JP2000124895A - Device and method for processing information and providing medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent a key for enciphering information from being read out, when deciphering the information. SOLUTION: A mutually certifying module 71 generates a temporary key through a mutual certification with an expansion part 63, a storage module 73 stores a second key, a deciphering unit 91 deciphers a first key with the second key, and an enciphering unit 92 enciphers the first key with the temporary key. A mutually certifying module 75 generates a temporary key through mutual certification with a storage means, a deciphering module 76 deciphers the first key with the temporary key, and a deciphering module 77 deciphers information with the first key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information processing apparatus, an information processing method, and a providing medium, and more particularly, to an information processing apparatus, an information processing method, and a providing medium for decrypting encrypted information.

[0002]

2. Description of the Related Art Information such as music is encrypted and transmitted to an information processing device of a user who has made a predetermined contract.
There is a system for decoding and reproducing information with the information processing device. The key for encrypting information is further encrypted with a predetermined key and recorded. The key for encrypting the key for encrypting the information is stored on a storage medium that is difficult to be accessed illegally,
It is read and used only when the information is decoded. Thus, the key for encrypting information is difficult to use illegally, and therefore, the information is also difficult to use illegally.

[0003]

However, when decrypting information, the key for encrypting the information is decrypted and transmitted to a decryption circuit or decryption device for decrypting the information. At this time, the key for encrypting the information in the decrypted state can be relatively easily read from the inside of the device or from the communication between the devices, and when read, the information is easy to read. It can be used illegally.

The present invention has been made in view of such a situation, and has as its object to prevent a key for encrypting information from being read when decrypting information.

[0005]

The information processing apparatus according to claim 1, wherein the first storage means mutually authenticates the first decryption means and generates a temporary key, A second storage unit for storing the second key; a second decryption unit for decrypting the first key with the second key; and an encryption unit for encrypting the first key with the temporary key. A first decryption unit that performs mutual authentication with the first storage unit and generates a temporary key; a third decryption unit that decrypts the first key with the temporary key; And a fourth decryption means for decrypting information with the key.

According to a second aspect of the present invention, in the information processing method, the storage means performs a first mutual authentication step of mutually authenticating with the decryption means and generating a temporary key, a storage step of storing the second key, A first decryption step of decrypting the first key with the second key; and an encryption step of encrypting the first key with the temporary key. The method is characterized by including a second mutual authentication step of generating, a second decryption step of decrypting the first key with the temporary key, and a third decryption step of decrypting information with the first key.

According to a third aspect of the present invention, there is provided the storage medium of the information processing apparatus, wherein the storage unit stores the second key in a first mutual authentication step of mutually authenticating the decryption unit and generating a temporary key. Causing the decryption unit to execute a process including a step, a first decryption step of decrypting the first key with the second key, and an encryption step of encrypting the first key with the temporary key. A second mutual authentication step of mutually authenticating and generating a temporary key, a second decryption step of decrypting the first key with the temporary key, and a third decryption step of decrypting information with the first key. And a computer-readable program for executing a process including:

[0008] The information processing apparatus according to claim 1, claim 2
In the information processing method according to the above, and the providing medium according to the third aspect, mutual authentication is performed, a temporary key is generated, a second key is stored, and the first key is decrypted with the second key. The first key is encrypted with the temporary key, the first key is decrypted with the temporary key, and the information is decrypted with the first key.

[0009]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be described below. In order to clarify the correspondence between each means of the invention described in the claims and the following embodiments, each means is described. When the features of the present invention are described by adding the corresponding embodiment (however, an example) in parentheses after the parentheses, the result is as follows. However, of course, this description does not mean that each means is limited to those described.

That is, in the information processing apparatus according to the first aspect, the first storage means (for example, the SAM 62 in FIG. 10)
First mutual authentication means for mutually authenticating with the first decryption means and generating a temporary key (for example, the mutual authentication module 7 shown in FIG. 10)
1) and second storage means for storing a second key (for example,
The storage module 73 in FIG. 10), second decryption means for decrypting the first key with the second key (for example, the decryption unit 91 in FIG. 10), and encryption for encrypting the first key with the temporary key Encryption means (for example, the encryption unit 92 in FIG. 10).
The first decryption unit (for example, the decompression unit 63 in FIG. 10) performs mutual authentication with the first storage unit and generates a temporary key.
5), third decryption means for decrypting the first key with the temporary key (for example, decryption module 76 in FIG. 10), and fourth decryption means for decrypting information with the first key (for example, FIG. And a decoding module 77).

FIG. 1 shows an EMD (Electronic) to which the present invention is applied.
1 is a diagram illustrating a Music Distribution (electronic music distribution) system. Content distributed to a user in this system refers to digital data in which the information itself has value, and music data will be described below as an example.
The EMD service center 1 transmits the delivery key Kd to the content provider 2, the user home network 5, etc.
The charge information and the like according to the use of the content are received from the user home network 5, the usage fee is settled, and the profit distribution to the content provider 2 and the service provider 3 is performed.

The content provider 2 has digitized content, inserts a watermark (electronic watermark) into the content to prove that the content is its own, compresses and encrypts the content,
Predetermined information is added and transmitted to the service provider 3.

The service provider 3 attaches a price to the content supplied from the content provider 2 and transmits the content to the user home network 5 via a network 4 including a dedicated cable network, the Internet, a satellite, or the like. .

The user home network 5 obtains contents sent from the service provider 3 with a price, decodes, reproduces and uses the contents, and executes a charging process. According to the billing information obtained by the billing process, the user home network 5 sends the delivery key Kd to the EMD.
When it is obtained from the service center 1, it is transmitted to the EMD service center 1.

FIG. 2 is a block diagram showing a functional configuration of the EMD service center 1. As shown in FIG. The service provider management unit 11 supplies the profit distribution information to the service provider 3 and, when the information (handling policy) attached to the content supplied from the content provider 2 is encrypted, distributes the information to the service provider 3. The key Kd is transmitted. The content provider management unit 12 transmits the distribution key Kd to the content provider 2 and supplies profit distribution information. The copyright management unit 13 stores information indicating the use results of the contents of the user home network 5 into an organization that manages copyrights, for example, JASRAC (Japanes).
e Society for Rights of Authors, Composers and Publ
ishers: Japan Music Copyright Association). Key server 14
Stores the delivery key Kd, and supplies the delivery key Kd to the content provider 2, the user home network 5, or the like via the content provider management unit 12, the user management unit 18, or the like. User management unit 18
Inputs billing information, which is information indicating the actual use of the content in the user home network 5, price information corresponding to the content, and a handling policy corresponding to the content, and causes the history data management unit 15 to store the information.

A delivery key Kd from the EMD service center 1 to the content provider 2 and the receiver 51 (described later in FIG. 10) constituting the user home network 5
An example of the periodic transmission of will be described with reference to FIGS. FIG. 3 shows that the content provider 2 starts providing the content and the receiver 51 constituting the user home network 5 starts using the content.
The delivery key Kd of the EMD service center 1 and the delivery key K of the content provider 2 in January 2008
FIG. 6D is a diagram illustrating a delivery key Kd of the receiver 51.

In the example shown in FIG. 3, the delivery key Kd can be used from the first day of the calendar month to the last day of the month.
The distribution key Kd of version 1 having the value of
Available January 1, 1998 to January 31, 1998 (ie, January 1, 1998 to January 3, 1998)
The content key Kco for encrypting the content distributed by the service provider 3 to the user home network 5 during the period of one day is encrypted with the delivery key Kd of version 1), and is a random number having a predetermined number of bits. Is
The distribution key Kd, which is version 2 having a value of “bbbbbbbbbb”, can be used from February 1, 1998 to February 28, 1998 (that is, the content distributed by the service provider 3 to the user home network 5 during that period). Is encrypted with the distribution key Kd of version 2).
Similarly, the delivery key Kd of version 3 is 1998
The delivery key Kd of version 4 can be used during March 1998, and the delivery key Kd of version 5 can be used during May 1998. The version 6 delivery key Kd is 19
It will be available during June 1998.

Prior to the content provider 2 starting to provide content, the EMD service center 1 provides the content provider 2 with six distributions, version 1 to version 6, available from January 1998 to June 1998. Sends the user key Kd and the content provider 2
Receives and stores the six delivery keys Kd. It is the content provider 2 that stores the June delivery key Kd.
This is because a predetermined period is required for preparing the content and the content key before providing the content.

Prior to the receiver 51 starting to use the content, the EMD service center 1 provides the receiver 51 with three available versions 1 to 3 from January 1998 to March 1998. The delivery key Kd is transmitted, and the receiver 51 transmits the three delivery keys K
d is received and stored. The reason that the delivery key Kd for March is stored is that the receiver 51 cannot use the content despite the contract period in which the content can be used due to troubles such as the inability to connect to the EMD service center 1. This is also to avoid the frequency of connection to the EMD service center 1 and reduce the load on the user home network 5.

From January 1, 1998 to January 3, 1998
During the period of one day, the delivery key Kd of version 1 is
It is used by the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.

On February 1, 1998, the content provider 2 of the delivery key Kd of the EMD service center 1
The transmission to the receiver 51 will be described with reference to FIG. The EMD service center 1 provides the content provider 2 with 199
Send six delivery keys Kd, version 2 to version 7, available from February 2008 to July 1998;
The content provider 2 receives the six delivery keys Kd, overwrites the delivery key Kd stored before the reception, and stores the new delivery key Kd. EMD Service Center 1
Has been installed on the receiver 51 from February 1998 to April 1998.
Until the month, three available delivery keys Kd of version 2 to version 4 are transmitted, and the receiver 51 receives the three delivery keys Kd and overwrites the delivery key Kd stored before reception. Then, the new delivery key Kd is stored. EM
D service center 1 has version 1 delivery key K
d is stored as it is. This is to make it possible to use the delivery key Kd used in the past when an unexpected trouble occurs, or when an irregularity occurs or is found.

From February 1, 1998 to February 2, 1998
During the period of 8 days, the delivery key Kd of version 2 is
It is used by the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.

On March 1, 1998, the content provider 2 of the delivery key Kd of the EMD service center 1
The transmission to the receiver 51 will be described with reference to FIG. The EMD service center 1 provides the content provider 2 with 199
Sending six distribution keys Kd, version 3 to version 8, available from March 2008 to August 1998;
The content provider 2 receives the six delivery keys Kd, overwrites the delivery key Kd stored before the reception, and stores the new delivery key Kd. EMD Service Center 1
Has been installed on the receiver 51 from March 1998 to May 1998.
Until the month, three available delivery keys Kd of version 3 to version 5 are transmitted, and the receiver 51 receives the three delivery keys Kd and overwrites the delivery key Kd stored before reception. Then, the new delivery key Kd is stored. EM
D service center 1 has version 1 delivery key K
d and the delivery key Kd of version 2 are stored as they are.

From March 1, 1998 to March 3, 1998
In the period of one day, the delivery key Kd of version 3 is
It is used by the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.

On April 1, 1998, the content provider 2 of the delivery key Kd of the EMD service center 1
The transmission to the receiver 51 will be described with reference to FIG. The EMD service center 1 provides the content provider 2 with 199
Sending six distribution keys Kd, version 4 to version 9, available from April 1988 to September 1998;
The content provider 2 receives the six delivery keys Kd, overwrites the delivery key Kd stored before the reception, and stores the new delivery key Kd. EMD Service Center 1
Has been added to the receiver 51 from April 1998 to June 1998.
Until the month, three delivery keys Kd of available versions 4 to 6 are transmitted, and the receiver 51 receives the three delivery keys Kd and overwrites the delivery key Kd stored before reception. Then, the new delivery key Kd is stored. EM
D service center 1 has version 1 delivery key K
d, the delivery key Kd of version 2 and the delivery key Kd of version 3 are stored as they are.

From April 1, 1998 to April 3, 1998
During the 0 day period, the delivery key Kd of version 4 is
It is used by the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.

As described above, by distributing the delivery key Kd of the previous month in advance, even if the user has not accessed the center at all for one or two months, the content can be purchased for a while. Then, the user can access the center and receive the key.

The profit distribution unit 16 includes a history data management unit 15
The profits of the EMD service center 1, the content provider 2, and the service provider 3 are calculated based on the billing information, the price information, and the handling policy supplied from.
The mutual authentication unit 17 performs mutual authentication, which will be described later, with the content provider 2, the service provider 3, and predetermined devices of the user home network 5.

The user management unit 18 has a user registration database. When a registration request is received from a device in the user home network 5, the user management unit 18 searches the user registration database and registers the device according to the recorded contents. Or reject the registration. When the user home network 5 is composed of a plurality of devices having a function connectable to the EMD service center 1, the user management unit 18 responds to the result of the process of determining whether or not registration is possible, A device for settlement is designated, and a registration list defining usage conditions of the content is transmitted to a predetermined device on the user home network 5.

The example of the user registration database shown in FIG.
A 4-bit ID (Identification Data) is recorded, and in accordance with the ID (that is, for each device having the ID), whether payment processing is possible, whether registration is possible, EM
D Records information such as whether or not connection with the service center 1 is possible. Information on whether or not registration is possible, which is recorded in the user registration database, includes information on unpaid charges supplied from a settlement institution (for example, a bank) or a service provider 3;
It is updated at predetermined time intervals based on information such as unauthorized processing. In response to a request to register a device having an ID recorded as unregisterable, the user management unit 18 rejects the registration,
The device whose registration has been refused cannot use the contents of this system thereafter.

The information on whether or not the settlement process is possible, which is recorded in the user registration database, indicates whether or not the device is capable of making a settlement. When the user home network 5 is composed of a plurality of devices capable of playing or copying content and the like, one of the devices capable of performing settlement processing is provided to the EMD service center 1 by the user home network. It outputs billing information, price information, and a handling policy of all devices registered in the EMD service center 1 of the network 5. The information on whether or not the device can be connected to the EMD service center 1 recorded in the user registration database indicates whether or not the device can be connected to the EMD service center 1, and the device recorded as not being connected. Outputs billing information and the like to the EMD service center 1 via another device of the user home network 5.

The user management unit 18 is supplied with billing information, price information, and a handling policy from a device of the user home network 5 and stores the information in the history data management unit 15.
And supplies the delivery key Kd to the device of the user home network 5 in a predetermined process (timing).

The billing request unit 19 includes the history data management unit 15
Based on the billing information, price information, and handling policy supplied from, a billing to the user is calculated, and the result is supplied to the accounting unit 20. The accounting unit 20 is configured to withdraw money to the user, the content provider 2 and the service provider 3,
It communicates with an external bank or the like (not shown) based on the amount of the usage fee to be collected, and executes a settlement process. The auditing unit 21 audits the billing information and the price information supplied from the device of the user home network 5 and the legitimacy of the handling policy (that is, whether or not the fraud has been done).

FIG. 8 is a block diagram showing a functional configuration of the content provider 2. As shown in FIG. Content server 31
Stores the content to be supplied to the user and supplies the content to the watermark adding unit 32. Watermark addition part 32
Adds a watermark to the content supplied from the content server 31 and supplies the content to the compression unit 33. The compression unit 33 converts the content supplied from the watermark adding unit 32 into an ATRAC2 (Adaptive Transform Acoustic Cod
ing 2) It is compressed by a method such as (trademark) and supplied to the encryption unit 34. The encryption unit 34 uses the content compressed by the compression unit 33 as a key (hereinafter, this random number is referred to as a content key Kco) using the random number supplied from the random number generation unit 35 as a key.
The encryption is performed using a common key encryption method such as DES (Data Encryption Standard), and the result is output to the secure container creation unit 38.

The random number generation unit 35 supplies a random number having a predetermined number of bits to be the content key Kco to the encryption unit 34 and the encryption unit 36. The encryption unit 36 determines the content key Kc
o is the delivery key Kd supplied from the EMD service center 1.
And encrypts the data using a common key encryption method such as DES, and outputs the result to the secure container creation unit 38.

DES is an encryption system that uses a 56-bit common key and processes 64 bits of plaintext as one block. The DES process is composed of a part that converts plaintext into ciphertext (data stirring part) and a part that generates a key (enlarged key) used by the data stirring part from a common key (key processing part). Since all the algorithms of DES are public, the basic processing of the data agitation unit will be briefly described here.

First, the 64 bits of the plaintext are divided into H _{0 of} the upper 32 bits and L _{0 of the} lower 32 bits. Expanded key K ₁ of 48 bits supplied from the key processing unit, and inputs the lower 32 bits of the L _0, the lower 32 bits of the L ₀
The output of the F function obtained by stirring is calculated. The F function is composed of two types of basic conversion, "substitution" for replacing a numerical value with a predetermined rule and "transposition" for replacing a bit position with a predetermined rule. Next, the upper 32 bits H ₀ and F
The output of the function is XOR, the result is a L _1. L ₀ is set to H ₁ .

The above process is repeated 16 times based on the upper 32 bits H ₀ and the lower 32 bits L ₀ , and the obtained upper 32 bits H ₁₆ and lower 32 bits L ₁₆ are output as ciphertext. You. Decryption is realized by reversing the above procedure using the common key used for encryption.

The policy storage unit 37 stores a content handling policy (policy), and outputs the handling policy to the secure container creating unit 38 corresponding to the content to be encrypted. The secure container creation unit 38 is created by taking the encrypted content, the encrypted content key Kco, the handling policy, and the hash value of the encrypted content, the encrypted content key Kco, and the handling policy. A content provider secure container including a signature and a certificate including the public key Kpcp of the content provider 2 is created, and the service provider 3
To supply. The mutual authentication unit 39 is the EMD service center 1
Prior to receiving the supply of the delivery key Kd from the company, mutual authentication with the EMD service center 1 is performed, and prior to transmission of the content provider secure container to the service provider 3, mutual authentication is performed with the service provider 3.

The signature is data to be attached to data or a certificate to be described later to check for falsification and authenticate the creator. A hash value is obtained by a hash function based on the data to be transmitted, and this is used for public key encryption. Created by encrypting with a private key.

The verification of the hash function and the signature will be described. The hash function is a function that receives predetermined data to be transmitted as input, compresses the data into data having a predetermined bit length, and outputs the data as a hash value. The hash function has difficulty in predicting an input from a hash value (output). When one bit of data input to the hash function changes, many bits of the hash value change, and the same hash value is obtained. It has the feature that it is difficult to find the input data that it has.

The recipient who has received the signature and the data decrypts the signature with the public key of the public key encryption, and as a result (hash value)
Get. Further, a hash value of the received data is calculated, and it is determined whether the calculated hash value is equal to a hash value obtained by decrypting the signature. If it is determined that the hash value of the transmitted data is equal to the decrypted hash value, the received data is not falsified,
It can be seen that the data is transmitted from the sender holding the secret key corresponding to the public key. As the signature hash function, MD4, MD5, SHA-1, or the like is used.

Next, public key encryption will be described. In contrast to a common key cryptosystem that uses the same key (common key) for encryption and decryption, the public key cryptosystem uses a different key for decryption and a key for decryption. When using public key cryptography,
One of the keys can be kept public while the other can be kept secret. A key that may be made public is called a public key, and a key that keeps the other secret is called a private key.

A typical RSA (Rivest-Sh) in public key cryptography
amir-Adleman) Briefly explain the encryption. First, two sufficiently large prime numbers p and q are obtained, and further, n which is a product of p and q is obtained. The least common multiple L of (p-1) and (q-1) is calculated, and a number e that is 3 or more and less than L and is relatively prime to L
(Ie, the number that can divide e and L in common is 1
Only).

Next, the multiplicative inverse d of e regarding the multiplication modulo L is determined. That is, ed = 1 between d, e, and L
mod L holds, and d can be calculated by Euclidean algorithm. At this time, n and e are public keys, and p, q, and d are
It is a secret key.

The ciphertext C is calculated from the plaintext M by the processing of equation (1). C = M ^ e mod n (1)

The ciphertext C is decrypted into a plaintext M by the processing of equation (2). M = C ^ d mod n (2)

Although the proof is omitted, the plaintext is converted to the ciphertext by the RSA encryption and can be decrypted because the formula (3) is established based on Fermat's little theorem. M = C ^ d = (M ^ e) ^ d = M ^ (ed) mod n (3)

If the secret keys p and q are known, the public key e
The secret key d can be calculated from the following, but if the number of digits of the public key n is increased to such an extent that the factorization of the public key n is computationally difficult,
Knowing only the public key n, the secret key d cannot be calculated from the public key e and cannot be decrypted. As described above, in the RSA encryption, the key used for encryption and the key used for decryption can be different keys.

[0050] Elliptic curve cryptography, another example of public key cryptography, will also be briefly described. Elliptic curve y ^ 2 = x ^ 3 + ax
Let B be a point on + b. The addition of points on the elliptic curve is defined, and nB represents the result of adding B n times. Similarly, subtraction is defined. Calculating n from B and nB has proven to be difficult. Let B and nB be public keys and n be a secret key. Using the random number r, the ciphertexts C1 and C2 are calculated from the plaintext M using the public key by the processing of Expressions (4) and (5). C1 = M + rnB (4) C2 = rB (5)

The ciphertexts C1 and C2 are decrypted into plaintext M by the processing of equation (6). M = C1-nC2 (6)

Only those having the secret key n can be decrypted. As described above, similarly to the RSA encryption, the elliptic curve encryption uses a key used for encryption and a key for decryption,
It can be a different key.

FIG. 9 is a block diagram showing a functional configuration of the service provider 3. As shown in FIG. The content server 41
The encrypted content supplied from the content provider 2 is stored in the secure container creating unit 44.
To supply. The pricing unit 42 creates price information based on the handling policy corresponding to the content, and supplies the price information to the secure container creating unit 44. The policy storage unit 43 stores the content handling policy supplied from the content provider 2 and supplies the policy to the secure container creation unit 44. The mutual authentication unit 45 mutually authenticates with the content provider 2 before receiving the supply of the content provider secure container from the content provider 2, and performs the user home network before transmitting the service provider secure container to the user home network 5. Mutually authenticate with 5. When the content provider 2 supplies the handling policy after encrypting it with the delivery key Kd, the mutual authentication unit 45 sends the delivery key K from the EMD service center 1.
Prior to receiving the supply of d, mutual authentication with the EMD service center 1 is performed.

FIG. 10 is a block diagram showing the configuration of the user home network 5. The receiver 51 receives the service provider secure container including the content from the service provider 3 via the network 4, decrypts and decompresses the content, and reproduces the content.

The communication section 61 communicates with the service provider 3 or the EMD service center 1 via the network 4 to receive or transmit predetermined information. SAM (Secu
The re Application Module 62 mutually authenticates with the service provider 3 or the EMD service center 1, decrypts the content, or encrypts the content, and stores a delivery key Kd and the like. The decompression unit 63 decrypts the encryption of the content, decompresses the content using the ATRAC2 method, and inserts a predetermined watermark into the content. IC (Integr
ated Circuit) card interface 64 is SAM6
2 is changed to a predetermined format and output to the IC card 55 attached to the receiver 51, and the signal from the IC card 55 is changed to a predetermined format and output to the SAM 62.

The SAM 62 that mutually authenticates with the service provider 3 or the EMD service center 1, executes a charging process, decrypts and encrypts the content key Kco, and stores predetermined data such as license condition information. It comprises a module 71, a billing module 72, a storage module 73, and a decryption / encryption module 74. This SAM62 is a single-chip cryptographic processing IC
It has a multi-layer structure, and its memory cells are sandwiched between dummy layers such as an aluminum layer. Also, it is difficult to read data illegally from the outside, such as a narrow operating voltage or frequency range. Tamper).

The mutual authentication module 71 performs mutual authentication with the service provider 3 or the EMD service center 1, and supplies a temporary key Ktemp (session key) to the decryption / encryption module 74 as necessary. The billing processing module 72 generates license condition information and billing information from the handling policy and price information (and, in some cases, handling control information) included in the service provider secure container received from the service provider 3, and 73 or HDD (Hard DiskDrive) 5
Output to 2. The storage module 73 stores the billing information supplied from the billing processing module 72 or the decryption / encryption module 74, and data such as the delivery key Kd, and stores the delivery information when another functional block executes a predetermined process. It supplies data such as a key Kd.

The decryption / encryption module 74 comprises a decryption unit 91, a random number generation unit 92, and an encryption unit 93. The decryption unit 91 decrypts the encrypted content key Kco with the distribution key Kd, and outputs the decrypted content key Kco to the encryption unit 93. The random number generation unit 92
A random number having a predetermined number of digits is generated and output to the encryption unit 93 and the storage module 73 as a storage key Ksave. However, once generated and stored, there is no need to do so. The encryption unit 93 encrypts the decrypted content key Kco again with the storage key Ksave,
Output to D52. When transmitting the content key Kco to the decompression unit 63, the encryption unit 93
co is encrypted with the temporary key Ktemp.

The decompression unit 63 for decrypting and decompressing the content and adding a predetermined watermark is composed of a mutual authentication module 75, a decryption module 76, a decryption module 77, a decompression module 78, and a watermark addition module 79. . Mutual authentication module 75 is SA
Mutual authentication is performed with M62, and the temporary key Ktemp is output to the decryption module 76. The decryption module 76 decrypts the content key Kco output from the storage module 73 and encrypted with the temporary key Ktemp using the temporary key Ktemp, and outputs it to the decryption module 77. The decryption module 77
The content recorded on the HDD 52 is used as the content key Kco
And outputs it to the decompression module 78. The decompression module 78 further decompresses the decrypted content by a method such as ATRAC2, and outputs it to the watermark addition module 79. The watermark adding module 79 inserts a predetermined watermark for identifying the receiver 51 into the content, and outputs the music to the recorder 53 or to a speaker (not shown) to reproduce music.

The HDD 52 records the content supplied from the service provider 3. The recorder 53 that records and reproduces the content supplied from the service provider 3 on an attached optical disk (not shown) includes a recording / reproducing unit 65, a SAM 66, and a decompression unit 67.
The recording / reproducing unit 65 is loaded with an optical disk, and records and reproduces contents on the optical disk. SAM66 is SAM
It has the same function as 62 and its description is omitted. Extension part 6
7 has the same function as the extension unit 63, and the description thereof is omitted. The MD (Mini Disk: trademark) drive 54 records and reproduces the content supplied from the service provider 3 to the MD (not shown) mounted.

The IC card 55 is attached to the receiver 51, and stores predetermined data such as the delivery key Kd and the device ID stored in the storage module 73. For example, when purchasing a new receiver 51 and replacing it with the receiver 51 that has been used, the user must first use the IC
The card 55 stores predetermined data such as the delivery key Kd stored in the storage module 73 of the receiver 51 used so far. Next, the user inserts the IC card 55 into a new receiver 51, and
1 to operate the user management unit 1 of the EMD service center 1
8, the new receiver 51 is registered. The user management unit 18 of the EMD service center 1 stores the data stored in the IC card 55 (the ID of the receiver 51 used so far).
And the like, and retrieves data such as a user's name and the number of a credit card used for payment of a usage fee from a database held by the user management unit 18, and performs a registration process based on the data. So that the user
There is no need to enter troublesome data. The IC card 55
It comprises a mutual authentication module 80 and a storage module 81. The mutual authentication module 80 performs mutual authentication with the SAM 62. The storage module 81 stores the data supplied from the SAM 62 via the IC card interface 64, and outputs the stored data to the SAM 62.

FIG. 11 is a block diagram showing another example of the configuration of the user home network 5. The receiver 51 and the recorder 53 having this configuration are provided with the extension unit 6 shown in FIG.
3 and the extension portion 67 are omitted. Instead, the decoder 56 connected to the recorder 53 has the same function as the decompression unit 63 or the decompression unit 67. Other configurations are the same as those in FIG.

The decoder 56 for decrypting, decompressing and adding a watermark to the content
01, decoding module 102, decoding module 103,
It comprises a decompression module 104 and a watermark addition module 105. Mutual authentication module 10
1 mutually authenticates with the SAM 62 or SAM 66, and the temporary key Kt
emp is output to the decryption module 102. The decryption module 102 outputs the temporary key Ktem
The content key Kco encrypted with p is used as the temporary key Ktem
It decodes with p and outputs to the decoding module 103. The decryption module 103 decrypts the content recorded on the HDD 52 with the content key Kco, and outputs the decrypted content to the decompression module 104. The decompression module 104 further decompresses the decrypted content by a method such as ATRAC2, and outputs it to the watermark addition module 105. The watermark adding module 105 inserts a predetermined watermark identifying the decoder 56 into the content, and outputs it to the recorder 53 or to a speaker (not shown) to play back music.

FIG. 12 is a diagram for explaining information transmitted and received among the EMD service center 1, the content provider 2, the service provider 3, and the user home network 5. The content provider 2 stores the encrypted content, the encrypted content key Kco, the handling policy, and the signature in a content provider secure container (the details of which will be described later with reference to FIG. 13). A certificate of the content provider 2 (the details of which will be described later with reference to FIG. 14) is attached to the container, and the container is transmitted to the service provider 3. Content Provider 2 also attaches Content Provider 2's certificate to the handling policy and signature,
Send to EMD service center 1.

The service provider 3 generates price information based on the handling policy included in the received content provider secure container, and encrypts the content, the encrypted content key Kco, the handling policy, the price information, and the signature. Is stored in the service provider secure container (the details of which will be described later with reference to FIG. 15), and the certificate of the service provider 3 (the details thereof will be described later with reference to FIG. 16) is stored in the service provider secure container.
To the user home network 5. The service provider 3 also attaches the certificate of the service provider 3 to the price information and the signature, and transmits the certificate to the EMD service center 1.

The user home network 5 generates license information from the handling policy included in the received service provider secure container, and generates the license information according to the license information.
Use content. When the content key Kco is decrypted in the user home network 5, billing information is generated. The billing information is encrypted at a predetermined timing, signed with a handling policy, and transmitted to the EMD service center 1.

The EMD service center 1 calculates the usage fee based on the billing information and the handling policy, and calculates the profit of each of the EMD service center 1, the content provider 2 and the service provider 3. The EMD service center 1 further compares the handling policy received from the content provider 2, the price information received from the service provider 3, the charging information received from the user home network 5, and the handling policy, and compares the service policy with the service provider 3.
Alternatively, the user home network 5 audits whether there has been any fraud such as falsification of the handling policy or improper price addition.

FIG. 13 is a view for explaining a content provider secure container. The content provider secure container includes the content encrypted with the content key Kco, the content key Kco encrypted with the delivery key Kd, a handling policy, and a signature. The signature is the content encrypted with the content key Kco, the delivery key Kd
And a hash value generated by applying a hash function to the content key Kco encrypted by the secret key Kscp of the content provider 2.

FIG. 14 is a diagram for explaining the certificate of the content provider 2. The certificate of the content provider 2 includes the certificate version number, the serial number of the certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for signature, the name of the certificate authority,
It contains the expiration date of the certificate, the name of the content provider 2, the public key Kpcp of the content provider, and the signature. The signature is the certificate version number, the certificate serial number assigned to the content provider 2 by the certificate authority,
The hash value generated by applying the hash function to the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the certificate, the name of the content provider 2, and the public key Kpcp of the content provider are stored in the secret of the certificate authority. This is data encrypted with the key Ksca.

FIG. 15 is a diagram illustrating a service provider secure container. The service provider secure container includes a content encrypted with the content key Kco and a content key Kc encrypted with the delivery key Kd.
o, including policies, pricing information, and signatures. The signature is
Content encrypted with the content key Kco, content key Kco encrypted with the delivery key Kd, handling policy,
And data obtained by applying a hash function to the price information and encrypting the hash value with the secret key Kssp of the service provider 3.

FIG. 16 is a diagram for explaining the certificate of the service provider 3. The certificate of the service provider 3 includes the version number of the certificate, the serial number of the certificate assigned to the service provider 3 by the certificate authority, the algorithm and parameters used for signature, the name of the certificate authority, the expiration date of the certificate, the service provider 3 , The service provider's public key Kpsp, and a signature. The signature is the version number of the certificate, the serial number of the certificate assigned by the certificate authority to the service provider 3, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the certificate, the name of the service provider 3, the service provider Is a data obtained by encrypting a hash value generated by applying a hash function to the public key Kpsp with a secret key Ksca of a certificate authority.

FIG. 17 is a diagram showing the handling policy, price information, and license condition information. The handling policy (FIG. 17 (A)) of the content provider 2 is prepared for each content, and indicates usage details that the user home network 5 can use. For example, the handling policy of FIG. 17A indicates that the user home network 5 permits reproduction and multi-copy of the content, but does not permit single copy.

FIG. 18 is a diagram for explaining single copy and multicopy. Multi-copy refers to creating a plurality of copies from content whose copy permission is granted in the license information when the license condition is purchased. However, as shown in FIG. 18A, the copy cannot be further copied (not permitted). The single copy means that only one copy is created from the content to which the copy permission is given in the license information when the license condition is purchased. Also in the case of single copy, as shown in FIG. 18B, the copy cannot be further copied (not permitted).

The service provider 3 adds the price information to the handling policy (FIG. 17A) from the content provider 2 as shown in FIG. For example, FIG.
The price information of (B) indicates that the fee for reproducing and using the content is 150 yen, and the fee for using the multi-copy is 80 yen. Although not illustrated in FIG. 17, the price information of a single copy represents a usage fee per copy. For example, in the case of using three copies, three times the usage fee of the single copy is paid. The content to which multi-copy or single copy is permitted is limited to the content to which the copy permission is given in the license condition information when the license condition is purchased.

The user home network 5 uses the usage license condition information (FIG. 17B) indicating the usage content selected by the user from the available usage content (FIG. 17B) indicated by the handling policy supplied from the service provider 3. FIG.
(C)) is stored. For example, the license condition information shown in FIG. 17C indicates that the content can be reproduced and used, and single copy and multicopy cannot be performed.

FIG. 19 shows a handling policy and price information when the content provider 2 adds profit sharing information to the handling policy and the service provider 3 adds profit sharing information to the price information as compared with the example of FIG. FIG. In contrast to the example shown in FIG. 17, in the example of FIG. 19, the profit of the content provider 2 is 70 yen when the content is reproduced and used, and 40% when the content is reproduced and used.
Information indicating a circle has been added (FIG. 19).
(A)). Further, as the profit sharing information, the profit of the service provider 3 is used when the content is reproduced and used.
It has been added that the price is 0 yen, and the cost is 30 yen when multi-copying is used (FIG. 19B). Prices are shown in Figure 1.
As in the case of FIG. 7 (A), the reproduction is ¥ 150 and the multicopy is ¥ 40. Price (e.g. 150
From the profit of the content provider 2 (for example, 70
Yen) and the profit of the service provider 3 (for example, 60
The amount obtained by subtracting (yen) (for example, 20 yen) is the profit of the EMD service center 1. The EMD service center 1 obtains a handling policy, a profit sharing rate, and price information via the user home network 5 together with charging information (FIG. 19C) indicating the use result of the content of the user home network 5. , Content provider 2, service provider 3, and EMD service center 1 can be calculated.

FIG. 20 shows the handling policy, price information, and the like when a plurality of modes are set for the use of content reproduction.
FIG. 7 is a diagram illustrating license agreement information. FIG.
In the example of (A), in the service provider 3, as the handling policy and price information,
Unlimited playback, playback with a count limit (five times in this example), and date limit (in this example, January 1998
Playback until February 31) is set. In the case where the user uses the content by selecting reproduction with a limit of five times and receives the content and has not yet reproduced the content, the user home network as shown in FIG. “5” is recorded as the value corresponding to the number-of-times restriction of the license condition information of No. 5. The value corresponding to the number-of-times restriction is decremented each time the content is reproduced (used) in the user home network 5. For example, after the content has been reproduced three times, the value becomes the value shown in FIG.
It is set to "2" as shown in 0 (C). When the value corresponding to the number-of-times restriction becomes “0”, the user home network 5 cannot reproduce and use the content any more.

FIG. 21 is a diagram for explaining another example of information transmitted and received among the EMD service center 1, the content provider 2, the service provider 3, and the user home network 5. In contrast to the example shown in FIG. 12, in the example of FIG. 21, the service provider 3 creates handling control information based on the handling policy from the content provider 2. The handling control information is stored in the service provider secure container together with the content and the like, transmitted to the user home network 5, and also transmitted to the EMD service center 1. The handling control information is transmitted from the user home network 5 to the EMD service center 1 together with the billing information and the handling policy.

FIG. 22 is a view for explaining the service provider secure container in the case of the example of FIG. The service provider secure container uses the content key Kco
, A content key Kco encrypted with the delivery key Kd, a handling policy, handling control information, price information, and a signature. The signature is the content key Kco
A hash value generated by applying a hash function to the content encrypted with the content key, the content key Kco encrypted with the delivery key Kd, the handling policy, the handling control information, and the price information is used as the secret key of the service provider 3. This is data encrypted by Kssp.

FIG. 23 is a diagram showing the configuration of the handling policy, handling control information, price information, and license conditions in the case of the example of FIG. In the case of the example shown in FIG. 23, the handling policy (FIG. 23A) of the content provider 2 does not have a format in which the price information can be referred to in comparison with the handling policy even if the price information is added as it is. Therefore, the service provider 3 generates handling control information having a format in which price information can be referred to in comparison with price information based on the handling policy,
Affixing the price information to the user home network 5
(FIG. 23B). In the user home network, the license agreement information (FIG. 2)
3 (C)). The content provider 2 of FIG. 23 has an advantage that it is sufficient to record a handling policy of a smaller data amount as compared with the case of FIG.

FIG. 24 is a diagram for explaining still another configuration of the content and information accompanying the content transmitted and received between the EMD service center 1, the content provider 2, the service provider 3, and the user home network 5. In contrast to the example shown in FIG. 21, in the example shown in FIG. 24, the handling policy, handling control information, price information, and billing information are encrypted by public key encryption and transmitted.
The system of FIG. 24 has improved security against attacks from outside the system as compared with the case of the example of FIG.

FIG. 25 is a view for explaining a content provider secure container in the case of the example of FIG. The content provider secure container uses the content key K
The content includes a content encrypted with co, a content key Kco encrypted with the delivery key Kd, a handling policy encrypted with the delivery key Kd, and a signature. The signature is a hash value generated by applying a hash function to the content encrypted with the content key Kco, the content key Kco encrypted with the delivery key Kd, and the handling policy encrypted with the delivery key Kd. To the secret key Ks of the content provider 2.
This is data encrypted by cp.

FIG. 26 is a view for explaining the service provider secure container in the case of the example of FIG. The service provider secure container uses the content key Kco
The content encrypted with the delivery key Kd, the content key Kco encrypted with the delivery key Kd, the handling policy encrypted with the delivery key Kd, the handling control information encrypted with the delivery key Kd, and the delivery key Kd Includes encrypted price information and signature. The signature is the content encrypted with the content key Kco, the content key Kc encrypted with the delivery key Kd.
o, handling policy encrypted with delivery key Kd, delivery key K
The hash value generated by applying the hash function to the handling control information encrypted with d and the price information encrypted with the delivery key Kd is used as the secret key Ks of the service provider 3.
This is data encrypted by sp.

FIG. 27 is a diagram for explaining the operation when EMD service center 1 receives billing information from user home network 5. User home network 5
After the mutual authentication, the user management unit 18
The mp is shared, and the delivery key Kd from the key server 14 is encrypted with this key and transmitted to the user home network 5. After decrypting the received delivery key Kd with the shared temporary key Ktemp, the user home network 5 updates the delivery key Kd as necessary. Further, using the shared temporary key Ktemp, the accounting information and the handling policy are encrypted and transmitted to the EMD service center 1. The user management unit 18 receives this. The user management unit 18 stores a temporary key K in which the received billing information and the handling policy are shared.
After being decrypted by temp, it is transmitted to the history data management section 15 and the billing section 19. When it is determined that the settlement is to be executed, the history data management unit 15 transmits the received charging information to the profit distribution unit 16, and further transmits the received charging information and handling policy to the charging request unit 19. Profit sharing department 1
6 calculates a billing amount and a payment amount for the content provider 2, the service provider 3, and the EMD service center 1 itself. The billing unit 19 calculates the user's payment amount and transmits the information to the accounting unit 20. The accounting unit 20 communicates with an external bank or the like (not shown) to execute settlement processing. At this time, if there is information such as the unpaid user fee, the information is transmitted to the billing unit 19 and the user management unit 18 and is used at the time of subsequent user registration processing or transmission key Kd transmission processing. Referenced.

FIG. 28 is a diagram for explaining the operation of the profit distribution processing of the EMD service center 1. History Data Management Department 1
5 is billing information indicating the usage history of the content of the user;
The handling policy and the price data are transmitted to the profit distribution unit 16. The profit distribution unit 16 calculates the profit of each of the content provider 2, the service provider 3, and the EMD service center 1 based on the information, and outputs the result to the service provider management unit 11, the content provider management unit 12, the accounting unit. 20 and the copyright management unit 13. The accounting unit 20 communicates with an external bank or the like (not shown),
Execute the closing process. Service provider management unit 11
Transmits the profit information of the service provider 3 to the service provider 3. Content provider management unit 12
Transmits the information on the profit of the content provider 2 to the content provider 2. The auditing unit 21 audits the billing information, the price information, and the validity of the handling policy supplied from the devices of the user home network 5.

FIG. 29 is a diagram for explaining the operation of the EMD service center 1 for transmitting information on the results of use of contents to JASRAC. The history data management unit 15 transmits the charging information indicating the usage history of the content of the user to the copyright management unit 13 and the profit distribution unit 16. Profit sharing unit 16
Calculates the amount charged and paid to JASRAC,
The information is transmitted to the accounting unit 20. The accounting unit 20 communicates with an external bank or the like (not shown) to execute settlement processing. The copyright management unit 13 uses the content
Send to AC.

Next, the processing of the EMD system will be described. FIG. 30 is a flowchart for explaining the content distribution and reproduction processing of this system. In step S11, the content provider management unit 12 of the EMD service center 1 transmits the delivery key Kd to the content provider 2, and the content provider 2 receives this. Details of the processing will be described later with reference to the flowchart in FIG. In step S12, the user selects a device of the user home network 5 (for example, FIG. 1).
0 of the EMD service center 1 by operating the receiver 51) of the EMD service center 1.
Register with. Details of this registration processing will be described later with reference to the flowchart in FIG. In step S13,
The user management unit 18 of the EMD service center 1 transmits the distribution key Kd to the device of the user home network 5 after performing mutual authentication with the user home network 5 as shown in FIGS. The user home network 5 receives this key. Details of this processing will be described with reference to the flowchart in FIG.

In step S14, the secure container creation unit 38 of the content provider 2 transmits the content provider secure container to the service provider 3. Details of this transmission processing will be described later with reference to the flowchart in FIG. In step S15, the secure container creation unit 44 of the service provider 3
In response to a request from the user home network 5, the service provider secure container is transmitted to the user home network 5 via the network 4. Details of this transmission processing will be described later with reference to the flowchart in FIG. In step S16, the charging module 72 of the user home network 5 executes a charging process. Details of the billing process will be described later with reference to the flowchart in FIG. In step S17, the user plays the content on the device of the user home network 5. Details of the reproduction process will be described later with reference to the flowchart in FIG.

On the other hand, the process when the content provider 2 transmits the handling policy after encrypting it is as shown in the flowchart of FIG. In step S21,
Content provider management unit 1 of EMD service center 1
2 transmits the distribution key Kd to the content provider 2. In step S22, the service provider management unit 11 of the EMD service center 1 transmits the delivery key Kd to the service provider 3. Subsequent steps S2
The processing from step 3 to step S28 is performed in step S1 in FIG.
The processing is the same as the processing from step 2 to step S17, and the description thereof is omitted.

FIG. 32 shows the details of the process in which the EMD service center 1 transmits the delivery key Kd to the content provider 2 and the content provider 2 receives this, corresponding to step S11 in FIG. 30 and step S21 in FIG. It is a flowchart explaining. In step S31, the mutual authentication unit 17 of the EMD service center 1 performs mutual authentication with the mutual authentication unit 39 of the content provider 2. Details of the mutual authentication processing will be described later with reference to FIG. Through the mutual authentication process, the content provider 2
Is determined to be a valid provider, in step S32, the encryption unit 34 and the encryption unit 36 of the content provider 2
Receives the delivery key Kd transmitted from the content provider management unit 12 of the server. In step S33, the encryption unit 34 of the content provider 2 stores the received delivery key Kd.

As described above, the content provider 2
The distribution key Kd is received from the EMD service center 1. Similarly, in the case of performing the processing of the flowchart shown in FIG. 31, in addition to the content provider 2, the service provider 3 performs the same processing as in FIG.
Receives the delivery key Kd.

Next, in step S31 of FIG.
The process of mutual authentication for confirming that there is no so-called spoofing will be described with reference to an example using one common key (FIG. 33), using two common keys (FIG. 34), and using public key encryption (FIG. 35). I do.

FIG. 33 is a flowchart for explaining the operation of mutual authentication between the mutual authentication unit 39 of the content provider 2 and the mutual authentication unit 17 of the EMD service center 1 using DES which is a common key encryption with one common key. It is. In step S41, the mutual authentication unit 39 of the content provider 2 generates a 64-bit random number R1 (may be generated by the random number generation unit 35). Step S42
, The mutual authentication unit 39 of the content provider 2
Encrypts the random number R1 with the common key Kc stored in advance using DES (or may be encrypted by the encryption unit 36). In step S43, the mutual authentication unit 39 of the content provider 2 sends the encrypted random number R1
This is transmitted to the mutual authentication unit 17 of the EMD service center 1.

In step S44, the mutual authentication unit 17 of the EMD service center 1 decrypts the received random number R1 with the previously stored common key Kc. In step S45, the mutual authentication unit 17 of the EMD service center 1
A bit random number R2 is generated. In step S46, the mutual authentication unit 17 of the EMD service center 1 replaces the lower 32 bits of the decrypted 64-bit random number R1 with the random number R2, and generates a concatenation R1 _H ‖R2. Here, Ri _H represents the upper bit of Ri, and A‖B represents A and B
(N-bit A is combined with m-bit B to form (n + m) bits). Step S
At 47, the mutual authentication unit 17 of the EMD service center 1
Encrypts R1 _H ‖R2 with the common key Kc using DES. In step S48, the mutual authentication unit 17 of the EMD service center 1 transmits the encrypted R1 _H ‖R2 to the content provider 2.

In step S49, the mutual authentication unit 39 of the content provider 2 decrypts the received R1 _H ‖R2 with the common key Kc. In step S50, the mutual authentication unit 39 of the content provider 2 sends the decrypted R1
_H上位 The upper 32 bits R1 _H of R2 are checked, and step S4
Generated by 1, if they match the upper 32 bits R1 _H of the random number R1, to authenticate that the EMD service center 1 is legitimate center. A random number R1 _H which generated, when the received R1 _H do not match, the process is terminated. When they match, in step S51, the content provider 2
Generates a 32-bit random number R3. In step S52, the content provider 2
The mutual authentication unit 39 sets the received and decrypted 32-bit random number R2 in the upper position, sets the generated random number R3 in the lower position, and makes the connection R2‖R3. In step S53, the mutual authentication unit 39 of the content provider 2
And the concatenation R2‖R3 is encrypted with the common key Kc. In step S54, the mutual authentication unit 39 of the content provider 2 transmits the encrypted connection R2ＲR3 to the mutual authentication unit 17 of the EMD service center 1.

In step S55, the mutual authentication unit 17 of the EMD service center 1 decrypts the received connection R2ＲR3 with the common key Kc. In step S56, the mutual authentication unit 17 of the EMD service center 1 sends the decrypted connection R2
上位 Check the upper 32 bits of R3, and if they match the random number R2, authenticate the content provider 2 as a legitimate provider; otherwise, terminate the process as an invalid provider.

FIG. 34 shows two common keys Kc1 and Kc2.
6 is a flowchart for explaining the operation of mutual authentication between the mutual authentication unit 39 of the content provider 2 and the mutual authentication unit 17 of the EMD service center 1 using DES which is a common key encryption. In step S61, the mutual authentication unit 39 of the content provider 2 generates a 64-bit random number R1. In step S62, the mutual authentication unit 39 of the content provider 2 uses DES to encrypt the random number R1 with the previously stored common key Kc1. Step S6
3, the mutual authentication unit 39 of the content provider 2
Transmits the encrypted random number R1 to the EMD service center 1.

In step S64, the mutual authentication unit 17 of the EMD service center 1 decrypts the received random number R1 with the common key Kc1 stored in advance. In step S65, the mutual authentication unit 17 of the EMD service center 1 encrypts the random number R1 with the common key Kc2 stored in advance.
In step S66, the mutual authentication unit 17 of the EMD service center 1 generates a 64-bit random number R2. In step S67, the mutual authentication unit 17 of the EMD service center 1 encrypts the random number R2 with the common key Kc2. In step S68, the mutual authentication unit 17 of the EMD service center 1 transmits the encrypted random numbers R1 and R2 to the mutual authentication unit 39 of the content provider 2.

In step S69, the mutual authentication section 39 of the content provider 2 decrypts the received random numbers R1 and R2 with the common key Kc2 stored in advance.
In step S70, the mutual authentication unit 39 of the content provider 2 checks the decrypted random number R1,
If the random number R1 matches the random number R1 generated before (the random number R1 before encryption), the EMD service center 1 is authenticated as an appropriate center. In step S71, the mutual authentication unit 39 of the content provider 2 encrypts the decrypted random number R2 with the common key Kc1. In step S72, the mutual authentication unit 39 of the content provider 2
The encrypted random number R2 is transmitted to the EMD service center 1.

In step S73, the mutual authentication unit 17 of the EMD service center 1 decrypts the received random number R2 with the common key Kc1. In step S74, the mutual authentication unit 17 of the EMD service center 1 checks the decrypted random number R2
If the content provider 2 matches the random number R2 (the random number R2 before encryption) generated in step S66, the content provider 2 is authenticated as a proper provider.

FIG. 35 shows a content provider 2 using a 160-bit elliptic curve cryptosystem which is a public key cryptosystem.
7 is a flowchart for explaining the operation of mutual authentication between the mutual authentication unit 39 of the EMD service center 1 and the mutual authentication unit 17 of the EMD service center 1. In step S81, the content provider 2
Generates a 64-bit random number R1. In step S82, the content provider 2
The mutual authentication unit 39 transmits a certificate including its own public key Kpcp (obtained in advance from a certificate authority) and a random number R1 to the mutual authentication unit 17 of the EMD service center 1.

In step S83, the mutual authentication unit 17 of the EMD service center 1 publishes the signature of the received certificate (encrypted with the secret key Ksca of the certificate authority) of the certificate authority obtained in advance. The content is decrypted with the key Kpca, the public key Kpcp of the content provider 2 and the hash value of the name of the content provider 2 are extracted, and the public key Kpcp of the content provider 2 and the name of the content provider 2 stored in the certificate in plain text Take out. If the certificate is valid and issued by the certificate authority, the signature of the certificate can be decrypted. The hash value of the public key Kpcp and the hash value of the name of the content provider 2 obtained by decrypting the certificate can be obtained in plain text. It matches the hash value obtained by applying the hash function to the public key Kpcp of the content provider 2 and the name of the content provider 2 stored in the certificate as they are. Thereby, it is authenticated that the public key Kpcp is not a falsified one but an appropriate one. If the signature cannot be decrypted, or if the hash values do not match, the signature is not a proper public key or a proper provider. At this time, the process ends.

When a proper authentication result is obtained, in step S84, the mutual authentication unit 1 of the EMD service center 1
7 generates a 64-bit random number R2. Step S8
5, the mutual authentication unit 17 of the EMD service center 1
Generates a concatenation R1‖R2 of the random number R1 and the random number R2. In step S86, the mutual authentication unit 17 of the EMD service center 1 encrypts the connection R1‖R2 with its own secret key Ksesc. In step S87, EM
D The mutual authentication unit 17 of the service center 1 determines that the connection R1 @ R
2 is encrypted with the public key Kpcp of the content provider 2 acquired in step S83. In step S88, the mutual authentication unit 17 of the EMD service center 1 establishes the connection R1‖R2 encrypted with the secret key Ksesc and the public key K
It transmits the concatenation R1 @ R2 encrypted by pcp and a certificate (a certificate obtained in advance from a certificate authority) including its own public key Kpesc to the mutual authentication unit 39 of the content provider 2.

In step S89, the mutual authentication section 39 of the content provider 2 decrypts the signature of the received certificate with the public key Kpca of the certificate authority obtained in advance,
If it is correct, the public key Kpesc is extracted from the certificate. The processing in this case is the same as that in step S83, and a description thereof will be omitted. In step S90, the mutual authentication unit 39 of the content provider 2 checks the EMD
The connection R1ＲR2 encrypted with the secret key Ksesc of the service center 1 is decrypted with the public key Kpesc obtained in step S89. In step S91, the mutual authentication unit 39 of the content provider 2 decrypts the concatenation R1‖R2 encrypted with its own public key Kpcp with its own secret key Kscp. In step S92, the mutual authentication unit 39 of the content provider 2
The connection R1‖R2 decrypted in step S90 is compared with the connection R1‖R2 decrypted in step S91, and if they match, the EMD service center 1 is authenticated as being proper.
If they do not match, it is determined to be inappropriate and the process ends.

When a proper authentication result is obtained, in step S93, the mutual authentication unit 39 of the content provider 2 generates a 64-bit random number R3. Step S
At 94, the mutual authentication unit 3 of the content provider 2
9 generates a concatenation R2‖R3 of the random number R2 obtained in step S90 and the generated random number R3. Step S9
5, the mutual authentication unit 39 of the content provider 2
Encrypts the concatenation R2 @ R3 with the public key Kpesc obtained in step S89. In step S96,
The mutual authentication unit 39 of the content provider 2 transmits the encrypted connection R2 @ R3 to the mutual authentication unit 17 of the EMD service center 1.

In step S97, the mutual authentication unit 17 of the EMD service center 1 checks the encrypted connection R2 @ R
3 is decrypted with its own secret key Ksesc. In step S98, the mutual authentication unit 1 of the EMD service center 1
7, if the decrypted random number R2 matches the random number R2 generated in step S84 (the random number R2 before encryption), the content provider 2 is authenticated as a proper provider; And the process ends.

As described above, the mutual authentication unit 17 of the EMD service center 1 and the mutual authentication unit 3 of the content provider 2
9 mutually authenticates. The random number used for the mutual authentication is used as a temporary key Ktemp that is effective only for processing subsequent to the mutual authentication.

FIG. 36 shows an example in which the receiver 51 corresponds to step S12 in FIG. 30 and step S23 in FIG.
9 is a flowchart illustrating a process of registering in the user management unit 18 of the D service center 1. In step S101, the SAM 62 of the receiver 51 determines whether or not the backup IC card 55 is mounted on the receiver 51 from the output of the IC card interface 64, and determines that the backup IC card 55 is mounted. If it is determined (for example, the receiver 51
(In the case where the data of the original receiver 51 is backed up on the backup IC card 55 in order to transfer the data of the original receiver 51 to the new receiver 51), the process proceeds to step S102, and the IC card 55 Of the backup data stored in the storage device. Details of this processing will be described later with reference to the flowchart in FIG. Of course, before this reading process is executed, it is necessary to store the backup data in the IC card 55.
It will be described later with reference to FIG.

If it is determined in step S101 that the backup IC card 55 is not mounted, the procedure skips step S102 and proceeds to step S103. In step S103, the SAM 62
The mutual authentication module 71 performs mutual authentication with the mutual authentication unit 17 of the EMD service center 1, and the SAM 62
This is transmitted to the user management unit 18 of the service center 1. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S103, the certificate transmitted by the SAM 62 to the user management unit 18 of the EMD service center 1 includes the data shown in FIG. The certificate transmitted by the SAM 62 has substantially the same configuration as the certificate of the content provider 2 shown in FIG. 14, but further includes data indicating whether or not the certificate is dependent on another SAM. In step S104, the SAM 62 transmits, via the communication unit 61, information on a settlement institution such as a bank of the user, which is encrypted with the temporary key Ktemp, to the user management unit 18 of the EMD service center 1.

At step S105, the user management unit 18 of the EMD service center 1
, The user registration database shown in FIG. 7 is searched. In step S106, the EMD service center 1
The user management unit 18 determines whether the registration of the SAM 62 having the received ID is possible, and has the received ID.
If it is determined that the SAM 62 can be registered, the process proceeds to step S107, and it is determined whether the SAM 62 having the received ID is a new registration. If it is determined in step S107 that the SAM 62 having the received ID is not a new registration, the procedure proceeds to step S108.

In step S108, the user management unit 18 of the EMD service center 1 executes update registration, searches the user registration database based on the received ID, and creates a registration list. This registration list is, for example, as shown in FIG.
And a registration rejection flag indicating whether or not the user management unit 18 of the EMD service center 1 has refused registration in accordance with the SAM ID of the device, and a content key Kco if the device is a dependent device. A status flag indicating the usage conditions of the
A secret key Kses of the EMD service center 1 converts a condition flag indicating whether the device is a dependent device, and a hash value generated by applying a hash function to the registration rejection flag, the status flag, and the condition flag.
It consists of a signature encrypted in c.

The SAM ID of the device indicates a unique 64-bit ID of the device (in FIG. 38, indicated by a hexadecimal number).
The registration rejection flag “1” indicates that the user management unit 18 of the EMD service center 1 has registered a device having the corresponding ID, and the registration rejection flag “0” indicates the user management unit 18 of the MD service center 1. Indicates that the registration of the device having the corresponding ID has been refused.

The MSB (Most Significant) of the status flag
“1” of Bit) indicates that the child device (eg, the recorder 53) having the corresponding ID can obtain the content key Kco from the subordinate parent device (eg, the receiver 51).
“0” of the MSB of the status flag indicates that the child device having the corresponding ID has a content key Kco
Is not received. The first bit “1” from the upper bit of the status flag indicates the storage key Ks of the parent device from the parent device on which the child device having the corresponding ID is subordinate.
Indicates that the content key Kco encrypted with ave is obtained. The third bit from the top of the status flag
1 "is a content key Kc encrypted with the delivery key Kd from the parent device on which the child device having the corresponding ID is subordinate.
o. LSB of status flag (Leas
t Significant Bit) is “1”, the dependent parent device purchases the content key Kco encrypted with the delivery key Kd,
This indicates that the content key Kco is to be encrypted with the temporary key Ktemp and passed to the child device having the corresponding ID.

The condition flag “0” indicates that the device having the corresponding ID can directly communicate with the user management unit 18 of the EMD service center 1 (that is, the device is a parent device such as the receiver 51, for example). , The condition flag “1” indicates that the device having the corresponding ID is EMD
This indicates that direct communication with the user management unit 18 of the service center 1 is not possible (that is, a child device such as the recorder 53). When the condition flag is "0", the status flag is always set to "0000".

In step S109, the user management unit 18 of the EMD service center 1 encrypts the key server 14 encrypted with the temporary key Ktemp supplied from the mutual authentication unit 17.
The distribution key Kd supplied from the
Send to In step S110, the receiver 51
The SAM 62 converts the received delivery key Kd into a temporary key Ktem.
Decode with p and store in the storage module 73.

In step S111, the user management section 18 of the EMD service center 1 transmits the registration list encrypted with the temporary key Ktemp to the SAM 62 of the receiver 51. In step S112, the SAM 6 of the receiver 51
2 decrypts the received registration list with the temporary key Ktemp and stores it in the storage module 73, and the process ends.

If it is determined in step S107 that the SAM 62 having the received ID is a new registration,
The procedure proceeds to step S114, where the user management unit 18 of the EMD service center 1 executes a new registration, creates a registration list, and proceeds to step S109.

If it is determined in step S106 that registration of the SAM 62 having the received ID is impossible,
Proceeding to step S113, the user management unit 18 of the EMD service center 1 creates a registration list of registration rejection, and proceeds to step S111.

As described above, the receiver 51 is registered in the EMD service center 1.

Next, details of the process of storing predetermined data such as the delivery key Kd stored in the storage module 73 of the receiver 51 used in the receiver 51 in the IC card 55 will be described.
This will be described with reference to the flowchart in FIG. In step S121, the mutual authentication module 71 of the SAM 62
Performs mutual authentication with the mutual authentication module 80 of the IC card 55. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S122, the random number generation unit 92 of the SAM 62 generates a random number used as the backup key Kic. In step S123, the SAM 62
Of the SAM stored in the storage module 73, the storage key Ksave, and the HDD
The ID of 52 is encrypted using the backup key Kic. In step S124, the encryption unit 93 of the SAM 62 transmits the public key Kpesc of the EMD service center 1.
Encrypts the backup key Kic (SAM62 uses EMD
In the authentication process with the service center 1 (step S89 in FIG. 35), the public key Kp of the EMD service center 1
esc). In step S125,
The SAM 62 of the receiver 51 sends the encrypted SAM ID number and the storage key K via the IC card interface 64.
The save, the ID of the HDD 52, and the encrypted backup key Kic are transmitted to the IC card 55 and stored in the storage module 81.

As described above, the SAM ID number stored in the storage module 73 of the SAM 62, the storage key Ksave,
And the ID of the HDD 52 are encrypted using the backup key Kic, and the public key Kpesc of the EMD service center 1 is encrypted.
IC with backup key Kic encrypted using
It is stored in the storage module 81 of the card 55.

For details of an example of another process of storing predetermined data such as the delivery key Kd stored in the storage module 73 of the receiver 51 used in the receiver 51 in the IC card 55, see the flowchart of FIG. Will be explained. In step S131, the mutual authentication module 71 of the SAM 62 performs mutual authentication with the mutual authentication module 80 of the IC card 55. In step S132, the encryption unit 93 of the SAM 62 checks the ID number of the SAM stored in the storage module 73, the storage key Ksave, and the
The ID is encrypted using the public key Kpesc of the EMD service center 1. In step S133, the receiver 5
The first SAM 62 receives the encrypted SAM ID number, storage key Ksave,
Then, the ID of the HDD 52 is transmitted to the IC card 55 and stored in the storage module 81.

By the processing shown in FIG. 40, the ID number of the SAM encrypted using the public key Kpesc of the EMD service center 1, the storage key Ksave, and the HDD 52 The ID is stored in the storage module 81 of the IC card 55.

As described above, the data backed up in the IC card 55 is obtained by the processing in step S102 in FIG.
The data is read into a new receiver 51. FIG. 41 shows FIG.
6 is a flowchart for describing processing when data backed up in the processing shown in FIG. Step S14
In 1, the mutual authentication module 71 of the SAM 62 of the new receiver 51 performs mutual authentication with the mutual authentication module 80 of the IC card 55. This authentication processing is performed in accordance with FIGS.
5, the description is omitted here.

At step S142, the SAM 62
Via the C card interface 64, the data of the storage module 73 of the old receiver 51 (SAM ID number, storage key Ksave, and HDD 52) stored in the storage module 81 and encrypted with the backup key Kic.
The backup key Kic encrypted with the public key Kpesc of the EMD service center 1 is read. In step S143,
The mutual authentication module 71 of the SAM 62 performs mutual authentication with the mutual authentication unit 17 of the EMD service center 1 via the communication unit 61. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. At step S144, the SAM 62
1, the data of the storage module 73 encrypted with the backup key Kic and the backup key Kic encrypted with the public key Kpesc of the EMD service center 1 are stored in the user management unit 1 of the EMD service center 1.
8

In step S145, the user management section 18 of the EMD service center 1 decrypts the received backup key Kic with its own secret key Ksesc. In step S146, the user management unit 18 of the EMD service center 1 decrypts the received backup data with the backup key Kic. In step S147, the user management unit 18 of the EMD service center 1 encrypts the decrypted backup data again using the temporary key Ktemp supplied from the mutual authentication unit 17. In step S148, the user management unit 18 of the EMD service center 1 transmits the backup data encrypted with the temporary key Ktemp to the communication unit 61 of the receiver 51.

At step S149, the receiver 51
The communication unit 61 transmits the data received from the user management unit 18 of the EMD service center 1 to the SAM 62,
Decrypts the data and stores it in the storage module 73. In step S150, the user management unit 18 of the EMD service center 1 sets the data of the user registration database (FIG. 7) corresponding to the ID of the SAM 62 of the old device having the data stored in the IC card 55 to be unregisterable,
The process ends.

Thus, the new receiver 51 reads the backup data of the IC card 55.

A process for reading data backed up in the process shown in FIG. 40 will be described with reference to a flowchart shown in FIG. In step S161, the mutual authentication module 71 of the SAM 62 of the new receiver 51
Performs mutual authentication with the mutual authentication module 80 of the IC card 55. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S162, the SAM 62 transmits the old receiver 51 encrypted with the public key Kpesc of the EMD service center 1 via the IC card interface 64.
(SAM ID number, storage key Ksave, and backup data indicating the ID of the HDD 52).

In step S163, the mutual authentication module 71 of the SAM 62 mutually authenticates with the mutual authentication unit 17 of the EMD service center 1 via the communication unit 61. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S164, the SAM 62 sends the E
The data of the storage module 73 encrypted with the public key Kpesc of the MD service center 1 is transmitted to the user management unit 18 of the EMD service center 1.

In step S165, the user management unit 18 of the EMD service center 1 decrypts the received data in the storage module 73 with its own secret key Ksesc. In step S166, the EMD service center 1
The user management unit 18 stores the decrypted backup data in the temporary key Ktemp supplied from the mutual authentication unit 17.
Then, encrypt again. In step S167, EM
The user management unit 18 of the D service center 1 stores the temporary key Kt
The backup data encrypted by emp is transmitted to the communication unit 61 of the receiver 51.

At step S168, the receiver 51
The communication unit 61 transmits the data received from the user management unit 18 of the EMD service center 1 to the SAM 62,
Stores the data in the storage module 73 after decrypting the data. In step S169, the user management unit 18 of the EMD service center 1 sets the data of the user registration database (FIG. 7) corresponding to the ID of the SAM 62 of the old device having the data stored in the IC card 55 to be unregisterable.

Thus, in the case of backup using the processing shown in FIG. 40, the new receiver 51 reads the backup data of the IC card 55 by the processing shown in FIG.

When the receiver 51 registers itself (when executing the process corresponding to step S12 in FIG. 30), the receiver 51 executes the process shown in the flowchart of FIG. When registering with the service center 1, the processing shown in the flowchart of FIG. 43 is executed. In step S181, the SAM 62 of the receiver 51 writes the ID of the recorder 53 in the registration list stored in the storage module 73. In step S182, the mutual authentication module 71 of the receiver 51 performs mutual authentication with the mutual authentication unit 17 of the EMD service center 1. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated.

In step S183, the user management section 18 of the EMD service center 1 searches the user registration database based on the ID of the receiver 51 (the ID of the SAM 62 included in the certificate of the SAM 62 shown in FIG. 37), and 51
It is determined whether or not the registration is not possible. If it is determined that the receiver 51 is not capable of registration, the process proceeds to step S184, and the SAM 62 of the receiver 51 stores the storage module 73 in the user management unit 18 of the EMD service center 1. The temporary key Kd indicates the version of the delivery key Kd stored in the HDD 52, the billing information (stored in the process of step S337 in the flowchart shown in FIG. 50 described later), the registration list, and the handling policy recorded in the HDD 52. The encrypted version is stored in the user management unit 18 of the EMD service center 1 via the communication unit 61, the version of the delivery key Kd stored in the storage module 73, the billing information, the registration list, and the handling recorded in the HDD 52. Submit a policy. In step S185, the user management unit 18 of the EMD service center 1 decodes the received data, processes the billing information, and registers the registration list received from the receiver 51 with respect to the recorder 53 described with reference to FIG. Update data parts such as rejection flag and status flag, and
A signature corresponding to the data corresponding to No. 1 is attached.

In step S186, the user management unit 18 of the EMD service center 1 determines whether or not the version of the delivery key Kd of the receiver 51 is the latest, and the version of the delivery key Kd of the receiver 51 is the latest. If it is determined that there is, the process proceeds to step S187, where the updated registration list and the charging information reception message encrypted with the temporary key Kd are transmitted to the receiver 51, and the receiver 51 updates the registration list and the charging information. The received message is received, decoded, and stored. Step S1
At 88, the receiver 51 deletes the billing information stored in the storage module 73 and stores the registration list from the user management unit 18 of the EMD service center 1 in step S187.
Is updated to the received one, and the process proceeds to step S191.

At step S186, the receiver 51
If it is determined that the version of the delivery key Kd of the EMD service center 1 is not the latest version, the process proceeds to step S189, and the user management unit 18 of the EMD service center 1 encrypts the temporary version of the delivery key Kd with the temporary key Kd. Kd, the updated registration list, and the charging information reception message are transmitted to the receiver 51. The receiver 51 receives and decrypts the latest version of the delivery key Kd, the updated registration list, and the charging information reception message. Remember. Step S
At 190, the receiver 51 connects to the storage module 73.
Is deleted from the user management unit 18 of the EMD service center 1 in step S18.
9, the distribution key Kd is updated to the latest version, and the flow advances to step S191.

At step S191, the receiver 51
The SAM 62 refers to the updated registration list and determines whether or not the recorder 53 cannot be registered. If it is determined that the recorder 53 cannot be registered, the process proceeds to step S192.
The receiver 51 and the recorder 53 mutually authenticate, and the temporary key Kt
Share emp. This authentication processing is performed in accordance with FIGS.
, And the description is omitted here. In step S193, the recorder 5
3, a registration completion message encrypted with the temporary key Kd,
The recorder 53 transmits the registration completion message and the delivery key Kd, and decrypts the registration completion message and the delivery key Kd. In step S194, the recorder 53 updates the delivery key Kd, and the process ends.

At step S183, the receiver 51
Is determined to be unregisterable, and if it is determined in step S191 that the recorder 53 cannot be registered, the process ends.

As described above, the recorder 53 subordinate to the receiver 51 is registered in the EMD service center 1 via the receiver 51.

FIG. 44 is a flowchart for explaining the details of the process in which the receiver 51 receives the delivery key Kd transmitted from the EMD service center 1 to the receiver 51 in step S13 in FIG. In step S201, the mutual authentication module 71 of the receiver 51 performs mutual authentication with the mutual authentication unit 17 of the EMD service center 1. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S202, the SAM 62 of the receiver 51 communicates with the user management unit 1 of the EMD service center 1 via the communication unit 61.
8 and the user management unit 18 of the EMD service center 1 receives the certificate. Steps S203 to S210 are the same processes as steps S183 to S190 in FIG. 43, and thus description thereof will be omitted.

As described above, the receiver 51 receives the delivery key Kd from the user management unit 18 of the EMD service center 1, and transmits the charging information of the receiver 51 to the EMD service center 1.
Is transmitted to the user management unit 18.

Next, the recorder 5 subordinate to the receiver 51
The receiving process of the third delivery key Kd (when the status flag shown in FIG. 38 has a value that permits the recorder 53 to receive the delivery key Kd) will be described with reference to the flowchart shown in FIG. In step S221,
The mutual authentication module 71 of the receiver 51 and the mutual authentication module (not shown) of the recorder 53 perform mutual authentication.
This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated.

In step S222, the receiver 51
Determines whether the data of the recorder 53 is included in the registration list stored in the storage module 73 of the receiver 51, and determines that the data of the recorder 53 is included in the registration list stored in the storage module 73 of the receiver 51. If the registration has been performed, the process proceeds to step S223, and it is determined whether or not the recorder 53 cannot be registered based on the registration list stored in the storage module 73 of the receiver 51. Step S
If it is determined in 223 that the recorder 53 is not unregisterable, the process proceeds to step S224, where the recorder 53 is registered.
The SAM 66 of the receiver 51 stores the delivery key Kd (see FIG.
5, the version and the accounting information (received from the receiver 51 in step S235) and the accounting information (stored in a process corresponding to step S337 in the process corresponding to FIG. 50 described later) are encrypted with the temporary key Ktemp and transmitted. The SAM 62 of the receiver 51 receives and decrypts the version of the delivery key Kd and the accounting information.

At step S225, the receiver 51
Of the EM through the communication unit 61
D Perform mutual authentication with the mutual authentication unit 17 of the service center 1. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated.
In step S226, the user management unit 18 of the EMD service center 1 searches the user registration database based on the ID of the receiver 51 and determines whether or not the receiver 51 cannot be registered. If it is determined that there is none, the process proceeds to step S227 and the receiver 5
The first SAM 62 sends the version of the delivery key Kd, which is encrypted with the temporary key Kd and is stored in the storage module 73, to the user management unit 18 of the EMD service center 1 via the communication unit 61, accounting information, The registration list, the handling policy recorded in the HDD 52, and the accounting information of the recorder 53 are transmitted. In step S228, the user management unit 18 of the EMD service center 1 processes the billing information after decrypting the received data, and
The data part such as a registration rejection flag and a status flag relating to the recorder 53 of the registration list received from 1 is updated, and a signature corresponding to the data corresponding to the receiver 51 is added.

The processing of steps S229 to S234 is the same as that of steps S186 to S234 shown in FIG.
191 is the same as that of FIG.

In step S234, the receiver 51
The SAM 62 refers to the updated registration list and determines whether or not the recorder 53 cannot be registered. If it is determined that the recorder 53 cannot be registered, the process proceeds to step S235.
The accounting information reception message and the delivery key Kd encrypted with the temporary key Kd are transmitted to the recorder 53, and the recorder 53 transmits the accounting information reception message and the delivery key Kd.
And decrypt it. In step S236, the SAM 66 of the recorder 53 deletes the billing information stored in the built-in storage module and updates the delivery key Kd to the latest version.

In step S222, the receiver 51
If it is determined that the data of the recorder 53 is not included in the registration list stored in the storage module 73, the process proceeds to step S237, the registration process of the recorder 53 shown in FIG. 43 is executed, and the process proceeds to step S224.

At step S223, the recorder 53
If it is determined that registration is not possible, step S226
In step S234, when it is determined that the receiver 51 cannot be registered, and in step S234, the
If it is determined that No. 3 cannot be registered, the process ends.

As described above, the recorder 53 subordinate to the receiver 51 receives the distribution key Kd via the receiver 51.

Next, the process of transmitting the content provider secure container from the content provider 2 to the service provider 3 corresponding to step S14 in FIG. 30 will be described with reference to the flowchart in FIG. In step S251, the watermark adding unit 32 of the content provider 2 inserts a predetermined watermark indicating the content provider 2 into the content read from the content server 31, and supplies the content to the compression unit 33.
In step S252, the compression unit 33 of the content provider 2 compresses the watermarked content using a predetermined method such as ATRAC2 and supplies the compressed content to the encryption unit. In step S253, the random number generation unit 35
A random number used as the content key Kco is generated and supplied to the encryption unit 34. In step S254, the encryption unit 34 of the content provider 2 uses the content key Kco to encrypt the watermarked and compressed content using a predetermined method such as DES.

At step S255, the encryption unit 36
Is a predetermined method such as DES, and corresponds to step S11 in FIG.
The content key Kco is encrypted with the delivery key Kd supplied from the EMD service center 1 by the above processing. In step S256, the secure container creation unit 38 of the content provider 2 applies a hash function to the encrypted content, the encrypted content key Kco, and the handling policy supplied from the policy storage unit 37 to generate a hash value. Calculate and own secret key Kscp
To create a signature as shown in FIG. In step S257, the secure container creation unit 38 of the content provider 2 transmits the encrypted content,
Encrypted content key Kco, policy storage unit 37
A content provider secure container as shown in FIG. 13 is created, which includes the handling policy supplied from, and the signature generated in step S256.

In step S258, the mutual authentication unit 39 of the content provider 2 checks the service provider 3
Is mutually authenticated with the mutual authentication unit 45. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. In step S259, the secure container creation unit 38 of the content provider 2 transmits the service provider 3 to the content provider secure container with the certificate previously issued from the certificate authority, and ends the process.

As described above, the content provider 2
Transmits the content provider secure container to the service provider 3.

The details of another process in which the content provider 2 transmits the content provider secure container to the service provider 3 in the case where the handling policy is encrypted with the delivery key Kd together with the content key Kco will be described with reference to the flowchart of FIG. It will be described using FIG. The processing of steps S271 to S274 is performed in step S25 of FIG.
1 to S254, respectively.
The description is omitted. In step S275, the encryption unit 36 of the content provider 2 uses the delivery key Kd supplied from the EMD service center 1 by the processing of step S21 in FIG. The handling policy supplied from Kco and the policy storage unit 37 is encrypted.

In step S276, the secure container creation unit 38 of the content provider 2 calculates a hash value by applying a hash function to the encrypted content, the encrypted content key Kco, and the encrypted handling policy. , Encrypts it with its own secret key Kscp, and creates a signature as shown in FIG. Step S2
At 77, the secure container creation unit 38 of the content provider 2 sends the content provider secure content as shown in FIG. 25 including the encrypted content, the encrypted content key Kco, the encrypted handling policy, and the signature. Create a container. The processing in steps S278 and S279 is performed in step S2 in FIG.
58 and the processing in step S259, respectively, and a description thereof will be omitted.

As described above, the content provider 2
The service provider 3 transmits the content provider secure container including the encrypted handling policy.

Next, details of the processing in which the service provider 3 transmits the service provider secure container to the receiver 51, corresponding to step S15 in FIG.
This will be described with reference to the flowchart of FIG. Step S29
1, the pricing unit 42 of the service provider 3
Secure container creation unit 38 of content provider 2
Checks the signature included in the certificate attached to the content provider secure container transmitted from, and if the certificate has not been tampered with, the public key Kpc of the content provider 2
Take out p. Confirmation of the signature of the certificate is the same as the processing in step S83 in FIG. 35, and thus the description thereof is omitted.

In step S292, the pricing section 42 of the service provider 3 decrypts the signature of the content provider secure container transmitted from the secure container creation section 38 of the content provider 2 with the public key Kpcp of the content provider 2, and obtains the result. That the encrypted hash value matches the encrypted content, the encrypted content key Kco, and the hash value obtained by applying the hash function to the handling policy, and that the content provider secure container has not been tampered with. Check. If tampering has been found, the process ends.

If the contents provider secure container has not been tampered with, in step S293, the pricing section 42 of the service provider 3 extracts the handling policy from the contents provider secure container. Step S
In 294, the pricing section 42 of the service provider 3
Creates the price information described in FIG. 17 based on the handling policy. In step S295, the secure container creation unit 44 of the service provider 3 checks the encrypted content, the encrypted content key Kco,
The hash value obtained by applying the hash function to the price information, the encrypted content, the encrypted content key Kco, the handling policy, and the price information is encrypted with its own secret key Kssp. Then, a service provider secure container as shown in FIG.

In step S296, the mutual authentication unit 45 of the service provider 3 performs mutual authentication with the mutual authentication module 71 of the receiver 51. This authentication process is shown in FIG.
3 to FIG. 35, the description is omitted here. In step S297, the secure container creation unit 4 of the service provider 3
4 transmits the service provider secure container with the certificate to the communication unit 61 of the receiver 51, and ends the processing.

Thus, the service provider 3 transmits the service provider secure container to the receiver 51.

In the case where the handling policy is encrypted with the delivery key Kd in the content provider 2 and the service provider 3 creates handling control information, the service provider 3 transmits the service provider secure container to the receiver 51. Details of the processing to be performed will be described with reference to the flowchart in FIG. The processing in steps S311 and S312 is the same as the processing in steps S291 and S292 in FIG. 48, respectively, and a description thereof will be omitted. In step S313,
The pricing section 42 of the service provider 3 decrypts the encrypted handling policy included in the content provider secure container. In step S314, the pricing section 42 of the service provider 3 executes the processing shown in FIG.
The handling control information described in 3 is created. Step S31
The processing from step 5 to step S318 is performed in step S318 in FIG.
294 and step S297, respectively, and the description is omitted.

Thus, the service provider 3 transmits the service provider secure container including the encrypted handling policy to the receiver 51.

Details of the charging process of the receiver 51 after receiving the appropriate service provider secure container corresponding to step S16 in FIG. 30 will be described with reference to the flowchart in FIG. In step S331, the decryption / encryption module 74 of the receiver 51 determines whether or not the content key Kco can be decrypted with the delivery key Kd. If it is determined that the content key Kco cannot be decrypted with the delivery key Kd, In step S332, the receiver 51 performs the process of receiving the delivery key Kd described in FIG. 44, and proceeds to step S333. Step S331
In step, if it is determined that the content key Kco can be decrypted with the delivery key Kd, the procedure skips step S332 and proceeds to step S333. Step S333
In FIG. 30, the decoding unit 91 of the receiver 51
In step S13, the content key Kco is decrypted with the delivery key Kd stored in the storage module 73.

In step S334, the receiver 51
The charging processing module 72 extracts the handling policy and the price information included in the service provider secure container, and generates the charging information and the license condition information described with reference to FIGS. 19 and 20. In step S335, the billing processing module 72 of the receiver 51 determines the billing information stored in the storage module 73 and step S335.
From the charging information calculated in 334, it is determined whether or not the current charging is equal to or higher than the upper limit of charging. If it is determined that the current charging is equal to or higher than the upper limit of charging, the process proceeds to step S336, where the receiver 51 The delivery key Kd receiving process described with reference to FIG. 44 is executed, and a new delivery key Kd is received.
Proceed to step S337. In step S335,
If we determine that your current billing is below your billing limit,
Step S336 is skipped, and the process proceeds to step S337.

In step S337, the receiver 51
The charging processing module 72 causes the storage module 73 to store the charging information. In step S338, the charging processing module 72 of the receiver 51 determines in step S33
The license condition information generated in step 4 is recorded on the HDD 52. In step S339, the SAM 6 of the receiver 51
2 causes the HDD 52 to record the handling policy extracted from the service provider secure container.

At step S340, the receiver 51
Decryption / encryption module 74 calculates a hash value by applying a hash function to the license condition information. In step S341, the storage module 73 of the receiver 51
Stores the hash value of the license condition information. When the storage key Ksave is not stored in the storage module 73, in step S342, the random number generation unit 92 of the receiver 51 generates a random number that is the storage key Ksave, and proceeds to step S343. Storage module 73
If the storage key Ksave is stored in step S342, step S342 is skipped, and the process proceeds to step S343.

At step S343, the receiver 51
Encrypts the content key Kco with the storage key Ksave. In step S344, the SAM 62 of the receiver 51 stores the encrypted content key Kco in the HDD 52. Storage module 7
If the storage key Ksave is not stored in the storage module 3, the decryption / encryption module 74 of the receiver 51 stores the storage key Ksave in the storage module 73 in step S345, and the process ends. Storage module 73
If the storage key Ksave is stored in step S345, step S345 is skipped and the process ends.

As described above, the receiver 51 stores the billing information in the storage module 73, decrypts the content key Kco with the delivery key Kd,
co is encrypted with the storage key Ksave and recorded on the HDD 52. The storage key Ksave is stored in the storage module 73.

In the same manner, the recorder 53 stores the billing information in the storage module in the SAM 66, decrypts the content key Kco with the delivery key Kd, and encrypts the content key Kco again with the storage key Ksave. , HDD5
Record in 2. The storage key Ksave is stored in a storage module in the SAM 66.

The details of the process in which the receiver 51 reproduces the content corresponding to step S17 in FIG. 30 will be described with reference to the flowchart in FIG. In step S361, the decryption / encryption module 74 of the receiver 51
Reads the license condition information stored in step S338 of FIG. 50 and the encrypted content key Kco stored in step S344 from the HDD 52. In step S362, the decryption / encryption module 74 of the receiver 51 applies a hash function to the license condition information to calculate a hash value.

At step S363, the receiver 51
The decryption / encryption module 74 calculates the hash value calculated in step S362 as
It is determined whether or not the hash value stored in the storage module 73 matches the hash value stored in the storage module 73. If it is determined in step S362 that the calculated hash value matches the hash value stored in the storage module 73, the process proceeds to step S3.
Proceeding to 64, predetermined information included in the license condition information such as the value of the number of times of use is updated. In step S365, the decryption / encryption module 74 of the receiver 51 calculates a hash value by applying a hash function to the updated license condition information. In step S366, the storage module 73 of the receiver 51 stores the hash value of the license condition information calculated in step S365. In step S367, the decryption / encryption module 74 of the receiver 51 causes the HDD 52 to record the updated license condition information.

In step S368, the mutual authentication module 71 of the SAM 62 and the mutual authentication module 75 of the extension unit 63 perform mutual authentication, and the SAM 62 and the extension unit 63
The temporary key Ktemp is stored. This authentication processing is performed as shown in FIG.
35 to FIG. 35,
Here, the description is omitted. Random number R used for mutual authentication
1, R2 or R3 is used as the temporary key Ktemp. In step S369, the decryption unit 91 of the decryption / encryption module 74 performs the processing in step S369 of FIG.
The content key Kco recorded on the HDD 52 at 344
With the storage key Ksav stored in the storage module 73.
Decrypt with e. In step S370, the encryption unit 93 of the decryption / encryption module 74 encrypts the decrypted content key Kco with the temporary key Ktemp.
In step S371, the SAM 62 sets the temporary key Kte
The content key Kco encrypted by the mp is transmitted to the decompression unit 63.

At step S372, the decryption module 76 of the decompression unit 63 converts the content key Kco into the temporary key K
Decrypt with temp. In step S373, the SAM
62 reads out the content recorded on the HDD 52,
This is transmitted to the extension unit 63. In step S374, the decryption module 77 of the decompression unit 63 decrypts the content with the content key Kco. In step S375,
The expansion module 78 of the expansion unit 63 expands the decrypted content by a predetermined method such as ATRAC2. Step S
At 376, the watermark adding module 79 of the decompression unit 63 inserts a predetermined watermark identifying the receiver 51 into the decompressed content. Step S
In 377, the receiver 51 outputs the reproduced content to a speaker (not shown) or the like, and ends the processing.

In step S363, step S3
If it is determined that the hash value calculated in 62 does not match the hash value stored in the storage module 73, in step S378, the SAM 62 determines a predetermined error such as displaying an error message on a display device (not shown). The process is executed, and the process ends.

[0177] As described above, the receiver 51 reproduces the content.

FIG. 52 is a flowchart for explaining a process in which the receiver 51 causes the decoder 56 to reproduce the content in the user home network 5 having the configuration shown in FIG. Steps S391 to S397
The processing of step S361 to step S3 in FIG.
Since the processing is the same as that of step 67, the description thereof is omitted.

In step S398, the mutual authentication module 71 of the SAM 62 and the mutual authentication module 101 of the decoder 56 perform mutual authentication and share the temporary key Ktemp. This authentication processing is the same as that described with reference to FIGS. 33 to 35, and a description thereof will not be repeated. Random numbers R1, R2, or R3 used for mutual authentication
Is used as a temporary key Ktemp. Step S3
At 99, the decryption unit 91 of the decryption / encryption module 74 determines that the content key Kco
With the storage key Ksav stored in the storage module 73.
Decrypt with e. In step S400, the encryption unit 93 of the decryption / encryption module 74 encrypts the decrypted content key Kco with the temporary key Ktemp.
In step S401, the SAM 62 sets the temporary key Kte
The content key Kco encrypted by the mp
Send to

In step S402, the decoder 56
Decrypts the content key Kco with the temporary key Ktemp. In step S403,
The SAM 62 reads the content recorded on the HDD 52 and sends the content to the decoder 56. In step S404, the decryption module 103 of the decoder 56 decrypts the content with the content key Kco. Step S405
In, the decompression module 104 of the decoder 56 decompresses the decrypted content by a predetermined method such as ATRAC2. In step S406, the watermark adding module 105 of the decoder 56 inserts a predetermined watermark specifying the decoder 56 into the decompressed content. In step S407, the decoder 56
The reproduced content is output to a speaker (not shown) or the like, and the process ends.

The processing in step S408 is the same as the processing in step S378 in FIG. 51, and a description thereof will not be repeated.

As described above, when the user home network has the configuration shown in FIG. 11, the content received by the receiver 51 is reproduced by the decoder 56.

Although the contents have been described using music data as an example, the contents are not limited to music data, but may be moving image data, still image data, document data, or program data. At that time, compression is a method suitable for the type of content,
For example, if it is an image, MPEG (Moving Picture Experts Gr
oup) is used. As the watermark, a watermark suitable for the type of content is used.

The common key encryption is a block encryption.
Explained using DES, but FEA proposed by NTT (trademark)
L, IDEA (International Data Encription Algorithm),
Alternatively, a stream cipher that performs encryption in units of one bit to several bits may be used.

Further, the content and the content key K
Although the encryption of co has been described as using a common key encryption method, a public key encryption method may be used.

In this specification, the system is defined as
It is assumed that the device as a whole is constituted by a plurality of devices.

Further, as a providing medium for providing a user with a computer program for performing the above-described processing,
In addition to recording media such as magnetic disks, CD-ROMs, and solid-state memories, communication media such as networks and satellites can be used.

[0188]

According to the information processing apparatus according to the first aspect, the information processing method according to the second aspect, and the providing medium according to the third aspect, mutual authentication is performed, a temporary key is generated, and the second key is generated. , The first key is decrypted with the second key, the first key is encrypted with the temporary key, the first key is decrypted with the temporary key, and the information is decrypted with the first key. When decoding information,
The key to encrypt the information is not read.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating an EMD system.

FIG. 2 is a block diagram showing a functional configuration of an EMD service center 1.

FIG. 3 is a diagram illustrating transmission of a delivery key Kd of the EMD service center 1.

FIG. 4 is a diagram illustrating transmission of a delivery key Kd of the EMD service center 1.

FIG. 5 is a diagram illustrating transmission of a delivery key Kd of the EMD service center 1.

FIG. 6 is a diagram illustrating transmission of a delivery key Kd of the EMD service center 1.

FIG. 7 is a diagram illustrating a user registration database.

FIG. 8 is a block diagram showing a functional configuration of a content provider 2.

FIG. 9 is a block diagram showing a functional configuration of the service provider 3.

FIG. 10 is a block diagram showing a configuration of a user home network 5.

FIG. 11 is a block diagram showing a configuration of a user home network 5.

FIG. 12 is a diagram illustrating content and information accompanying the content.

FIG. 13 is a diagram illustrating a content provider secure container.

FIG. 14 is a diagram illustrating a certificate of a content provider 2.

FIG. 15 is a diagram illustrating a service provider secure container.

FIG. 16 is a diagram illustrating a certificate of the service provider 3.

FIG. 17 is a diagram showing a handling policy, price information, and license condition information.

FIG. 18 is a diagram illustrating single copy and multicopy.

FIG. 19 is a diagram illustrating a handling policy and price information.

FIG. 20 is a diagram illustrating a handling policy, price information, and license condition information.

FIG. 21 is a diagram illustrating another configuration of content and information accompanying the content.

FIG. 22 is a diagram illustrating a service provider secure container.

FIG. 23 is a diagram showing a configuration of a handling policy, handling control information, price information, and license conditions.

FIG. 24 is a diagram illustrating another configuration of content and information accompanying the content.

FIG. 25 is a diagram illustrating a content provider secure container.

FIG. 26 is a diagram illustrating a service provider secure container.

FIG. 27 is a diagram illustrating an operation of the EMD service center 1 when receiving billing information from the user home network 5.

FIG. 28 is a diagram illustrating an operation of a profit distribution process of the EMD service center 1.

FIG. 29 is a diagram illustrating an operation of a process of transmitting content usage result information to JASRAC by the EMD service center 1.

FIG. 30 is a flowchart illustrating a content distribution process.

FIG. 31 is a flowchart illustrating a content distribution process.

FIG. 32 is a flowchart illustrating a process in which the EMD service center 1 transmits a delivery key Kd to the content provider 2.

FIG. 33 is a flowchart illustrating an operation of mutual authentication between the content provider 2 and the EMD service center 1.

FIG. 34 is a flowchart illustrating an operation of mutual authentication between the content provider 2 and the EMD service center 1.

FIG. 35 is a flowchart illustrating an operation of mutual authentication between the content provider 2 and the EMD service center 1.

FIG. 36 is a flowchart illustrating a process of registering the receiver 51 with the EMD service center 1.

FIG. 37 is a diagram illustrating a SAM certificate.

FIG. 38 is a diagram illustrating a registration list.

39 is a flowchart illustrating a process of backing up SAM 62 data to an IC card 55. FIG.

40 is a flowchart illustrating a process of backing up data of SAM 62 to IC card 55. FIG.

FIG. 41 is a flowchart illustrating a process of causing a new receiver to read the backup data of the IC card 55.

FIG. 42 is a flowchart illustrating a process of causing a new receiver to read the backup data of the IC card 55.

FIG. 43 is a diagram illustrating a case where the receiver 51 is a recorder 5 having a subordinate relationship.
3 is a flowchart illustrating a process of registering the E.3 into the EMD service center 1.

FIG. 44 is a flowchart illustrating a process in which the receiver 51 receives a delivery key Kd from the EMD service center 1.

FIG. 45 is a flowchart illustrating a process of receiving the delivery key Kd of the recorder.

FIG. 46 is a flowchart illustrating a process in which the content provider 2 transmits a content provider secure container to the service provider 3.

FIG. 47 is a flowchart illustrating another process in which the content provider 2 transmits a content provider secure container to the service provider 3.

FIG. 48 is a flowchart illustrating a process in which the service provider 3 transmits a service provider secure container to the receiver 51.

FIG. 49 is a flowchart illustrating a process in which the service provider 3 transmits a service provider secure container to the receiver 51.

FIG. 50 is a flowchart illustrating a billing process of the receiver 51.

FIG. 51 is a flowchart illustrating a process in which a receiver 51 reproduces a content.

FIG. 52 is a flowchart illustrating a process in which a receiver 51 causes a decoder 56 to reproduce content.

[Explanation of symbols]

1 EMD service center, 2 content provider, 3 service provider, 5 user home network, 16 profit distribution section, 18 user management section, 42 pricing section, 51 receiver, 56 decoder, 61 communication section, 62 SAM, 63 decompression section, 71 mutual authentication module, 72 billing module, 73 storage module, 74 decryption / encryption module, 75 mutual authentication module, 76
Decryption module, 77 decryption module, 81 mutual authentication module, 91 decryption unit, 92 encryption unit, 93 encryption unit, 101 mutual authentication module, 102 decryption module, 103
Decryption module

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/08 H04L 9/00 601A 601E (72) Inventor Takeo Oishi 6-7 Kita Shinagawa, Shinagawa-ku, Tokyo No. 35 Inside Sony Corporation (72) Inventor Tomoyuki Asano 6-7-35 Kita Shinagawa, Shinagawa-ku, Tokyo F-term inside Sony Corporation (Reference) 5B089 GA00 JA00 JA33 JB05 KA17 KB12 KB13 KC58 KH30 5J104 AA16 EA18 NA02 NA03 NA12 NA35 NA37 PA07 PA14

Claims (3)

[Claims] A first key for decrypting the information using encrypted information, an encrypted first key for decrypting the information, and a second key for decrypting the first key; An information processing apparatus having a storage unit and a first decryption unit, wherein the first storage unit mutually authenticates with the first decryption unit and generates a temporary key, Second storage means for storing a second key; second decryption means for decrypting the first key with the second key; and encryption means for encrypting the first key with the temporary key. The first decryption means comprises: a second mutual authentication means for mutually authenticating with the first storage means and generating a temporary key; and a third mutual authentication means for decrypting the first key with the temporary key. And a fourth decryption means for decrypting the information with the first key. Information processing device. 2. A storage means for decrypting said information using encrypted information, an encrypted first key for decrypting said information, and a second key for decrypting said first key. In the information processing method of the information processing apparatus having a decryption unit, the storage unit performs a mutual authentication with the decryption unit and generates a temporary key, and a storage step of storing the second key. And a first decrypting step of decrypting the first key with the second key; and an encrypting step of encrypting the first key with the temporary key. A second mutual authentication step of mutually authenticating with the means and generating a temporary key; a second decryption step of decrypting the first key with the temporary key; and a second decryption step of decrypting the information with the first key. 3 decoding steps. Processing method. 3. A storage means for decrypting the information using encrypted information, an encrypted first key for decrypting the information, and a second key for decrypting the first key. A first mutual authentication step of mutually authenticating with the decryption means and generating a temporary key; a storage step of storing the second key; A first decryption step of decrypting the first key with the second key; and an encryption step of encrypting the first key with the temporary key. A second mutual authentication step of mutually authenticating with the means and generating a temporary key; a second decryption step of decrypting the first key with the temporary key; and a second decryption step of decrypting the information with the first key. And a computer for executing a process including a third decoding step A providing medium for providing a program readable by a data source.