JP6408099B2 - Content reading method and content reading device - Google Patents

Description

  The present invention relates to a method for reading copyright-protected content from a recording medium, a recording medium, and the like.

  In an optical disc such as a Blu-ray (registered trademark) disc, AV (Audio Video) content to be copyright-protected is encrypted and stored (for example, see Non-Patent Document 1). Such AV contents are generally played back not only on consumer devices such as Blu-ray (registered trademark) players or recorders, but also on other devices. That is, AV content is read from an optical disk by an optical disk drive device (hereinafter referred to as a drive), and further reproduced by application software that operates on a general-purpose personal computer.

  The optical disc stores special information related to copyright protection of AV contents, and such information is devised so that it cannot be read by a normal method. Further, even if the drive reads such information from the optical disc, authentication is required when transferring this information to the personal computer. That is, authentication is performed between the drive and the personal computer that is the host, and the encrypted information is transferred to the host. In general, such authentication is called drive host authentication.

“Advanced Access Content System (AACS) Blu-ray Disc Pre-recorded Book” Revision 0.953, Final, October 26,2012

  However, the non-patent document 1 has a problem that appropriate copyright protection cannot be performed on content.

  Therefore, the present invention provides a content reading method and the like capable of performing appropriate copyright protection.

  A content reading method according to an aspect of the present invention is a content reading method for receiving content from a recording medium in response to an instruction from a host device, and is a first method that indicates a version of a content copyright protection method on the recording medium. Version information is specified based on the recording medium, second version information indicating a version of a protocol used for authentication of the host device is specified, the first version information, and the second version information And a medium used for decrypting the encrypted content stored in the recording medium by authenticating the host device based on the determination result of the authentication. The unique information is read from the recording medium, notified to the authenticated host device, and the encrypted copy is sent. A disk that is metadata stored in the head portion of the recording medium formed as a disk in reading the content from the recording medium and notifying the authenticated host device and identifying the first version information The first version information is specified based on the information.

  Note that these comprehensive or specific aspects may be realized by a system, a method, an integrated circuit, a computer program, or a recording medium such as a computer-readable CD-ROM, and the system, method, integrated circuit, and computer program. And any combination of recording media.

  The content reading method of the present invention can perform appropriate copyright protection.

FIG. 1 is a diagram illustrating an example of an optical disk reproduction environment. FIG. 2A is a diagram showing an example of a reproduction environment using a V1.0 optical disc. FIG. 2B is a diagram illustrating an example of a reproduction environment using a V2.0 optical disc. FIG. 3A is a diagram illustrating an example of an optical disc playback environment using a shared drive. FIG. 3B is a diagram illustrating an example of an optical disc playback environment using a shared drive. FIG. 4 is a block diagram showing the configuration of the drive in the embodiment. FIG. 5 is a diagram schematically showing the structure of the content stored on the optical disc in the embodiment. FIG. 6 is a diagram for explaining a method of decoding each aligned unit in the embodiment. FIG. 7 is a diagram schematically illustrating a unit key recording method used for decrypting each aligned unit in the embodiment. FIG. 8 is a diagram schematically showing data necessary for content protection other than the key file recorded on the optical disc in the embodiment. FIG. 9 is a diagram illustrating an example of the data structure of the HRL in the embodiment. FIG. 10 is a diagram for describing processing for acquiring a unit key from a key file in the embodiment. FIG. 11 is a sequence diagram illustrating drive / host authentication between a drive and a host device in the embodiment. FIG. 12 is a block diagram illustrating a detailed configuration of the drive according to the embodiment. FIG. 13 is a flowchart illustrating the processing operation of the drive in the embodiment.

(Knowledge that became the basis of the present invention)
The present inventor has found that the following problems occur with respect to the content reading method described in the “Background Art” column. Hereinafter, this problem will be described with reference to FIGS. 1 to 3B.

  FIG. 1 is a diagram illustrating an example of an optical disk reproduction environment.

  AV content (hereinafter simply referred to as content) stored in the optical disc 101 is read by the drive 102. The content read in this way and information necessary for copyright protection are notified to the personal computer 103. Here, when information that needs to be protected such as encryption, such as information necessary for copyright protection, is passed, drive host authentication is performed between the drive 102 and the personal computer 103. This authentication protocol is called a drive host authentication protocol. In this way, when the personal computer 103 obtains necessary information, the personal computer 103 decrypts the content and plays it back, and displays the content video on the display 104.

  Here, 4K content has recently attracted attention as a new high-quality content. Conventional High Definition (HD) content is also referred to as 2K content, and the number of pixels is 1920 in length and 1080 in width. The 4K content is doubled vertically and horizontally, and the number of pixels is 3840 vertically and 2160 horizontally. 4K content requires four times the capacity compared to conventional 2K content, but it is said that it can be reduced to about twice the capacity due to recent advances in video compression technology. Yes.

  In order to store 4K-quality content that has twice the capacity, the optical disc needs to be renewed. For example, in Blu-ray (registered trademark), the capacity of one layer of an optical disk used as a package medium is 25 GB, and the capacity of two layers is 50 GB. By setting the capacity per layer to 33 GB and further setting the number of layers included in the optical disk to three, a capacity of 100 GB can be realized. Of course, such an optical disk cannot be read by a conventional drive, and a drive based on a new specification is required.

  Now, even with the drive host authentication already mentioned, a copyright protection mechanism suitable for the new image quality content is required. At the time of the early 2000s when Blu-ray (registered trademark) was introduced to the market, a hash function or elliptical encryption with a key length of 160 bits was normally used. However, if the 2010s are about to reach the middle, the length is considered insufficient. That is, it is desirable to use a key having a length of about 256 bits for the hash function or the elliptic function. Therefore, a new system is required for drive host authentication.

  2A and 2B are diagrams illustrating an example of a reproduction environment using different types of optical disks.

  As shown in FIG. 2A, a conventional type (version V1.0) optical disc 211 uses a combination of a drive 212 and a personal computer 213 corresponding to the version V1.0. On the other hand, as shown in FIG. 2B, a new type (version V2.0) optical disc 221 requires a combination of a drive 222 and a personal computer 223 corresponding to the version V2.0.

  Here, a new type of version 2.0 optical disc 221 is required to have a higher level of copyright protection than the conventional type version 1.0 optical disc 211. Therefore, in the combination of version V1.0 shown in FIG. 2A, drive / host authentication is performed by a method defined by version V1.0. On the other hand, in the combination of version V2.0 shown in FIG. 2B, drive / host authentication is performed by a method defined by version V2.0.

  In general, it is difficult to consider a drive dedicated to version V2.0, and it is considered that a drive that is generally introduced into the market is a shared drive of versions V1.0 and V2.0. On the other hand, as long as the personal computers 213 and 223 have a certain level of performance, they can support either version V1.0 or V2.0. However, the function necessary for reproducing the optical disk 211 of version V1.0 is different from the function necessary for reproducing the optical disk 221 of version V2.0. For this reason, application software (PC software) used for the reproduction is different. The PC software executed on the personal computer 223 is exclusively for version V2.0, but may be used for both versions V1.0 and V2.0. In the case of dual use, the PC software is configured to display, for example, one PC software to the user, and internally categorize the functions of those versions.

  Here, FIG. 3A and FIG. 3B show a case where a user having a shared drive of versions V1.0 and V2.0 reproduces both a V1.0 optical disk and a V2.0 optical disk. is there.

  3A and 3B are diagrams illustrating an example of an optical disc reproduction environment using a shared drive.

  As shown in FIGS. 3A and 3B, the user reproduces the version V1.0 optical disc 211 and the version V2.0 optical disc 221 by a combination of the shared drive 222 and the PC software. At this time, the version V1.0 PC software executed by the personal computer 213 reads the version V1.0 optical disc 211 using the drive / host authentication protocol defined in version V1.0. On the other hand, the PC software of version V2.0 executed by the personal computer 223 needs to read the version V2.0 optical disc 221 using the drive / host authentication protocol defined in version V2.0.

  However, the shared drive 222 performs drive / host authentication according to the version V1.0 protocol or the version V2.0 protocol corresponding to the read command from the personal computers 213 and 223 serving as the hosts. In other words, when the personal computer 213 attempts to read data from the optical disk 221 of version V2.0, the shared drive 222 performs drive / host authentication using the protocol of version V1.0. . As described above, in the optical disc 221, drive / host authentication is performed with the protocol of the version V1.0 having a low security level, although the copyright protection of the version V2.0 having a high level is required. Therefore, there is a problem in that appropriate copyright protection cannot be performed on the contents of the optical disc.

  In order to solve such a problem, a content reading method according to an aspect of the present invention is a content reading method for reading content from a recording medium in response to an instruction from a host device, and for reading content on the recording medium. First version information indicating a version of a copyright protection method is specified based on the recording medium, second version information indicating a version of a protocol used for authentication of the host device is specified, and the first version information is specified. By comparing the version information with the second version information, it is determined whether or not to authenticate, and the host device is authenticated based on the determination result of the authentication and stored in the recording medium. Media-specific information used for decrypting the encrypted content is read from the recording medium and authenticated. It notifies the host device reads the encrypted content from the recording medium, and notifies the authenticated the host device. For example, the recording medium is an optical disc such as a Blu-ray (registered trademark) disc.

  As a result, whether or not authentication such as drive / host authentication is performed is determined by comparing the first version information and the second version information. Therefore, for example, when both the first version information and the second version information indicate version V1.0 or V2.0, it is determined that authentication is to be performed, and drive host authentication can be performed. That is, it is possible to appropriately perform drive / host authentication in accordance with the level of copyright protection required for the recording medium. On the other hand, when the first version information indicates the version V2.0 and the second version information indicates the version V1.0, it is determined that the authentication is not performed, and the drive / host authentication can be stopped. As a result, it is possible to prevent the media unique information and the encrypted content from being notified to an unauthenticated host device. That is, in the recording medium, it is possible to prevent drive / host authentication from being performed with the protocol of version V1.0 having a low security level even though copyright protection with a high version V2.0 level is required. be able to. As a result, appropriate copyright protection can be performed on the content of the recording medium.

  Further, in specifying the first version information, the first version information included in the host revocation list stored in the recording medium, which is an unauthorized host device list, is read out. The first version information may be specified.

  Generally, for authentication such as drive / host authentication, it is necessary to read the HRL as a host revocation list from a recording medium. Accordingly, it is possible to easily identify the first version information by reading the first version information included in the HRL without substantially applying a new processing load. Therefore, appropriate copyright protection for the contents of the recording medium can be easily performed while suppressing an increase in processing load.

  In the specification of the first version information, the first version information may be specified based on physical characteristics of the recording medium.

  Thereby, even if the first version information is not recorded on the recording medium, the first version information can be appropriately specified from the physical characteristics such as the number of layers of the recording medium.

  Further, the identification of the first version information may identify the first version information based on disk information which is metadata stored in a head portion of the recording medium formed as a disk. .

  Thereby, 1st version information can be specified appropriately.

  A recording medium according to an aspect of the present invention includes a copyright protected encrypted content, media specific information used for decrypting the encrypted content, a host revocation list that is a list of unauthorized host devices, And the host revocation list includes version information indicating the version of the copyright protection method of the encrypted content and a signature, and instructs the reading of the encrypted content and the media specific information And the content reading device that has received an instruction from the host device.

  As a result, the HRL that is the host revocation list of the recording medium includes version information indicating the version of the copyright protection method on the recording medium. Therefore, the drive that is the content reading device can appropriately determine whether or not to perform authentication with the host device based on the version information. As a result, it is possible to prevent authentication with a security level less than the level of copyright protection required for the recording medium. Therefore, appropriate copyright protection can be performed on the content of the recording medium. In general, for authentication such as drive / host authentication, the drive needs to read the HRL from the recording medium. Therefore, since the first version information is included in such an HRL, the drive can easily specify the first version information without substantially applying a new processing load. Thereby, appropriate copyright protection for the contents of the recording medium can be easily performed while suppressing an increase in processing load. Furthermore, since the signature is included in the HRL, it is possible to ensure resistance to falsification of version information and the like.

  Hereinafter, embodiments will be specifically described with reference to the drawings.

  It should be noted that each of the embodiments described below shows a comprehensive or specific example. The numerical values, shapes, materials, constituent elements, arrangement positions and connecting forms of the constituent elements, steps, order of steps, and the like shown in the following embodiments are merely examples, and are not intended to limit the present invention. In addition, among the constituent elements in the following embodiments, constituent elements that are not described in the independent claims indicating the highest concept are described as optional constituent elements.

(Embodiment)
FIG. 4 is a block diagram showing a configuration of the drive in the present embodiment.

  The drive 10 is a content reading device that receives content from the optical disc 50 that is a recording medium in response to an instruction from the host device 20. The optical disc 50 is, for example, a Blu-ray (registered trademark) disc. Such a drive 10 includes a read processing unit 10 a that reads information from the optical disc 50 and notifies the host device 20, and an authentication processing unit 10 b that performs the above-described drive / host authentication with the host device 20. .

  Here, the optical disk 50 will be described in detail.

  FIG. 5 is a diagram schematically showing the structure of content stored on the optical disc 50. On the optical disc 50, a Stereo File encoded in the MPEG2-TS format is stored as content. Although only one Stream File is shown in FIG. 5, there may be a plurality of Stream Files. Also, here, Stream File is referred to as XXXXXX. The file name is M2TS. A number is written in XXXXXX, and when a plurality of contents are stored, the contents can be managed individually.

  Each Stream File is divided into units called Aligned Unit of 6144 bytes. Aligned Unit is a unit of encryption. Note that the amount of content data stored in the Stream File may not necessarily be a multiple of 6144 bytes. In this case, it is desirable to make the content data amount a multiple of 6144 bytes by a method such as storing NULL Data at the end of the content.

  FIG. 6 is a diagram for explaining a method of decoding each aligned unit. The content on the optical disc 50 is encrypted using data called a unit key Ku. Here, 6144 bytes of data of each aligned unit is separated into the first 16 bytes and the remaining 6128 bytes. AES_E, which is a decryption process of the AES encryption method, is performed using the unit key Ku described above for the first 16 bytes. An exclusive OR (XOR) is performed on the data thus obtained and the leading 16 bytes. Next, the remaining 6128 bytes of data are decrypted in the AES-DCBC mode using the data obtained by the exclusive OR as a key. By adding the first 16 bytes of data to the plaintext data thus obtained, 6144 bytes of plaintext can be obtained.

  FIG. 7 is a diagram schematically illustrating a unit key recording method used in decryption of each aligned unit. In FIG. 7, in addition to the Stream File shown in FIG. 5, the configuration of a Key File that is data for recording a key for decrypting each Stream File is schematically shown. The optical file 50 stores a key file separately from the stream file. In the example of FIG. 7, three files “Stream File # 1”, “Stream File # 2”, and “Stream File # 3” are recorded on the optical disc 50. On the optical disk 50, “Key # 1,” “Key # 2,” and “Key # 3” are recorded in the Key File corresponding to each of the Stream Files. “Key # 1” stores data “Y! 4.d” as its value. When the host device 20 (Player) decrypts the Stream File, this value is used as the unit key Ku described above. Here, it is assumed that the unit key Ku is stored directly on the optical disc 50, but in reality, the unit key Ku is not stored in plain text. For example, the unit key Ku is recorded on the optical disc 50 in a state of being encrypted with a device key held by a player such as the host device 20.

  FIG. 8 is a diagram schematically showing data necessary for content protection recorded on the optical disc 50 other than the key file.

  A volume ID, a host revocation list (HRL), and a media key block (MKB) are recorded on the optical disc 50.

  The Volume ID is media-specific information and is an identifier for uniquely identifying the optical disc 50 on which the content is stored. In the BD-ROM used for the package media, a disc is produced by a stamper. Therefore, the same Volume ID is recorded in all BD-ROMs storing the same content. The Volume ID is recorded by a special method different from normal data so that copying and falsification are difficult. With a normal command from the host device 20, the volume ID cannot be read, and the volume ID can be read only after drive / host authentication described later is executed.

  The Host Revocation List (HRL) is data used in the drive / host authentication protocol and indicates a list of unauthorized host devices. The authentication processing unit 10b of the drive 10 reads this list and confirms whether or not the authentication counterpart host device is illegal. If the authentication processing unit 10b determines that it is illegal, the authentication processing unit 10b does not pass important data such as Volume ID to the host device. The HRL is recorded at a special position different from normal data. However, the recording method is the same as other normal data. Since the HRL is stored at a position where the drive 10 can be easily read (generally, a fixed position in the optical disc 50), the drive 10 can read the HRL without an instruction from the host device 20. is there.

  The media key block (MKB) is data processed by the host device 20. By processing this data, the host device 20 can obtain a media key necessary for generating the unit key Ku described above. The MKB is stored on the optical disc 50 in the same manner as normal data, and is read by a general read command from the host device 20.

  FIG. 9 is a diagram illustrating an example of the data structure of the HRL.

  The HRL is composed of a Type and Version Record and a Host Revocation List Record.

  In the Type and Version Record in the present embodiment, Record Type, Record Length, MKB Type, and Version Number are recorded in order from the top. Record Type indicates that the type of recorded information is Type and Version Record. Record Length indicates the length of Type and Version Record. MKB Type indicates the type of MKB recorded. The Version Number is first version information indicating the version of the copyright protection method of the content on the optical disc 50, and indicates, for example, the above-described version V1.0 or V2.0. Also, the first version information indicates, for example, a version in the AACS (Advanced Access Content System) standard.

  The authentication processing unit 10b according to the present embodiment identifies the version number by reading the version number included in the HRL stored in the optical disc 50. Then, the authentication processing unit 10b determines the version of the drive / host authentication protocol to be used based on the version number in response to a read instruction from the host device 20 to the optical disc 50. That is, the authentication processing unit 10b determines whether to use the version V1.0 drive / host authentication protocol or to use the version V2.0 host / drive authentication protocol. The HRL is always read by the drive 10. Therefore, the version number stored in the HRL is suitable for determining the version of the drive host authentication protocol. Furthermore, since the HRL is provided with a signature as described later, it is resistant to tampering.

  In the Host Revocation List Record, Record Type, Record Length, Number of Entries, Host Revocation List Entry, and (1) to (n-1), V1 Signature for Record, and V1 Signature are recorded. Yes.

  Record Type indicates that the type of recorded information is Host Revocation List Record. “Record Length” indicates the length of the Host Revocation List Record. Number of Entries indicates the actual number of Host Revocation List Entries. The actual Host Revocation List Entry (0) to (n-1) indicates the ID of the host device that is the target of invalidation. Each of V1 Signature for Block and V2 Signature for Block is a signature. Here, in the drive host authentication protocol V1.0, since a 160-bit key is used, the signature of the V1 Signature for Block is 320 bits. On the other hand, in the drive / host authentication protocol V2.0, since a 256-bit key is used, the signature of the V2 Signature for Block is 512 bits. The drive 10 verifies the 320-bit signature when operating with the drive-host authentication protocol V1.0, and verifies the 512-bit signature when operating with the drive-host authentication protocol V2.0.

  FIG. 10 is a diagram for explaining the process of acquiring the unit key Ku from the Key File. Here, the unit key Ku is stored in the optical disc 50 in an encrypted state.

  The host device 20 as a playback player reads the MKB stored in the optical disc 50 through the drive 10. At this time, the read processing unit 10a of the drive 10 reads the MKB from the optical disc 50 and notifies the host device 20 of it. Then, the host device 20 generates the media key Km by processing the MKB using the device key held by itself. Here, the MKB is generated in advance so that a correct media key cannot be obtained with a device key held by an unauthorized host device.

  Further, the host device 20 reads the Volume ID stored in the optical disc 50 through the drive 10. At this time, the authentication processing unit 10 b of the drive 10 performs drive / host authentication with the host device 20. After the authentication, the read processing unit 10a of the drive 10 reads and encrypts the Volume ID from the optical disc 50, and notifies the host device 20 of the encrypted Volume ID.

  The host device 20 obtains the media unique key Kmu by performing processing using the media key Km and the Hash function on the Volume ID. Thus, in order to acquire the media unique key Kmu, the Volume ID is essential. The reason for this is to prevent simple bit-by-bit copying of the optical disc 50 with a Volume ID that is extremely difficult to duplicate with normal means.

  Next, the host device 20 reads the encrypted title key Emu (Ku XOR UR) from the Key File via the drive 10. At this time, the read processing unit 10 a of the drive 10 reads the encrypted title key Emu (Ku XOR UR) from the optical disc 50 and notifies the host device 20 of it. Then, the host apparatus 20 acquires the modified unit key “Ku XOR UR” by decrypting the encrypted title key Emu (Ku XOR UR) using the media unique key Kmu.

  Further, the host device 20 reads the usage rule “Usage Rule” from the optical disk via the drive 10. At this time, the read processing unit 10 a of the drive 10 reads the usage rule “Usage Rule” from the optical disc 50 and notifies the host device 20 of it. Then, the host device 20 performs an exclusive OR (XOR) of the value UR obtained by applying the usage condition “Usage Rule” to the Hash function and the above-described modified unit key “Ku XOR UR”. The unit key Ku is obtained. Thus, in order to acquire the unit key Ku, the usage condition “Usage Rule” is essential. The reason is to prevent falsification of the usage condition “Usage Rule” in the optical disc 50.

  As described above, drive host authentication is performed for reading the Volume ID. The read processing unit 10a of the drive 10 encrypts the Volume ID using the bus key obtained by this authentication and notifies the host device 20 of the encrypted volume ID. The host device 20 acquires the Volume ID by decrypting the encrypted Volume ID. An illegal host device or a module other than the host device cannot share a bus key with the drive 10. Therefore, an unauthorized host device or the like cannot correctly acquire the Volume ID.

  In the above example, the Volume ID is encrypted, but it may not be encrypted. That is, the read processing unit 10a of the drive 10 notifies the host ID to the host device 20 in plain text as it is. At this time, the read processing unit 10a assigns a Message Authentication Code (MAC) to the Volume ID using the bus key described above, and notifies the host device 20 of the Volume ID with the MAC attached. Thereby, falsification of Volume ID can be prevented. This is because the Volume ID itself is not secret and is required not to be tampered with or illegally recorded.

  FIG. 11 is a sequence diagram showing drive / host authentication between the drive 10 and the host device 20.

  First, in step S101, the authentication processing unit 10b of the drive 10 reads the HRL from the optical disc 50. The authentication processing unit 10b compares the version of the read HRL with the HRL already held by the drive 10, and holds only the new version of the HRL. By reading out the HRL, the authentication processing unit 10b reads out the above Volume ID included in the HRL. Thus, the authentication processing unit 10b specifies first version information indicating the version of the copyright protection method of the optical disc 50. Further, the authentication processing unit 10b generates an AGID that is information for identifying a series of exchanges between the drive 10 and the host device 20, and notifies the host device 20 of this.

  Next, in step S111, the host device 20 holds the notified AGID and generates a random value Hn. In the host drive authentication protocol V1.0, since a 160-bit key is used in the elliptic function, the host device 20 generates a 160-bit random value Hn. On the other hand, in the host drive authentication protocol V2.0, since a 256-bit key is used in the elliptic function, the host device 20 generates a 256-bit random value Hn. The host device 20 adds the public key certificate Hcert given to the host device 20 to the generated random value Hn and notifies the drive 10 of it.

  In step S102, the authentication processing unit 10b of the drive 10 indicates the version of the drive / host authentication protocol based on the key or signature described in the public key certificate Hcert notified from the host device 20. Specify version information. For example, in the public key certificate Hcert, as shown in FIG. 11, a Certificate Type, a Reserved, a Length, a Certificate ID, a Reserved, a Public Key, and an Entity Signature are described. Among these elements described in the public key certificate Hcert, the length (number of bits) of the public key or the entity signature differs depending on the version of the drive / host authentication protocol. Accordingly, the authentication processing unit 10b specifies the second version information based on the length of the public key or the entity signature. When the version number is described in the public key certificate Hcert, the authentication processing unit 10b may specify the version number as the second version information. Note that the authentication processing unit 10b may specify the second version information based on the random value Hn. For example, the second version information is specified according to the number of bits of the random value Hn. Note that the second version information indicates, for example, a version in the AACS (Advanced Access Content System) standard. Further, the authentication processing unit 10b determines whether the authentication is appropriate or not by comparing the Volume ID, which is the first version information specified above, with the second version information. If both the first and second version information are V1.0 or V2.0, the authentication processing unit 10b determines to perform authentication. On the other hand, if the first version information is V2.0 and the second version information is V1.0, the authentication processing unit 10b determines that authentication is not performed. When it is determined that the authentication is not performed, the authentication processing unit 10b notifies the host device 20 of an error and stops the drive / host authentication.

  On the other hand, when it is determined that authentication is to be performed, the authentication processing unit 10b of the drive 10 verifies the public key certificate Hcert. The public key certificate Hcert is signed using the root public key. The authentication processing unit 10b verifies this signature using the root public key held by the drive 10. If the verification fails, the authentication processing unit 10b stops a series of host drive authentications at this stage. Furthermore, even if the signature verification is successful, if the ID of the host device 20 included in the public key certificate Hcert is registered in the HRL described above, the authentication processing unit 10b 20 is determined to be illegal. As a result, the authentication processing unit 10b stops the host drive authentication at this stage. At the stage where these series of verifications succeeded successfully, the authentication processing unit 10b generates a random value Dn. The bit length of the random value Dn generated here is the same as the bit length of the random value Hn described above. In this way, the authentication processing unit 10b notifies the host device 20 of the generated random value Dn and the public key certificate Dcert assigned to the drive 10 together.

  In step S112, the host device 20 that has received the notification verifies the public key certificate Dcert. The public key certificate Dcert is signed using the root public key. The host device 20 verifies the signature using the public key of the route held by the host device 20. If the verification fails, the host device 20 stops the series of drive / host authentication at this stage. Here, the host device 20 holds a Drive Revocation List (DRL), similar to the HRL held by the drive 10. The DRL is stored in the MKB described above. The host device 20 acquires a new DRL from this MKB and stores it. When the signature verification described above is successful, the host device 20 determines whether or not the ID of the drive 10 included in the public key certificate Dcert is registered in the DRL. If it is determined that it is registered in the DRL, the host device 20 determines that the drive 10 is invalid, and stops the drive / host authentication at this stage.

  In step S103, the authentication processing unit 10b of the drive 10 generates a random value Dk. The bit length of the random value Dk is the same length as the random value Dn described above. Next, the authentication processing unit 10b calculates a value Dv from a predetermined elliptic function base value and a random value Dk. Further, the authentication processing unit 10b generates a signature Dsig with a secret key held by the drive 10 for a concatenated value obtained by concatenating the random value Hn and the value Dv. The authentication processing unit 10b connects the value Dv and the signature Dsig obtained in this way and notifies the host device 20 of them.

  In step S113, the host device 20 first verifies the received signature Dsig. Specifically, the host device 20 acquires a public key from the public key certificate Dcert that has already been received from the drive 10, and verifies the signature Dsig using this public key. If this verification fails, the host device 20 determines that a series of host drive authentication has failed. Next, the host device 20 generates a random value Hk. The bit length of the random value Hk is the same as the random value Hn described above. Next, the host device 20 calculates a value Hv from a predetermined elliptic function base value and a random value Hk. Further, the host device 20 generates a signature Hsig with a secret key held by the host device 20 for the concatenated value obtained by concatenating the random value Dn and the value Hv. The host device 20 concatenates the value Hv thus obtained and the signature Hsig and notifies the drive 10 of it.

  In step S104, the authentication processing unit 10b of the drive 10 verifies the received signature Hsig. Specifically, the authentication processing unit 10b acquires a public key from the public key certificate Hcert that has already been received from the host device 20, and verifies the signature Hsig using this public key. If this verification fails, the authentication processing unit 10b determines that a series of host drive authentication has failed. And the authentication process part 10b finally acquires the bus key Kb by processing the random value Dk and the value Hv on an elliptic curve.

  In step S <b> 114, the host device 20 finally acquires the same bus key Kb as that of the drive 10 by processing the random value Hk and the value Dv on the elliptic curve, similarly to the drive 10.

  The read processing unit 10a of the drive 10 encrypts the Volume ID by using the bus key Kb obtained by the authentication after the host drive authentication consisting of the processes of the above steps S101 to S114 is performed without failure. To do. Then, the read processing unit 10a notifies the host device 20 of the encrypted Volume ID.

  In the present embodiment, the first version information is specified by reading the version number that is the first version information included in the HRL. However, the first version information is identified by a technique other than such reading. Version information may be specified.

  For example, the authentication processing unit 10b of the drive 10 may specify the first version information based on the physical characteristics of the optical disc 50. That is, the authentication processing unit 10b detects, for example, the track pitch or the number of layers as the physical characteristics of the optical disc 50. If the detected track pitch is longer than the threshold value or the number of detected layers is two, the authentication processing unit 10b specifies the first version information indicating the version V1.0. On the other hand, if the detected track pitch is shorter than the threshold value or the number of detected layers is three, the authentication processing unit 10b specifies the first version information indicating the version V2.0.

  Further, the authentication processing unit 10b of the drive 10 may specify the first version information by reading the first version information recorded in a place other than the HRL. The place other than the HRL is, for example, Disc Information of metadata recorded at the head portion of the optical disc 50. This Disc Information includes the first version information as a version number. Therefore, the authentication processing unit 10b specifies the first version information based on the Disc Information, that is, by reading the version number included in the Disc Information.

  Further, the authentication processing unit 10b of the drive 10 may specify the first version information based on all of the HRL, the disc information, and the physical characteristics of the optical disc 50. Thereby, the first version information can be specified more accurately.

  FIG. 12 is a block diagram showing a detailed configuration of the drive 10 in the present embodiment.

  The drive 10 receives an instruction from the host device 20 and reads content from the optical disk 50 that is a recording medium. Such a drive 10 includes a first version specifying unit 11, a second version specifying unit 12, a determination unit 13, an authentication unit 14, an information reading unit 15, and a content reading unit 16.

  The first version specifying unit 11 specifies the first version information indicating the version of the content copyright protection method on the optical disc 50 based on the optical disc 50. Specifically, the first version specifying unit 11 specifies the first version information by reading the Volume ID included in the HRL stored in the optical disc 50 as the first version information. Alternatively, the first version specifying unit 11 specifies the first version information based on physical characteristics such as the number of layers of the optical disc 50. Alternatively, the first version specifying unit 11 specifies the first version information based on Disc Information that is metadata stored at the head of the optical disc 50.

  The second version specifying unit 12 specifies second version information indicating the version of the protocol used in the drive / host authentication of the host device 20. Specifically, the second version specifying unit 12 specifies the second version information based on information notified from the host device 20.

  The determination unit 13 determines the right or wrong of the drive / host authentication by comparing the first version information and the second version information. For example, the determination unit 13 determines to perform authentication if both the first and second version information are V1.0 or V2.0. On the other hand, when the first version information is V2.0 and the second version information is V1.0, the security level of the protocol is the copyright protection level required for the content of the optical disc 50. Lower than. Accordingly, in such a case, the determination unit 13 determines not to perform drive / host authentication.

  The authentication unit 14 performs drive / host authentication with the host device 20 based on the determination result of drive / host authentication.

  The information reading unit 15 reads media-specific information, which is a volume ID used for decrypting the encrypted content stored in the optical disc 50, from the optical disc 50 and notifies the authenticated host device 20.

  The content reading unit 16 reads the encrypted content from the optical disc 50 and notifies the authenticated host device 20.

  The first version identification unit 11, the second version identification unit 12, the determination unit 13, and the authentication unit 14 are included in the authentication processing unit 10b in the above embodiment. The information reading unit 15 and the content reading unit 16 are included in the reading processing unit 10a in the above embodiment.

  FIG. 13 is a flowchart showing the processing operation of the drive 10 in the present embodiment.

  First, the drive 10 specifies first version information indicating the version of the content protection method on the optical disc 50 based on the optical disc 50 (step S11). Then, the drive 10 specifies second version information indicating the version of the protocol used for drive / host authentication with the host device 20 (step S12).

  Next, the drive 10 compares the first version information and the second version information to determine whether the drive / host authentication is appropriate (step S13). If it is determined that drive / host authentication is to be performed (Yes in step S13), the drive 10 performs drive / host authentication with the host device 20 (step S14). On the other hand, when drive / host authentication is not performed, that is, when it is determined that authentication has failed (No in step S13), the drive 10 notifies the host device 20 of an error and stops reading information from the optical disc 50.

  After step S <b> 14, the drive 10 reads out the media-specific information, which is a volume ID used for decrypting the encrypted content stored in the optical disc 50, from the optical disc 50 and notifies the authenticated host device 20. (Step S15). Then, the drive 10 reads the encrypted content from the optical disc 50 and notifies the authenticated host device 20 (step S16).

  As described above, in this embodiment, whether or not authentication such as drive / host authentication is performed is determined by comparing the first version information and the second version information. Therefore, for example, when both the first version information and the second version information indicate version V1.0 or V2.0, it is determined that authentication is to be performed, and drive host authentication can be performed. That is, it is possible to appropriately perform drive / host authentication in accordance with the level of copyright protection required for the recording medium. On the other hand, when the first version information indicates the version V2.0 and the second version information indicates the version V1.0, it is determined that the authentication is not performed, and the drive / host authentication can be stopped. As a result, it is possible to prevent the media unique information and the encrypted content from being notified to an unauthenticated host device. That is, in the recording medium, it is possible to prevent drive / host authentication from being performed with the protocol of version V1.0 having a low security level even though copyright protection with a high version V2.0 level is required. be able to. As a result, appropriate copyright protection can be performed on the content of the recording medium.

  In the present embodiment, the first version information is specified by reading the Volume ID included in the HRL stored in the optical disc 50, which is a list of unauthorized host devices. Generally, for authentication such as drive / host authentication, it is necessary to read the HRL from the recording medium. Accordingly, it is possible to easily identify the first version information by reading the Volume ID included in the HRL without substantially applying a new processing load. Accordingly, appropriate copyright protection for the contents of the optical disc 50 can be easily performed while suppressing an increase in processing load.

  In the above embodiment, each component may be configured by dedicated hardware or may be realized by executing a software program suitable for each component. Each component may be realized by a program execution unit such as a CPU or a processor reading and executing a software program recorded on a recording medium such as a hard disk or a semiconductor memory. Here, the software that implements the drive 10 of the above-described embodiment causes the computer to execute the steps shown in FIG. 11 or FIG.

  The content reading method according to one or more aspects has been described based on the embodiment, but the present invention is not limited to this embodiment. Unless it deviates from the gist of the present invention, various modifications conceived by those skilled in the art have been made in this embodiment, and forms constructed by combining components in different embodiments are also within the scope of one or more aspects. May be included.

  The present invention can be applied to a drive for reading content from a recording medium such as an optical disk. In other words, the present invention is used as a mechanism for correctly authenticating with a host device depending on the type of optical disc to be played in a drive that supports both a conventional optical disc and an optical disc storing higher-quality content. Can do.

DESCRIPTION OF SYMBOLS 10 Drive 10a Reading process part 10b Authentication process part 11 1st version specific part 12 2nd version specific part 13 Judgment part 14 Authentication part 15 Information read part 16 Content read part 20 Host apparatus 50 Optical disk

Claims (2)

A content reading method for receiving content from a recording medium in response to an instruction from a host device,
First version information indicating a version of a copyright protection method of content in the recording medium is specified based on the recording medium,
Specifying second version information indicating a version of a protocol used in authentication of the host device;
Based on the first version information and the second version information, determine whether to authenticate,
Based on the determination result of the authentication, the host device is authenticated,
Read the media specific information used for decrypting the encrypted content stored in the recording medium from the recording medium and notify the authenticated host device,
Read the encrypted content from the recording medium, notify the authenticated host device,
In specifying the first version information,
Identifying the first version information based on disc information that is metadata stored in a head portion of the recording medium formed as a disc;
Content reading method.   A content reading device that receives an instruction from a host device and reads content from a recording medium,
  First version information indicating a version of a copyright protection method of content in the recording medium is specified based on disc information which is metadata stored in a head portion of the recording medium formed as a disc. The version identification part of
  A second version specifying unit for specifying second version information indicating a version of a protocol used in authentication of the host device;
  A determination unit for determining whether to authenticate based on the first version information and the second version information;
  An authentication unit that authenticates the host device based on the determination result of the authentication,
  An information reading unit that reads media-specific information used for decrypting the encrypted content stored in the recording medium from the recording medium and notifies the authenticated host device;
  A content reading unit that reads the encrypted content from the recording medium and notifies the authenticated host device;
  A content reading apparatus comprising:

Images