JP2000347852A - Device and method for processing information and program storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent stored data from being illegally read out and analyzed by supplying a program to a first running means for deciphering and running an enciphered program, and providing a second running means for running the program on the basis of the run result. SOLUTION: An Electrical Music Distribution(EMD) server 4-1 (4-2 or 4-3) supplies contents through a network 2 to a personal computer(PC) 1 together with data related to the contents corresponding to a request of the PC 1. A World Wide Web(WWW) server 5-1 (5-2) supplies a CD, from which the contents are read, and the data corresponding to the contents read from the CD through the network 2 to the PC 1 corresponding to the request of the PC 1. A portable device 6-1 reproduces and outputs the stored contents on the basis of supplied data related to the contents.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an information processing apparatus and method, and a program storage medium, and more particularly, to an information processing apparatus and method for storing predetermined data and performing predetermined processing, and a program storage medium.

[0002]

2. Description of the Related Art Recently, CDs (Compact Disks) and MDs (Mini D
Devices capable of digitally recording or reproducing music data such as isk) have become widespread. As a result, by combining such a device that can digitally record and reproduce music data with a personal computer, etc.,
It has also become relatively easy to illegally copy digital music data. Therefore, various methods have been proposed in order to prevent music data as a copyrighted work from being illegally copied.

For example, software for controlling a copy source is made to perform mutual authentication with a copy destination device, and when an appropriate authentication result is obtained, music data is encrypted and transferred to the copy destination device. It has been proposed that the above device decrypts and uses the encrypted data.

[0004] It has also been proposed that software of a copy source use an ID stored in predetermined hardware to mutually authenticate with a device of a copy destination.

Further, it has been proposed that authentication, encryption, and decryption processing be executed by hardware of wired logic.

[0006]

However, when the authentication, encryption, and decryption processes are performed only by software, the music data is illegally copied by analyzing and falsifying the software. There is a risk that it will.

[0007] Further, a predetermined ID is stored in hardware, and is executed by software on a personal computer.
When this is read and used, there is a risk that the read ID is read during the transfer to the software, analyzed, and falsified.

Further, if the authentication processing, the encryption processing, and the decryption processing are executed by the hardware of the wired logic, analysis and tampering can be prevented, but new authentication processing, encryption processing, In order to perform the decryption process, it is necessary to replace the existing hardware with new hardware or to add new hardware.

The present invention has been made in view of such circumstances, and it is an object of the present invention to prevent stored data from being illegally read and analyzed.

[0010]

According to a first aspect of the present invention, there is provided an information processing apparatus comprising: a first execution unit for decrypting and executing an encrypted program; and supplying the program to the first execution unit. And a second execution unit that decrypts the encrypted program and executes the program based on the result of execution of the first execution unit.

According to a fifth aspect of the present invention, in the information processing method, a first execution step of decrypting and executing an encrypted program, and the program is supplied to the first execution step and encrypted. Decrypt the program, the first
And a second execution step of executing the program based on the result of execution of the execution step.

[0012] According to a sixth aspect of the present invention, there is provided a program stored in a program storage medium, which supplies an information processing apparatus with a first execution step of decrypting and executing an encrypted program, and supplying the program to the first execution step. And a second execution step of executing the program based on a result of the execution of the first execution step by decrypting the encrypted program.

An information processing apparatus according to claim 1,
In the information processing method described in the above, and the program storage medium described in the claim 6, the encrypted program is decrypted and executed, the program is supplied, and the encrypted program is decrypted and executed. The program is executed based on the result of.

[0014]

FIG. 1 is a diagram showing an embodiment of a content data management system according to the present invention. The personal computer 1 is connected to a network 2 including a local area network or the Internet. The personal computer 1
CD (Compact Diy) received from EMD (Elecrical Music Distribution) servers 4-1 to 4-3 or described later.
sc) is converted to a predetermined compression method (for example, ATRAC3 (trademark)) and DES (Data Encryption Standalone).
ard) and record it.

The personal computer 1 records usage condition data indicating usage conditions of the content in correspondence with the content that has been encrypted and recorded.

The usage condition data is, for example, the number of portable devices (Portable Devices (also referred to as PDs)) that can simultaneously use the content corresponding to the usage condition data (the so-called check-out PDs). Number). Even when the content is checked out by the number indicated by the usage condition data, the personal computer 1 can reproduce the content.

Alternatively, it indicates that the usage condition data can be copied. When the content is copied to the portable devices 6-1 to 6-3, the personal computer 1 can reproduce the recorded content.
The number of times that contents can be stored in the portable devices 6-1 to 6-3 may be limited. In this case, the number of times that copying can be performed does not increase.

Alternatively, the usage condition data indicates that the data can be transferred to another personal computer.
After the content is moved to the portable devices 6-1 to 6-3, the content recorded in the personal computer 1 cannot be used (the content is deleted or the usage conditions are changed and cannot be used).

The details of the usage condition data will be described later.

The personal computer 1 stores the encrypted and recorded contents together with data (for example, song titles or reproduction conditions) related to the contents by USB.
(Universal Serial Bus) Stored in the connected portable device 6-1 via the cable 7-1, and in accordance with the fact that the portable device 6-1 stores the data, use corresponding to the stored content. The condition data is updated (hereinafter, referred to as checkout).
More specifically, when checking out, the number of times that the personal computer 1 can check out the usage condition data corresponding to the content is 1
Is reduced. When the number of times that the user can check out is 0, the corresponding content cannot be checked out.

The personal computer 1 stores the encrypted and recorded content together with the data relating to the content in the connected portable device 6-2 via the USB cable 7-2. In response to the information stored in 6-2,
The use condition data corresponding to the stored content is updated. The personal computer 1 stores the encrypted and recorded content together with the data relating to the content in the connected portable device 6-3 via the USB cable 7-3, and also stores the portable device 6-3. , The usage condition data corresponding to the stored content is updated.

The personal computer 1 is connected to a USB
The content checked out by the personal computer 1 to the portable device 6-1 connected via the cable 7-1 is erased (or made unusable) by the portable device 6-1 and erased. The use condition data corresponding to the content is updated (hereinafter referred to as check-in). More specifically, when check-in is performed, the number of times that the personal computer 1 can check out the data of the usage condition of the corresponding content recorded by the personal computer 1 is increased by one.

The personal computer 1 allows the portable device 6-2 to delete the contents checked out by the portable device 6-2 via the USB cable 7-2 (or to use the portable device 6-2). Then, the usage condition data corresponding to the deleted content is updated. The personal computer 1 causes the portable device 6-3 connected to the portable device 6-3 to delete the content checked out by the portable device 6-3 via the USB cable 7-3 (or disables the content to be used). T), the use condition data corresponding to the deleted content is updated.

The personal computer 1 includes a portable device 6-1 (not shown).
I cannot check in content that has been checked out to. The personal computer 1 cannot check in the content checked out by another personal computer to the portable device 6-2. The personal computer 1 cannot check in content that another personal computer has checked out to the portable device 6-3.

When the personal computer 1 starts acquiring contents from the EMD servers 4-1 to 4-3, the EMD registration server 3 responds to the request of the personal computer 1 via the network 2 in response to a request from the personal computer 1. And transmits an authentication key required for mutual authentication between the EMD server 4-1 to 4-3 and the personal computer 1, and transmits a program for connecting to the EMD server 4-1 to 4-3 to the personal computer 1. .

In response to a request from the personal computer 1, the EMD server 4-1 supplies the content to the personal computer 1 through the network 2 together with data (for example, a song title or reproduction restriction) related to the content. I do. The EMD server 4-2 supplies the content to the personal computer 1 along with the data related to the content via the network 2 in response to the request from the personal computer 1. EMD server 4-
3 supplies the content to the personal computer 1 via the network 2 together with the data relating to the content in response to a request from the personal computer 1.

The contents supplied by each of the EMD servers 4-1 to 4-3 are compressed by the same or different compression methods. The content supplied by each of the EMD servers 4-1 to 4-3 is encrypted by the same or different encryption method.

The WWW (World Wide Web) server 5-1 is
In response to a request from the personal computer 1, a CD (for example,
CD album name or CD seller), and CD
Data corresponding to the content read from (for example,
A song name or a composer name) is supplied to the personal computer 1. The WWW server 5-2 responds to a request from the personal computer 1 via the network 2
The personal computer 1 stores the CD from which the content was read and the data corresponding to the content read from the CD.
To supply.

The portable device 6-1 stores the content (ie, the content supplied from the personal computer 1).
The checked-out content) is stored together with data related to the content (for example, a song title or a playback restriction). The portable device 6-1 reproduces the stored content based on the data related to the content, and outputs the content to headphones (not shown).

For example, when the portable device 6-1 attempts to reproduce the content exceeding the number of times of reproduction as a reproduction limit stored as data related to the content,
Stop playing the corresponding content. As a playback restriction stored as data related to the content,
When the portable device 6-1 attempts to play back after the expiration of the playback time limit, the portable device 6-1 stops playing back the corresponding content.

The user can remove the portable device 6-1 storing the content from the personal computer 1, carry it around, play back the stored content, and listen to music corresponding to the content using headphones or the like. .

The portable device 6-2 stores the content supplied from the personal computer 1 together with data related to the content. The portable device 6-2 is configured to execute the operation based on the data related to the content.
The stored content is reproduced and output to a headphone (not shown) or the like. The user can remove the portable device 6-2 storing the content from the personal computer 1, carry it around, play back the stored content, and listen to music corresponding to the content using headphones or the like.

The portable device 6-3 stores the content supplied from the personal computer 1 together with data related to the content. The portable device 6-3 is configured to perform the operation based on the data related to the content.
The stored content is reproduced and output to a headphone (not shown) or the like. The user can remove the portable device 6-3 storing the content from the personal computer 1, carry it around, play back the stored content, and listen to music or the like corresponding to the content using headphones or the like.

The portable devices 6-1 to 6-
When it is not necessary to distinguish the three individually, they are simply referred to as a portable device 6.

FIG. 2 is a diagram illustrating the configuration of the personal computer 1. CPU (Central Processing Unit)
Reference numeral 11 actually executes various application programs (details will be described later) and an OS (Operating System). The ROM (Read-only Memory) 12 generally stores basically fixed data of programs used by the CPU 11 and calculation parameters. RAM (Ran
The dom-Access Memory 13 stores a program used in the execution of the CPU 11 and parameters that change as appropriate in the execution. These are interconnected by a host bus 14 composed of a CPU bus and the like.

The host bus 14 is connected to a PCI (Peripheral Component Interconnect / Interfac
e) It is connected to an external bus 16 such as a bus.

The keyboard 18 is operated by the user when inputting various commands to the CPU 11. Mouse 19
Is operated by the user when pointing or selecting a point on the screen of the display 20. Display 2
Numeral 0 is composed of a liquid crystal display device or a CRT (Cathode Ray Tube), and displays various information as text or images. An HDD (Hard Disk Drive) 21 drives a hard disk and records or reproduces a program or information executed by the CPU 11 on the hard disk.

The drive 22 reads data or a program recorded on the mounted magnetic disk 41, optical disk 42 (including CD), magneto-optical disk 43, or semiconductor memory 44, and stores the data or program in the drive. The data is supplied to the RAM 13 connected via the interface 17, the external bus 16, the bridge 15, and the host bus 14.

The USB port 23-1 has a USB cable 7-
1, the portable device 6-1 is connected.
The USB port 23-1 receives data (for example, content or a command of the portable device 6-1) supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14. Portable device 6
Output to -1.

The USB cable 23- is connected to the USB port 23-2.
2, the portable device 6-2 is connected.
The USB port 23-2 receives data (for example, content or a command of the portable device 6-2) supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14. Portable device 6
-2.

The USB cable 23- is connected to the USB port 23-3.
3, the portable device 6-3 is connected.
The USB port 23-3 receives data (for example, content or a command of the portable device 6-3) supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14. Portable device 6
-3.

IEC (International Electrotechnical Com
(mission) 60958 The audio input / output interface 24 having the terminal 24a executes interface processing of digital audio input / output or analog audio input / output. The speaker 45 outputs a predetermined sound corresponding to the content based on the sound signal supplied from the sound input / output interface 24.

The keyboard 18 to the voice input / output interface 24 are connected to the interface 17, and the interface 17 is connected to the CPU 11 via the external bus 16, the bridge 15, and the host bus 14.

The communication unit 25 is connected to the network 2 and receives data (eg, a registration request or a content transmission request) supplied from the CPU 11 or the HDD 21.
Is stored in a packet of a predetermined method,
And the data (for example, an authentication key or content) stored in a packet received via the network 2 via the CPU 11 and the RAM 1.
3, or output to the HDD 21.

The CPU of the adapter 26 integrally formed as a semiconductor IC and mounted on the personal computer 1
The 32 cooperates with the CPU 11 of the personal computer 1 via the external bus 16, bridge 15, and host bus 14 to execute various processes. The RAM 33 stores data and programs necessary for the CPU 32 to execute various processes. The nonvolatile memory 34 stores data that needs to be retained even after the power of the personal computer 1 is turned off. When the encrypted program is transferred from the personal computer 1, the ROM 36 stores a program for decrypting the program. An RTC (Real Time Clock) 35 performs a timekeeping operation and provides time information.

The communication unit 25 and the adapter 26 are connected via the external bus 16, the bridge 15, and the host bus 14.
It is connected to the CPU 11.

Hereinafter, when it is not necessary to individually distinguish the USB ports 23-1 to 23-3, the USB ports 23-1 to 23-3 will be simply described.
Called. Hereinafter, when it is not necessary to distinguish the USB cables 7-1 to 7-3 individually, they are simply referred to as USB cables 7.

Next, the configuration of the portable device 6 is shown in FIG.
This will be described with reference to FIG. The power supply circuit 52 drives the entire portable device 6 by converting a power supply voltage supplied from the dry battery 51 into internal power of a predetermined voltage and supplying the internal power to the CPU 53 to the display unit 67.

The USB controller 57 includes a USB connector 56
And the personal computer 1 and the USB cable 7
Connected via the internal bus 58, the data including the content transferred from the personal computer 1 is transferred to the internal bus 58.
Is supplied to the CPU 53 via the.

The data transferred from the personal computer 1 is composed of 64 bytes of data per packet, and is transferred from the personal computer 1 at a transfer rate of 12 Mbit / sec.

Data transferred to the portable device 6 includes a header and contents. The header stores a content ID, a file name, a header size, a content key, a file size, a codec ID, file information, and the like, as well as reproduction restriction data required for reproduction restriction processing, a start date and time, an end date and time, and a frequency limit , And a reproduction counter. The content is encoded and encoded using an encoding method such as ATRAC3.

The header size indicates the data length of the header (for example, 33 bytes), and the file size indicates the data length of the content (for example, 33,636,138 bytes).

The content key is a key for decrypting the encrypted content, and is encrypted based on a session key (temporary key) generated in a process of mutual authentication between the personal computer 1 and the portable device 6. In this state, the data is transmitted from the personal computer 1 to the portable device 6.

When the portable device 6 is connected to the USB port 23 of the personal computer 1 via the USB cable 7, the portable device 6 and the personal computer 1 execute a mutual authentication process. The mutual authentication process is, for example, a challenge-response authentication process. By the way, DS of portable device 6
The P59 or the CPU 53 executes a decryption (decryption) process when performing the challenge-response authentication process.

The challenge response method is, for example,
This is a method in which the portable device 6 responds to a certain value (challenge) generated by the personal computer 1 with a value (response) generated using a secret key shared with the personal computer 1. In the challenge-response mutual authentication process, the value generated by the personal computer 1 changes every time the authentication process is performed. Therefore, for example, the value generated by using the secret key output from the portable device 6 is read. Even if the personal computer 1 is issued and receives a so-called spoofing attack, the personal computer 1 can detect fraud in the next mutual authentication processing because the values used for the mutual authentication are different.

The content ID corresponds to the content,
This is an ID for specifying the content.

The codec ID is an ID corresponding to the content encoding method. For example, the codec ID “1” is
Corresponding to ATRAC3, codec ID “0” is used for MP3 (MPEG (Mo
It corresponds to vingPicture Experts Group) Audio Layer-3).

The file name is the ASCII (American National Standard C) content file (to be described later) recorded in the personal computer 1 corresponding to the content.
odefor Information Interchange) code, and the file information contains the song title, artist name, lyricist name, or composer name, etc., corresponding to the content.
Data converted to ASCII code.

The reproduction restriction data is data indicating whether a period during which the content can be reproduced (that is, a start date and time or an end date and time) or a frequency limit (a restriction on the number of times of reproduction) is set. When the number-of-times limit is set, “1” is assigned to the reproduction restriction data, and when the period during which reproduction is possible is set, “2” is allocated. When neither is set (so-called purchase), “0” is assigned.

The start date and time and the end date and time are data indicating the range of the reproducible period when the reproduction restriction data is "2". For example, when the start date and time is “00040F” and the end date and time is “00007F”, the corresponding content is from April 15, 2000 to July 7, 2000.
Reproduction is possible until the 15th of March.

Similarly, when the reproduction limit data is “1” or “2”,
The number-of-times limit is a preset number of times that the content can be reproduced corresponding to the content. The number-of-times-of-reproduction counter is updated by the CPU 53 when the process of reproducing the content is executed, and indicates the number of times the content has been reproduced. . For example,
When the number-of-times limit is “02”, the number of times that the content can be reproduced is two, and the number-of-times-of-reproduction counter is “01”.
, The number of times the content has been reproduced is one.

For example, if the reproduction restriction data is “2”,
The start date and time is “00040F” and the end date and time is “00”.
070F ”and the number-of-times limit is“ 02 ”, the portable device 6
In the period from April 15, 2000 to July 15, 2000, reproduction can be repeated twice a day.

For example, if the reproduction restriction data is “1”,
The start date and time is “000000” and the end date and time is “00”
0000 ", the number-of-times limit is" 0a ", and the number-of-reproductions counter is" 05 ", the corresponding content has no restriction on the reproducible period, and the number of reproducible times is one.
It is 0 times and the number of times of reproduction is 5 times.

When the portable device 6 receives a content write command together with the content from the personal computer 1, the CPU 53 executing the main program read from the ROM 55 to the RAM 54 receives the write command and controls the flash memory controller 60. Then, the content received from the personal computer 1 is written into the flash memory 61.

The flash memory 61 has a storage capacity of about 64 MByte and stores contents. Further, the flash memory 61 stores in advance a reproduction code for decompressing a content compressed by a predetermined compression method.

The flash memory 61 can be made removable from the portable device 6 as a memory card.

When a playback command corresponding to a user's pressing operation of a play / stop button (not shown) is supplied to the CPU 53 via the operation key controller 62, the CPU 53
The flash memory controller 60 reads the reproduction code and the content from the flash memory 61 and transfers them to the DSP 59.

The DSP 59 converts the content into a CRC (Cyc) based on the reproduction code transferred from the flash memory 61.
After performing error detection by a lic redundancy check) method, the data is reproduced, and the reproduced data (indicated by D1 in FIG. 3) is supplied to the digital / analog conversion circuit 63.

The DSP 59 is integrally formed with a transmitting circuit (not shown) provided therein, reproduces contents based on a master clock MCLK from a transmitter 59A made of an external crystal, and reproduces a master clock MCLK. ,
A bit clock BCLK of a predetermined frequency generated by an internal oscillation circuit based on the master clock MCLK and an operation clock LRCLK composed of an L channel clock LCLK and an R channel clock RCLK in frame units are supplied to the digital / analog conversion circuit 63.

When the DSP 59 plays back the content,
When the above operation clock is supplied to the digital-to-analog conversion circuit 63 according to the reproduction code, and when the content is not reproduced, the supply of the operation clock is stopped according to the reproduction code, and the digital-analog conversion circuit 63 is stopped. 6 Reduce the total power consumption.

Similarly, the CPU 53 and the USB controller 5
7 also performs a predetermined process based on the master clock MCLK supplied from the oscillator 53A or 57A, which is externally provided with an oscillator 53A or 57A made of crystal.

With this configuration, the portable device 6 includes the CPU 53, the DSP 59, and the USB controller 57.
This eliminates the need for a clock generation module for supplying a clock to each circuit block, thereby simplifying the circuit configuration and reducing the size.

The digital / analog conversion circuit 63 converts the reproduced content into an analog audio signal, and supplies the analog audio signal to the amplifier circuit 64. The amplifier circuit 64 amplifies the audio signal and supplies the audio signal to a headphone (not shown) via the headphone jack 65.

As described above, when the play / stop button (not shown) is pressed, the portable device 6
The content stored in the flash memory 61 is reproduced based on the control of No. 3, and when the reproduction / stop button is pressed during the reproduction, the reproduction of the content is stopped.

When the reproduction / stop button is pressed again after the stop, the portable device 6 resumes the reproduction of the content from the position where the reproduction was stopped under the control of the CPU 53. When the playback / stop button stops playback by a pressing operation and a few seconds elapse without any operation being applied, the portable device 6 automatically turns off the power and reduces power consumption.

Incidentally, when the play / stop button is pressed after the power is turned off, the portable device 6 does not play the content from the previous stop position, but
Play from the song.

The CPU 53 of the portable device 6
Controls the LCD controller 68 so that the display 67
Playback mode status (eg, repeat playback, intro playback, etc.), equalizer adjustment (ie, gain adjustment corresponding to the frequency band of the audio signal), song number, playing time, playback, stop, fast forward, fast reverse, etc. , The volume and the remaining amount of the dry battery 51 are displayed.

Further, the portable device 6 has an EEPROM
68, the so-called FAT (File Allocation) of the number of contents written in the flash memory 80, the block positions of the flash memory 61 in which the respective contents are written, and various other types of memory storage information.
Table).

Incidentally, in the present embodiment, the content is treated as 64 KByte as one block, and the block position corresponding to the content of one music is stored in the FAT.

When the FAT is stored in the flash memory 61, for example, when the content of the first music is written into the flash memory 61 under the control of the CPU 53, the block position corresponding to the content of the first music is written as the FAT in the flash memory 61. Then, when the content of the second music piece is written to the flash memory 61, the block position corresponding to the content of the second music piece is written as a FAT in the flash memory 61 (the same area as the first music piece).

As described above, the FAT is stored in the flash memory 6
1 is rewritten each time the content is written to the data, and the same data is used for the reserve for data protection.
Written heavily.

When the FAT is written to the flash memory 61, the same area of the flash memory 61 is rewritten twice in response to one writing of the content. The specified number of rewrites is reached, and rewriting of the flash memory 61 cannot be performed.

Therefore, the portable device 6 sets the FAT to E
It is stored in the EPROM 68 to reduce the frequency of rewriting of the flash memory 61 corresponding to one writing of content.

By storing the FAT in which the number of times of rewriting is large in the EEPROM 68, the portable device 6
The number of times that content can be written can be increased several tens of times or more. Further, since the CPU 53 writes the FAT in the EEPROM 68 so that the FAT is additionally recorded, the frequency of rewriting the same area of the EEPROM 68 is reduced, thereby preventing the EEPROM 68 from becoming unrewritable in a short period of time.

The portable device 6 has a USB cable 7
(Hereinafter referred to as USB connection) when connected to the personal computer 1 via the USB controller 5
7 based on the interrupt signal supplied to the CPU 53 from the USB
Recognize that connection has been established.

When the portable device 6 recognizes that the USB connection has been established, the portable device 6 transmits the USB
External power having a specified current value is supplied via the cable 7 and the power supply circuit 52 is controlled to stop supplying power from the dry battery 51.

When the CPU 53 is connected by USB, the DSP 59
Of the reproduction of the content. This allows
The CPU 53 prevents the external power supplied from the personal computer 1 from exceeding a specified current value,
Control is performed so that the external power of the specified current value can always be received.

As described above, when the CPU 53 is connected by USB,
Since the power supplied from the dry battery 51 is switched to the power supplied from the personal computer 1, external power from the personal computer 1 having a low power unit price is used, and the power consumption of the dry battery 51 having a high power unit price is reduced. 51 can be extended.

Note that the CPU 53 stops the reproduction process of the DSP 59 when the external power is supplied from the personal computer 1 via the USB cable 7, whereby the D
The radiation from the SP 59 is reduced, and as a result, the radiation of the entire system including the personal computer 1 is further reduced.

FIG. 4 is a block diagram for explaining the configuration of the functions of the personal computer 1 realized by executing a predetermined program of the CPU 11 and the like. The content management program 111 includes an EMD selection program 131, a check-in / check-out management program 132, an encryption method conversion program 135, and a compression method conversion program 1.
36, an encryption program 137, a use condition conversion program 139, a use condition management program 140, an authentication program 141, a decryption program 142, and a PD driver 14.
3, a plurality of programs such as a purchase program 144 and a purchase program 145.

The content management program 111 is described by, for example, shuffled instructions or encrypted instructions, conceals the processing contents from the outside, and makes it difficult to read the processing contents (for example, , Even if the user directly reads the content management program 111, the instruction cannot be specified).

When the content management program 111 is installed in the personal computer 1, the EMD selection program 131
1 and not included in the following EMD registration process
It is received from the EMD registration server 3 via the network 2. The EMD selection program 131 selects a connection with any one of the EMD servers 4-1 to 4-3, and sends any one of the EMD servers 4-1 to 4-3 to the purchase application 115 or the purchase program 144 or 142. Communication with the user (for example, downloading the content when purchasing the content) is executed.

The check-in / check-out management program 132 checks the content files 161-1 to 162-N based on the setting of check-in or check-out and the use condition files 162-1 to 162-N recorded in the content database 114. 161-N to the portable device 6-1.
Check out to any one of the portable devices 6-1 to 6-3 or check in the content stored in the portable devices 6-1 to 6-3.

The check-in / check-out management program 132 executes the use conditions stored in the use condition files 162-1 to 162-N recorded in the content database 114 in response to the check-in or check-out processing. Update the data of.

The copy management program 133 transfers the contents stored in the content files 161-1 to 161-N to the portable device 6 based on the usage rule files 162-1 to 162-N recorded in the content database 114. -1 to 6-3, or copy content from the portable devices 6-1 to 6-3 to the content database 11
Copy to 4.

The movement management program 134 transfers the contents stored in the content files 161-1 to 161-N to the portable device 6 based on the usage rule files 162-1 to 162-N recorded in the content database 114. -1 to 6-3, or the portable device 6-1 to 6-6
-3 to the content database 114.

The encryption system conversion program 135 includes a system for encrypting the content received by the purchase application program 115 from the EMD server 4-1 via the network 2 and a system for encrypting the content received from the EMD server 4-1.
The method of encrypting the content received from the EMD server 4-3 or the method of encrypting the content received from the EMD server 4-3 by the purchasing program 145 is described in the content database 1.
14 is converted into the same encryption method as the content stored in the content files 161-1 to 161-N recorded.

The encryption system conversion program 135 is
When the content is checked out to the portable device 6-1 or 6-3, the content to be checked out is converted into an encryption method usable by the portable device 6-1 or 6-3.

The compression method conversion program 136 includes a method for compressing the content received from the EMD server 4-1 by the purchase application program 115 via the network 2 and a method for compressing the content received by the purchase program 144 from the EMD server 4-2.
The content compression method of the content received from the EMD server 4-3 or the compression method of the content received by the purchase program 145 from the EMD server 4-3 is determined by the content files 161-1 to 161 recorded in the content database 114.
-N Convert to the same compression scheme as the content stored in N.

The compression method conversion program 136 is
When the content is checked out to the portable device 6-1 or 6-3, the content to be checked out is converted into a compression format that can be used by the portable device 6-1 or 6-3.

The encryption program 137 reads the content (unencrypted) read from, for example, a CD and supplied from the recording program 113, in the content file 161-
The contents are encrypted by the same encryption method as the contents stored in the contents 1 to 161-N.

The compression / expansion program 138 is, for example, a CD.
And the content (uncompressed) supplied from the recording program 113 and read from the content file 161 stored in the content database 114.
-1 to 161-N are encoded by the same encoding method as the content stored therein. Compression / expansion program 1
38 expands (decodes) the encoded content.

The use condition conversion program 139 includes data (so-called Usage Rule) indicating the use condition of the content received by the purchase application program 115 from the EMD server 4-1 via the network 2, and the purchase program 144 corresponds to the EMD. The data indicating the usage condition of the content received from the server 4-2 or the data indicating the usage condition of the content received from the EMD server 4-3 by the purchasing program 145 is stored in the content database 11.
4 is recorded in use condition files 162-1 through 162-1
2-N is converted into the same format as the usage condition data stored in the storage device.

The use condition conversion program 139 is
When the content is checked out to the portable device 6-1 or 6-3, the usage condition data corresponding to the content to be checked out is converted into usage condition data usable by the portable device 6-1 or 6-3. .

The usage condition management program 140 executes the content database 1 before executing the process of copying, moving, checking in, or checking out the content.
The falsification of the usage rule data is detected based on a hash value (described later) corresponding to the usage rule data stored in the usage rule files 162-1 to 162-N recorded in 14. The usage condition management program 140 is used to copy, move, check-in, or check-out the content, and execute the content database 114.
Usage condition files 162-1 to 162-1 recorded in
The hash value corresponding to the usage rule data is updated in response to the update of the usage rule data stored in 2-N.

The authentication program 141 executes a mutual authentication process between the content management program 111 and the purchase application program 115 and a mutual authentication process between the content management program 111 and the purchase program 144. In addition, the authentication program 141
Server 4-1 and purchase application program 11
5, the mutual authentication between the EMD server 4-2 and the purchase program 144, and the EMD server 4
-3 and an authentication key used in the process of mutual authentication between the purchase program 145.

The authentication key used by the authentication program 141 in the mutual authentication process is determined when the content management program 111 is installed in the personal computer 1.
When it is not stored in the authentication program 141 and the registration processing is normally executed by the display operation instruction program 112, it is supplied from the EMD registration server 3 and stored in the authentication program 141.

The decryption program 142 executes the content file 16 recorded in the content database 114.
When the personal computer 1 reproduces the content stored in 1-1 to 161-N, the content is decrypted.

[0109] The PD driver 143 checks the predetermined content in the portable device 6-2 or checks in the predetermined content from the portable device 6-2.
2 is supplied with a content or a command for causing the portable device 6-2 to execute a predetermined process.

When the PD driver 143 checks out a predetermined content in the portable device 6-1 or checks in the predetermined content from the portable device 6-1, the PD driver 143 operates.
-1 to the content or device driver 116-1
To execute a predetermined process.

When the PD driver 143 checks out a predetermined content in the portable device 6-3 or checks in the predetermined content from the portable device 6-3, the PD driver 143 operates.
-2 content or device driver 116-2
To execute a predetermined process.

The purchase program 144 is a so-called plug-in program, is installed together with the content management program 111, and is supplied from the EMD registration server 3 via the network 2, or is recorded on a predetermined CD and supplied. When the purchase program 144 is installed in the personal computer 1, the purchase program 144 is transmitted to the content management program 111 via a predetermined format interface of the content management program 111.
1 to send and receive data.

The purchase program 144 is described by, for example, shuffled instructions or encrypted instructions, concealing the processing contents from the outside, and makes it difficult to read the processing contents (for example, , The user directly purchases the program 14
4, the instruction cannot be specified).

The purchase program 144 requests the EMD server 4-2 to transmit predetermined content via the network 2, and receives the content from the EMD server 4-2. In addition, the purchase program 144 is an EMD
When content is received from the server 4-2, a billing process is executed.

The purchase program 145 is a program installed together with the content management program 111, and is connected to the EMD server 4-3 via the network 2.
Requesting the transmission of predetermined content, and receiving the content from the EMD server 4-3. Further, the purchase program 145 executes a billing process when receiving the content from the EMD server 4-3.

The display operation instruction program 112 includes a filtering data file 181, a display data file 1
82, an image of a predetermined window is displayed on the display 20 based on the image files 183-1 to 183-K or the history data file 184, and the content management program 111 is operated by operating the keyboard 18 or the mouse 19. Instructs execution of processing such as check-in or check-out.

The filtering data file 181 is
Data for weighting each content stored in the content files 161-1 to 161-N recorded in the content database 114 is stored in the HDD 21.

The display data file 182 stores data corresponding to the content stored in the content files 161-1 to 161-N recorded in the content database 114, and is recorded on the HDD 21.

Image files 183-1 to 183-K
Stores images corresponding to the content files 161-1 to 161-N recorded in the content database 114, or images corresponding to packages described later, and are recorded on the HDD 21.

Hereinafter, the image files 183-1 to 183 will be described.
When it is not necessary to individually distinguish -K, it is simply referred to as an image file 183.

The history data file 184 stores the history such as the number of times the content stored in the content files 161-1 to 161-N recorded in the content database 114 is checked out, the number of times the content is checked in, and the date. The data is stored in the HDD 21.

At the time of registration processing, the display operation instruction program 112 stores the content management program 11 stored in advance in the EMD registration server 3 via the network 2.
In addition to transmitting the ID 1 and receiving the authentication key and the EMD selection program 131 from the EMD registration server 3, it supplies the content management program 111 with the authentication key and the EMD selection program 131.

The recording program 113 displays an image of a predetermined window, and displays the image on the keyboard 18 or the mouse 1.
On the basis of the operation of the step 9, data such as the recording time of the content is read from the CD which is the optical disk 42 mounted on the drive 22.

The recording program 113 is based on the recording time of the content recorded on the CD, etc.
Of data corresponding to a CD (for example, an album name or an artist name) or data corresponding to a content recorded on a CD (for example, a song name) to the WWW server 5-1 or 5-2 via And receives data corresponding to the CD or data corresponding to the content recorded on the CD from the WWW server 5-1 or 5-2.

The recording program 113 supplies the received data corresponding to the CD or the data corresponding to the content recorded on the CD to the display operation instruction program 112.

When a recording instruction is input, the recording program 113 reads contents from a CD, which is the optical disk 42 mounted on the drive 22, and outputs the contents to the content management program 111.

The content database 114 stores the content compressed by the predetermined method and encrypted by the predetermined method supplied from the content management program 111 in any of the content files 161-1 to 161-N. (Record on HDD 21). The content database 114 stores a content file 161-1.
To the use condition data corresponding to the contents stored in the content files 161-1 to 161-N, respectively.
-N (recorded on the HDD 21).

The content database 114 may record the content files 161-1 to 161-N or the use condition files 162-1 to 162-N as records.

For example, usage rule data corresponding to the content stored in the content file 161-1 is stored in the usage rule file 162-1. The usage rule data corresponding to the content stored in the content file 161-N is the usage rule file 1
62-N.

Note that the usage condition files 162-1 to 162-1
The data recorded in 62-N corresponds to data recorded in a term database described later or data recorded in a song database. That is, the content database 114 is configured to include a term database and a song database described later.

Hereinafter, when there is no need to individually distinguish the content files 161-1 to 161-N, they are simply referred to as content files 161. Hereinafter, when there is no need to individually distinguish the usage rule files 162-1 to 162-N, they are simply referred to as usage rule files 162.

Application program for purchase 115
Is supplied from the EMD registration server 3 via the network 2 or recorded on a predetermined CD-ROM and supplied. The purchase application program 115 requests the EMD server 4-1 to transmit predetermined content via the network 2, receives the content from the EMD server 4-1 and supplies the content to the content management program 111. In addition, the purchase application program 11
5 receives the content from the EMD server 4-1 and executes a billing process.

Next, the correspondence between the data stored in the display data file 82 and the content files 161-1 to 161-N stored in the content database will be described.

Content files 161-1 to 161
-N belongs to a predetermined package. The package is more specifically either an original package, a myselect package, or a filtering package.

The original package includes one or more contents, and corresponds to the classification of the contents in the EMD servers 4-1 to 4-3 (for example, corresponding to a so-called album) or one CD. The content belongs to any one of the original packages, and cannot belong to a plurality of original packages. Also, the original package to which the content belongs cannot be changed. The user can edit a part of the information corresponding to the original package (addition of information or change of added information).

[0136] The My Select package includes one or more contents arbitrarily selected by the user. The user can arbitrarily edit which content belongs to the My Select package. Content can simultaneously belong to one or more MySelect packages. Further, the content does not need to belong to any of the my select packages.

The contents selected based on the filtering data stored in the filtering data file 181 belong to the filtering package. The filtering data is supplied from the EMD servers 4-1 to 4-3 or the WWW server 5-1 or 5-2 via the network 2, or is recorded on a predetermined CD and supplied. The user can edit the filtering data stored in the filtering data file 181.

The filtering data is used as a reference for selecting a predetermined content or calculating a weight corresponding to the content. For example, if the filtering data corresponding to the J-POP (Japanese pop) best ten of the week is used, the personal computer 1 specifies the content of the Japanese pop No. 1 this week to the content of the Japanese pop No. 10 this week. can do.

The filtering data file 181 is
For example, filtering data that selects content in descending order of the period checked out in the past month,
Filtering data to select content that has been checked out frequently in the past six months, or song title
It includes filtering data for selecting content containing the characters "love".

As described above, the contents of the filtering package correspond to the contents display data 221 (including the data set by the user in the contents display data 221) or the history data 184 corresponding to the contents, and the filtering data. Let me choose.

The driver 117 drives the audio input / output interface 24 under the control of the content management program 111 or the like to input digital content supplied from the outside and supply it to the content management program 111. Alternatively, the content supplied from the content database 114 via the content management program 111 is output as digital data, or an analog signal corresponding to the content supplied from the content database 114 via the content management program 111 is output. .

FIG. 5 is a diagram showing an example of a display operation instruction window displayed on the display 20 by the operation instruction program 112 when the display operation instruction program 112 is activated.

In the display operation instruction window, a button 201 for activating the recording program 113, a button 202 for activating the EMD selection program 131, and a field for setting check-in or check-out processing are displayed. A button 203 and a button 204 for displaying a field for editing a MySelect package are arranged.

When the button 205 is selected, the field 211 displays data corresponding to the original package. When the button 206 is selected, the field 211 displays data corresponding to the My Select package. When the button 207 is selected, the field 211 displays data corresponding to the filtering package.

The data displayed in the field 211 is
Data on the package, for example, a package name or an artist name.

For example, in FIG. 5, a package name "first" and an artist name "Ataro", and a package name "second" and an artist name "Ataro" are displayed in the field 211.

The field 212 includes a field 211
The data corresponding to the content belonging to the package selected in is displayed. The data displayed in the field 212 is, for example, the title of the song, the playing time, or the number of checkouts.

For example, in FIG. 5, since the package corresponding to the package name “second” is selected, the song name “South Bar” corresponding to the content belonging to the package corresponding to the package name “second” and checkout Possible number of times (for example, one eighth note corresponds to one checkout, two eighth notes indicate two checkouts), the song title "Northern Graveyard" and the number of checkouts possible (eighth note Is displayed in the field 212).

As described above, one eighth note as the number of possible check-outs displayed in the field 212 is:
Indicates that the corresponding content can be checked out once.

The rest displayed as the number of possible check-outs displayed in the field 212 indicates that the corresponding content cannot be checked out (the number of possible check-outs is 0. (However, the personal computer 1 cannot reproduce the content. Yes.)) Further, the treble clef as the number of possible checkouts displayed in the field 212 indicates that the number of checkouts of the corresponding content is not limited (the user can check out any number of times).

It should be noted that the number of possible check-outs may be displayed not only by the number of predetermined figures (for example, a circle, a star, a month, etc.) as shown in FIG. 5, but also by a number or the like.

Further, the display operation instruction window displays images and the like (image files 183-1 to 183-1 in FIG. 4) associated with the selected package or content.
(Corresponding to any one of 3-K) is arranged. The button 209 is clicked when reproducing the selected content (outputting sound corresponding to the content to the speaker 45).

When button 205 is selected,
1, when data corresponding to the original package is displayed, when a song title of predetermined content displayed in the field 212 is selected and an erasing operation is performed, the display operation instruction program 112 111, corresponding to the selected song name,
A predetermined content stored in the content database 114 is deleted.

When the button (button 255 described later) of the window displayed by the recording program 113 is selected (activated), when the content read from the CD is recorded in the content database 114, the display operation instruction program is executed. Reference numeral 112 displays, in the display operation instruction window, a field 213 for displaying the title of the content stored in any of the portable devices 6-1 to 6-3 specified in advance.

When the button of the window displayed by the recording program 113 is selected, and when the content read from the CD is recorded in the content database 114, the display operation instruction program 112 sends the content management program 111 to the content database 1
14, the content read from the CD is checked out to any of the portable devices 6-1 to 6-3 designated in advance.

In the field 213, a symbol indicating whether or not the content can be checked into the personal computer 1 is displayed at the leftmost of the field 213 in association with the music title of the content. For example, field 2
13 indicates that the content corresponding to the music title of the content can be checked in to the personal computer 1 (that is, the personal computer 1).
Checked out from). “X” located at the leftmost of the field 213 indicates that the content corresponding to the title of the content is the personal computer 1.
Cannot be checked in (ie, not checked out from personal computer 1, for example, checked out from another personal computer)
It is shown that.

When the display operation instruction program 112 displays the field 213 in the display operation instruction window,
The display operation instruction program 112 displays the portable device 6-1 specified in advance in the display operation instruction window.
To the portable package (portable device 6-1) to which the content stored in any one of
Field 214 for displaying the name of the package to which the content stored in any one of the content items 6 to 3 belongs.
A button 210 for closing the field 213 and a button 215 for executing check-in or check-out are displayed.

Further, when the display operation instruction program 112 displays the field 213 in the display operation instruction window, the display operation instruction program 112 checks the content corresponding to the song name selected in the field 212 in the display operation instruction window. Button 2 to set out
16, a button 217 for setting a check-in of the content corresponding to the song name selected in the field 213, a button 218 for setting a check-in of all the content corresponding to the content name displayed in the field 213,
A button 219 for canceling the check-in or check-out setting is arranged.

The personal computer 1 does not execute the check-in or check-out process only by setting the check-in or check-out by operating the buttons 216 to 219.

After the check-in or check-out is set by operating the buttons 216 to 219, when the button 215 is clicked, the display operation instruction program 112 executes the check-in or check-out processing to the content management program 111. Let it. That is, when the button 215 is clicked, the display operation instruction program 112 executes the content management program 111 based on the check-in or check-out setting.
To transmit the content to any of the portable devices 6-1 to 6-3, or a predetermined command (for example, the portable device 6-
1 to 6-3) to transmit a predetermined content stored therein.
The use condition data stored in the use condition file 162 corresponding to the transmitted content or command is updated.

When check-in or check-out is executed, the display operation instruction program 112 updates the history data stored in the history data file 184 in accordance with the transmitted content or the transmitted command. The history data is obtained from information for identifying the content that has been checked in or checked out, the date on which the content was checked in or checked out, and the names of the portable devices 6-1 to 6-3 from which the content was checked out. Become.

Since the check-in or check-out setting process can be executed in a short time, the user can quickly know the state after the check-in or check-out process is executed, and the time-consuming check-in or check-out process can be performed. By reducing the number of check-out processes, the entire time required for check-in or check-out (including setting and execution) can be shortened.

FIG. 6 is a view for explaining an example of a window displayed on the display 20 by the recording program 113. For example, based on the CD information received from the WWW server 5-2, the recording program 113
Next, the title of the CD, such as "asynchronized", is displayed. Based on the CD information received from the WWW server 5-2,
The recording program 113 displays an artist name such as “Quie” in the field 252.

On the basis of the information on the CD received from the WWW server 5-2, the recording program 113 displays, for example, "Heat", "Planet", "Black", "Soul" Display song titles such as Similarly, the recording program 113 stores in the field 25
For example, an artist name such as “Kwai” is displayed in the portion displaying the third artist.

[0165] After the recording program 113 receives the information of the predetermined CD, the recording program 113 stores the information of the CD in a predetermined directory of the HDD 21.

When the button 254 or the like is clicked and an instruction to obtain CD information is received, the recording program 113
First, a predetermined directory of the HDD 21 is searched. When the CD information is stored in the directory, the recording program 113 displays a dialog box (not shown) and allows the user to store the information in the directory.
Select whether to use the information on the CD.

When the button 256 for instructing the start of recording of the content arranged in the window displayed by the recording program 113 is clicked, the recording program 113 reads the content from the CD stored in the drive 22, and The content read from the CD is supplied to the content management program 111 together with the information on the CD. The compression / decompression program 138 of the content management program 111 compresses the content supplied from the recording program 113 by a predetermined compression method, and the encryption program 137 encrypts the compressed content. The use condition conversion program 139 generates use condition data corresponding to the compressed and encrypted content.

The content management program 111 supplies the compressed and encrypted content to the content database 114 together with the usage condition data.

The content database 114 generates a content file 161 and a usage rule file 162 corresponding to the content received from the content management program 111, stores the content in the content file 161 and stores the usage rule in the usage rule file 162. Store the data.

When the content database 114 stores the content and the usage condition data corresponding to the content, the content management program 111 transmits the CD information and the usage condition data received from the recording program 113 to the display operation instruction program 112. Supply.

The display operation instruction program 112 generates display data to be stored in the display data file 182 on the basis of the usage condition data and CD information corresponding to the content stored in the content database 114 in the recording process. I do.

In the window displayed by the recording program 113, when the content read from the CD is recorded in the content database 114, the content is automatically added to the CD.
The content read from the portable device 6-1
A button 255 for setting whether or not to check out to one of 6 to 6-3 is arranged.

For example, when the button 255 is clicked, the recording program 113 executes the portable device 6-
A pull-down menu showing a list of 1 to 6-3 is displayed. When the user selects one of the portable devices 6-1 to 6-3 from the pull-down menu, the personal computer 1 automatically switches the selected portable device 6-1 to 6-3 to any of the portable devices 6-1 to 6-3. ,
Check out the content recorded from the CD. When the user selects “do not check out” from the pull-down menu, the personal computer 1
Do not check out when recording content from a CD.

Thus, when the content read from the CD is recorded in the content database 114 simply by activating the button 255 of the window displayed by the recording program 113, the personal computer 1 is designated in advance. The content read from the CD can be checked out to any of the portable devices 6-1 to 6-3.

Next, referring to the flowchart of FIG.
The content reproduced from the CD mounted on the drive 22 by the CPU 11 executing the content management program 111, the display operation instruction program 112, the recording program 113, and the content database 114 is stored in the HDD 2.
1 will be described.
When the user operates the keyboard 18 or the mouse 19,
When a command to transfer and copy contents reproduced from a CD (not shown) mounted on the drive 22 to the HDD 21 is input to the CPU 11 via the interface 17,
In step S11, the recording program 113 selects a content to be copied to the display 20 via the interface 17, for example, a GU shown in FIG.
Display I (Graphical User Interface).

More specifically, for example, the recording program 11
3 is the TOC (Table Of Co.) of the CD mounted on the drive 22.
ntents), the content information contained in the CD is obtained, and displayed on the display 20. Alternatively, the recording program 113 uses an ISRC (International Standard Recording Code) for each content contained in the CD.
Is read, the information of the content is obtained, and the content is displayed on the display 20. Alternatively, when the button 254 is clicked, the recording program 113 accesses the WWW server 5-1 or 5-2 via the network 2, obtains information on the content of the CD using the TOC, and obtains the content. Field 253 for the song name corresponding to
To be displayed.

The user operates the keyboard 18 or the mouse 19 by using the GUI of the display 20 and selects the content to be copied by clicking the check box corresponding to the song title displayed in the field 253, for example. .

Next, in step S12, the recording program 113 sends the usage condition management program 140
The term database stored in D21 (use condition file 16 of content database 114 shown in FIG. 4)
(Corresponding to 2-1 through 162-N).
The details of the time limit database check process are shown in the flowchart of FIG.

In step S31, the use condition management program 140 cooperates with the CPU 32 of the adapter 26 to
The hash value of the entire term database is calculated, and in step S32, the calculated value is compared with the previously stored hash value.

If no data is recorded in the time limit database, the usage condition management program 140
Does not calculate the hash value.

That is, a time limit database is formed in the HDD 21.
As shown in (1), as the management information for managing the content (content) recorded in the HDD 21, the ISRC of the content that has been recorded in the past and the copy date and time are stored in association with each other. In this example, for each of three items, item 1 to item 3,
RC and copy date and time are stored. In step S38, the hash value of the entire expiration date database based on the ISRC of all the contents recorded in the expiration date database and the copy date and time is used as described later.
Is calculated by the CPU 32 and stored in the nonvolatile memory 34. The hash value is a value obtained by applying a hash function to data.

The hash function is a one-way function that maps a message of an arbitrary length to a value obtained by compressing the message to a fixed length and has a property that it is difficult to perform an inverse transformation to obtain original data from the compressed data. Things. Also, it is difficult for collision between hash values to occur, that is, for example, it is difficult to assign the same value to two different messages. The hash function is used as a checksum for confirming that the message has not been tampered with during communication, or used in a digital signature.
An example of a hash function is SHA (Secure Hash Algorit
hm), MD (Message Digest) 5, and the like.

In step S31, the use condition management program 140 calculates a hash value in the same manner as executed by the CPU 32. Then, in step S32,
The use condition management program 140 requests the CPU 32 to read the hash value stored in the non-volatile memory 34, and transmits the transferred hash value to step S31.
Then, compare it with the hash value calculated by yourself.

In step S33, the use condition management program 140 determines whether or not the hash value calculated in step S31 matches the hash value of the previous term database stored in the nonvolatile memory 34. If they do not match, it is determined that the time limit database has been tampered with, and the usage condition management program 140
In step S34, for example, the recording program 11
In step 3, a message such as "copying is not possible because the term database has been falsified" is generated, output to the display 20 via the interface 17, displayed, and then the process is terminated. That is, in this case, the content recorded on the CD is reproduced and the HDD 21
Is prohibited.

The hash value calculated in step S31,
If the hash value matches the previous hash value, step S3
Proceeding to 5, the usage condition management program 140 causes the recording program 113 to acquire from the CD the ISRC of the content selected as the content to be copied specified in step S11 (the selected content). If ISRC is not recorded on the CD, use condition management program 140
Makes the recording program 113 read the TOC data of the CD, apply a hash function to the data, obtain data of an appropriate length such as, for example, 58 bits, and send this to the ISRC. Use instead.

In step S36, the usage condition management program 140 determines whether or not the ISRC (that is, the selected content) obtained in step S35 is registered in the term database (FIG. 9). If the ISRC is not registered in the time limit database, it means that the content has not been recorded on the HDD 21 yet.
40 registers the ISRC of the content and the current date and time in the term database. Note that the usage condition management program 140 uses the value output from the RTC 35 of the adapter 26, which is transferred from the CPU 32, as the current date and time. Then, in step S38, the use condition management program 140 reads the data of the time limit database at that time and transfers the data to the CPU 32 of the adapter 26. The CPU 32 calculates a hash value of the transferred data, and stores the calculated hash value in the nonvolatile memory 34. As described above, the hash value stored in this manner is used as the previously stored hash value in step S32.

Next, in step S39, the use condition management program 140 sets an unregistered flag indicating that the selected content is not registered in the term database. This flag is used to determine whether or not the selected content is registered in the term database in step S13 of FIG. 7 described below.

If it is determined in step S36 that the ISRC of the selected content is registered in the term database, it is determined that the selected content is content that has been registered in the HDD 21 at least once. become. Therefore, in this case, step S
Proceeding to 40, the usage condition management program 140 determines the current date and time (the RTC 35 of the adapter 26) from the registration date and time of the selected content registered in the time limit database.
It is determined whether or not (the current date and time output by) has passed 48 hours or more. The current time is 48
If the time has elapsed, the data has been recorded on the HDD 21 at least once, but has already been recorded from that time onward.
Since the time has passed, even if the content is copied again, it is practically impossible to copy a large amount of the content. In this case, copying to the HDD 21 is permitted. Then, proceeding to step S41, the usage condition management program 140 sets the date and time of the
The past registration date and time is changed to the current date and time (the date and time output by the RTC 35). Then, returning to step S38, the usage condition management program 140 again causes the CPU 32 to calculate the hash value of the entire term database and store the hash value in the non-volatile memory 34. Set.

On the other hand, if it is determined in step S40 that the current time has not passed more than 48 hours from the registration date and time, the copying of the selected content to the HDD 21 is prohibited. Therefore, in this case, the process proceeds to step S42, and the use condition management program 140 sets a registered flag corresponding to the selected content.

As a result of the processing in step S40, a new copy of the content cannot be generated unless a predetermined time has elapsed, so that the generation of a copy of the content intended for normal use that is not illegal is performed without unduly preventing, for example, ,
It is virtually impossible to create a large copy of the content required for unauthorized sale or distribution. In step S40, the criterion of the determination is that 48 hours or more have elapsed, but the determination is not limited to 48 hours, and may be, for example,
Any time of 68 hours may be used.

As described above, the flag indicating whether the selected content is registered in the HDD 21 is set by the time limit database check process.

Returning to FIG. 7, in step S13, the copy management program 133 determines whether or not the selected content has been registered in the term database from the above-mentioned flag. If the selected content has been registered, the process proceeds to step S14, and the copy management program 133 causes the recording program 113 to, for example,
A message such as "This song has not been copied since it has not been copied for more than 48 hours," is displayed on the display 20. This allows the user to know the reason why the content cannot be copied to the HDD 21.

If it is determined in step S13 that the selected content is not registered in the time limit database, the process proceeds to step S15, where the recording program 113
Controls the drive 22 to read the content from the CD mounted thereon. In this content, a watermark code is inserted at a predetermined position as shown in FIG. In step S16, the recording program 113 extracts a watermark code included in the content, and determines in step S17 whether the watermark code indicates that copying is prohibited. If the watermark code indicates that copying is prohibited, the process proceeds to step S18, and the copy management program 133 sends, for example,
A message such as "copying is prohibited" is displayed on the display 20 via the interface 17, and the copy process is terminated.

On the other hand, in step S17,
If it is determined that the watermark does not indicate copy prohibition, the process proceeds to step S19 and the recording program 113
Transmits the content to the compression / decompression program 138, for example, in an ATRAC (Adaptive Transform Acoustic Coding) 3
(Trademark), and compressed by software processing. In step S20, the recording program 113
Is stored in the memory 13 in the encryption program 137 using, for example, DES (D
ata Encryption Standard, FEAL (Fast Encriphe)
The content is encrypted by an encryption method such as the rment algorithm. The encryption key may be, for example, a random number generated by software or the adapter 26.
The one generated based on the random number generated by the CPU 32 can also be used. As described above, the encryption processing is performed not only with the personal computer 1 but also with the CPU 32 of the adapter 26 attached to the personal computer 1 so that the decryption becomes more difficult. It is possible to perform encryption.

Next, in step S21, the recording program 113 transfers the encrypted data to the content database 114, assigns the file name as one file (as the content file 161), and
Save to D21. Alternatively, the position information (for example, the number of bytes from the head) of the file name may be given and stored as a part of one file.

This storage processing and the above-described compression encoding processing and encryption processing may be performed separately.
It may be performed in parallel at the same time.

Further, in step S22, the recording program 113 uses the storage key stored in the predetermined non-volatile memory 34 as the encryption program 137 to perform the above-described DES, FEAL, etc. System, the encryption key used to encrypt the content is
21 song database (use condition files 162-1 to 162- of the content database 114 shown in FIG. 4)
N (corresponding to N).

In step S23, the recording program 113 sets the elements of the information of the stored file, the encrypted encryption key, the information of the content, and the information of the music title information inputted by the user through the GUI into the HDD 21 to form a set. Register it in the music database (record as usage condition files 162-1 to 162-N). Then, step S2
In step 4, the recording program 113 causes the CPU 32 to calculate the hash value of the entire music database and store the hash value in the nonvolatile memory 34.

In this way, for example, a music database as shown in FIG. 11 is registered on the HDD 21. In this example, the file names of the items 1 to 3, the encrypted encryption key, the title of the song, the length, the reproduction conditions (start date and time, end date and time, number of times limitation), the number of times of reproduction, the reproduction billing conditions, and the copy conditions (Number of times), a copy number counter, and a copy condition (SCMS) are recorded.

For example, SDMI (Secure Digital Music Ini)
In the method specified by “tiative”, the number of times that the content can be checked out is set to three times in accordance with the content copied from the CD.

When a certain period of time elapses after the content is copied from the CD to the HDD 21, the content can be copied again, so that the copying can be performed several times, which is regarded as the range of personal use of the user. . On the other hand, if a large amount of data is to be copied beyond the range of personal use, for example, an enormous amount of time is required, which is practically impossible. Also,
For example, if the personal computer 1 breaks down and the HDD 2
Even if the content recorded in No. 1 has been deleted, the deleted content can be copied again and recorded on the HDD 21 after a certain period of time.

Also, for example, if the HD
It is also possible to share the contents of the term database recorded in D21.

In the above description, the case where the date and time of copying corresponding to the ISRC is stored has been described as an example. However, if the information identifies the content or CD, other information (eg, song name, album name) , Combinations thereof, etc.).

Next, with reference to the flowcharts of FIGS. 12 to 14, the CPU 21 for executing the display operation instruction program 112 and the content management program 111 and the CPU 52 for executing the main program transfer the HDD 21 to the flash memory 61 of the portable device 6 from the HDD 21. (For example, a process of moving content to a memory stick (trademark) and a process of checkout) will be described.

First, the process of moving the content will be described. In step S51, the movement management program 134 causes the use condition management program 140 to calculate the hash value of the entire music database, and proceeds to step S52.
Then, the CPU 32 calculates the hash value the last time and compares it with the hash value stored in the nonvolatile memory 34. If the two do not match, the movement management program 134 proceeds to step S53, and after displaying a message such as “the song database may have been tampered” on the display 20 in the display operation instruction program 112, The process ends. The processing in this case is the same as the processing in steps S31 to S34 in FIG. In this case, the movement of the content from the HDD 21 to the portable device 6 is not executed.

Next, in step S54, the movement management program 134 creates a music database (included in the content database 114) formed on the HDD 21.
, The information of the content registered therein is read out, and the display operation instruction program 112 reads the GU for selection.
It is displayed on the display 20 as I. The user selects a content to be moved from the HDD 21 to the portable device 6 by clicking a song name, a button 216, or the like displayed in the field 212 in FIG. 5 based on the GUI for this selection. Next, in step S55, the movement management program 134 checks reproduction conditions, copy conditions, reproduction charging conditions, and the like of the selected content selected in step S54. Details of this processing will be described later with reference to the flowchart in FIG.

Next, in step S56, mutual authentication processing is performed between the authentication program 141 of the personal computer 1 and the CPU 53 of the portable device 6, and the communication key is shared.

For example, the master key KMM is stored in advance in the flash memory 61 (or the EEPROM 68) of the portable device 6, and the personal computer 1
In the RAM 13 (or a predetermined file of the HDD 21),
It is assumed that the individual key KPP and the ID are stored in advance. CPU
53 receives a supply of an ID stored in the RAM 13 in advance from the authentication program 141, applies a hash function to the ID and the master key KMM owned by itself, and
Generates the same key as the individual key of the personal computer 1 stored in the. By doing so, a common individual key is shared by both the personal computer 1 and the portable device 6. Using this individual key, a temporary communication key can be further generated.

Alternatively, the personal computer 1
The ID and the master key KMP are stored in the RAM 13 of the portable device 6 in advance.
1 also stores the ID of the portable device 6 and the individual key KPM. Then, by transmitting each ID and master key to each other, the other applies a hash function to the ID and master key transmitted from one to generate the other individual key. Then, a temporary communication key is further generated from the individual key.

[0210] As an authentication method, for example, IOS
(International Organization for Standardization)
9798-2 can be used.

When the mutual authentication is not correctly performed, the process is terminated. When the mutual authentication is correctly performed, further, in step S57, the movement management program 134 stores the file name of the selected content in the content database 114. Is read from the music database, and the content having the file name (for example, step S20 in FIG. 7)
Read out from the HDD 21).
In step S58, the movement management program 134
Indicates the format of the portable device 6 such as the compression encoding method (the processing of the step S19), the encryption method (the processing of the step S20), the format (for example, the header method, etc.) of the digital data content read in the step S57. Execute the process of converting to. Details of this conversion processing will be described later with reference to the flowchart in FIG.

[0212] In step S59, the mobility management program 134 instructs the PD driver 143 to execute step S58.
Is transferred to the portable device 6 via the USB port 23. In step S60, the CPU 53 of the portable device 6
When the transmitted content is received through the flash memory 61, the content is transmitted to the flash memory 61 as it is.
To memorize.

[0213] In step S61, the mobility management program 134 further includes a use condition conversion program 139.
Then, the playback conditions (start date and time, end date and time, number of times, etc.) of the selected content registered in the music database are converted into a format managed by the portable device 6. In step S62, the movement management program 134 further includes a use condition conversion program 139
The SCMS information in the copy condition registered in the song database of the selected content is transferred to the portable device 6.
To the format managed by. Then, step S63
, The movement management program 134 causes the PD driver 143 to transfer the playback conditions converted in step S61 and the SCMS information converted in step S62 to the portable device 6. The CPU 53 of the portable device 6
The transferred reproduction conditions and SCMS information are stored in the flash memory 61.

[0214] In step S64, the movement management program 134 also causes the PD driver 143 to store the playback conditions, playback charging conditions, copy conditions, and the like registered in the song database of the selected content in the song database. The data is transferred to the portable device 6 and stored in the flash memory 61 while keeping the format handled therein.

[0215] In step S65, the movement management program 134 causes the content database 114 to read the encrypted key of the selected content from the music database, and in step S66, causes the decryption program 142 to read the encrypted key. Is decrypted with the storage key stored in the RAM 13 and the encryption program 137 is encrypted with the communication key. Then, the mobility management program 134 causes the PD driver 143 to transfer the encryption key encrypted with the communication key to the portable device 6.

In step S67, the CPU 53 of the portable device 6 decrypts the encryption key transferred from the personal computer 1 using the communication key shared in the mutual authentication process, and encrypts the encryption key using its own storage key. The data is stored in the flash memory 61 in association with the already stored data.

When the storage of the encryption key is completed, the CPU 53
In step S68, the personal computer 1 is notified that the encryption key has been saved. When receiving the notification from the portable device 6, the mobility management program 134 of the personal computer 1 receives the notification from the portable device 6 in step S69.
, The content database 114 deletes the content file 161 corresponding to the content and deletes the set of elements of the content (that is, the use condition file 162) from the music database. In other words, thereby, a move is performed instead of copying. Then, step S70
In the transfer management program 134, the adapter 26
The data of the song database is transferred to the CPU 32, the entire hash value is calculated, and the calculated hash value is stored in the nonvolatile memory 34. This hash value is used as the previously stored hash value in step S52 described above.

Next, processing for checking out content from the personal computer 1 to the portable device 6 will be described. The process of checking out contents from the personal computer 1 to the portable device 6 is performed by the personal computer 1 shown in FIGS.
This is the same process as when the content is moved from to the portable device 6. That is, the check-out processing is executed by the check-in / check-out management program 132 in the personal computer 1, and in step S69 in FIG. Except for executing the process of updating the number of times that the checked out content (or the number of times that the user can check out) is updated, the process is basically the same as the process in the case of movement. Omitted.

Next, a description will be given, with reference to the flowchart in FIG. 15, of a process of checking the reproduction conditions of the selected content in step S55 in FIG. 12 by the CPU 11 executing the content management program 111. In step S81, the movement management program 13
No. 4 causes the content database 114 to read out various conditions from the music database. In step S82, the movement management program 134 executes step S81.
It is determined whether or not the number of copies has already exceeded the number of times of copy limit among the various conditions read out in step (1). If the copy count has already exceeded the copy limit count, it is not possible to permit more copies, so step S8.
Proceeding to 3, the movement management program 134 causes the display operation instruction program 112 to display, for example, a message such as "The number of copies has already reached the copy limit number" on the display 20, and ends the processing. If it is determined in step S82 that the number of times of copying has not exceeded the number of times of copying, the process proceeds to step S84, and it is determined whether the current date and time is after the reproduction end date and time. As the current date and time, an output from the RTC 35 of the adapter 26 is used. This prevents the user from intentionally correcting the current time of the personal computer 1 to a past value.
The movement management program 134 stores the current date and time in the CPU 32
From the music database, or in step S81, supplies the playback conditions read from the music database to the CPU 32 of the adapter 26, and
The PU 32 is caused to execute the determination processing of step S84.

If the current date and time is past the reproduction end date and time, the flow advances to step S85 to move to the movement management program 134.
Causes the content database 114 to delete the selected content from the HDD 21 and to delete the information of the selected content from the music database. In step S86, the movement management program 13
4 causes the CPU 32 to calculate the hash value of the music database and store it in the nonvolatile memory 34. Since then
The process ends. Therefore, in this case, the content is not moved.

If it is determined in step S84 that the current date and time is not after the reproduction end date and time, the flow advances to step S87, and the movement management program 134 sets the reproduction content charging condition (for example, reproduction 1) for the selected content. Is determined in the music database. If the playback charging condition is registered, the movement management program 134 sends the portable device 6 to the PD driver 143 in step S88.
To determine whether the portable device 6 has a charging function. If the portable device 6 does not have a charging function, the selected content cannot be transferred to the portable device 6, and therefore, in step S89, the movement management program 134 sends the display operation instruction program 112, for example, " A message such as "The transfer destination does not have a billing function" is displayed on the display 20, and the content moving process is terminated.

If it is determined in step S87 that the charging conditions for reproduction have not been registered, or if it is determined in step S88 that the portable device 6 has a charging function, the process proceeds to step S90, where the movement management program 134 is executed. Determines whether or not other playback conditions, such as, for example, a limited number of playbacks, are registered for the selected content. If another playback condition has been registered, the process proceeds to step S91, and the movement management program 134 determines whether or not the portable device 6 has a function to observe the playback condition. If the portable device 6 does not have the function of observing the reproduction condition, the process proceeds to step S92, and the movement management program 134 sends the display operation instruction program 112, for example, "The transfer destination device obeys the reproduction condition." Message is displayed on the display 20 and the process is terminated.

When it is determined in step S90 that the reproduction condition has not been registered, or in step S91
If it is determined that the portable device 6 has the function of observing the playback conditions, the process of checking the playback conditions and the like is terminated, and the process returns to step S56 in FIG.

FIG. 16 shows an example of playback conditions managed (can be protected) by the portable device 6. The reproduction information shown in FIG. 16 is stored in, for example, the EEPROM 68. In this example, the reproduction start date and time and the reproduction end date and time are registered for each of the contents of item 1 to item 3, but the number of reproductions is registered only for item 2 and for item 1 and item 3 It has not been. Therefore, when the content of item 2 is the selected content, the reproduction condition of the number of reproductions can be kept, but when the content of item 1 or item 3 is the selected content, the reproduction frequency The condition cannot be observed.

Next, referring to the flowchart of FIG. 17, the CPU 1 executing the content management program 111
1 will be described in detail in step S58 in FIG. Step S101
In, the movement management program 134 checks the format of the selected content recorded in the content database 114 (for example, a method such as a header including a reproduction condition, a use condition, and a copy condition). In step S102, the mobility management program 134 checks conditions that can be set for the destination device (in this case, the portable device 6). That is, the mobility management program 134 inquires of the CPU 53 of the portable device 6 about conditions that can be set, and obtains the answer. In step S103, the movement management program 134 determines, among the conditions of the format registered in the music database, the conditions that can be set for the destination device in step S102.
Determined based on the conditions checked in.

In step S104, the movement management program 134 determines whether there are any conditions that can be set. If there are no conditions that can be set, the flow advances to step S105 to move the contents to the portable device 6. Prohibit the process to be performed. That is, in this case, since the portable device 6 cannot observe the conditions registered in the music database, it is prohibited to move the contents to such a portable device 6.

If it is determined in step S104 that there is a condition that can be set, the flow proceeds to step S106, where the mobility management program 134 sends the condition to the use condition conversion program 139 by adding the condition to the condition of the destination's function format (for example, portable format). When the data is transferred to the device 6, it is converted into a condition stored in the header. Then, in step S107, the mobility management program 134 sets the converted conditions in the destination device. As a result, the portable device 6 can reproduce the content according to the set conditions (observing the conditions).

Next, with reference to the flowcharts of FIGS. 18 to 20, a description will be given of a process performed by the CPU 11 executing the content management program 111 and the CPU 53 executing the main program when copying content from the HDD 21 to the portable device 6. I do. This FIG.
20 to S127 are executed by the copy management program 133.
12 to FIG. 14 to the portable device 6
This is the same processing as the processing of steps S51 to S67 when the content is moved to. That is, also in this case, after the alteration of the music database is checked, the process of checking the reproduction condition of the selected content is performed. Further, after the mutual authentication process between the portable device 6 and the personal computer 1, the content is transferred from the HDD 21 of the personal computer 1 to the flash memory 61 of the portable device 6 and stored. Then, in step S128,
The copy management program 133 increments the copy number counter of the music database by one. And
In step S129, the copy management program 13
3 causes the CPU 32 to calculate the hash value of the entire music database and store the calculated value in the nonvolatile memory 34.

Next, referring to the flowchart of FIG. 21, the CPU 1 executing the content management program 111
1 and the CPU 53 executing the main program,
A process of moving content from the portable device 6 to the HDD 21 and a check-in process will be described.

First, the process of moving the content will be described. In step S161, the mobility management program 134 requests the CPU 53 of the portable device 6 to read the information of the content stored in the flash memory 61. The CPU 53 transmits the information of the content stored in the flash memory 61 to the personal computer 1 in response to the request. The movement management program 134 causes the display 20 to display a GUI for selecting a content stored in the flash memory 61 based on this information. The user operates the keyboard 18 or the mouse 19 to move the HDD 21 from the portable device 6 based on the GUI.
(Content database 114) The content to be moved is designated.

[0231] In step S162, the mobility management program 134 causes the authentication program 141 to execute a mutual authentication process with the CPU 53 and share a communication key. This process is similar to the process in step S56 in FIG.

Next, in step S163, the CPU 5
3 reads out the encrypted selected content stored in the flash memory 61 and transfers it to the personal computer 1. Movement management program 134
In step S164, the portable device 6
The content transferred from the content database 114 is given a file name as one
(HDD 21). This storage may be performed, for example, by giving position information (for example, the number of bytes from the head) of the file name as a part of one file.

In step S165, the CPU 53 determines
Reads the encrypted encryption key of the selected content stored in the flash memory 61, decrypts it with its own storage key, encrypts it with the communication key, and transfers it to the personal computer 1. I do. This encryption key has been stored in the flash memory 61 in the process of step S67 in FIG. 14, for example.

In step S166, when receiving the transfer of the encryption key from the portable device 6, the mobility management program 134 causes the decryption program 142 to decrypt it with the communication key, and stores the encryption program 137 with its own storage key. Encrypt with a key. In step S167, the mobility management program 134
Then, the file name of the content stored in step S164, the information of the content, the song name input by the user via the GUI, the encryption key encrypted in step S166, and the like are registered in the song database of the HDD 21. And
In step S168, the movement management program 134
Causes the use condition management program 140 to calculate the hash value of the entire music database by the CPU 32 and store the hash value in the nonvolatile memory 34.

In step S169, the mobility management program 134 notifies the portable device 6 that the encryption key has been stored, and requests deletion of the content. The CPU 53, from the personal computer 1,
When deletion of the content is requested, the content stored in the flash memory 61 is deleted in step S170.

Next, a process for checking in content from the portable device 6 to the personal computer 1 will be described. The process of checking in content from the portable device 6 to the personal computer 1 is the same as the process of moving content from the portable device 6 to the personal computer 1 in FIG. That is, the check-in processing is executed by the check-in / check-out management program 132 in the personal computer 1, and the processing of steps S162 to S166 in FIG. 21 is omitted. In addition, the personal computer 1 determines in step S167 of FIG.
In, a process of updating the number of times that the checked-in content can be checked out recorded in the song database is executed, and after the process of step S170,
Except for confirming the deletion of the content file, the processing is basically the same as the processing in the case of the movement, so that the detailed description of the processing is omitted.

When the flash memory 61 of the portable device 6 is removable as a memory card,
In the check-in process, the personal computer 1 executes the mutual authentication process of step S162 in FIG.

As described above, the content checked out from a predetermined personal computer can be checked in only to the personal computer. As a pre-process of the check-in process, the selected content is There is a step of judging whether or not the PC has been checked out from the PC performing the check-in, and if it is determined that the PC has not been checked out from the PC, performing a process so as not to perform the check-in. For example, this is the case where an attempt is made to check in the content marked with x in the field 213 in FIG.

Next, the CPU 11 for executing the content management program 111 and the CPU for executing the main program
The process of copying the content from the portable device 6 to the HDD 21 according to 53 will be described with reference to the flowchart in FIG. The processes of steps S181 to S188 shown in FIG. 22 are the same as the processes of steps S161 to S168 in the process of moving content from the portable device 6 to the HDD 21 in FIG. That is, in the case of the copy process, the process is basically the same as the process of the move, except that the process is executed by the copy management program 133 and the processes of steps S169 and S170 in FIG. 21 are omitted. The description is omitted.

Next, referring to the flowchart of FIG. 23, the EMD server 4 and the content management program 11
The process of copying the content transferred from the EMD server 4 to the HDD 21 by the CPU 11 executing the process 1 will be described. In step S201, the purchase program 144 clicks the button 202 shown in FIG.
When the user instructs access to the EMD server 4, the communication unit 25 is controlled and the EMD is transmitted via the network 2.
The server 4 is accessed. In response to this access, the EMD server 4 transfers information such as the song number, song title, and information of the content held by the EMD server 4 to the personal computer 1 via the network 2. When acquiring this information via the communication unit 25, the purchase program 144 causes the display operation instruction program 112 to display it on the display 20 via the interface 17. The user uses the GUI displayed on the display 20 to specify the content to be copied in step S202. This designation information is transferred to the EMD server 4 via the network 2. Step S2
In 03, the purchase program 144 executes a mutual authentication process with the EMD server 4 via the network 2, and shares a communication key.

Personal Computer 1 and EMD Server 4
The mutual authentication process performed between and
98-3, using a public key and a secret key. In this case, the personal computer 1 has its own secret key and the public key of the EMD server 4 in advance, and the EMD server 4 has its own secret key, and the mutual authentication process is performed. The public key of the personal computer 1 is transferred from the EMD server 4 or a certificate distributed in advance to the personal computer 1 is transferred from the personal computer 1 to the EMD server 4, and the certificate is transferred to the EMD server 4. Confirms,
A public key may be obtained. Further, step S2
In 04, the purchase program 144 executes a process related to charging with the EMD server 4. The details of this billing process will be described later with reference to the flowchart in FIG.

Next, in step S205, the EMD server 4 transfers the encrypted content designated in step S202 to the personal computer 1 via the network 2 to the personal computer 1. At this time, the time information is also appropriately transferred. In step S206, the purchase program 144 causes the content database 114 to save the transferred content as a single content file 161 by giving a file name to the HDD 21. In step S207, the EMD server 4 further encrypts the encryption key of the content using the communication key shared with the personal computer 1 in step S203, and transfers it to the personal computer 1.

The purchase program 144 includes a step S2
08, the decryption program 142 includes the EMD server 4
The encryption key transferred by itself or the adapter 26
In cooperation with the CPU 32, the decryption is performed using the communication key, and the encryption program 137 encrypts the decrypted encryption key with its own storage key. In step S209, the purchase program 144 causes the content database 114 to register a file name of the content, content information, a song name input by the user, and an encrypted encryption key as a set in the song database of the HDD 21. .
Further, in step S210, the purchase program 144 stores the hash value of the entire song database in the CPU.
The calculation is made to be stored in the nonvolatile memory 34.

[0244] In step S205, the EMD server 4 transmits the time data to the personal computer 1 together with the content. This time data is transferred from the personal computer 1 to the adapter 26. When the CPU 32 of the adapter 26 receives the time data transferred from the personal computer 1, the CPU 32 proceeds to step S
At 211, the time of the RTC 35 is corrected. In this way, based on the time information obtained from the external device recognized as the correct device as a result of the mutual authentication, the adapter 2
6, the time information of the RTC 35 is corrected, so that the adapter 26 can always hold the correct time information.

Next, referring to the flowchart of FIG. 24, the EMD server 4 and the content management program 11
Step S20 in FIG. 23 by the CPU 11 executing
4 will be described in detail.
In step S221, the purchase program 144
Reads the price information of the selected content specified in step S202 from the price information transmitted from the EMD server 4 in step S201, and
Write to the accounting log on 21. FIG. 25 shows an example of such a billing log. In this example, the user has copied items 1 to 3 from the EMD server 4, and the area of item 1 and item 2 is 50 yen, and the charge of item 3 is 60 yen. The hash value of the accounting log at that time is also calculated by the CPU 32 and registered in the nonvolatile memory 34.

Next, in step S222, the purchase program 144 reads the accounting log written in step S221 from the HDD 21, and reads this from the network 2.
To the EMD server 4 via. In step S223, the EMD server 4 executes a charging calculation process based on the charging log transferred from the personal computer 1. That is, the EMD server 4 additionally updates the built-in database with the accounting log transmitted from the user of the personal computer 1. Then, step S22
In 4, the EMD server 4 determines whether or not to immediately make a decision on the accounting log. If the decision is made immediately, the process proceeds to step S 225, where the EMD server 4 decides the product name and the amount required for the decision. Transfer to server (not shown). Then, in step S226, the decision making server executes a decision making process for the user of the personal computer 1. If it is determined in step S224 that the decision is not made immediately, step S225
And S226 are skipped. That is, this process is periodically executed thereafter, for example, once a month.

Next, referring to the flowcharts of FIGS. 26 and 27, the content management program 111 is executed.
IEC60 of voice input / output interface 24 by CPU11
A process for copying content reproduced from a CD player or the like (not shown) input from the 958 terminal 24a to the HDD 21 will be described. In step S241, the user connects the IEC60958 output terminal of the CD player to the audio input / output interface 2 of the personal computer 1.
4 IEC60958 terminal 24a. Step S242
, The user operates the keyboard 18 or the mouse 19
And input the title (or number corresponding to the content) of the content to be copied from the CD player. Then, in step S243, the user operates a button of the CD player to start reproduction of the CD player. CD
When a line for transmitting and receiving a control signal is connected between the player and the personal computer 1, a playback start command is input through the keyboard 18 or the mouse 19 of the personal computer 1, so that the CD player can read the CD. It is also possible to start playback.

When the CD player starts playing a CD, in step S244, the content output from the CD player is transferred to the personal computer 1 via the IEC60958 terminal 24a. Step S2
At 45, the copy management program 133
58 From the data input via the terminal 24a, the SCMS
(Serial Copy Management System) Read the data. The SCMS data includes copy information such as copy prohibition, copy only once, and copy free.
Therefore, in step S246, the CPU 11
It is determined whether or not the data indicates copy prohibition. If the data indicates copy prohibition, the process proceeds to step S247, and the copy management program 133 sends, for example, "copy is prohibited" to the display operation instruction program 112. Message is displayed on the display 20, and the copy process is terminated. That is, in this case,
Copying to the HDD 21 is prohibited.

In step S246, the copy management program 133 reads the SCMS read in step S245.
If it is determined that the information does not indicate copy prohibition, the process proceeds to step S248, where a watermark code is read, and it is determined in step S249 whether the watermark indicates copy prohibition. If the watermark code indicates that copying is prohibited, the process proceeds to step S247, where a predetermined message is displayed as in the case described above, and the copying process ends.

If it is determined in step S249 that the watermark does not indicate copy prohibition, the flow advances to step S250 to perform a time limit database check process. If the selected content is already registered as a result of the time limit database check, step S25
The processing is ended in the processing of S252. This processing is similar to the processing of steps S13 and S14 in FIG.

If the selected content is not yet registered in the HDD 21, the process proceeds to step S253.
In steps S258 to S258, the registration processing is executed. The processing in steps S253 to S258 is the same as that in step S257 except that the SCMS information supplied from the IEC60958 terminal 24a is also registered in the music database.
Since the processing is the same as the processing from step S19 to step S24 in FIG. 7, the description is omitted.

Next, referring to the flowcharts of FIGS. 28 and 29, the content management program 111 is executed.
A process performed by the CPU 11 to output (play) content from the HDD 21 to the IEC60958 terminal 24a will be described. In steps S271 to S273,
As in steps S111 to S113 in FIG. 18, the hash value of the entire music database is calculated,
It is determined whether or not the hash value matches the previously stored hash value, and the music database is checked for tampering. If it is determined that the song database has not been tampered with, the process proceeds to step S274, and the display operation instruction program 112 causes the content database 114 to access the song database of the HDD 21 via the content management program 111, and The information of the registered music is read and displayed on the display 20. The user looks at the display and operates the keyboard 18 or the mouse 19 as appropriate to select the content to be reproduced and output. In step S275, the display operation instruction program 112 performs a check process such as a reproduction condition of the selected content. Details of the check processing of the reproduction conditions and the like will be described later with reference to the flowchart of FIG.

Next, in step S276, the display operation instruction program 112 causes the content database 114 to read the encryption key of the content selected in step S274 from the music database via the content management program 111, and 14
2 is decrypted with the storage key. In step S277, the display operation instruction program 112 transmits the content database 1 via the content management program 111.
14 causes the SCMS information of the selected content to be read from the music database and output from the IEC60958 terminal 24a.
The SCMS information is determined according to the rules of the SCMS system. For example, when the number of times of reproduction is limited, the number of times of reproduction is 1
Is incremented by only the new SCMS information. In step S278, the display operation instruction program 11
2 further causes the content database 114 to read the ISRC of the selected content from the song database via the content management program 111.

Next, in step S279, the display / operation instruction program 112 causes the content database 114 to read the selected content file name from the music database via the content management program 111, and based on the file name. HD that content
Read from D21. Display operation instruction program 11
2 further causes the content database 114 to read the encryption key corresponding to the content from the music database via the content management program 111, and the decryption program 142 to decrypt the encrypted key with the storage key, and use the decrypted encryption key. Decrypt the encrypted content. The compression / decompression program 138 further decodes (decompresses) the compression code of the content. Step S28
In step S279, the display operation instruction program 112 instructs the driver 117 to determine the content that is the decrypted digital data in step S279 in step S277.
Along with the SCMS information and the ISRC information read in step S278, the IEC60958 terminal 2
4a. Furthermore, the display operation instruction program 112 operates, for example, a program such as a real player (trademark) (not shown) to convert digital content into analog data and output the analog data from the analog output terminal of the audio input / output interface 24.

[0255] In step S281, the display operation instruction program 112 executes the content management program 111.
, The content database 114 increments the value of the number-of-reproductions counter in the music database by one. Then, in a step S282, it is determined whether or not a playback charging condition is added to the selected content. If the playback charging condition has been added, the process proceeds to step S283, where the display operation instruction program 112
The corresponding fee is written to the charging log in the content database 114, and in step S284, the display operation instruction program 112 executes the usage condition management program 1
The CPU 32 causes the CPU 32 to calculate the hash value of the entire music database and stores the hash value in the nonvolatile memory 34. If it is determined in step S282 that the charging condition for reproduction has not been added to the selected content, the process proceeds to step S282.
Steps 283 and S284 are skipped.

Next, referring to the flowchart of FIG. 30, CPU 1 executing content management program 111 will be described.
No. 1 will be described in detail with reference to FIG. Step S301
, The display operation instruction program 112 causes the content database 114 to read out various conditions of the music database via the content management program 111. In step S302, the use condition management program 140 determines whether the number of times of reproduction has exceeded the limit number of the read conditions, and if it has, the process proceeds to step S303 and the content management program 11
1 and causes the content database 114 to delete the selected content from the HDD 21 and to delete the information of the selected content from the music database. In step S304, the display operation instruction program 112 further executes the use condition management program 140
Then, the CPU 32 causes the CPU 32 to calculate a new hash value of the song database, and stores the hash value in the nonvolatile memory 34. In this case, the reproduction output is prohibited.

If it is determined in step S302 that the number of times of reproduction has not exceeded the limit number of times, step S3
Proceeding to 05, the usage condition management program 1402 determines whether or not the reproduction end date and time is past the current date and time. If the reproduction end date and time has passed the current date and time, the selected content is deleted from the HDD 21 and also from the music database in step S303, as in the case described above. Then, in step S304, the hash value of the new song database is calculated and stored. Also in this case, the reproduction output is prohibited.

If it is determined in step S305 that the reproduction end date and time has not passed the current date and time, the process proceeds to step S306, and the CPU 32 determines whether or not the reproduction time charging condition has been added to the selected content. Is determined. If the playback billing condition is added,
Proceeding to step S307, the display operation instruction program 11
2 causes the display 20 to display a message indicating that the playback charging condition is added and a fee. Step S
If it is determined in 306 that the reproduction charging condition has not been added, the process of step S307 is skipped.

Next, referring to the flowcharts of FIGS. 31 and 32, the content management program 111 is executed.
A process of outputting (reproducing) content from the HDD 21 via the portable device 6 by the CPU 11 and the CPU 53 executing the main program will be described. In steps S321 to S325, a falsification check of the music database, a designation of the selected content, and a check process such as a reproduction condition of the selected content are performed. The processing is performed in step S2 of FIG.
Since the processing is the same as the processing from 71 to S275, the description thereof is omitted.

In step S326, a mutual authentication process is performed between the portable device 6 and the personal computer 1, and a communication key is shared between the portable device 6 and the personal computer 1. In step S327, the display operation instruction program 11
2 instructs the portable device 6 to play back the encrypted content to be sent.
In step S328, the display operation instruction program 1
In step S324, the file name of the specified selected content is read from the song database to the content database 114 via the content management program 111, and the content having the file name is read.
The data is read from the HDD 21. Display operation instruction program 1
In step S329, the content management program 111 executes a process of converting the content compression / encoding method, encryption method, format, and the like to those of the portable device 6. Then, in step S330, the display operation instruction program 112
Causes the encryption program 137 to encrypt the content converted in step S329 with the communication key, and transfers the content to the portable device 6.

In step S331, the CPU 53 of the portable device 6 decrypts the transferred data with the communication key and reproduces and outputs the data in response to the command transferred from the personal computer 1 in step S327. In step S332, the display operation instruction program 112 causes the content database 114 via the content management program 111 to increment the reproduction count of the song database by one.
Further, in step S333, the display operation instruction program 112 determines whether or not the playback charging condition is added to the selected content, and if so, in step S334, the content management program 111 Content database 114 via
Then, the fee is written in the billing log, and step S33
At 5, the CPU 32 causes the CPU 32 to newly calculate and store the hash value of the entire music database. If the playback charging condition is not added to the selected content, the processing of steps S334 and S335 is skipped.

In the present invention, various measures are taken to prevent the contents from being illegally copied. For example, the program for operating the CPU 11 is so-called tamper-resistant software whose execution order changes every time.

Further, as described above, part of the functions of the CPU 11 is shared by the adapter 26 as hardware, and the two cooperate to execute various processes. Thereby, it is possible to further enhance safety.

For example, as described above, the hash value of the music database is not stored in the music database itself, but is stored in the nonvolatile memory 34 of the adapter 26. That is, in the comparison process with the previously stored hash value such as steps S32 and S33 in FIG.
4 is stored. Thus, for example, before copying or moving to another recording medium, the HDD
All the recorded contents including the contents stored in the HDD 21 are backed up, and the contents stored therein are copied or moved from the HDD 21 to another recording medium, and then the recorded contents backed up to the HDD 21 By restoring the content included in the file, it is possible to prevent a situation in which the use condition is ignored and the copy or the move can be performed substantially without limit.

For example, as shown in FIG. 33, when contents A and B are stored in the HDD 21, hash values corresponding to information of the contents A and B are stored in the nonvolatile memory 34. In this state,
It is assumed that part or all of the recording data including the contents A and B of the HDD 21 is backed up to another recording medium 271. After that, of the content A and the content B stored in the HDD 21, the content A is transferred to another recording medium 27.
2, since the only content recorded on the HDD 21 at that time is the content B, the hash value of the nonvolatile memory 34 is also changed to the content B.
Is changed to the hash value corresponding to.

Therefore, after that, part or all of the recording data including the contents A and B of the HDD 21 backed up on the recording medium 271 is restored to the HDD 21 and
Even if the DD 21 stores the content A and the content B again, the hash value calculated from the information on the content B is stored in the nonvolatile memory 34, and the hash value calculated from the information on the content A and the content B is stored. No hash value is stored. Thereby, at that time, the hash value based on the content A and the content B stored in the HDD 21 does not match the past hash value stored in the nonvolatile memory 34,
It is detected that the song database has been tampered with. As a result, the use of the content A and the content B stored in the HDD 21 is restricted thereafter.

Furthermore, as described above, the adapter 26
Has a built-in RTC 35, and the value of the RTC 35 corrects the time information based on time data transferred from another device (for example, the EMD server 4) for which a correct authentication result is obtained. The current date and time are not managed by the personal computer 1, but are stored in the RTC 35.
Is used. Therefore, the user cannot intentionally correct the current time of the personal computer 1 to a past time, and cannot escape determination of the reproduction end date and time as the reproduction condition.

The security of the adapter 26 is further improved by configuring the adapter 26 to decrypt and execute the program transferred in accordance with the program stored in the ROM 36 in advance. Next, this point will be described with reference to the flowchart in FIG.

That is, the personal computer 1
When the adapter 26 is to execute a predetermined process, the program to be executed by the adapter 26 is encrypted using an encryption key stored in the RAM 13 in advance and transferred to the adapter 26 in step S351. The ROM 36 of the adapter 26 stores in advance a program for decrypting and executing the encrypted program transferred from the personal computer 1.
The CPU 32 decrypts the encrypted program transferred from the personal computer 1 in step S352 according to the program stored in the ROM 36. Then, in step S313, the CPU
32 develops the decrypted program in the RAM 33 and executes the program in step S354.

For example, as described above, when causing the adapter 26 to calculate the hash value of the music database of the HDD 21, the CPU 11 of the personal computer 1 encrypts the data of the music database with the encryption key, and
32. The CPU 32 calculates a hash value by applying a hash function to the transferred music database data. Then, the calculated hash value is stored in the nonvolatile memory 34. Alternatively, the CPU 32 compares the hash value with a past hash value stored in advance, and compares the comparison result with the CP of the personal computer 1.
Transfer to U11.

FIG. 35 shows a more specific configuration inside the adapter 26. The adapter 26 is formed as a semiconductor IC. The adapter 26 includes the interface 31, the CPU 32, the RAM 33, the non-volatile memory 34,
In addition to the RTC 35 and the ROM 36, a RAM controller 301 for controlling writing and reading to and from the RAM 33 and a logic circuit 302 are provided. The logic circuit 302 is used, for example, for processing in which, after decrypting encrypted content, decrypted data is directly output from the adapter 26.

These interfaces 31 to ROM3
6. RAM controller 301 and logic circuit 302
Is integrated into a semiconductor IC and is configured so that it cannot be disassembled from the outside.

The crystal oscillator 311 is used when the adapter 26 generates a reference clock when executing various processes. The oscillation circuit 312 is an oscillation circuit for operating the RTC 35. The battery 313 is
Oscillation circuit 312, nonvolatile memory 34, and RTC 35
Is supplied with backup power. Other circuits of the adapter 26 include the personal computer 1
The power is supplied from the power supply circuit 321.

The non-volatile memory 34 can be constituted by a writable / erasable ROM.
36, a protection aluminum layer 351 is formed on the non-volatile memory 34 as shown in FIG. 36, and the protection aluminum layer 351 is flush with the protection aluminum layer 351. The battery 313 is stored in the non-volatile memory 34 so that the
The power supply pattern 352 for supplying power from the power supply can be formed. In this case, for example, the protection aluminum layer 3
If the user wants to delete the power supply pattern 51, the power supply pattern 352 on the same plane is also deleted, the power supply to the nonvolatile memory 34 is cut off, and the data stored inside is erased. With this configuration, the tamper resist property can be further improved.

Further, as shown in FIG. 37, wirings 401-1 to 401-3 for writing or reading data to / from the nonvolatile memory 34 are overlapped in the vertical direction (depth) at the corresponding positions. Is formed. Accordingly, in order to read data from the lower wiring 401-3, the upper wirings 401-1, 401-
2 must be removed, and a plurality of wirings 401-1, 4
Data cannot be simultaneously read from 01-2 and 401-3.

Further, in the nonvolatile memory 34, the wirings 401-1 to 401-3 can be formed redundantly. For example, when the wirings 401-1 to 401-3 formed inside the nonvolatile memory 34 couple elements such as transistors constituting the nonvolatile memory 34, the paths can be linearly coupled, for example. However, it is not formed linearly but formed to have a predetermined length. By doing so, the length of the wirings 401-1 to 401-3 is longer than the originally required length, and has a larger parasitic capacitance than the shortest length required for the wiring. It will be.

A dedicated circuit (built-in the adapter 26 as a semiconductor IC) designed to read data from the nonvolatile memory 34 has a nonvolatile circuit by setting an impedance matching the parasitic capacitance. The data stored in the memory 34 can be read normally. However, in order to read data stored in the nonvolatile memory 34, the probe is connected to the wiring 401.
If they are connected to -1 to 401-3, the parasitic capacitance and the combined capacitance of the probes affect each other, making it difficult to read data normally.

Next, a process of mutual authentication when the portable device 6 receives predetermined data from the personal computer 1 will be described with reference to the flowcharts of FIGS. In step S401, the CPU 11 of the personal computer 1 generates a random number Na. In step S402, the CPU 11 of the personal computer 1 causes the interface 17 to transmit the ID of the personal computer 1, the category number G of the key, and the random number Na to the portable device 6.

[0279] In step S421, the CPU 53 of the portable device 6 generates a random number Nb. In step S422, the portable device 6 receives the ID of the personal computer 1, the key category number G, and the random number Na transmitted from the personal computer 1 via the USB controller 57. Step S42
In 3, CPU 53 of the portable device 6, the category number G of the key, obtains the key number j of the master key K _Ma.

[0280] In step S424, the CPU 53 of the portable device 6 obtains the j-th master key _{KMa [j]} . In step S425, the CPU 53 of the portable device 6 applies a hash function such as SHA based on the master key K _{Ma [j]} to the ID of the personal computer 1 to obtain the key _Kab .

[0281] In step S426, SH CPU 53 of the portable device 6, random numbers Na, random number Nb, and the ID of the personal computer 1, based on a key K _ab
A random number R1 is obtained by applying a hash function such as A. In step S427, the CPU of the portable device 6
53 generates a random number Sb.

[0282] In step S428, the CPU 53 of the portable device 6 sends the random number N to the USB controller 57.
a, the random number Nb, the key number j, and the random number Sb are transmitted to the personal computer 1.

[0283] In step S403, the personal computer 1 receives the random number Na, the random number Nb, the key number j, and the random number Sb via the interface 17. In step S404, the CPU 11 of the personal computer 1 obtains the key _Kab included in the individual key _KIa based on the key number j. In step S405, the CPU 11 of the personal computer 1
b and a hash function such as SHA based on the key _Kab are applied to the ID of the personal computer 1 and the random number R2
Ask for.

[0284] In step S406, the CPU 11 of the personal computer 1 determines whether the received random number R1 is equal to the random number R2 generated in step S405, and determines that the random number R1 is not equal to the random number R2. In this case, since the portable device 6 is not a valid portable device, the portable device 6 is not authenticated, and the process ends. If it is determined in step S406 that the random number R1 is equal to the random number R2, the portable device 6 is a valid portable device, and the process proceeds to step S407, where the CPU 11 of the personal computer 1 generates a random number Sa.

At step S408, the CPU 11 of the personal computer 1 sets the random number Nb and the random number Na
, A hash function such as SHA based on the key _Kab is applied to obtain a random number R3. In step S409, the CPU 11 of the personal computer 1 causes the interface 17 to transmit the random number R3 and the random number Sb to the portable device 6. In step S410, CPU 11 of the personal computer 1, the random number Sa and the random number Sb, applying a hash function such as SHA based on a key K _ab, obtains the temporary key K _s.

[0286] In step S429, the CPU 53 of the portable device 6 communicates via the USB controller 57.
The random number R3 and the random number Sb are received. Step S430
, The CPU 53 of the portable device 6
A hash function such as SHA based on the key _Kab is applied to b and the random number Na to obtain a random number R4. Step S4
At 31, the CPU 53 of the portable device 6 compares the received random number R3 with the random number R generated at step S430.
4 is determined to be equal, and if it is determined that the random number R3 is not equal to the random number R4, the personal computer 1 is not authenticated because the personal computer 1 is not a valid personal computer, and the process ends. If it is determined in step S431 that the random number R3 is equal to the random number R4, the process proceeds to step S432 because the personal computer 1 is a legitimate personal computer.
The CPU53 is the random number Sa and the random number Sb, applying a hash function such as SHA based on a key K _ab, the temporary key K _s
Ask for.

As described above, the personal computer 1
And the portable device 6 are mutually authenticated, to obtain a common transient key K _s. Step S425, step S425
426, step S405, step S408, step S410, step S430, and step S43
In 2, it has been described that a hash function such as SHA is applied, but DES may be applied.

Next, a description will be given of a process of mutual authentication when the personal computer 1 transmits predetermined data to the portable device 6 with reference to the flowcharts of FIGS. In step S451, the CPU 11 of the personal computer 1 generates a random number Na.
In step S452, the personal computer 1
Transmits the ID of the personal computer 1, the category number Gp of the key of the personal computer 1, the category number Gs of the key of the portable device 6, and the random number Na via the interface 17 to the portable device 6.

[0289] In step S481, the CPU 53 of the portable device 6 generates a random number Nb. In step S482, the portable device 6 sends the ID of the personal computer 1 transmitted from the personal computer 1 via the USB controller 57, the category number Gp of the key of the personal computer 1, the category number Gs of the key of the portable device 6, and A random number Na is received. In step S483, CPU 53 of the portable device 6, the category number Gs of the key of the portable device 6 finds the key number j of the master key K _Ma.

[0290] In step S484, the CPU 53 of the portable device 6 obtains the j-th master key KMa _[j] . In step S485, the CPU 53 of the portable device 6 applies a hash function such as SHA based on the master key K _{Ma [j]} to the ID of the personal computer 1 to obtain a key _Kab . In step S486, the CPU 53 of the portable device 6
Is the category number Gp of the key of the personal computer 1.
, The key number k of the master key K _Ia is obtained. In step S487, the CPU 53 of the portable device 6
Applies a hash function such as SHA based on the master key K _{Ia [k]} to the key K _ab , and applies the key K ′
_Ask for _ab .

[0291] In step S488, CPU 53 of the portable device 6, the random number Na and the random number Nb, by applying a hash function to apply a hash function such as SHA based on a key K _'ab, obtains a random number R1. Step S48
In 9, the CPU 53 of the portable device 6 generates a random number Sb.

In step S490, the CPU 53 of the portable device 6 sends the ID of the portable device 6, the random number Nb, the random number R1, the key number j,
And the random number Sb to the personal computer 1.

In step S453, the personal computer 1 receives the ID of the portable device 6, the random number Nb, the random number R1, the key number j, and the random number Sb via the interface 17. In step S454, the CPU 11 of the personal computer 1 applies a hash function such as SHA based on the master key K _MP of the personal computer 1 to the ID of the portable device 6 to obtain a master key K _m . In step S455, the personal computer 1
The CPU 11 obtains the j-th individual key K _Ia . Step S
At 456, the CPU 11 of the personal computer 1
Is the SH based on the key K _Ia in the random number Na and the random number Nb.
A hash function such as A is applied. A hash function is applied to obtain a key K ′ _ab . In step S457, the CPU 11 of the personal computer 1 sets the random number Na and the random number N
A hash function such as SHA based on the key K ′ _ab is applied to b, and a random number R2 is obtained by applying a hash function.

In step S458, the CPU 11 of the personal computer 1 determines whether the received random number R1 is equal to the random number R2 generated in step S457, and determines that the random number R1 is not equal to the random number R2. In this case, since the portable device 6 is not a valid portable device, the portable device 6 is not authenticated, and the process ends. If it is determined in step S458 that the random number R1 is equal to the random number R2, the portable device 6 is a valid portable device, and the process proceeds to step S459, where the CPU 11 of the personal computer 1 generates a random number Sa.

At step S460, CPU 11 of personal computer 1 sets random number Nb and random number Na
Then, a hash function such as SHA based on the key K _Ia is applied, and a hash function is applied to obtain a random number R3. Step S
At 461, the CPU 11 of the personal computer 1
Transmits the random number R3 and the random number Sb to the portable device 6 via the interface 17. In step S462, the CPU 1 of the personal computer 1
1, the random number Sa and the random number Sb, applying a hash function to apply a hash function such as SHA based on a key K _'ab, obtains the temporary key K _s.

[0296] In step S491, the CPU 53 of the portable device 6 communicates with the portable device 6 via the USB controller 57.
The random number R3 and the random number Sb are received. Step S492
, The CPU 53 of the portable device 6
A hash function such as SHA based on the key _Kab is applied to b and the random number Na, and a hash function is applied to obtain a random number R4. In step S493, the CPU 53 of the portable device 6 compares the received random number R3 with the received random number R3.
It is determined whether or not the random number R4 generated in step 2 is equal. If it is determined that the random number R3 is not equal to the random number R4, the personal computer 1 is not authenticated because it is not a valid personal computer, and the process ends. I do. Step S
If it is determined in 493 that the random number R3 is equal to the random number R4, the process proceeds to step S494 because the personal computer 1 is a legitimate personal computer.
CPU53 of the portable device 6, the random number Sa and the random number Sb, applying the Apply hash function hash function such as SHA based on a key K _ab, obtains the temporary key K _s.

[0297] In this way, the personal computer 1 and portable device 6, mutual authenticate, get a common temporary key K _s. The procedures shown in the flowcharts of FIGS. 40 and 41 have stronger protection (detection) against so-called "spoofing" than the procedures shown in the flowcharts of FIGS. 38 and 39. Step S485,
Step S487, Step S488, Step S45
4, Step S456, Step S457, Step S
In step 460, step S462, step S492, and step S494, it has been described that a hash function such as SHA is applied, but DES or the like may be applied.

As described above, the personal computer 1
The portable device 6 can cope with a process performed after the mutual authentication, and can efficiently and powerfully cope with the attack by the spoofing by properly using the mutual authentication procedures having different detection powers.

Next, the process of encrypting a source program will be described with reference to the flowchart in FIG. In step S501, the personal computer 1
A signed source program is transmitted to a certificate authority (not shown) via the Internet connection interface 11. In step S502, the certificate authority determines whether or not tampering has been found in the received source program based on the signature. If tampering has been found in the received source program, the process cannot be continued, and the process ends. I do.

If no falsification is found in the received source program in step S502, the process proceeds to step S502.
Proceeding to 503, the certificate authority encrypts the received source program with the certificate authority's private key. In step S504, the certificate authority transmits the encrypted source program to the personal computer 1. In step S505, the personal computer 1 records the received source program on the HDD 21, and the process ends.

[0301] As described above, the source program is encrypted. Note that, instead of the certificate authority, the EMD server 4 or a predetermined secure server may encrypt the source program.

Next, the process of executing the encrypted source program by the adapter 26 will be described with reference to the flowchart in FIG. In step S521, the CPU 32 of the adapter 26 decrypts the encrypted source program received from the personal computer 1 with the public key of the certificate authority stored in the nonvolatile memory 34 in advance. In step S522, the CPU of the adapter 26
32 starts the interpreter and executes the decrypted source program.

[0303] In step S523, the adapter 26
CPU 32 determines whether or not to transmit the result obtained by executing the source program to personal computer 1, and if it is determined that the result is not to be transmitted to personal computer 1, the process ends. If it is determined in step S523 that the result is to be transmitted to the personal computer 1, the process proceeds to step S524, where the adapter 2
The sixth CPU 32 encrypts the result obtained by executing the source program with a predetermined key. In step S525, the CPU 32 of the adapter 26
And the encrypted result is transmitted to the personal computer 1, and the process ends.

As described above, the adapter 26 executes the encrypted source program, encrypts the obtained result in a predetermined case, and transmits it to the personal computer 1.

The object program is encrypted, and the encrypted object program is
6 may be executed. FIG. 44 is a flowchart illustrating a process of encrypting an object program. In step S541, the personal computer 1 compiles the source program and generates a predetermined object program. Step S54
The processing from step 2 to step S546 is performed in step S
Since the processing is the same as that of steps 501 to S505, the description is omitted.

FIG. 45 is a flow chart for explaining a process in which the adapter 26 executes the encrypted object program. In step S561, the CPU 32 of the adapter 26 decrypts the encrypted object program received from the personal computer 1 with the public key of the certificate authority stored in the nonvolatile memory 34 in advance. In step S562, the CP of the adapter 26
U32 stores the decrypted object program in RAM 33.
And execute it. Step S563 to step S
Reference numeral 565 denotes steps 523 to S52 in FIG.
5 are the same as those in FIG.

Next, another process for encrypting the object program will be described with reference to the flowchart in FIG. In step S581, the CPU 11 of the personal computer 1 compiles the source program and generates an object program. Step S5
At 82, the CPU 11 of the personal computer 1
Requests the adapter 26 to issue the application key Kap and the individual key Kidv via the interface 17.

[0308] In step S583, the personal computer 1 sends the application key Kap and the individual key K from the adapter 26 via the interface 17.
idv (generated based on the key Ks unique to the adapter 26 and stored in the nonvolatile memory 34 of the adapter 26). In step S584, the CPU 11 of the personal computer 1 encrypts the object program with the application key Kap. In step S585, the CPU 1 of the personal computer 1
1 encrypts the master key K _{Mb and the} like included in the context with the individual key Kidv. In step S586, the CPU 11 of the personal computer 1 causes the HDD 21 to record the object program encrypted with the application key Kap, the master key K _Mb included in the context encrypted with the individual key Kidv, and the like,
The process ends.

As described above, the personal computer 1
Is the application key K supplied from the adapter 26
With the ap and the individual key Kidv, the object program and the context can be encrypted.

The process in which the adapter 26 executes the object program encrypted by the procedure shown in the flowchart of FIG. 46 will be described with reference to the flowchart of FIG. In step S601, the CPU 11 of the personal computer 1 sends the object program encrypted with the application key Kap and the individual key Kid to the adapter 26 via the interface 17.
master key K contained in the context encrypted with v
Send _Mb etc.

[0311] In step S602, the adapter 26
The CPU 32 generates an individual key Kidv by applying a hash function to the key Ks and the application key Kap stored in the nonvolatile memory 34 in advance. Step S
In 603, the CPU 32 of the adapter 26 decrypts the received object program with the application key Kap. In step S604, the adapter 26
The CPU 32 decrypts the master key K _{Mb and the} like included in the context with the individual key Kidv.

[0312] In step S605, the adapter 26
CPU 32 executes an object program using a context including the decrypted master key K _{Mb and the} like. Steps S606 to S608 are the same as steps S523 to S525 in FIG. 43, and a description thereof will be omitted.

As described above, in the processing shown in the flowchart of FIG. 47, the adapter 26 that has transmitted the individual key Kidv in the flowchart of FIG. 46 can execute the encrypted object program. Therefore, adapters other than the adapter 26 that has transmitted the individual key Kidv in the flowchart of FIG. 46 can decrypt the object program, but cannot decrypt the context, and cannot execute the encrypted object program.

Next, a process for causing the CPU 11 of the personal computer 1 to execute a part of the process when the adapter 26 executes the object program will be described with reference to the flowchart in FIG. In step S651, the CPU 32 of the adapter 26 converts a predetermined instruction sequence of the object program according to a predetermined rule.

This conversion is performed, for example, in the case of a DES encryption or decryption program, when a basic structure such as a Feistel structure is repeated, a 48-bit expanded key used in a so-called F function and an appropriate random number are used. A conversion such as applying the exclusive OR a predetermined number of times is performed to make it difficult to decipher the expanded key. Also, for example, DES CBC (Cipher
In the case of a program that decodes a large amount of data in the Block Chaining Mode, the processing of the repetitive structure is not performed in order (sequentially), and the processing of a plurality of repetitive structures is performed on a large amount of data at the same time, and the expanded key is obtained. Make it difficult to decipher.

Further, for example, the code corresponding to the instruction of the source program (for example, the code representing addition corresponds to “1” and the code representing multiplication corresponds to “2”) is changed every time.

In step S652, the adapter 26
The CPU 32 transmits the converted instruction sequence to the personal computer 1 via the interface 31.

At step S653, CPU 11 of personal computer 1 executes the deshuffled instruction sequence. In step S654, the CPU 11 of the personal computer 1 transmits the processing result obtained by executing the instruction sequence to the adapter 26.

In step S655, the adapter 26
The CPU 32 continues the processing based on the processing result received from the personal computer 1 and the calculation result calculated and held by the CPU 32 of the adapter 26. Step S
At 656, the CPU 32 of the adapter 26 determines whether to cause the personal computer 1 to execute the process,
When it is determined that the personal computer 1 does not execute the process, the process ends. When it is determined in step S656 that the personal computer 1 executes the process, the procedure returns to step S651, and the process of causing the personal computer 1 to execute the process is repeated.

As described above, by causing the personal computer 1 to execute a part of the processing of the object program, the adapter 26 can execute the processing of the object program at high speed and safely.

[0321] The adapter 26 converts the instruction sequence included in the object program to the personal computer 1.
, It becomes difficult to decipher the object program. If the adapter 26 encrypts the instruction sequence included in the object program and sends it to the personal computer 1, it becomes more difficult to decrypt the object program.

In the process of encrypting the object program supplied to the adapter 26 by the personal computer 1 described in FIG. 46, if the conversion shown in step S651 is performed on the source program, it is more difficult to decode the object program. become.

Lastly, the personal computer 1 is connected to the EMD
A process of downloading an encryption key for encrypting content downloaded in advance free of charge from the server 4 and making a payment will be described with reference to a flowchart of FIG. In step S671, the personal computer 1 mutually authenticates with the EMD server 4 via the Internet 4. In step S672, the CPU 11 of the personal computer 1 sends the information to the EMD server 4 via the Internet connection interface 11.
Data indicating the content reproduction condition is transmitted. In step S673, the EMD server 4 transmits the payment amount data to the personal computer 1 based on the received data indicating the reproduction condition.

[0324] In step S674, the CPU 11 of the personal computer 1 causes the display 3 to display the payment amount data received from the EMD server 4. In step S675, the EMD server 4 requests the personal computer 1 to transmit the user's credit card number and the like. In step S676, the user operates the input unit 2 to input data such as a credit card number into the personal computer 1, and the personal computer 1 transmits data such as the credit card number to the EMD server 4.

[0325] In step S677, the EMD server 4
Executes a payment process based on data such as a credit card number received from the personal computer 1. In step S678, the EMD server 4 transmits a predetermined encryption key to the personal computer 1 via the Internet 4. In step S679, the personal computer 1 receives the predetermined encryption key transmitted from the EMD server 4 via the Internet 4, and the process ends.

As described above, the personal computer 1
Downloads the encryption key from the EMD server 4, and if the EMD server 4 performs the settlement processing, when the personal computer 1 downloads the content from the EMD server 4, processing such as authentication, encryption, or settlement is required. Therefore, the content which is relatively large data can be quickly downloaded.

In the above, the case where the portable device 6 is used as a recording medium has been described as an example. However, the present invention can be applied to a case where data is transferred or copied to another recording medium. Although the settlement process is described as being executed based on the data such as the credit card number, the settlement may be performed by a procedure such as smart (trademark).

Before the processing shown in the flowchart of FIG. 49, the personal computer 1 and the EMD server 4 communicate with each other by, for example, http (Hypertex) defined by ISO9798-3.
T Transport Protocol) may be used to perform mutual authentication.

Although the portable device 6 has been described as storing the individual key in advance, the portable device 6 may be downloaded from the EMD server 4 or the like after purchasing the portable device 6.

In the above description, the case where the portable device 6 is used as a recording medium has been described as an example. However, the present invention can be applied to a case where data is transferred or copied to another recording medium.

The content may be image data or other data in addition to music data such as music data or audio data.

As described above, according to the present invention, the following effects can be obtained.

(1) In addition to encrypting and recording data in the HDD 21 and encrypting the encryption key with the storage key,
Since the content is recorded on the D21, even if the content recorded on the HDD 21 is copied, the content cannot be decrypted. Therefore, it is possible to prevent a large number of copies from being distributed.

(2) When a predetermined song is copied once,
In order to prevent the song from being copied for a certain period of time (48 hours in the above example), the song and the recording date and time are registered in the song database, so the number of copies is limited. Can be prevented from being distributed in large quantities.

Further, since the hash value of the data is calculated and stored every time the database is updated, it is easy to prevent the database from being falsified.

(3) When the contents are delivered to an external device, the contents on the HDD 21 are erased, so that the original digital data does not remain in the HDD 21 and a large number of copies can be distributed. Is prevented.

(4) Since the music database is provided in the HDD 21 and the entire hash value is checked every time, the contents of the HDD 21 are backed up immediately before the move,
Even if the data backed up immediately after the move is restored to the HDD 21, the data at the transmission source can be surely erased.

(5) The mutual authentication process is performed before the personal computer 1 transfers data to an external device, thereby preventing data from being transferred to an unauthorized device.

(6) Before data is passed from the external device to the personal computer 1, it is confirmed by mutual authentication whether or not the software of the personal computer 1 is legitimate. This prevents content from being passed to the user.

(7) Using the ISRC to determine the identity of the music,
When the ISRC cannot be obtained, the TOC is used. Therefore, even if the ISRC cannot be obtained, it is possible to determine the identity of the music.

(8) Since a predetermined portion of the software functions of the personal computer 1 is loaded on the adapter 26 external to the personal computer 1, analysis of the software of the personal computer 1 as a whole will Since it is not known what kind of processing it is, it becomes difficult to falsify the software to have the intended function.

(9) A program is encrypted with a key corresponding to the program, and data necessary for executing the program is
Since the encryption is performed using the unique key generated by the adapter 26, the program can be prevented from being executed by another adapter 26 while only the program can be distributed on a medium such as a CD-ROM.

(10) Payment is made when downloading a key for encrypting content such as music data, so that content such as music data, which is relatively large data, can be quickly downloaded. Become.

Note that the processing executed by the adapter 26 may be executed by the CPU 11 using a secure program. In this case, for example, the storage key having the same value is generated by the content management program 111 when the storage key becomes necessary. Similarly, the hash value is hidden and stored by the content management program 111.

When the processing executed by the adapter 26 is executed by the CPU 11 with a secure program,
The personal computer 1 uses the RTC 35 of the adapter 26.
Downloads the current time data from a specific server (for example, the EMD registration server 3) connected to the network 2 in place of the current time supplied by, and executes the determination process based on the current time. . Further, in this case, the personal computer 1 stores the current time at a predetermined time interval, displays an error when a time earlier than the stored time is set, and does not accept the time setting. You may do so.

The above-mentioned series of processing can be executed by hardware, but can also be executed by software. When a series of processing is executed by software, a program constituting the software can execute various functions by installing a computer built into dedicated hardware or installing various programs. It is installed from a program storage medium to a possible general-purpose personal computer or the like.

As shown in FIG. 2, a program storage medium for storing a program installed in a computer and made executable by the computer includes a magnetic disk 41 (including a floppy disk) and an optical disk 42 (CD-ROM ( Compact Disc-Read Only Memory), DV
D (including Digital Versatile Disc), a magneto-optical disk 43 (including MD (Mini-Disc)), or a package medium including a semiconductor memory 44, or a ROM 12 in which a program is temporarily or permanently stored.
And an HDD 21 or the like. The storage of the program in the program storage medium is performed using a wired or wireless communication medium such as a local area network or the network 2 such as the Internet, or a digital satellite broadcast via an interface such as the communication unit 25 as necessary. Will be

[0348] In this specification, the step of describing a program stored in a program storage medium is not limited to processing performed in chronological order in the described order, but is not necessarily performed in chronological order. , And also includes processes executed in parallel or individually.

In this specification, the system is
It represents the entire device composed of a plurality of devices.

[0350]

According to the information processing apparatus of claim 1, the information processing method of claim 5, and the program storage medium of claim 6, the encrypted program is decrypted and executed. Since the program is supplied, the encrypted program is decrypted, and the program is executed based on the execution result, so that the stored data is illegally read and analyzed. Can be prevented.

[Brief description of the drawings]

FIG. 1 is a diagram showing an embodiment of a content data management system according to the present invention.

FIG. 2 is a diagram illustrating a configuration of a personal computer 1.

FIG. 3 is a diagram illustrating a configuration of a portable device 6;

FIG. 4 is a block diagram illustrating a functional configuration of the personal computer 1.

FIG. 5 is a diagram illustrating an example of a display operation instruction window.

FIG. 6 is a diagram illustrating an example of a window displayed by a recording program 113 on a display 20.

FIG. 7 is a flowchart illustrating a process when copying content from a compact disc to an HDD 21;

FIG. 8 is a flowchart illustrating a time limit database check process in step S12 of FIG. 7;

FIG. 9 is a diagram illustrating an example of a term database.

FIG. 10 is a diagram illustrating a watermark.

FIG. 11 is a diagram showing an example of a music database.

FIG. 12 is a flowchart illustrating an operation of moving content from the HDD 21 to the portable device 6.

FIG. 13 is a flowchart illustrating an operation of moving content from the HDD 21 to the portable device 6.

FIG. 14 is a flowchart illustrating an operation of moving content from the HDD 21 to the portable device 6.

FIG. 15 is a flowchart illustrating a check process such as a reproduction condition of a selected content in step S55 of FIG. 12;

FIG. 16 is a diagram illustrating playback conditions managed by the portable device 6.

FIG. 17 is a flowchart illustrating details of a format conversion process in step S58 in FIG. 12;

FIG. 18 is a flowchart illustrating an operation when copying content from the HDD 21 to the portable device 6.

FIG. 19 is a flowchart illustrating an operation when copying content from the HDD 21 to the portable device 6.

FIG. 20 is a flowchart illustrating an operation when copying content from the HDD 21 to the portable device 6.

FIG. 21 is a flowchart illustrating an operation when content is moved from the portable device 6 to the HDD 21.

FIG. 22 is a flowchart illustrating an operation when copying content from the portable device 6 to the HDD 21.

FIG. 23 is a flowchart illustrating processing when copying content from the EMD server 4 to the HDD 21.

24 is a flowchart illustrating details of processing related to charging in step S204 of FIG.

FIG. 25 is a diagram illustrating a billing log.

FIG. 26 shows IEC60958 of the personal computer 1 of FIG.
9 is a flowchart illustrating processing when copying content from a terminal 24a to the HDD 21.

FIG. 27 shows IEC60958 of the personal computer 1 of FIG.
9 is a flowchart illustrating processing when copying content from a terminal 24a to the HDD 21.

FIG. 28 is a flowchart illustrating an operation when content is output from the HDD 21 to the IEC60958 terminal 24a.

FIG. 29 is a flowchart illustrating an operation when content is output from the HDD 21 to the IEC60958 terminal 24a.

30 is a flowchart illustrating a check process such as a reproduction condition in step S275 of FIG. 28.

FIG. 31 is a flowchart illustrating an operation when content is output from the HDD 21 via the portable device 6.

FIG. 32 is a flowchart illustrating an operation when content is output from the HDD 21 via the portable device 6.

FIG. 33 is a diagram illustrating functions of the nonvolatile memory 34.

FIG. 34 is a flowchart illustrating the operation of the adapter 26.

35 is a diagram showing an internal configuration of an adapter 26. FIG.

FIG. 36 is a diagram showing an example of the internal configuration of a nonvolatile memory 34;

FIG. 37 is a diagram showing an example of the internal configuration of a nonvolatile memory 34;

FIG. 38 is a flowchart illustrating a process of mutual authentication between the portable device 6 and the personal computer 1.

FIG. 39 is a flowchart illustrating a process of mutual authentication between the portable device 6 and the personal computer 1.

FIG. 40 is a flowchart illustrating a process of mutual authentication between the portable device 6 and the personal computer 1.

FIG. 41 is a flowchart illustrating a process of mutual authentication between the portable device 6 and the personal computer 1.

FIG. 42 is a flowchart illustrating a process of encrypting a source program.

FIG. 43: Encrypted source program to adapter 2
6 is a flowchart illustrating a process executed by the sixth embodiment.

FIG. 44 is a flowchart illustrating a process of encrypting an object program.

FIG. 45 is a flowchart illustrating a process in which an adapter executes an encrypted object program.

FIG. 46 is a flowchart illustrating another process of encrypting an object program.

FIG. 47 is a flowchart illustrating another process in which the adapter executes the encrypted object program.

FIG. 48 illustrates a case where the adapter 26 executes an object program.
9 is a flowchart illustrating a process when the CPU 11 executes the process.

FIG. 49 is a flowchart illustrating a process in which the personal computer 1 downloads an encryption key from the EMD server 4 and makes a payment.

[Explanation of symbols]

1 personal computer, 2 network,
3 EMD registration server, 6-1 to 6-3 portable device, 11 CPU, 12 ROM, 13 RAM, 2
1 HDD, 24 voice input / output interface, 2
4a IEC60958 terminal, 26 adapters, 32 CP
U, 33 RAM, 34 Non-volatile memory, 35 RT
C, 36 ROM, 41 magnetic disk, 42 optical disk, 43 magneto-optical disk, 44 semiconductor memory, 53 CPU, 54 RAM, 55 ROM, 59 D
SP, 61 flash memory, 111 content management program, 112 display operation instruction program,
113 recording program, 114 content database, 131 EMD selection program, 132
Check-in / check-out management program, 13
3 copy management program, 134 movement management program, 135 encryption system conversion program, 136
Compression method conversion program, 137 encryption program, 138 compression / decompression program, 139 use condition conversion program, 140 use condition management program, 141 authentication program, 142 decryption program, 143 PD driver, 144 purchase program, 145 purchase program , 181 filtering data file, 182 display data file, 183 image file, 184 history data file, 351 protective aluminum layer, 352
Power supply pattern, 401-1 to 401-3 wiring

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G10L 19/00 G10L 9/00 N (72) Inventor Mitsuru Tanabe 6-7-35 Kita Shinagawa, Shinagawa-ku, Tokyo No. Sony Corporation (72) Inventor Yuichi Emo 6-7-35 Kita-Shinagawa, Shinagawa-ku, Tokyo Sony Corporation (72) Inventor Hirokazu Kawahara 6-35, Kita-Shinagawa, Shinagawa-ku, Tokyo Sony Corporation

Claims (6)

[Claims] A first execution unit for decrypting and executing an encrypted program; supplying the program to the first execution unit; decrypting the encrypted program; An information processing apparatus comprising: a second execution unit that executes the program based on a result of execution of the first execution unit. 2. The information processing apparatus according to claim 1, wherein the first execution unit and the second execution unit are provided in independent hardware. 3. The information processing apparatus according to claim 1, wherein the program is a source program to be executed by an interpreter. 4. The information processing apparatus according to claim 1, wherein the program is an object program. 5. A first execution step of decrypting and executing an encrypted program; supplying the program to the first execution step; decrypting the encrypted program; A second execution step of executing the program based on a result of the execution of the first execution step. 6. A first execution step of decrypting and executing an encrypted program; supplying the program to the first execution step; decrypting the encrypted program; And a second execution step of executing the program based on a result of the execution of the first execution step. A program storage medium storing a computer-readable program.