x ₂ ,..., X _n ), and the user-specific identification information is uid, it is generated by the secret key update means. The encrypted encryption key K _s included in the public information separated by the public information separation means based on the secret key SK _{uid, t}

Encryption key decoding means for decoding by,
Content decrypting means for decrypting the encrypted content based on the encryption key decrypted by the encryption key decrypting means;
A content decryption program that is allowed to function as:

Images