JP2001060254A - Deciphering processor performing deciphering process for specific area in content data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a general deciphering device which can decipher contents data ciphered by an arbitrary system. SOLUTION: The deciphering device 1100 reads the ciphered contents data 1232 and ciphering system specification information 1231 as a program, which specifies a deciphering process object area in the contents data and also specifies deciphering algorithm and then indicates deciphering out of an IC card 1200 and sequentially interprets the ciphering system specification information 1231 to control a header detection part 1120, a frame length detection part 1130, and a deciphering part 1140, thereby deciphering the contents data by a proper system. The program of the deciphering system specification information 1231 uses a header detecting function for detecting a specific bit pattern in the contents, a frame length detecting a function for detecting frame length in the contents, and a deciphering process function for performing deciphering with the specified algorithm.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic processing technique, and more particularly to a cryptographic processing apparatus for performing cryptographic processing on a specific area in transmitted data and data recorded on a recording medium. Here, the encryption process is a concept including the encryption process and the decryption process, and the encryption processing device is a concept including the encryption device and the decryption device.

[0002]

2. Description of the Related Art In recent years, encryption techniques for keeping data confidential include video, audio, and other digital signals (hereinafter, referred to as "digital signals").
It is called “content data”. ) Is often used to protect against unauthorized use. Content data containing images, sounds, and the like is encrypted and transmitted so that only authorized persons can use it, or encrypted and recorded on a recording medium.

[0003] There are various data organizations, that is, formats of content data, which are defined in accordance with requests for access to the data and other purposes. MPEG (Moving) is an example of content in various formats.
Picture of Picture Expert Group 1 or Layer1, Layer2, Layer3
(So-called MP3) audio, MPEG2 video or A
AC (Advanced Audio Coding) audio or TS (Transport Stream)
Stream such as PS and Program Stream (PS), MPEG4 video or AAC or Tw
There are audio or system stream such as inVQ, Dolby-AC3 audio, DV format video or audio, and the like. The format includes a format for transmitting content data, various formats used for recording content data on various recording media such as a CD-ROM, a DVD-ROM, and an IC card.

In some cases, depending on the format of such content data, the encryption process should be performed only on a part of the content data. For example, in digital broadcasting, in each packet serving as a transmission unit of program data of a pay program, only a payload portion excluding a header portion is subjected to encryption processing. In response to this, the digital broadcast receiving device receives the program data packet,
A pay program can be viewed by performing a decryption process only on the portion where the encryption process has been performed.

[0005] There are various encryption algorithms used for encryption processing, that is, encryption processing and decryption processing, such as the RSA encryption algorithm, the DES encryption algorithm, and the FEAL encryption algorithm. About ECB
(Electronic codebook) mode,
OFB (output feedback) mode, C
A plurality of algorithms can be distinguished according to a cipherblock chaining (BC) mode or the like and an application form of the basic algorithm.

An example in which content data is encrypted will be described below. FIG. 1 is a diagram illustrating a state in which encryption processing is performed on content data. In FIG. 1A,
The portion to be encrypted in the content data composed of fixed-length packets is indicated by oblique lines. A conventional cryptographic processing device that performs cryptographic processing on content data composed of fixed-length packets detects a default synchronization pattern represented by solid black in FIG. The encryption processing is performed on the portion of the predetermined length at the position of.

In FIG. 1B, a portion to be subjected to encryption processing in content data composed of variable length packets is indicated by oblique lines. A conventional cryptographic processing apparatus that performs cryptographic processing on content data composed of variable-length packets detects a default synchronization pattern represented by solid black in FIG. 1B and places the synchronization pattern at a predetermined position from the synchronization pattern. The length of the packet is detected by extracting the packet length code included in the packet, and encryption processing is performed on a portion having a predetermined length from the synchronization pattern and obtained based on the length of the packet.

[0008] FIG. 1C shows a state in which encryption processing is repeatedly performed on content data at a constant cycle. A conventional encryption processing apparatus that repeatedly performs encryption processing on content data performs encryption processing using a predetermined encryption algorithm for each of the portions indicated by diagonal lines that are divided by the same length in FIG. . There are various types of encryption processing. For example, in a case where video or music content data is encrypted and recorded on a recording medium, the content data can be reproduced at high speed from an arbitrary position by random access to the recording medium when the content data is reproduced. For example, it is determined in advance that, for each basic data unit for random access in content data, an area for management information for random access should be left and only the other area should be encrypted. What encryption algorithm should be used for encryption is predetermined. Also, the basic data unit for random access may have an appropriate size individually determined depending on the type of recording medium.

As described above, the conventional cryptographic processing apparatus uses a predetermined method based on the format of the content data and other circumstances, such as which encryption algorithm is to be applied to which part of the content data. In accordance with the above, the content data is subjected to an encryption process. Normally, a pair of a conventional encryption device and a conventional decryption device for transmitting and receiving content data performs encryption or decryption by a predetermined method corresponding to each other. That is, content data encrypted by a conventional encryption device according to a certain method is transmitted through a communication path or recorded and carried on a recording medium, and the content data is decrypted by a decryption method corresponding to the encryption method. The transmitted or recorded content data is decoded by a conventional decoding device configured to decode.

[0010]

There are the following problems with the conventional cryptographic processing device as described above. (1) As described above, content data is diversified in its format, and it is considered that a new transmission format or a new recording medium will appear in the future, or content data having a new data structure will appear in the future. Can be However, since the conventional cryptographic processing device performs cryptographic processing according to a predetermined method,
The content data that can be encrypted by the encryption processing device is limited and lacks versatility. (2) Content data encrypted by an encryption device that performs encryption processing according to a certain method is decrypted unless a specific decryption device configured to perform decryption processing according to a method corresponding to the encryption device. Not available and not available.

The present invention has been made in view of the above-mentioned problems, and an object of the present invention is to provide an encryption processing device capable of performing encryption processing on all existing or future content data in an appropriate method. Aim. Note that this appropriate method appropriately specifies at least an area to be subjected to encryption processing. Also, in particular, it is possible to provide a general-purpose decryption cryptographic processing device capable of decrypting content data encrypted by an arbitrary method, and It is an object of the present invention to provide a cryptographic processing device for encryption for generating information to be given to perform decryption by a method.
The present invention further provides a cryptographic processing method used in these cryptographic processing devices, a program recording medium storing a control program for causing a computer to realize the cryptographic processing devices, and a method suitable for the cryptographic processing device. It is another object of the present invention to provide a data recording medium on which information to be provided for performing an encryption process is recorded.

[0012]

In order to achieve the above object, an encryption processing apparatus according to the present invention provides a cryptographic processing system including content data and encryption scheme information including information for specifying a region to be encrypted in the content data. Data reading means for reading out from a single portable storage medium, and the content data read out by the data reading means based on the encryption method information read out by the data reading means. Area specifying means for specifying an area to be encrypted, and encryption processing means for encrypting or decrypting the area to be encrypted specified by the area specifying means in the content data read by the data reading means It is characterized by having.

Thus, the encryption processing device according to the present invention can appropriately specify an area to be subjected to encryption processing in the content data stored in the storage medium and perform encryption processing, thereby achieving the object. Further, an encryption processing device according to the present invention is an encryption processing device that encrypts content data and records the encrypted content data on a storage medium, comprising: a content data acquisition unit that acquires content data; Encryption system information reading means for reading encryption system information including information for specifying the content from a portable storage medium; and obtaining the content data based on the encryption system information read by the encryption system information reading unit. Area specifying means for specifying an encryption processing target area in the content data obtained by the means, encryption processing means for performing encryption on the encryption processing target area specified by the area specifying means in the content data, Content data for recording the content data encrypted by the encryption processing means on the storage medium; Characterized in that it comprises a data recording unit.

Thus, when the content data is stored in the storage medium, it is possible to appropriately perform encryption in response to a case where an area where the content data is to be encrypted is defined in the storage medium. it can. As a result, the newly encrypted content data is stored in the storage medium together with the previously stored encryption method information for specifying the area to be encrypted.
Assuming a general-purpose decryption device that reads this recording medium and decrypts the content data, the decryption device uses the encryption method information in the storage medium to appropriately determine the area to be decrypted in the content data. Be able to identify.

Further, the encryption processing apparatus according to the present invention receives data transmitted by multiplexing content data and encryption method information including information for specifying an encryption processing target area in the content data. A data acquisition unit for acquiring the content data and the encryption system information; and an encryption process in the content data acquired by the data acquisition unit based on the encryption system information acquired by the data acquisition unit. An area specifying unit that specifies a target area; and an encryption processing unit that performs encryption or decryption on the encryption processing target area specified by the area specifying unit in the content data acquired by the data acquisition unit. It is characterized by the following.

Thus, the encryption processing device according to the present invention can appropriately specify an encryption target area in the transmitted content data and perform the encryption processing. Further, an encryption processing device according to the present invention is an encryption processing device for performing encryption processing on content data, and instructs content data acquisition means for acquiring content data, and reference to partial data in the content data. An encryption method information obtaining unit that obtains encryption method information that includes instruction information and information for specifying an encryption target area in the content data; and at least the encryption information in the content data according to the instruction information. An area identification unit that identifies an encryption target area in the content data based on the encryption method information by referring to partial data; and an encryption process identified by the area identification unit in the content data. Encryption processing means for encrypting or decrypting the target area.

Thus, the encryption processing device according to the present invention appropriately specifies an encryption processing target area in the content data by referring to a part of the content data based on, for example, encryption method information such as a program. To perform encryption processing. Further, the program recording medium according to the present invention is a program recording medium in which a control program for causing a computer to execute a content data encryption process is recorded, wherein the content data encryption process includes content data and an encryption process in the content data. A data reading step of reading encryption method information including information for specifying the target area from a single portable storage medium, and, based on the encryption method information read by the data reading step, An area specifying step of specifying an encryption processing target area in the content data read by the data reading step, and an encryption processing target specified by the area specifying step of the content data read by the data reading step Encryption processing for encrypting or decrypting an area Characterized in that it comprises a step.

Further, the program recording medium according to the present invention provides a computer which stores content data,
A program recording medium storing a control program for executing a content data encryption process of encrypting the content data and recording the encrypted content data on a storage medium, wherein the content data encryption process is an encryption process target in the content data. An encryption method information reading step of reading encryption method information including information for specifying an area from a portable storage medium; and the content data based on the encryption method information read in the encryption method information reading step. An area specifying step for specifying an encryption processing target area in the contents data; an encryption processing step of encrypting the encryption processing target area specified by the area specification step in the content data; For recording the content data subjected to Characterized in that it comprises a Ntsudeta recording step.

[0019] The program recording medium according to the present invention is a program recording medium in which a control program for causing a computer to execute content data encryption processing is recorded, wherein the content data encryption processing includes: A data acquisition step of receiving the transmitted data multiplexed with encryption method information including information for specifying the encryption processing target area, and acquiring the content data and the encryption method information,
An area identification step of identifying an encryption processing target area in the content data acquired by the data acquisition step, based on the encryption method information acquired by the data acquisition step; and Encrypting or decrypting the encryption processing target area specified in the area specifying step in the content data.

Further, a program recording medium according to the present invention is a program recording medium in which a control program for causing a computer to execute a content data encryption process is recorded, wherein the content data encryption process includes a content data acquisition process for acquiring content data. And obtaining cryptographic method information including instruction information for instructing reference to partial data in the content data, the information including information for specifying an encryption processing target area in the content data. An encryption method information obtaining step;
An area specifying step of specifying an encryption processing target area in the content data based on the encryption method information by referring to at least partial data in the content data according to the instruction information; and An encryption processing step of encrypting or decrypting the encryption processing target area specified in the area specifying step.

Further, the data recording medium according to the present invention is a single data recording medium that is generally capable of recording encrypted content data, and is a content data in which an area to be subjected to encryption processing is included. Includes a content data recording area in which encrypted content data is recorded, and an encryption scheme information recording area in which encryption scheme information including information for specifying an encryption processing target area in the content data is recorded. It is characterized by the following.

Thus, this data recording medium enables, for example, a general-purpose decoding device to specify an area to be decoded. Further, in the encryption processing method according to the present invention, the data to be read from a single portable storage medium may be used to read content data and encryption method information including information for specifying an encryption processing target area in the content data. A reading step; an area specifying step of specifying an encryption processing target area in the content data read in the data reading step based on the encryption method information read in the data reading step; And encrypting or decrypting the encryption processing target area specified by the area specifying step in the content data read by the step.

Further, the encryption processing method according to the present invention is an encryption processing method for encrypting content data and recording it on a storage medium, wherein information for specifying an encryption processing target area in the content data is stored. An encryption method information reading step of reading encryption method information including the encryption method information from a portable storage medium, and specifying an encryption processing target area in the content data based on the encryption method information read in the encryption method information reading step. An area identification step to be performed;
An encryption processing step of encrypting the encryption processing target area specified by the area identification step in the content data; and a content recording the content data encrypted by the encryption processing step on the storage medium. And a data recording step.

Further, the encryption processing method according to the present invention is an encryption processing method for performing encryption processing on content data,
Receives data transmitted by multiplexing content data and encryption method information including information for specifying an encryption processing target area in the content data, and obtains the content data and the encryption method information A data acquisition step, an area identification step of identifying an encryption processing target area in the content data acquired by the data acquisition step, based on the encryption method information acquired by the data acquisition step; and the data acquisition step And encrypting or decrypting the encryption processing target area specified by the area specifying step in the content data obtained by the above.

Further, an encryption processing method according to the present invention is an encryption processing method for performing encryption processing on content data,
Content data acquisition step of acquiring content data, and encryption method information including instruction information for instructing reference to partial data in the content data, the information being used to specify a region to be encrypted in the content data An encryption method information obtaining step of obtaining encryption method information including: and an encryption process in the content data based on the encryption method information by referring to at least partial data in the content data according to the instruction information. It is characterized by including an area specifying step of specifying a target area, and an encryption processing step of encrypting or decrypting the encryption processing target area specified by the area specifying step in the content data.

[0026]

DESCRIPTION OF THE PREFERRED EMBODIMENTS << Embodiment 1 >> Hereinafter, Embodiment 1 of a cryptographic processing apparatus according to the present invention will be described with reference to FIGS.
This will be described with reference to FIG. <Configuration of Decoding Device> FIG. 2 is a configuration diagram of the decoding device 1100 according to the first embodiment. Note that FIG. 14 also shows an IC card 1200 that stores encrypted content data, which is a processing target of the decryption device 1100.

The IC card 1200 includes a data storage unit 1230, which is a semiconductor memory, and a media ID storage unit 1220.
And a control unit 1210 composed of a semiconductor circuit and having a function of controlling access to data stored in the semiconductor memory and authenticating, for example, the validity of a connected device. An IC card is generally used as a data recording medium in, for example, a digital camera or a portable audio player.

Here, the media ID storage unit 1220 stores
A media ID for identifying an IC card is stored. Further, the data storage unit 1230 stores the encryption scheme specifying information 1231 and the encrypted content data 1232. The encryption method specification information 1231 is information for specifying a decryption method used when decrypting the content data 1232, and details thereof will be described later.

The decryption device 1100 includes an IC card 1200
Is a device that reads and decrypts content data that is encrypted and recorded in the
U, a computer including a memory, etc., and functionally includes a control unit 1110, a header detection unit 1120, a frame length detection unit 1130, a decryption unit 1140, and a key generation unit 1150.
And Note that each functional operation of the decoding device 1100 is as follows.
This is realized by the CPU executing a control program stored in the memory.

Here, the control unit 1110 includes an encryption method specifying information acquisition / interpretation unit 1111 and a content data acquisition unit 11
12 for controlling the respective units of the decryption device 1100. The controller 1210 performs, for example, mutual authentication with the control unit 1210 of the IC card 1200. Is read.

The encryption system specific information acquisition / interpretation unit 1111
Reads and interprets the encryption method specifying information 1231 stored in the data storage unit 1230 of the IC card 1200,
It has a function of controlling the header detection unit 1120, the frame length detection unit 1130, or the decoding unit 1140 according to the interpretation result. The content data acquisition unit 1112 is the IC card 1
It has a function of reading out the content data 1232 stored in the data storage unit 1230 of the 200.

The header detecting section 1120 has a function of detecting the header portion when the content data has a data structure having a header.
0 has a function of detecting the partial data length, that is, the frame length, when the content data is composed of, for example, a set of variable-length partial data. The key generation unit 1150 obtains the media ID of the IC card 1200 obtained by the control unit 1110, and obtains the media ID
A key for decryption is generated by performing a predetermined operation based on.

Further, the decryption unit 1140 includes a key generation unit 115
It has a function of decrypting a specific part of the encrypted content data using the key generated by 0, and outputting the decrypted result to the outside of the decryption device 1100, for example, a device that presents the content data. <Encryption method identification information that can be interpreted by decryption device> The encryption method identification information 1231 will be described below.

The encryption system specification information 1231 specifies a portion of the content data 1232 to be subjected to decryption processing, and includes information necessary for specifying an algorithm used for decryption and a description of processing contents. Expressed in a predetermined specific language. The encryption method specifying information 1231 is transmitted to the IC card 1200 by an encryption device that has encrypted the content data 1232.
It was recorded inside. Further, the cryptographic scheme specifying information acquisition / interpretation unit 1111 that interprets the cryptographic scheme specifying information 1231 expressed in this specific language is a so-called interpreter.

FIG. 3 is an explanatory diagram of functions that can be used as the contents of the encryption system specifying information. As shown in the figure, four dedicated functions are defined: a header detection function, a frame length detection function, a reference position movement function, and a decoding processing function. These four dedicated functions are used to specify a portion of the content data to which the decoding process is to be applied.

The header detecting function is a function for detecting a header from the data and moving the reference position to the header portion.
20. Here, the reference position is used in common among the four dedicated functions, and indicates a position to be processed in each function. First argument detect_ of header detection function head_detect_
pattern_size is the number of bits of the bit pattern of the header to be detected, and the second argument detect_p
“attern” is a bit pattern of a header to be detected, and a third argument “pnt_offset” is a position at which header detection is started. That is, the header detection function is pnt_o
From the position where the header detection indicated by ffset is started,
This function searches for a header having a bit pattern indicated by detect_pattern for the number of bits indicated by detect_pattern_size, moves the reference position to the position of the first detected header, and returns the reference position as a return value. .

The frame length detection function is intended to be used after the header detection function, and specifies the length of variable-length partial data, that is, the frame length. The processing of this function is realized by the frame length detection unit 1130. Frame detection function frameleng
The first argument length_code of th_detect
_Position is the position where the header is detected, that is, the position of the frame length code based on the reference position, and the second
The argument lengthcode_length is the length of the frame length code, and the third argument unit indicates the unit of the value indicated by the frame length code, and is specified as 1 for a bit unit or 8 for a byte unit. What is frame length code?
This is data indicating the frame length. That is, the frame length detection function calculates the length_code_pos from the reference position.
The position moved by the number of bits indicated by the “ion” is set as a new reference position, and the lengthcode from the reference position is used.
This function reads a frame length code corresponding to the number of bits indicated by e_length, calculates a value obtained by multiplying the read value by a value indicated by unit as a frame length, and returns the frame length as a return value.

The reference position moving function moves a reference position. Reference position movement function reference_p
The argument move_no of the position_move is the number of bits to move. That is, the reference position movement function is a function for moving the reference position by the number of bits indicated by move_no. The decryption processing function is for performing a decryption process on a predetermined portion of the data.
140. Decryption processing function decrypt
The first argument “algorithm_no” of “ion” is a number indicating the type of a decoding algorithm used for decoding.
The number is predetermined as 1 for S and 2 for FEAL. One of the decryption algorithms having the properties of a so-called block cipher algorithm can be designated by the first argument. The second argument mode is an application mode as an application form of the decoding algorithm. For example, ECB is 1, OFB is 2,
CBC is predetermined as 3 or the like. Third argument blockl
The length is the bit length of the block to be decoded, and the fourth argument is the end position of the range to be decoded. That is, the decryption processing function uses the algorithm
decoding processing according to thm_no and mode end_
This is a function to be applied for each blocklength up to the position indicated by pnt. If the number of bits in the range from the reference position to the position indicated by end_pnt cannot be divided by the bit length indicated by blocklength, end_pnt
It is assumed that the decoding process is performed the maximum number of times that does not exceed.

FIG. 4 is a diagram showing an example of the content of the encryption system specifying information described using the function shown in FIG. In the content example shown in the figure, the bit pattern of the header is composed of 12 bits called FFF in hexadecimal notation, and the content data has a structure in which a frame length code of 13 bits from the 31st bit from the header start position is arranged. This is an example in which data of a portion corresponding to each frame is decoded in the CBC mode by the DES algorithm. In this content example, “=” indicates an operation of substituting a constant or variable on the right side for a variable on the left side, and “while”
(Endofdata) {...} Indicates that the processing of {...} Is repeated from the beginning to the end of the content data. Ref_pnt is a variable indicating a reference position.

That is, in this content example, a variable ref_pnt, which is a reference position, is initialized to 0 bits, a header is then detected, a frame length code is detected, and the reference position is moved immediately after the frame length code position. The position at the end of the decoding process is calculated based on the obtained frame length, and the decoding process is performed. Thereafter, the reference position is moved to the end position of the decoding process, and the processing procedure from the detection of the header is repeated again, whereby the decoding process is performed on the area excluding the portion from the header to the frame length code in the content data. This is an example in which the effect is specified.

Note that if any one of the functions shown in FIG. 3 is used to arbitrarily combine and describe the cryptographic system specific information in a specific language, for example, the repetitive structure of a header and a fixed-length frame can be changed. The content may specify that only the frame of the content data to be decoded is to be decoded, or the content may specify that the decoding is repeatedly performed at a fixed length.

<Operation of Decoding Device> The operation of the decoding device 1100 having the above-described configuration will be described below. The description will be made assuming that the encryption method specifying information 1231 stored in the data storage unit 1230 of the IC card 1200 has the contents illustrated in FIG. FIG.
12 is a flowchart showing the operation of the 00.

As shown in FIG.
Is the control unit 121 of the IC card 1200.
0, and obtains the media ID stored in the media ID storage unit 1220 and communicates with the key generation unit 115.
0, and the key generation unit 1150 receives the
A predetermined operation is performed based on D to generate a decryption key (step S201).

After the decryption key is generated, the encryption system identification information acquisition / interpretation unit 1111 acquires the encryption system identification information 1231 stored in the data storage unit 1230 via the control unit 1210 of the IC card 1200. And store it in a memory or the like (step S202). Encryption method identification information 123
1 and then, the encryption system identification information acquisition and interpretation unit 1111
Interprets by paying attention to one sentence of the encryption method specifying information 1231 sequentially, and executes a process according to the sentence (step S
203-S214).

First, the encryption system specific information acquisition / interpretation unit 111
1 focuses on "ref_pnt = 0;" shown in FIG. 4 (step S203), and is an operation other than the four dedicated functions (step S212), so that 0 is assigned to the variable ref_pnt.
Is set (step S213), and then “while (e)
ndofdata) ｛・ ・ ・ ｛”
..} are repeatedly executed as long as the content data to be processed can be acquired (steps S214, S20)
3).

Therefore, the encryption system specific information acquisition / interpretation unit 11
11 is “ref_pnt = head_detect”
(12, 0xffff, ref_pnt); ”(steps S214 and S203), and since it is a header detection function (step S204), the content data acquisition unit 1112 sends the content data 1232 to the content data acquisition unit 1112 via the control unit 1210 of the IC card 1200. The header data is acquired and stored in a memory or the like.
, A header portion consisting of a bit pattern of the FFF in hexadecimal from the head position is detected (step S20).
5). As a result of the execution of the header detection function, the position of the detected header is set in a register or the like (hereinafter, referred to as a “reference position register”) that is determined to hold the reference position, and is set in a variable ref_pnt. . This reference position register is used for the encryption system specific information acquisition / interpretation unit 11.
11, header detecting section 1120, frame length detecting section 113
0 and can be referenced and updated from the decoding unit 1140.

Subsequently, the encryption system specific information acquisition / interpretation unit 11
11 is “pnt_offset = ref_pnt;”
(Step S203), and the variable pnt_offs
The content of the variable ref_pnt is set to et (steps S212 and S213). Subsequently, the encryption method specifying information acquisition / interpretation unit 1111 outputs the next “frame_length = f
frame_length_detect (31,13,
8); ”(steps S214 and S203), and since the function is a frame length detection function (step S206), the frame length detection unit 1130 is caused to detect the frame length (step S207). Thereby, the frame length detection unit 1
A frame length 130 is obtained by using a position at the 31st bit from the current reference position of the content data 1232 as a new reference position, obtaining a 13-bit frame length code from the position, and multiplying the frame length code by eight. Ask for. The frame length obtained as a result of the execution of the frame length detection function is set in a variable frame_length.

After processing the frame detection function, the encryption method specifying information acquiring / interpreting unit 1111 outputs the following “ref_pnt =
reference_position_move (1
(3); ”(steps S214 and S203), and since it is a reference position movement function (step S208), the reference position is moved by 13 bits, the moved reference position is stored in the reference position register, and the variable ref_pnt
(Step S209).

After processing the reference position moving function, the encryption method specifying information acquisition / interpretation unit 1111 outputs the next “end_pnt =
pnt_offset + framelength; ”(steps S214 and S203), and the variable end_
Variable pnt_offset and variable framel in pnt
Set the sum of the content with the content (step S21)
2, S213).

Subsequently, the encryption system specific information acquisition / interpretation unit 111
1 is the next “decryption (1, 3, 64, e
nd_pnt); ”(steps S214, S2
03), since it is a decryption processing function (step S21)
0), and causes the decryption unit 1140 to perform decryption processing on a specific portion of the content data 1232 (step S21).
1). Therefore, the decryption unit 1140 uses the key generated by the key generation unit 1150 to generate the content data 1232
The decoding process is performed in the CBC mode by the DES algorithm on the area from the current reference position to the position indicated by the variable end_pnt.

After processing the decryption processing function, the encryption method specifying information acquisition / interpretation unit 1111 outputs the following “ref_pnt = en
d_pnt; ”(steps S214, S20
3), the contents of the variable end_pnt are set in the variable ref_pnt (steps S212 and S213), and thereafter, “ref_pnt = head_detect (1)” until the header cannot be detected even when the header detection function is executed.
2,0xffff, ref_pnt); ”to“ ref_
"pnt = end_pnt;" (steps S203 to S214).

FIG. 6 is a diagram showing content data 1232 to be decrypted in accordance with the encryption system specifying information shown in FIG. The part that is not decoded, that is, the header part, is shown in an enlarged manner at the bottom of the figure. In the figure, the shaded portion is the portion that is decoded as the operation result of the decoding device 1100.

The content data having such a variable-length frame structure has, for example, a format of audio data compressed by MPEG2 or MPEG4 AAC. In order to perform random access or the like when reproducing such audio data, it is necessary to access a desired frame and perform a reproducing process. Since it is more convenient to leave the content data without the content data 1232 in the IC card 1200,
Is that only the portion indicated by hatching is encrypted in advance, and the encryption method specifying information 1231 is formed to indicate that.

As described above, the decryption device 1100 can specify the portion of the content data 1232 to be subjected to the decryption process based on the encryption method specifying information 1231 held in the IC card 1200 together with the content data 1232. In addition, since the decoding algorithm can be specified, the content data 1232 can be appropriately decoded without holding the information for specifying the portion to be subjected to the decoding process or the information for specifying the decoding algorithm. In other words, if the encryption device that has encrypted the content data 1232 records, on the IC card, encryption method identification information 1231 indicating a decryption method corresponding to the encryption method, the specific type of content data A general-purpose decoding device 1100 that does not have a decoding processing structure specialized for.

<Structure of encryption device>
The following describes an encryption device 1300 obtained by encrypting the content data 1232 in the card 1200.
The encryption device 1300 is a device that encrypts the content data 1232 in the above-described IC card 1200 and generates the encryption scheme specifying information 1231.

FIG. 7 is a configuration diagram of the encryption device 1300. In the figure, the processing target of the encryption device 1300 is
Also shown is an IC card 1200 that stores content data. In the figure, components having the same reference numerals as those shown in FIG. 2 have the same functions as those shown in FIG. 2, and duplicate description will be omitted here. I do. Note that the encryption method specifying information 12 shown in FIG.
Reference numeral 31 initially differs from the contents shown in FIG. 2, but has the same contents as those shown in FIG. The content data 1232 shown in FIG. 7 is not encrypted at first, but is encrypted by the operation of the encryption device 1300 to have the same contents as those shown in FIG.

The encryption device 1300 is used for the IC card 120
0 is a device that reads out content data recorded in the “0” and encrypts it.
U, a computer including a memory, etc., and functionally includes a control unit 1310, a header detection unit 1120, a frame length detection unit 1130, an encryption unit 1340, and a key generation unit 115.
0. Each functional operation of the encryption device 1300 is realized by the CPU executing a control program stored in the memory.

Here, control unit 1310 includes encryption system specific information acquisition / interpretation unit 1111 and content data acquisition unit 11
12 and an encryption method specific information update unit 1313 and a content data update unit 1314 for controlling each unit of the encryption device 1300. The control unit 1210 of the IC card 1200 performs mutual authentication, 120
0, the media ID is read, and the encryption system identification information 1
231 and the content data 1232 are read and written.

The encryption method specifying information acquisition / interpretation unit 1111
Reads and interprets the encryption method specifying information 1231 stored in the data storage unit 1230 of the IC card 1200,
It has a function of controlling the header detection unit 1120, the frame length detection unit 1130, or the encryption unit 1340 according to the interpretation result. The content data acquisition unit 1112 has a function of reading the content data 1232 stored in the data storage unit 1230 of the IC card 1200.

The encryption method specifying information updating unit 1313 is provided with an IC
It has a function of updating the encryption system identification information 1231 stored in the data storage unit 1230 of the card 1200.
The content data updating unit 1314 stores the IC card 120
0 has a function of updating the content data 1232 stored in the data storage unit 1230. Key generation unit 11
50 is the IC card 1 acquired by the control unit 1310
A media ID of 200 is obtained, and a predetermined operation is performed based on the media ID to generate an encryption key.

The encryption unit 1340 includes the key generation unit 11
It has a function of encrypting a specific part of the content data using the key generated by 50 and sending the encryption result to the IC card 1200 via the content data updating unit 1314 to update the content data 1232. <Cryptographic method specifying information that can be interpreted by encryption device> The following describes the cryptographic method specification information 1231 that can be interpreted and executed by the encryption device 1300. The encryption method specifying information 1231 is basically the same as that which can be interpreted by the decryption device, except that the encryption function encryption can be used instead of the decryption processing function decryption. It is composed of information necessary for specifying a portion to be subjected to encryption processing and an algorithm used for encryption and a description of processing contents. Here, the encryption function “encryption” is equivalent to the decryption processing function “decry”.
The ption and the argument are the same, and differ only in that encryption is performed instead of decryption. Therefore, the functions that can be interpreted and executed by the encryption apparatus 1300 are four dedicated functions: a header detection function, a frame length detection function, a reference position movement function, and an encryption processing function.

Before the encryption device 1300 obtains the encryption method specification information 1231 stored in the IC card 1200, the data structure is specified, the content data 1232 is created, and the content data 1232 is recorded on the IC card 1200 by the device. It is recorded together with the content data 1232. <Operation of Encryption Apparatus> The operation of the encryption apparatus 1300 having the above configuration will be described below. The encryption method specifying information 1231 stored in the data storage unit 1230 of the IC card 1200 includes “description (1, 3, 64, end_pn)” in the contents illustrated in FIG.
t); ”to“ encryption (1, 3, 64, e
nd_pnt); ".

FIG. 8 is a flowchart showing the operation of the encryption device 1300. As shown in the figure, first, the control unit 1310 of the encryption device 1300 obtains the media ID stored in the media ID storage unit 1220 by communicating with the control unit 1210 of the IC card 1200, and sends it to the key generation unit 1150. The key generation unit 1150
Performs a predetermined operation based on the media ID to generate an encryption key (step S301).

After the encryption key has been generated, the encryption system identification information acquisition / interpretation unit 1111 acquires the encryption system identification information 1231 stored in the data storage unit 1230 via the control unit 1210 of the IC card 1200. And store it in a memory or the like (step S302). Encryption method specifying information 12
31 after obtaining the encryption system identification information
1 sequentially interprets and focuses on one sentence of the encryption method specifying information 1231 and executes a process corresponding to the sentence (steps S303 to S314). Steps S303 to S3
09 is performed in steps S203 to S2 shown in FIG.
09 is the same as the processing contents of steps S312 to S3.
Since the contents of the processing in step 14 are the same as the contents of the processing in steps S212 to S214, the detailed description is omitted.

First, the encryption system specific information acquisition / interpretation unit 111
1 focuses on “ref_pnt = 0;” and sets the variable ref_pnt = 0;
pnt is set to 0 (steps S312 and 313), and then "where (endofdata) {...}" is repeated. Execute. The encryption scheme specifying information acquisition / interpretation unit 1111 outputs “pnt_offse
t = ref_pnt; ”and the variable pnt_offs
The content of the variable ref_pnt is set to et (steps S312 and S313). Then, the next “ref_pnt =
head_detect (12, 0xffff, ref_
pnt); ”and the content data acquisition unit 1112
To obtain the content data 1232,
120 to detect the header (step S304,
S305). Subsequently, the encryption system specific information acquisition / interpretation unit 11
11 is the next “frame_length = frame_
length_detect (31, 13, 8); ”, and causes the frame length detection unit 1130 to detect the frame length (steps S306 and S307).
_Pnt = reference_position_m
ove (13); ”, the reference position is moved by 13 bits, and the moved reference position is stored in the reference position register and set in the variable ref_pnt (step S).
308, S309). Subsequently, the encryption method specifying information acquisition / interpretation unit 1111 determines the next “end_pnt = pnt_off”
set + framelength; ”and the variable en
Variable pnt_offset and variable frame in d_pnt
The sum of the contents with the "elength" is set (step S31).
2, S313) and the next “encryption (1,
3, 64, end_pnt); ”(step S
314, S303), since it is an encryption processing function (step S310), it causes the encryption unit 1340 to perform encryption processing on a specific part of the content data 1232 (step S311). Therefore, the encryption unit 1340 uses the key generated by the key generation unit 1150 to change the variable end_pn from the current reference position in the content data 1232.
The encryption processing is performed on the area up to the position indicated by t in the CBC mode by the DES algorithm.

After processing the encryption processing function, the encryption method specifying information acquisition / interpretation unit 1111 outputs the following “ref_pnt = e”.
nd_pnt; ”and the variable e as the variable ref_pnt.
nd_pnt is set (steps S312, S3
13) Thereafter, “pnt_offset = re until the header cannot be detected even when the header detection function is executed.
f_pnt; ”to“ ref_pnt = end_pn ”
t; ”is repeated (steps S303 to S303).
S314).

“While (endofdata) ｛·
.. {} are repeatedly processed, the content data updating unit 1314 returns to the control unit 1210 of the IC card 1200.
By communicating with, the content data encrypted by the encryption unit 1340 is recorded in the data storage unit 1230 of the IC card 1200 (step S315). Thus, the content data 1232 stored in the data storage unit 1230 is updated.

After the content data 1232 has been updated, the encryption method specifying information updating unit 1313 reads “encryption (1, 3, 6, 6) in the encryption method specifying information 1231.
4, end_pnt); "to“ decryp
ton (1,3,64, end_pnt); ”, and the changed encryption method specifying information is stored in the data storage unit 12 via the control unit 1210 of the IC card 1200.
30 is recorded (step S316). As a result, the encryption method specifying information 1231 stored in the data storage unit 1230 is updated.

As described above, the encryption device 1300 specifies the portion of the content data 1232 to be subjected to the encryption process based on the encryption method specifying information 1231 held in the IC card 1200 together with the content data 1232. In addition, since the encryption algorithm can be specified, the content data 1232 can be appropriately stored without holding the information for specifying the portion to be subjected to the encryption process or the information for specifying the encryption algorithm.
Can be encrypted, and encryption method specifying information indicating a decoding method corresponding to the encryption method can be recorded in the IC card 1200 together with the encrypted content data. << Embodiment 2 >> Hereinafter, a cryptographic processing apparatus according to Embodiment 2 of the present invention will be described with reference to FIGS.

The cryptographic processing device according to the second embodiment uses an IC
A device that has both the function of reading and decrypting encrypted content data as one file from a card and the function of encrypting content data and recording it as a file on an IC card. This device has a feature of switching the method of decryption or encryption according to the above.

<Configuration of Cryptographic Processing Apparatus> FIG. 9 is a configuration diagram of a cryptographic processing apparatus 1400 according to the second embodiment. It should be noted that an IC card 1500 for storing content data to be processed by the encryption processing device 1400 is shown in FIG.
Is also shown. Further, the same components as those described in the first embodiment are denoted by the same reference numerals, and detailed description thereof will be omitted.

The IC card 1500 is the same in hardware as the IC card 1200 shown in the first embodiment, and includes a data storage unit 1530 and a media ID storage unit 1220, which are semiconductor memories, and a semiconductor circuit. The control unit 15 has a function of controlling access to data stored in the server and, for example, authenticating the validity of a device to be connected.
And 10.

Here, the data storage section 1530 stores the type-specific encryption method specifying information 1531 and stores one or a plurality of content data files 1532 composed of a set of content data. is there. The content data file 1532 may be encrypted and stored in advance, or may be written by the encryption processing device 1400. In addition,
The type-specific encryption method specifying information 1531 is information in which the encryption method specification information as described in the first embodiment is collected for each file type. This type-specific encryption method specifying information 153
No. 1 will be described later in detail.

The control unit 1510 of the IC card 1500
Upon performing, for example, mutual authentication with the cryptographic processing device 1400, receiving a file name designation from the cryptographic processing device 1400, and specifying the encryption method corresponding to the file type specified from the file name based on the type-specific encryption method specification information 1531. It has a function of obtaining information and transmitting this encryption method specifying information and the media ID stored in the media ID storage unit 1220 to the encryption processing device 1400, and the data passed from the encryption processing device 1400 is designated. Function of Recording as File of File Name and Cryptographic Processing Device 1400
Has the function of transmitting the contents of the file having the specified file name to the cryptographic processing device 1400.

The cryptographic processing device 1400 has the IC card 15
00 is a device that reads and decrypts a content data file that has been encrypted and recorded at 00, or encrypts content data and records a content data file composed of the content data on the IC card 1500. It is composed of a computer having a CPU, a memory, and the like, and functionally includes a control unit 1410, a header detection unit 1120, a frame length detection unit 1130, an encryption / decryption unit 1440, a key generation unit 1150, and a content data storage unit 1460. . The cryptographic processing device 14
Each functional operation of 00 is realized by the CPU executing a control program stored in the memory. Also, I
The C card is optional.

Here, the control unit 1410 has a file name designation unit 1415, an encryption system specific information acquisition / interpretation unit 1111, a content data acquisition unit 1112, and a content data recording unit 1416, and controls each unit of the encryption processing device 1400. The control unit 15 of the IC card 1500
For example, mutual authentication is performed with the IC card 1500, the file name is transmitted to the IC card 1500 to read out the media ID, the encryption method specifying information, and the content data file 1532, or the file name is specified to the IC card 1500 and the content data file 1532 is filed. It has a function to write as.

The file name designation section 1415 has a function of designating a file name of a content data file recorded on the IC card 1500 or a file name determined when recording encrypted content data on the IC card. This file name is determined by a predetermined method, but a mechanism outside the cryptographic processing device 1400,
For example, the file name may be determined based on information passed from a user interface unit that acquires the file name of the content data from the user.

The encryption method specifying information acquisition / interpretation unit 1111
It acquires and interprets the encryption method specifying information passed from the IC card 1500, and according to the interpretation result, the header detection unit 112
0, frame length detection unit 1130 or encryption / decryption unit 14
40 has a function of controlling The content data recording unit 1416 has a function of storing a content data file including encrypted content data in the data storage unit 1530 of the IC card 1500.

The contents data storage unit 1460 is realized by a storage device such as a memory, and stores contents data to be processed by the encryption / decryption unit 1440 in the encryption processing unit 140.
0, and a mechanism for storing content data as a processing result of the encryption / decryption unit 1440 and presenting, for example, content data outside the encryption processing apparatus 1400. Can be read from the

Further, encryption / decryption section 1440 decrypts a specific portion of the encrypted content data using the key generated by key generation section 1150, and stores the decrypted result in content data storage section 1460. And a function of obtaining content data from the content data storage unit 1460 and encrypting a specific part of the content data using the key generated by the key generation unit 1150. The encrypted content data is stored in an IC via the content data recording unit 1416 or the like.
The data is recorded as a file in the data storage unit 1530 of the card 1500.

<Type-Specific Encryption Method Specific Information> FIG.
FIG. 14 is a diagram showing a data structure of type-specific encryption method specifying information 1531 stored in a data storage unit 1530. As shown in the figure, the type-specific encryption method specifying information 1531 is composed of a set of a file type 1541 and encryption method specifying information 1542. The file type 1541 indicates the type of the data structure such as the data structure of the content data, that is, the file type, and is an extension of the file which is a part of the file name. Also, the encryption method specifying information 1542 is the encryption method specifying information as described in the first embodiment, but in the second embodiment, the decryption processing function and the encryption processing function are shared, and for example, the decryption processing function dec
The encryption processing function "encrypt" is used without using "ription".
shared for encryption and decryption using ion.

That is, type-specific encryption method specifying information 153
Reference numeral 1 denotes information in which dedicated encryption method specifying information is defined for each extension. And its extension is A
This is information that exists in order to perform encryption or decryption by using dedicated encryption method specifying information.

It should be noted that type-specific encryption method specifying information 1531
Is not limited to the file type of the content data actually contained in the IC card 1500,
500 includes information on all file types assumed in advance as file types of content data. <Operation of Cryptographic Processing Apparatus> Hereinafter, the above-described cryptographic processing apparatus 1
The operation of 400 will be described.

FIG. 11 is a diagram showing a processing procedure when the encryption processing device 1400 records a content data file on the IC card 1500. In the figure, the operation of the cryptographic processing device 1400 is shown on the left, and the IC card 1500 is shown on the right.
The operation of FIG. Control unit 1 of cryptographic processing device 1400
An IC card 410 stores the file name determined by the file name specifying unit 1415 based on, for example, a user's specification.
It is sent to the control unit 1510 of the card 1500 (step S401). The control unit 1510 of the IC card 1500
The encryption method identification information corresponding to the file type specified by the file name received from the encryption processing device 1400 is extracted from the type-specific encryption method identification information 1531 and stored in the encryption method identification information and the media ID storage unit 1220. The transmitted media ID is sent to the control unit 1410 of the cryptographic processing device 1400 (step S402).

Upon receiving the encryption method specifying information and the media ID, the control unit 1410 converts the media ID into the key generation unit 11
The key generation unit 1150 performs a predetermined operation based on the media ID to generate a key for encryption (step S403). In addition, the control unit 1410 that has received the encryption method specifying information interprets the encryption method specification information by the encryption method specifying information acquisition / interpretation unit 1111 and, based on this, the header detection unit 1120, the frame length detection unit 1130, and the By controlling the decryption unit 1440, the content data stored in advance in the content data storage unit 1460 is encrypted (step S404). Therefore, the encryption / decryption unit 1440
Obtains content data stored in the content data storage unit 1460, and only in a specific area therein,
The encryption is performed using the encryption key generated by the key generation unit 1150. The encryption algorithm used at the time of this encryption follows the encryption method specifying information. The control based on the encryption method specifying information including the description of the header detection function, the frame length detection function, the reference position movement function, the encryption processing function, and the like is the same as that described in the first embodiment. Omitted.

After the content data is encrypted, the encrypted content data is transmitted to the encryption / decryption unit 1
The content data recording unit 1416 obtained from 440 is an IC
It is sent to the control unit 1510 of the card 1500 (step S405). On the other hand, the control unit 1510
The received content data is stored in the data recording unit 1530 with the designated file name in the content data file 15.
32 is recorded (step S406).

FIG. 12 shows that the cryptographic processing device 1400
FIG. 13 is a diagram showing a processing procedure when reading and decoding a content data file recorded on a card 1500. Also in this figure, the operation of the cryptographic processing device 1400 is shown on the left side, and the operation of the IC card 1500 is shown on the right side. The control unit 1410 of the cryptographic processing device 1400 sends the file name determined by the file name specification unit 1415 to the control unit 1510 of the IC card 1500 based on, for example, the specification by the user (step S501). The control unit 1510 of the IC card 1500 extracts, from the type-specific encryption method specification information 1531, encryption method specification information corresponding to the file type specified by the file name received from the encryption processing device 1400. The media ID and the contents of the content data file having the file name are sent to the control unit 1410 of the cryptographic processing device 1400 (step S502).

On the other hand, control unit 1410 transmits the media ID to key generation unit 1150, and in response, key generation unit 1150 performs a predetermined operation based on the media ID to generate a decryption key. Yes (Step S50)
3). Also, the control unit 1410 that has received the encryption scheme specifying information
Is interpreted by the encryption system identification information obtaining / interpreting unit 1111 and the header detection unit 1120, the frame length detection unit 1130, and the encryption / decryption unit 1440 are controlled based on the interpreted encryption system identification information, so that the IC card 150
The content data transmitted from 0 is decrypted (step S504). Therefore, the encryption / decryption unit 1440 uses the IC
Only the specific area in the content data passed from the card 1500 is decrypted using the key generated by the key generation unit 1150, and the resulting content data is
This will be stored in the content data storage unit 1460.

As described above, the cryptographic processing device 1400
The content data file stored in the IC card 1500 is read and decoded by an appropriate method according to the file type of the file.
0 is recorded in the IC card 1500 as a file of the file type, which is encrypted by a method corresponding to the file type specified in the file type. << Embodiment 3 >> Hereinafter, a cryptographic processing apparatus according to Embodiment 3 of the present invention will be described with reference to FIGS.

The encryption processing apparatus according to the third embodiment converts content data recorded on a certain recording medium, which is encrypted by an encryption method suitable for the recording medium, into another type of recording medium. This is an apparatus for encrypting content data in an encryption method suitable for a recording medium of a copy destination at the time of copying. This encryption processing device is, for example, a DVD (Digital V
This is used when copying content data from an “ide disc” to a magnetic disk or the like.

<Configuration of Cryptographic Processing Apparatus> FIG. 13 is a configuration diagram of a cryptographic processing apparatus 1600 according to the third embodiment. It should be noted that FIG. 17 shows a recording medium 1710 and a recording medium 172 which are processing targets of the encryption processing device 1600 and are different from each other.
0 is also indicated. Note that the same components as those described in Embodiments 1 and 2 are denoted by the same reference numerals, and detailed description thereof will be omitted.

The recording medium 1710 has a medium ID 17
11, encryption method specifying information 1712 and encrypted content data 1713 are recorded. Note that a plurality of pieces of content data may be recorded. Here, the media ID 1711 is identification information unique to the recording medium 1710. The encryption method specification information 1712 is similar to the encryption method specification information described in the second embodiment, but the content is based on a format unique to the recording medium 1710, and is recorded on the recording medium 1710. It indicates an encryption method applicable to any existing content data.

The recording medium 1720 has a medium I
D1721 and encryption method specifying information 1722 are recorded. Here, the media ID 1721 is the recording medium 17
20 is unique identification information. Cryptographic processing device 1600
Is a device that reads out and decrypts the content data 1713 encrypted and recorded on the recording medium 1710, encrypts the content data 1713 using another encryption method, and records it on the recording medium 1720. The control unit 161 is functionally configured
0, a header detector 1120, and a frame length detector 1130
, An encryption / decryption unit 1440, a key generation unit 1150, and a content data storage unit 1460. Each functional operation of the cryptographic processing device 1600 is realized by the CPU executing a control program stored in the memory.

Here, control unit 1610 includes encryption system specific information acquisition / interpretation unit 1111 and content data acquisition unit 11
12 and a content data recording unit 1416 for controlling each unit of the cryptographic processing device 1600, and reads out a media ID 1711, encryption method specifying information 1712 and content data 1713 from a recording medium 1710,
Further, the medium ID 1721 and the encryption system specifying information 1722 are read from the recording medium 1720, and the recording medium 1720 is read.
Has the function of writing content data to

<Operation of Cryptographic Processing Apparatus> The operation of the cryptographic processing apparatus 1600 having the above-described configuration will now be described with reference to FIG.
This will be described with reference to FIG. FIG. 14 is a flowchart illustrating the operation of the cryptographic processing device 1600. First, the control unit 1610 of the cryptographic processing device 1600 reads out the media ID 1711 from the recording medium 1710 and provides the media ID 1711 to the key generation unit 1150, and in response, the key generation unit 1150 generates a decryption key (step S601).

Also, the encryption method specifying information acquisition / interpretation unit 1111 of the control unit 1610 reads the encryption method specification information 1712 from the recording medium 1710, and the content data acquisition unit 1112 of the control unit 1610 reads the content data 1713 from the recording medium 1710. The encryption method identification information acquisition and interpretation unit 1111 reads out the encryption method identification information 1712
Based on the header detection unit 1120 and the frame length detection unit 1
130 and the encryption / decryption unit 1440 to decrypt the read content data,
Stores the decryption result in the content data storage unit 1460 (step S602). At the time of this decryption, the key generated by the key generation unit 1150 is used.

The decryption result is stored in the content data storage unit 146.
After being stored in the storage medium 1720, the control unit 1610
And reads the media ID 1721 from the
0, and in response to this, the key generation unit 1150 generates a key for encryption (step S603). After the encryption key is generated, the encryption method specifying information acquisition / interpretation unit 1111 of the control unit 1610 reads the encryption method specification information 1722 from the recording medium 1720, and based on the encryption method specification information 1722, the header detection unit 1120, Frame length detector 11
30 and encrypts / decrypts the content data stored in the content data storage unit 1460 by controlling the encryption / decryption unit 1440 (step S604). At the time of this encryption, the key generated by the key generation unit 1150 is used. After the content data is encrypted, the content data recording unit 1416 of the control unit 1610 records the encrypted content data on the recording medium 1720 (step S605).

According to such a procedure, the cryptographic processing device 16
In step 00, the encrypted content data is copied between the recording media, and at the time of copying, the content data is encrypted by an encryption method according to the copy destination recording medium. << Embodiment 4 >> Hereinafter, an encryption processing system according to Embodiment 4 of the present invention will be described with reference to FIGS. The cryptographic processing system according to Embodiment 4 is a system including a transmitting device that encrypts and transmits content data, and a receiving device that decrypts and uses the transmitted content data.

<Configuration of Cryptographic Processing System> FIG. 15 shows a configuration of a cryptographic processing system 2000 according to the fourth embodiment. As shown in FIG.
0 is a transmitting apparatus 2100 for encrypting content data, multiplexing the encryption scheme specifying information and the key, and transmitting the encrypted data, receiving the transmitted data, and selecting the encryption scheme specifying information, the key, and the content data from the received data. And a receiving device 2200 that separates and extracts the content data and decodes the content data.

The transmitting apparatus 2100 is, for example, a transmitting apparatus for digital broadcasting. The transmitting apparatus 2100 includes a CPU, a memory, a transmission circuit, and the like in terms of hardware, and functionally includes an encryption scheme specifying information storage unit 2110 and a key storage unit. 2120, a content data storage unit 2130, an encryption device 2140, and a multiplex transmission unit 2150. Here, the encryption method identification information storage unit 2110 is a storage area that stores the encryption method identification information 2111. The encryption method identification information 2111 in the fourth embodiment is different from the encryption method identification information and the encryption method shown in the first to third embodiments in that the encryption method is specified, that is, which part in the content data is to be subjected to the encryption processing. However, they are common in specifying the type of encryption algorithm to be used, but the specific contents are different.
Note that the encryption system specifying information 2111 is composed of a command description, and the specific contents thereof will be described later.

The key storage unit 2120 is a storage area that stores a key 2121 used for encryption processing. The content data storage unit 2130 is a storage area that stores content data to be transmitted. Encryption device 214
Numeral 0 denotes an apparatus for encrypting content data using a key in accordance with an encryption method specified by the encryption method specification information by inputting the encryption method specification information, the key, and the content data.

The multiplexing transmission unit 2150 multiplexes the encryption system specifying information 2111, the key 2121, and the encrypted content data 2131 in the encryption device 2140 to form, for example, a transport stream of MPEG2 and transmits it. It is. However, the encryption method specifying information 2111 includes information for specifying whether to perform encryption or decryption, as will be described in detail later. After the encryption, the transmission device 2100
It is assumed that the content specifying the encryption is changed to the content specifying the decryption and then transmitted.

The receiving apparatus 2200 is, for example, a receiving apparatus for digital broadcasting, and has a hardware
, A memory, a receiving circuit, and the like, and functionally include an encryption method specifying information storage unit 2210, a key storage unit 2220, a content data storage unit 2230, a decryption device 2240, and a reception separation unit 2250. Here, the encryption method identification information storage unit 2210 stores the received encryption method identification information 2111
Is a storage area for storing the key storage unit 2220
Is a storage area for storing the received key 2121.

[0104] Content data storage section 2230 is a storage area for storing content data resulting from decoding by decoding apparatus 2240. Decoding device 2240
According to the encryption method specified by the encryption method identification information with the input of the encryption method identification information, the key, and the content data,
This is a device that decrypts received encrypted content data using a key.

The receiving / separating unit 2250 is composed of, for example, an antenna, a tuner, a transport decoder, etc., receives the transmitted data, encrypts the encryption system specifying information 2111, the key 2121, and the encrypted content data. 2131 is separated and extracted, and the encryption system identification information 2111 is extracted.
Is stored in the encryption method specifying information storage unit 2210, and the key 212
1 in the key storage unit 2220 and the content data 21
31 is input to the decoding device 2240.

Hereinafter, the encryption device 2140 and the decryption device 22
40 will be described. FIG. 16 is a configuration diagram of an encryption processing device 2340 corresponding to the encryption device 2140 and the decryption device 2240 according to the fourth embodiment. Encryption device 21
40 and the decryption device 2240 are basically different only in that encryption or decryption is performed. In this case, encryption and decryption are combined as encryption processing, and each device is referred to as a cryptographic processing device 2340. It will be described as.

The cryptographic processing unit 2340 includes the processor 23
41, a synchronization detection unit 2342, an area detection unit 2343, an encryption processing unit 2344, an input / output unit 2345, and a memory 2346. Here, the processor 2341 is a processor that operates based on the cryptographic method identification information 2111 that is an instruction description, and has a function of controlling other units.

The synchronization detecting section 2342 has a function of detecting a synchronization pattern from the content data, storing a basic address indicating the start position of the synchronization pattern in the memory 2346, and a function of verifying whether the synchronization pattern is reliable. Having. The area detecting unit 2343 has a function of calculating a position indicating an area in the content data where the encryption processing is to be performed.

The encryption processing section 2344 has a function of performing encryption processing on a specific area in the content data using the key 2121. The input / output unit 2345 has a function of inputting / outputting content data. The memory 2346 is a storage area used for transferring information between each unit.

<Encryption Method Specification Information> The encryption method specification information 2111 will be described below. FIG. 17 is a diagram illustrating a description that is the content of the encryption method specifying information 2111. There are four basic instructions that can constitute the encryption method identification information 2111: a synchronization detection instruction, a synchronization verification instruction, an area detection instruction, and an encryption processing instruction shown in FIG. In addition, other instructions supported by a general processor, such as a set instruction for setting a value in a memory or the like and a jump instruction for realizing a branch, can also be used as constituent elements of the encryption method specifying information 2111. . That is, the encryption method specifying information 2111 is a combination of four basic instructions and other general instructions, and is a program for controlling the operation of each unit of the encryption processing device 2340 by being executed by the processor 2341. .

<Synchronization Detection Command> The synchronization detection command is a command for controlling the synchronization detection unit 2342. The synchronization detection command detects a synchronization pattern in a case where the content data is composed of packets sandwiched between the synchronization patterns. This instruction specifies that a basic address indicating the start position of the pattern is obtained and stored in the memory 2346.

The synchronization detection instruction is Sync_detect.
It is expressed by the description of <end position><referenceaddress><synchronous description information>. Here, the <end position> of the first argument and the <reference address> of the second argument are the end position or the address of the storage area where the reference address is stored. The reference address is an address indicating where in the content data synchronization detection is to be started, and is referred to only at the first access to the content data. The end position is not referred to at first, but is thereafter referred to to determine a detection start position for detecting the next synchronization pattern, and specifies the position of the next synchronization pattern.

The <synchronous description information> of the third argument is the address of the storage area where the synchronous description information is stored. FIG. 18 is a diagram illustrating the data structure of the synchronization description information. The synchronization description information includes an 8-bit sync_wide indicating the length of the synchronization pattern to be detected from the content data, and a 32-bit sync_pattern indicating the synchronization pattern to be detected, as shown in FIG. If sync_wide is 0, sync_wide
The pattern has no meaning.

In the figure, the address is indicated by n and n + 1 with 32 bits as one word. Further, reserved in the figure is data having no particular meaning. <Synchronization Verification Command> The synchronization verification command is a command for controlling the synchronization detection unit 2342 in the same manner as the synchronization detection command. The subsequent synchronization pattern is checked whether the synchronization pattern detected by the synchronization detection command is correct. And if the synchronization pattern is determined to be correct, the TRU
If it is determined that the value meaning E is incorrect, FA
The instruction specifies that a value meaning LSE is stored in the memory 2346. Since the synchronization verification command may erroneously determine the synchronization pattern as data having the same bit string as the synchronization pattern and not being used as the synchronization pattern, the synchronization detection command may be erroneously determined. Is an instruction that can be used to verify the result of

The synchronization verification command is Sync_check
It is expressed by the description of <end position><referenceaddress><synchronous description information>. Here, the <end position> of the first argument and the <reference address> of the second argument are the end position or the address of the storage area where the reference address is stored. The end position designates an interval from a basic address obtained when the synchronization detection instruction is executed to a position where the next synchronization pattern is assumed to be present. If the synchronization pattern interval is a fixed length, the fixed length may be specified as the first argument. If the synchronization pattern interval is a variable length, the end of the packet which is assumed to have the next synchronization pattern using an area detection instruction. What is necessary is just to obtain the position and designate it as the first argument. The reference address is the same as the argument of the synchronization detection instruction.

The <synchronization description information> of the third argument is an address corresponding to the storage area where the synchronization description information is stored, and the synchronization description information is the same as that specified for the synchronization detection instruction. . <Area detection instruction> The area detection instruction is generated by the area detection unit 2343.
Is a command for detecting an area to be subjected to encryption processing in a portion surrounded by a synchronization pattern of content data, and setting the position of the area in a storage area specified by an argument.

The area detection instruction is Area_detect.
<Position> Expressed by the description <region description information>. Here, the <argument> of the first argument is the address of the storage area where the position of the result of the area detection process is stored, and the <argument description information> of the second argument is the storage where the area description information is stored. This is the address of the area.

FIG. 19 is a diagram showing the data structure of the area description information. The area description information is configured to be used for general purpose to specify an area to be subjected to encryption processing, and as shown in FIG. The information assuming that a “region length code” is included is an 8-bit length_w indicating the length of the region length code.
ide and 2-bit len indicating the format of the area length code
gth_type and 3 indicating the unit of the value of the area length code
Bit_length_unit and 16-bit length indicating the relative position of the area length code from the basic address
th_pnt. In addition, length_w
If ide is 0, it means that the calculation of the length of the area based on the area length code is not performed.
type, length_unit and length_p
nt has no meaning.

Length_type is, specifically,
This is information indicating whether the area length code is signed or unsigned, and whether it is MSB first or LSB first. Also,
The length_unit indicates a unit of the value of the area length code by an exponent value which is a power of two. Since the area length code generally has a unit of 1 bit, 8 bits, 32 bits, or the like, the area length code is represented by an exponent value which is a power of 2.

The area description information indicates the length of a flag code as information assuming that a code composed of a specific bit string (hereinafter, referred to as “flag code”) is included in the content data. 3-bit fla
g_wide, 4-bit flag_pattern1 and 4-bit flag_pattern2 indicating the bit pattern of the flag code, and 16-bit flag_p indicating the relative position of the flag code from the basic address.
nt. If flag_wide is 0, it means that no collation of the flag code is performed, and flag_pattern1, flag_patt
ern2 and flag_pnt have no meaning.

Further, the area description information is an increment value fixedly added to the length calculated as a result of the area detection instruction, and includes a 32-bit offset represented by a signed integer. . In addition, when the length calculated as a result of the area detection command is stored in the storage area as a position, the calculated length is newly assigned to the area description information regardless of the original value of the storage area. , 1-bit as that specifies whether to add the calculated length to the original value. Note that as is 1 when substitution means substitution and 0 when addition means addition.

That is, the area detection instruction checks the flag code on the basis of the area description information, and if correct, calculates the length of the area based on the area length code, and adds o to the calculated length.
The length obtained by adding the value specified by ffset is a
This is an instruction for instructing an operation of storing in the storage area as a position based on s. Therefore, if the area description information is set to an appropriate content and the area detection instruction is used once or plural times,
An arbitrary position can be obtained by referring to an arbitrary area length code or an arbitrary flag code in the content data.

<Cryptographic Processing Command> The cryptographic processing command is a command for controlling the cryptographic processing unit 2344, and is a command for designating an area to be subjected to cryptographic processing and a cryptographic algorithm to execute cryptographic processing. The encryption processing instruction is Encrypt
<Encryption start position><Encryption end position> Expressed by the description of <Encryption description information>.

Here, the <cipher start position> of the first argument and the <cipher end position> of the second argument specify the start position and the end position of the region to be subjected to the encryption process. Is the address of the storage area where the start position and the end position are stored. Also, the third argument <
Is the address of the storage area in which the encryption description information is stored.

FIG. 20 is a diagram showing the data structure of the encryption description information. The encryption description information includes 1-bit ed which is a flag indicating whether to perform encryption or decryption.
ed is 0 when encryption is specified, and 1 when decryption is specified. The cipher description information is an 8-bit Ci that indicates the algorithm number of the basic cipher algorithm as specifying the cipher algorithm basically used.
"pher_algorithm [0]", which indicates a cryptographic processing mode as a method of applying a basic cryptographic algorithm 8
Bit Cipher_mode [0] and 8-bit Ci indicating the block length as a unit for performing basic encryption processing
pher_block [0], and any number of option descriptions that specify an encryption algorithm to be used separately can be included, and a 3-bit no indicating the number of option descriptions is included.

The option description is an 8-bit Cipher_alg indicating the algorithm number of the encryption algorithm.
oritm [N] and 8-bit Cipher_ indicating the cryptographic processing mode as a method of applying the cryptographic algorithm
mode [N] and 8-bit Cipher_block [N] indicating the block length as a unit for performing the encryption process
And a 1-bit bd [N] which is a flag indicating the direction of the boundary to which the encryption algorithm described in the option description is applied
And a 16-bit Boundary indicating the length of the boundary to which the encryption algorithm described in this option is applied.
[N] and an 8-bit N indicating the address of a storage area in which the option description following this option description is stored.
ext_ID. Here, N is 1,
2,... Are numbers indicating the number of the option description.

The value of Cipher_algorithm is a number predetermined according to the encryption algorithm to be used. For example, DES is 0, FEAL is 1, R
SA is defined as 2 mag. Also, Cipher_m
The value of the mode is a number that is predetermined according to the encryption mode to be used. For example, ECB is 1, OFB is 2,
CBC is determined to be 3 mag.

If bd [N] is 0, the encryption algorithm described in the option description is bounda from the encryption start position.
ry [N] is applied to the position after, and if bd [N] is 1, the encryption algorithm described in the option is applied from the encryption end position to the position before Boundary [N]. Regarding which encryption algorithm is applied to a certain part of the area to be processed, the first one in the option description among the encryption algorithms specified to be applied to that part is the most one. The application algorithm is applied preferentially, and the application priority becomes smaller as the order becomes lower, and the encryption algorithm basically used has the lowest priority, that is, the encryption algorithm specified in each option description is bd [ N] and Boundary [N] are applied in the applicable range, but when the applicable ranges indicated by multiple option descriptions overlap Is, the encryption algorithm specified in those early in the order of option description is priority.

FIG. 21 is a diagram exemplifying which encryption algorithm is to be applied to the area from the encryption start position to the encryption end position. In the example of FIG.
411 is specified by the first option description, and the range 2
412 is specified in the second option description,
413 is specified by the third option description. In this case, although the range 2412 and the range 2413 partially overlap with each other, the second option description in the earlier order has priority, and the partial area 2401 is processed by the encryption algorithm of the second option description. , Partial area 2402
Is processed by the third optional description encryption algorithm, the partial area 2403 is processed by the basic encryption algorithm, and the partial area 2404 is processed by the first option description encryption algorithm.

Strictly speaking, since the encryption processing is performed on a block basis, the encryption algorithm applied to the partial area to which the head of the block belongs is applied to the entire block. That is, for example, the blocks 2421 and 2422 are processed by the basic encryption algorithm, and the blocks 2423 and 2424 are processed by the encryption algorithm specified by the first option description.

<Encryption Processing Target Area> FIG. 22 is a diagram for explaining an example of a method of specifying an encryption processing target area in content data. In the case where content data is composed of a plurality of packets, in order to specify an area to be subjected to encryption processing by encryption method identification information,
Start position 2 by specifying sync pattern and using sync detection command
For example, if the packet is a fixed-length packet having a known length, the end position 2434 is specified and the start position 2431 is verified by a synchronization verification command to confirm that the packet is a fixed-length packet. Specifying the area length code and ending position 243 by the area detection instruction
4 is obtained, the start position 243 is determined by the synchronization verification command.
1 is verified, and if the start position 2431 is not certain, the start position 2431 is obtained again by the synchronization detection command.

As a result of the synchronization verification instruction, if the start position 2431 is certain, if the area length code contained in the content data needs to be used or if the flag code needs to be collated, the area detection instruction is issued. An encryption start position 2432 or an encryption end position 2433 is obtained by using an arbitrary number of times. If the relative position of the encryption start position 2432 or the encryption end position 2433 with respect to the start position 2431 is known, it is not necessary to use the area detection command to obtain the encryption start position 2342 or the encryption end position 2433. .

When the encryption start position 2432 and the encryption end position 2433 are obtained in this way, the encryption processing instruction can be used using these as arguments. Therefore, the encryption system specifying information is basically a program description in which a synchronization detection instruction, a synchronization verification instruction, an area detection instruction, and an encryption processing instruction are combined in an arbitrary number of times and in an arbitrary order.

<Operation of Cryptographic Processing System> The operation of the cryptographic processing system 2000 will be described below. FIG.
9 is a flowchart showing a procedure for transmitting and receiving content data by the cryptographic processing system 2000. As shown in the figure, first, the encryption device 214 of the transmission device 2100
0 is a key storage unit 21 based on the encryption system identification information 2111 stored in the encryption system identification information storage unit 2110.
The content data 2131 stored in the content data storage unit 2130 is encrypted using the key 2121 stored in the storage device 20 (step S701).

After the content data 2131 has been encrypted, the transmitting apparatus 2100 changes the information designating the encryption in the encryption scheme specifying information 2111 to designate the decryption (step S702). That is, the value of ed in the encryption processing description used as an argument of the encryption processing instruction is changed from 0 to 1. Subsequently, the multiplexing transmission unit 2150 multiplexes and transmits the encryption scheme specifying information 2111, the key 2121, and the content data 2131 encrypted by the encryption device 2140 (Step S703).

On the other hand, receiving apparatus 2200 receives the data transmitted by transmitting apparatus 2100, and receives key 212
1, the encryption scheme specifying information 2111 and the encrypted content data 2131 are separated, the key 2121 is stored in the key storage unit 2220, and the encryption scheme specifying information 2111 is stored in the encryption scheme specifying information storage unit 2210, and the encrypted data is stored. The content data 2131 is input to the decryption device 2240 (step S704).

The decryption device 2240 to which the encrypted content data 2131 has been input receives the key 2121 stored in the key storage unit 2220 based on the encryption system identification information 2111 stored in the encryption system identification information storage unit 2210. Then, the input content data is decrypted and stored in the content data storage unit 2230 (step S70).
5).

<Operations of Encryption and Decryption Devices>
The encryption of the content data by the encryption device 2140 (step S701) and the decryption of the content data by the decryption device 2240 (step S705) will be described in detail. Note that both devices will be described as a cryptographic processing device 2340 (see FIG. 16).

FIG. 24 is a diagram showing an example of the operation of the cryptographic processing device 2340. This figure exemplifies the flow of the operation of the cryptographic processing device 2340 and also exemplifies the instruction sequence in the cryptographic method specifying information. The description will be made using the respective positions shown in FIG. First, the synchronization detection instruction S
Based on sync_detect, the synchronization detection unit 2342
A synchronization pattern is detected (step S711), whereby a basic address, that is, a start position 2431 is obtained.

When the detection of the synchronization pattern is completed, the area detection unit 234 is operated based on the area detection instruction Area_detect.
No. 3 detects the end position 2434 (step S71).
2). The end position is obtained from the area length data extracted from the content data or a predetermined value according to the area description information used as the argument of Area_detect.

After the end position 2434 is detected, the synchronization detection unit 23 based on the synchronization verification command Sync_check.
42 performs a synchronization verification operation to determine whether the next synchronization pattern exists at the end position 2434 (step S71).
3). When the result of the synchronization verification is NG, that is, when there is no correct synchronization pattern at the position indicated by the end position (step S714), the operation of synchronization detection in step S711 is started again. If the result of the synchronization verification is OK (step S714), the area detection unit 2343 sends the area detection instruction Ar
The encryption start position 2432 is detected based on ea_detect (step S715), and the subsequent area detection instruction A
encryption end position 2433 based on “rea_detect”
Is detected (step S716).

Encryption start position 2432 and encryption end position 2
After 433 is detected, the encryption processing unit 2344 sets the encryption start position 2432 based on the encryption processing instruction Encrypt.
The encryption process is performed on the area between the area and the encryption end position 2433 (step S717), and the synchronization detection operation in step S711 is started to perform another area encryption processing.

Hereinafter, the operation corresponding to each instruction will be described in more detail. <Synchronization Detection Operation> FIG. 25 is a flowchart showing a synchronization detection operation by synchronization detection section 2342 based on a synchronization detection command. As shown in FIG.
First, the value of the mode is determined (step S811).
Based on the result, a basic address is set in the memory 2346. Here, the mode is the synchronization detection unit 2342
Are used to determine the method of generating the basic address in the above, and are stored in the memory 2346. s
The mode is the first time the content data is accessed, that is, the initial value is 0, and thereafter it is 1,
For example, when an error has occurred or the like, the base address has already been set and there is no need to newly set it, it is set to 2.

If smode is 0, the synchronization detector 2342 substitutes the reference address, which is the argument of the synchronization detection instruction, for the basic address (step S812), and the smode becomes 1
If so, a value obtained by adding the end position, which is the argument of the synchronization detection instruction, to the original basic address is set as a new basic address (step S813). If smode is 2, the basic address is not set, and Syn in the synchronization description information
It is determined whether or not c_wide is 0 (step S
814).

If sync_wide is not 0 (step S814), the synchronization detecting unit 2342 performs synchronization search, that is, sync_p with the number of bits indicated by sync_wide.
Starting from the current basic address, a synchronization pattern consisting of the same bit string as “atern” is searched by shifting the search position backward by one bit (step S815), and smo
de is set to 1 (step S816), and the synchronization detection operation ends. For example, if sync_wide is 12 and sync is
0xFF if c_pattern is 0xFFF
Search for a synchronization pattern that is the first bit string that matches F. In step S815, the position of the first bit of the found synchronization pattern is set as a new basic address. If the current basic address matches the synchronization pattern, the basic address is not changed.

If sync_wide is 0 (step S814), the synchronization detecting section 2342 ends the synchronization detecting operation. <Synchronization Verification Operation> FIG. 26 is a flowchart showing a synchronization verification operation based on a synchronization verification command by the synchronization detection unit 2342.

As shown in FIG.
Determines first whether sync_wide is 0 (step S821), and if it is 0, sets a return value indicating TRUE in the memory 2346 and ends the synchronization verification operation (step S824). If it is determined in step S821 that sync_wide is not 0, the synchronization detection unit 2342 performs a synchronization check (step S822). In this synchronization check, it is checked whether the data at the end position specified by the argument of the synchronization detection instruction from the base address, that is, the data at the base address + end position matches the sync_pattern indicated by the synchronization description information. If they match, step S82
In step 3, the process proceeds to the branch of OK, and a return value indicating TRUE is set in the memory 2346, and the synchronization verification operation ends (step S824). If they do not match, the flow advances to NG branch in step S823, and smode is set to 2
(Step S825), error processing is performed (step S826), a return value indicating FALSE is set in the memory 2346, and the synchronization verification operation ends (step S827).

The error processing in step S826 includes processing for notifying other processing units that an error has occurred by interruption or some other method, and processing for changing the basic address by adding 1 to the basic address. . <Area Detection Operation> FIG. 27 is a flowchart showing an area detection operation based on an area detection command by the area detection unit 2343.

As shown in the figure, the area detecting unit 2343 first refers to the area description information of the argument of the area detecting instruction to make fl
It is determined whether or not ag_wide is 0 (step S831). If flag_wide is 0, the processing of steps S832 to S834 is skipped. Step S
If it is determined in step 831 that flag_wide is not 0, the area detecting unit 2343 reads the flag code of the number of bits of flag_wide at the position indicated by the basic address + flag_pnt in the content data and sets the read flag code in the variable flag_code (step S).
832). Here, the variable flag_code is a storage area in the memory 2346 that holds the flag code in the content data.

After setting the flag code to the variable flag_code, the flag_code and flag_patt are set.
It is determined whether ern1 or flag_pattern2 match (steps S833 and S834). fl
ag_code is flag_pattern1 and fl
If the value does not match any of ag_pattern2, the area detection unit 2343 ends the area detection operation. Also, flag_code is flag_pattern1.
If it matches any one of flag_pattern2 and flag_pattern2, it is determined whether length_wide is 0 (step S835).

In step S835, length_
If it is determined that the width is not 0, the area detection unit 2
343 is a basic address in the content data + len
length_wid at the position indicated by gth_pnt
Read the area length code of the number of bits for e and set the variable len
gth_code (step S836). Here, the variable length_code is a storage area in the memory 2346 holding the area length data in the content data. Also, in step S835, length
If it is determined that _wide is 0, the area detection unit 2343 sets 0 to a variable length_code (step S837).

After performing the processing in step S836 or step S837, the area detecting unit 2343 sets the variable length
h_code × (2 to the power of length_unit) + o
ffset is set to a variable length (step S
838). Here, the variable length is stored in the memory 2346.
This is the storage area inside. After performing the processing in step S838, the area detection unit 2343 determines whether as is 0 or 1 (step S839). If as is 0, the address is specified by the argument of the area detection instruction. The value of the variable "length" is added to the position where the error has occurred (step S84).
0), and when as is 1, the variable lengtht is placed at the position where the address is specified by the argument of the area detection instruction.
The value of h is set, and the area detection operation ends.

<Encryption Processing Operation> FIG.
344 is a flowchart illustrating an encryption processing operation based on an encryption processing instruction according to 344. As shown in the drawing, the encryption processing unit 2344 first substitutes the encryption start position, which is the argument of the encryption processing instruction, into the variable pnt (step S851). Here, the variable pnt represents the current position and is stored in the memory 2346.
This is the storage area inside.

After substituting the encryption start position into the variable pnt,
The encryption processing unit 2344 executes an encryption selection process for selecting which encryption algorithm is to be used for encryption (step S852). N is determined by this cipher selection processing. If N is 0, it indicates a basic encryption algorithm; otherwise, N indicates the Nth option description. The encryption selection process will be described later in detail.

After executing the encryption selection processing, the encryption processing unit 2
344 determines whether ed in the encryption processing description of the argument of the encryption processing instruction is 0 or 1 (step S853),
If ed is 0, Ciphe starts from the position indicated by the variable pnt.
Cipher_algorithm for the content data of the block indicated by r_block [N]
An encryption algorithm represented by [N], and Ciphe
Encryption is performed in the encryption processing mode indicated by r_mode [N] (step S854), and if ed is 1, Cipher_block starts from the position indicated by the variable pnt.
An encryption algorithm represented by Cipher_algorithm [N] is applied to the content data of the block represented by [N], and Cipher_mode is used.
Decryption is performed in the encryption processing mode indicated by [N] (step S855).

After performing the encryption processing of step S854 or the decryption processing of step S855, the encryption processing unit 2344
Adds Cipher_block [N] to the variable pnt (step S856), and determines whether or not the variable pnt is smaller than the encryption end position which is an argument of the encryption processing instruction (step S857). If it is determined in step S857 that the variable pnt is smaller than the encryption end position,
The encryption processing unit 2344 again proceeds to the process of step S852, and when determining that the variable pnt is equal to or greater than the encryption end position, the encryption processing unit 2344 ends the encryption processing operation.

Next, the encryption selection process will be described. FIG.
9 is a flowchart showing the encryption selection processing performed by the encryption processing unit 2344. When the encryption selection process is started, first, the encryption processing unit 2344 sets 0 to the variable N (step S861), and adds 1 to the variable N (step S86).
862). Here, the variable N is a storage area in the memory 2346. Thereafter, the encryption processing unit 2344 compares the variable N with no in the encryption processing description (step S863), and
If the variable N is larger than o, the variable N is set to 0 in the sense that a basic encryption algorithm is used (step S86).
9), end the encryption selection process. Step S863
If the variable N is equal to or less than no, the encryption processing unit 234
4 judges the value of bd [N] in the Nth option description (step S864).

In step S864, bd [N] is 0.
When it is determined that the sum is the sum of the encryption start position and the boundary [N] in the variable indicating the boundary position (step S865), the variable pnt is compared with the value of the variable indicating the boundary position (step S865). S866). Step S86
If the variable pnt is smaller than the value of the variable indicating the boundary position in 6, the encryption processing unit 2344 ends the encryption selection process, and if the variable pnt is equal to or greater than the value of the variable indicating the boundary position, the encryption processing unit 2344 is executed again in step S86.
Move to the processing of 2.

In step S864, bd [N] is 1
If the value is determined to be, the value obtained by subtracting Boundary [N] from the encryption end position is substituted for the variable indicating the boundary position (step S867), and the variable pnt is compared with the value of the variable indicating the boundary position (step S867). Step S868). If the variable pnt is equal to or greater than the value of the variable indicating the boundary position in step S868, the encryption processing unit 2344 ends the encryption selection processing. If the variable pnt is smaller than the value of the variable indicating the boundary position, the encryption processing unit 2344 executes the encryption processing. The unit 2344 proceeds to the process of step S862 again.

According to the above procedure, the encryption processing unit 2344
The area between the encryption start position and the encryption end position in the content data is encrypted based on the encryption description information. <Specific Example> Hereinafter, the operation of the encryption processing device 2340 described with reference to FIG. 24 will be described using more specific examples of content data and encryption method specifying information.

FIG. 30 is a diagram showing the structure of a stream as an example of the content data 2131 input to the encryption processing device 2340. In the stream shown in the drawing, the synchronization pattern is a hexadecimal FFF bit string, and an area length code of 13 bits from the 31st bit from the head of the synchronization pattern is embedded. The area length code indicates the length of the packet, that is, the number of bytes from the first bit of the synchronization pattern to the last bit of the packet.

In each packet of such a stream, the region from the bit immediately after the region length code to the last bit of the packet is a region to be subjected to encryption processing. In this case, if the start position of the synchronization pattern is the basic address,
The end position and the end position of the cipher are 8 bits after the contents of the area length code from the basic address, and the start position of the cipher is 43 bits after the basic address.

FIG. 31 is a diagram showing an example of the encryption system specifying information 2111 input to the encryption processing device 2340 to process the stream shown in FIG. In this example, the encryption method specifying information is composed of descriptions 901 to 909.
It should be noted that in the figure, the area description information is shown with some parameters omitted. Here, the description will be made assuming that the addresses of the memories in which the data of the basic address, the reference address, the end position, the encryption start position, and the encryption end position are stored are # 0, # 1, # 2, # 3, and # 4, respectively. A description 901 is a label to which the branch instruction jumps, and a description 905 is a branch instruction that branches to the description 901 in accordance with the value of the flag register set in accordance with the execution result of the instruction. Is returned to the instruction indicated by the label when the result of the verification is abnormal, the description 909 is a branch instruction that branches to the instruction indicated by the label, and forms a processing loop. Also,
If the synchronization detection command cannot detect the synchronization pattern, the processing exits from this processing loop and ends.

First, the cryptographic processing unit 2340 sends the description 902
, A synchronization pattern consisting of a bit string of 0xFFF having a 12-bit width is detected from the stream according to the synchronization detection instruction, and the first bit of the synchronization pattern is set as a basic address (# 0). In the case of the first detection of the stream, the detection starts from the reference address (# 1),
In the case of detection other than the first, the end position of the previous packet (#
The detection is started from 2).

[0165] The cryptographic processing device 2340 then writes the description 903
3 based on the basic address in accordance with the area detection instruction of
An area length code of 13 bits in length is detected from the first bit, the value of the area length code is read out as the unsigned MSB head, and the value multiplied by 2 to the power of length_unit, that is, 8 is set to the end position (# Set to 2). Next, the cryptographic processing device 2340 checks whether there is a synchronization pattern composed of a bit string of 12-bit width 0xFFF at the end position according to the synchronization verification instruction of the description 904, and if there is no synchronization pattern, stores a value other than 0 in the flag register. The flag is set, and if there is a synchronization pattern, 0 is set in the flag register. Next, according to the branch instruction in description 905, if the flag register is not 0,
The processing of the synchronization detection command indicated by BEL1 will be performed again.

If the flag register is 0 in the processing of the description 905, the cryptographic processing device 2340 sets the description 90
According to the area detection instruction of No. 6, the 43rd bit from the basic address is set to the encryption start position (# 3). The cryptographic processing device 2340 then follows the region detection instruction in the description 907,
A 13-bit area length code is detected from the 31st bit with reference to the basic address, the value of the area length code is read out as the unsigned MSB first, and the value of 2 le
The ngth_unit power, that is, the value obtained by multiplying by 8, is set as the encryption end position (# 4).

The cryptographic processing device 2340 then writes the description 908
In accordance with the encryption processing instruction, the region between the encryption start position (# 3) and the encryption end position (# 4) is specified as the region to be subjected to the encryption process.
In the BC mode, encryption processing is performed in units of 8 bytes. When the remaining 8 bytes are used as a boundary, that is, when the remaining data is less than 8 bytes, processing is performed in units of 8 bytes in the OFB mode of the DES algorithm.

[0168] The cryptographic processing device 2340 stores the description 90
902 is described for each packet according to the 9 branch instructions.
To 908 are repeated. That is, the cryptographic processing device 2340 detects a synchronization pattern for each packet according to the description 902, detects an end position according to the description 903, verifies the synchronization pattern according to the description 904, detects a cryptographic start position according to the description 906, and detects a description 907. , The encryption end position is detected, and encryption processing is performed according to the description 908.

By such an operation, the encryption processing device 23
40 can appropriately perform encryption processing on the stream shown in FIG. << Supplement >> As described above, the cryptographic processing apparatus according to the present invention has been described based on the first to fourth embodiments. However, it is needless to say that the present invention is not limited to these embodiments. That is, (1) the header detection unit, the frame length detection unit, the decryption unit, the encryption unit, the encryption / decryption unit, the synchronization detection unit, the region detection unit, and the encryption processing unit described in the first to fourth embodiments are software , Or may be constituted by a dedicated hardware circuit. (2) Assuming that the encryption method specifying information in the first and fourth embodiments does not include information indicating the distinction between encryption and decryption,
Whether the encryption processing device performs encryption or decryption may be determined in advance. In this case, for example, the encryption function and the decryption function can be shared, so that it is not necessary to replace the encryption function with the decryption function in step S316, and the processing in step 702 becomes unnecessary. In addition,
Whether the encryption processing device performs encryption or decryption may be designated by the user. (3) The encryption method specifying information may be any combination of any number of functions or instructions for controlling the operation of the encryption processing device, such as a high-level language such as C language, a more compact bytecode, and a machine. The description may be written in words or the like, or may be a description that specifies the operation of the cryptographic processing device using a specific language, that is, a description that specifies the operation of the cryptographic processing device using a constant value group in addition to a program. However, if the operation of the cryptographic processing device is specified by a specific language rather than by a group of constant values, there is an advantage that various operation controls can be performed according to the specific contents of the content data. Each instruction such as a synchronization detection instruction and a cryptographic processing instruction may be of variable length or fixed length, and may be described in any description format. All that is required is that the cryptographic processing device be able to operate based on the cryptographic system identification information.

Therefore, the argument of each instruction may be in the form of a memory address, register ID, or any other description format as long as it indicates the contents, and the contents can be used in the cryptographic processing device. It just needs to be described in the form of arguments. Further, the data structures of the synchronization description information, the area description information, and the encryption description information may be of any type. The length_unit in the area description information may represent the unit of the area length code by another numerical value instead of an exponent value that is a power of two.

The area detection instruction may be divided into a plurality of instructions such as an instruction for collating a flag code in content data and an instruction for acquiring an area length code and calculating the length of the area. Cryptographic method specific information acquisition and interpretation unit 111
Reference numeral 1 is not limited to an interpreter, and may be a compiler that first converts the cryptographic scheme specifying information into a machine language and then executes it. If the cryptographic scheme specifying information itself is described in a machine language, it is a processor. It may be that. Further, when the encryption method specifying information is described in a high-level language or the like, a compiler or the like is provided in a stage preceding the processor 2341. After being converted into a machine language instruction sequence including a detection instruction and a cryptographic processing instruction, the processor 2
341 may execute the machine language instruction sequence.

Note that the pair of the operation related to the encryption processing and the encryption method specifying information shown in each of the first to fourth embodiments is the same as the operation related to the encryption processing and the encryption method specification information in the other embodiments. Can be replaced with a pair. (4) The file type described in the second embodiment is not limited to the extension, but may be any file type that indicates the type of the file. The type-specific encryption method specifying information 1531 is
It is not necessary to include the encryption process specifying information for all the file types of the files included in the IC card 1500, and it is sufficient that the information includes the encryption method specifying information for at least one file type. Further, the file name is transmitted from the cryptographic processing device 1400, and the cryptographic system identification information corresponding to the type of the file is received from the IC card 1500. However, the cryptographic processing device 1400 needs at least Information indicating the file type may be transmitted.

Also, the encryption method specifying information is configured as a separate file for each file type, and the type-specific encryption method specifying information specifies the file type and the file of the encryption method specifying information applied to the content data of the file type. Information may be associated with a file name or the like for performing the operation. The storage of the type-specific encryption method specifying information and the content data file is as follows.
The present invention is not limited to a recording medium to which an active element is added such as the IC card 1500, and may be a recording medium such as a magnetic disk to which no active element is added. In this case, the encryption method identification information acquisition / interpretation unit 1111 of the encryption processing device 1400 reads the encryption method identification information corresponding to the file type by referring to the type-specific encryption method identification information in the recording medium, and reads the information. The encryption / decryption unit 1440 and the like may be controlled based on this. Further, the IC card described in the first and third embodiments may be a recording medium to which no active element is similarly added.

Although the content data is recorded on a portable recording medium and distributed, the encryption by the cryptographic processing device is performed to protect the content data during the distribution process. A recording medium for content data to be processed by the processing device is versatile. (5) The key generation unit 1150 according to the first to third embodiments does not need to generate a key for encryption processing based on the media ID. The key generation unit 1150 may obtain information serving as the basis of the key or the key itself, for example, by a user input. Also, the key generation unit 1 shown in the second embodiment
Reference numeral 150 denotes a content data file encrypted by the encryption processing apparatus 1400 using a file-specific encryption key composed of a random number or the like as a basis for generating an encryption key in addition to the media ID. , The encryption key may be sent, and stored in the data storage unit 1530 as an encryption key file. Correspondingly, the encryption processing device 1400 stores the encryption key file together with the media ID when decrypting the IC card 1500.
And a decryption key may be generated based on these. (6) Error processing (step S826) in the synchronization verification operation based on the synchronization verification command described in the fourth embodiment is as follows.
This need not always be performed by the synchronization detection unit 2342. For example, after the synchronization verification command in the encryption method specifying information, for example, a command such as assignment or addition of a value to a basic address is placed, and the processor 2341 is executed based on the command.
May perform arithmetic processing. (7) In the first to fourth embodiments, the content data and the encryption scheme specifying information are stored in the same recording medium or are multiplexed and transmitted. Both may reach the cryptographic processing device via separate transmission paths, provided that the cryptographic processing device can recognize and operate the relationship. That is, when the cryptographic processing apparatus acquires information indicating the correspondence between the content data and the encryption scheme specifying information, and performs encryption processing on certain content data, the encryption processing apparatus performs encryption based on the encryption scheme specifying information corresponding to the content data. The encryption process may be performed by specifying the method.
Note that if both are recorded on the same recording medium or transmitted after being multiplexed, the cryptographic processing device can recognize the correspondence between the two without separately acquiring information. Has the advantage that information indicating the correspondence is not required. (8) The processing procedure of the cryptographic processing device according to the first to fourth embodiments (the procedure shown in FIGS. 5, 8, 11, 12, 14, 25 to 29, etc.) is converted to a general-purpose computer or the like. The computer program to be executed can be recorded on a recording medium or distributed and distributed via various communication paths. Such a recording medium includes an IC card, an optical disk, a flexible disk, a ROM, and the like. The computer program distributed and distributed is provided for use by being installed on a computer or the like.
The computer executes the computer program to realize the cryptographic processing device as described in each embodiment.

[0175]

In order to achieve the above object, an encryption processing device according to the present invention provides a portable storage device for storing content data and encryption method information including information for specifying a region to be encrypted in the content data. Data reading means for reading data from a single storage medium having the data, and an encryption processing target area in the content data read by the data reading means based on the encryption method information read by the data reading means. And an encryption processing means for encrypting or decrypting the encryption processing target area specified by the area specification means in the content data read by the data reading means. It is characterized by.

As a result, the encryption processing device according to the present invention can appropriately specify an area to be subjected to encryption processing in content data stored in a storage medium and perform encryption processing, thereby achieving the object. Therefore, it is not necessary to previously store information for specifying an area to be subjected to encryption processing for specific content data inside the encryption processing apparatus,
The encryption processing device is a general-purpose encryption device that can perform encryption processing on content data in various formats.

The storage medium stores a plurality of content data as files, and stores encryption method information for each file type.
The data reading means may read out content data constituting one file from the storage medium and encryption method information corresponding to the type of the file.

Thus, even when the region to be encrypted in the content data, which is the content of the file, differs depending on the file type, that is, the format of the file, the encryption processing target in the content data is different. An area can be appropriately specified and encryption processing can be performed. Further, the encryption method information includes instruction information for instructing reference to partial data in the content data, and the area specifying unit refers to the partial data in accordance with the instruction information, and The encryption target area may be specified.

Thus, the area to be subjected to the encryption processing in the content data is not one that can be specified in advance by fixed position information like a variable length area, for example, a code indicating the range of the variable length area. For example, even if the data can be specified for the first time by referring to the data in the content data, the encryption processing can be performed by appropriately specifying the area to be subjected to the encryption processing.

Further, the encryption system information includes bit pattern information indicating a certain bit string, and the area specifying means searches the content data for bit data consisting of the bit string indicated by the bit pattern information, An encryption target area existing at a predetermined relative position based on the location of the bit data may be specified.

Thus, even when the content data has a data structure composed of a repetition of a header portion and a payload portion and there is a region to be subjected to encryption processing in each payload portion, the region can be specified. . Also,
The partial data designated to be referred to by the instruction information indicates the length of the encryption processing target area, and the area specifying unit performs the encryption processing by referring to the partial data in accordance with the instruction information. The encryption processing target area in the content data may be specified by calculating the length of the target area.

For example, when the content data has a data structure including a header portion and a payload portion, and the payload portion has a variable length, and the variable length payload portion is an area to be subjected to encryption processing. In addition, by obtaining a code indicating the length of the payload portion from the content data, the range of the region to be subjected to the encryption processing can be specified.

Further, the encryption method information includes a value indicating a unit of the partial data designated to be referred to by the instruction information, and the area specifying means refers to the partial data according to the instruction information. The encryption processing target area in the content data may be identified by calculating the length of the encryption processing target area by multiplying the partial data by a unit indicated by the encryption scheme information. Good.

Thus, when there are a code indicating the length of the variable length area and a code indicating the unit of the length in the content data, the range of the variable length area is determined by referring to these codes. Can be identified. Further, the encryption method information further includes second instruction information for detecting bit data composed of a bit string indicated by the bit pattern information from the content data, and defines an order in which an operation indicated by each instruction information is to be performed. The area specifying means may specify the encryption processing target area in the content data by performing an operation according to each instruction information in an order defined in the encryption method information.

Thus, by performing the operation indicated by each instruction information in the order indicated by the encryption method information, it is possible to specify the area to be subjected to encryption processing in the content data. That is, in the case where the encryption processing information is in the form of a program description, the encryption method can be specified and the encryption processing can be performed by sequentially interpreting and executing the program description.

The encryption method information further includes information for specifying an encryption algorithm used for encryption processing, and the encryption processing means encrypts the encryption target area using the encryption algorithm. Or decryption. Thus, the encryption processing device according to the present invention can appropriately specify an encryption algorithm to be used for the encryption processing performed on the encryption processing target area in the content data and perform the encryption processing. Therefore, it is not necessary for the cryptographic processing device to hold information about the cryptographic algorithm to be used fixedly, and the cryptographic algorithm becomes general-purpose.

Further, the encryption processing means performs encryption on the encryption processing target area, and the encryption processing device further transmits the content data resulting from the encryption by the encryption processing means to the storage medium. May be provided. Thus, the encryption processing device according to the present invention can update the content data in the storage medium by performing encryption according to the information in the storage medium regarding the encryption method.

Further, the encryption method information includes a plurality of pieces of algorithm information and application range information indicating an application range of each algorithm information. Algorithm information may be selected based on the applicable range information, and the range may be encrypted or decrypted using an algorithm specified by the algorithm information.

As a result, it is possible to perform encryption processing on content data by properly using a plurality of encryption algorithms. Further, the encryption method information includes information indicating a priority regarding application of the algorithm information, and the selection of the algorithm information by the encryption processing unit includes:
When the application ranges of the algorithm information indicated by the application range information overlap, the application ranges may be determined according to the priority.

Thus, it is possible to appropriately select an encryption algorithm in accordance with the encryption method information in which the use of a plurality of encryption algorithms is specified by the description with priority. Further, the encryption processing means may perform decryption on the encryption target area.

Thus, the encryption processing device according to the present invention can appropriately specify an area to be decrypted in content data, that is, an encrypted area, and perform decryption processing. That is, a general-purpose decryption device capable of decrypting encrypted content data of various formats can be realized, and the object can be achieved.

[0192] Further, the encryption processing device may further include a second encryption method information including information for specifying an encryption processing target area in the content data, the second encryption method information having a portability different from that of the data reading means. (2) The encryption processing means for reading out the encryption method information in the recording medium read from the storage medium and the second encryption method information read out by the encryption method information reading means in the recording medium. Encryption area specifying means for specifying an encryption processing target area in the decrypted content data; and an encryption processing target area specified by the encryption area specifying means in the content data decrypted by the encryption processing means. Encrypting means for encrypting the content data, and storing the encrypted content data in the second storage medium in the second storage medium. It may be provided with a Ceiling data recording means.

[0193] Thus, in response to a case where the region to be subjected to the encryption processing of the content data is different for each storage medium in which the content data is stored, the encrypted content data is transferred from one storage medium to another. In the case of copying to a storage medium, it becomes possible to perform decryption and encryption by setting an appropriate area according to the storage medium as an encryption target.

The encryption processing apparatus according to the present invention is an encryption processing apparatus for encrypting content data and recording the encrypted content data on a storage medium, comprising: a content data obtaining means for obtaining content data; An encryption method information reading unit that reads encryption method information including information for specifying a processing target area from a portable storage medium, and, based on the encryption method information read by the encryption method information reading unit, Area specifying means for specifying an encryption processing target area in the content data obtained by the content data obtaining means, and encryption processing for encrypting the encryption processing target area specified by the area specifying means in the content data Means for recording the content data encrypted by the encryption processing means on the storage medium Characterized in that it comprises a content data recording means.

Thus, when content data is stored in a storage medium, appropriate encryption can be performed in response to a case where an area in which the content data is to be encrypted is defined in the storage medium. it can. As a result, the newly encrypted content data is stored in the storage medium together with the previously stored encryption method information for specifying the area to be encrypted.
Assuming a general-purpose decryption device that reads this recording medium and decrypts the content data, the decryption device uses the encryption method information in the storage medium to appropriately determine the area to be decrypted in the content data. Be able to identify.

Further, the encryption processing device according to the present invention receives data transmitted by multiplexing content data and encryption method information including information for specifying an encryption processing target area in the content data. A data acquisition unit for acquiring the content data and the encryption system information; and an encryption process in the content data acquired by the data acquisition unit based on the encryption system information acquired by the data acquisition unit. An area specifying unit that specifies a target area; and an encryption processing unit that performs encryption or decryption on the encryption processing target area specified by the area specifying unit in the content data acquired by the data acquisition unit. It is characterized by the following.

As a result, the encryption processing device according to the present invention can appropriately specify the encryption processing target area in the transmitted content data and perform the encryption processing. Therefore, there is no need to store in advance the information for specifying an area to be subjected to encryption processing for specific content data inside the encryption processing apparatus, and the encryption processing apparatus performs encryption processing on content data in various formats. It is a general purpose that can be applied.

Further, the encryption system information includes synchronization pattern information indicating a certain bit string, and the area specifying means searches the content data for a synchronization pattern including the bit string indicated by the synchronization pattern information. It is characterized in that an encryption processing target area existing at a predetermined relative position with respect to the location of the synchronization pattern is specified.

Thus, when the content data has a structure including a repetition of a synchronization pattern and a subsequent area, an area other than the synchronization pattern can be specified. Further, the area specifying means checks whether or not bit data consisting of a bit string indicated by the synchronization pattern information exists at a position separated by a specific position from the location of the searched synchronization pattern, and checks the searched synchronization pattern. The validity of the pattern may be verified.

In this way, even when a transmitted bit string includes a part that is the same as the synchronization pattern and is not a synchronization pattern, the synchronization pattern is verified, so that the area to be subjected to encryption processing can be specified more accurately. Will be able to Further, the encryption method information includes flag pattern information indicating a bit string and position information for specifying the position in addition to the synchronization pattern information, and the area specifying unit uses the position information in the content data. It may be verified whether or not a bit string indicated by the flag pattern information exists at the specified position.

Thus, the flag code in the content data can be verified, so that the area to be subjected to the encryption processing can be specified more accurately. Further, an encryption processing device according to the present invention is an encryption processing device for performing encryption processing on content data, and instructs content data acquisition means for acquiring content data, and reference to partial data in the content data. An encryption method information obtaining unit that obtains encryption method information that includes instruction information and information for specifying an encryption target area in the content data; and at least the encryption information in the content data according to the instruction information. An area identification unit that identifies an encryption target area in the content data based on the encryption method information by referring to partial data; and an encryption process identified by the area identification unit in the content data. Encryption processing means for encrypting or decrypting the target area.

Thus, the cryptographic processing apparatus according to the present invention appropriately specifies an area to be subjected to encryption processing in content data by referring to a part of the content data, for example, based on encryption method information such as a program. To perform encryption processing. Further, the encryption processing means performs encryption on the encryption processing target area specified by the area identification means in the content data, and the encryption processing device further performs encryption by the encryption processing means. A multiplex transmission unit may be provided for multiplexing and transmitting the resulting content data and the encryption method information.

[0203] As a result, the encrypted content data and the corresponding encryption method information are multiplexed and transmitted, so that the device that has received the data can appropriately decrypt the content data. Further, the program recording medium according to the present invention is a program recording medium in which a control program for causing a computer to execute a content data encryption process is recorded, wherein the content data encryption process includes content data and an encryption process in the content data. A data reading step of reading encryption method information including information for specifying the target area from a single portable storage medium, and, based on the encryption method information read by the data reading step, An area specifying step of specifying an encryption processing target area in the content data read by the data reading step, and an encryption processing target specified by the area specifying step of the content data read by the data reading step Encryption processing for encrypting or decrypting an area Characterized in that it comprises a step.

Thus, the computer that reads the control program recorded on the program recording medium into the memory and operates based on the control program can appropriately set the area to be subjected to encryption processing in the content data stored in the storage medium. And the encryption process can be performed. Further, the program recording medium according to the present invention,
A program recording medium storing a control program for causing a computer storing content data to execute a content data encryption process of encrypting the content data and recording the encrypted content data on a storage medium, wherein the content data encryption process is performed. Read out the encryption method information including information for specifying the encryption processing target area in the content data from a portable storage medium, and the encryption method information read step. An area specifying step of specifying an encryption processing target area in the content data based on encryption method information; and an encryption process of encrypting the encryption processing target area specified by the area specification step in the content data. And encrypting by the encrypting step. Characterized in that it comprises a content data recording step of recording the content data in the storage medium.

Thus, the computer which reads the control program recorded on the program recording medium into the memory and operates based on the control program, encrypts the content data in the storage medium when storing the content data in the storage medium. Encryption can be appropriately performed in response to a case where an area to be encrypted is specified.

Further, the program recording medium according to the present invention is a program recording medium in which a control program for causing a computer to execute content data encryption processing is recorded, wherein the content data encryption processing comprises: A data acquisition step of receiving the transmitted data in which the encryption method information including the information for specifying the encryption processing target area is multiplexed and acquiring the content data and the encryption method information,
An area identification step of identifying an encryption processing target area in the content data acquired by the data acquisition step, based on the encryption method information acquired by the data acquisition step; and Encrypting or decrypting the encryption processing target area specified in the area specifying step in the content data.

As a result, the computer that reads the control program recorded on the program recording medium into the memory and operates based on the control program appropriately identifies an area to be subjected to encryption processing in the transmitted content data. Cryptographic processing can be performed. Further, the program recording medium according to the present invention is a program recording medium recording a control program for causing a computer to execute a content data encryption process, wherein the content data encryption process is a content data acquisition step of acquiring content data, Cryptographic method information for obtaining cryptographic method information including instruction information for instructing reference to partial data in the content data, the cryptographic method information including information for specifying an encryption processing target area in the content data An obtaining step, and an area specifying step of specifying an encryption processing target area in the content data based on the encryption method information by referring to at least partial data in the content data according to the instruction information; In the area specifying step in the content data Characterized in that it comprises a cryptographic processing step of encrypting or decoding on a specified cryptographic processing target region Ri.

Thus, the computer that reads the control program recorded in the program recording medium into the memory and operates based on the control program can execute the encryption processing in the content data based on the encryption method information such as the program. By referring to a part of the content data, the region can be appropriately specified and encryption processing can be performed.

[0209] The data recording medium according to the present invention is a single data recording medium that is generally capable of recording encrypted content data, and the content data in which the area to be subjected to the encryption processing is located. A content data recording area in which encrypted content data is recorded, and an encryption method information recording area in which encryption method information including information for specifying an encryption processing target area in the content data is recorded. It is characterized by the following.

Thus, this data recording medium enables, for example, a general-purpose decoding device to specify an area to be decoded. Further, in the encryption processing method according to the present invention, the data to be read from a single portable storage medium may be used to read content data and encryption method information including information for specifying an encryption processing target area in the content data. A reading step; an area specifying step of specifying an encryption processing target area in the content data read in the data reading step based on the encryption method information read in the data reading step; And encrypting or decrypting the encryption processing target area specified by the area specifying step in the content data read by the step.

Therefore, by using the encryption processing method according to the present invention, it is possible to appropriately specify an area to be subjected to encryption processing in the content data stored in the storage medium and perform encryption processing. Further, an encryption processing method according to the present invention is an encryption processing method for encrypting content data and recording the encrypted content data on a storage medium, the encryption method including information for specifying an encryption processing target area in the content data. An encryption method information reading step for reading information from a portable storage medium; and an area specification for specifying an encryption processing target area in the content data based on the encryption method information read in the encryption method information reading step. Steps and
An encryption processing step of encrypting the encryption processing target area specified by the area identification step in the content data; and a content recording the content data encrypted by the encryption processing step on the storage medium. And a data recording step.

Therefore, the use of the encryption processing method according to the present invention is compatible with the case where an area where content data is to be encrypted in the storage medium is defined when the content data is stored in the storage medium. Thus, encryption can be performed appropriately. Further, an encryption processing method according to the present invention is an encryption processing method for performing encryption processing on content data, wherein the content data, encryption method information including information for specifying an encryption processing target area in the content data, and Receiving the multiplexed and transmitted data and acquiring the content data and the encryption method information; andthe data acquisition step based on the encryption method information acquired by the data acquisition step. An area specifying step of specifying an encryption processing target area in the content data obtained by
An encryption processing step of encrypting or decrypting the encryption processing target area specified by the area specifying step in the content data obtained by the data obtaining step.

Therefore, by using the encryption processing method according to the present invention, the encryption processing can be performed by appropriately specifying the encryption processing target area in the transmitted content data. Further, an encryption processing method according to the present invention is an encryption processing method for performing encryption processing on content data, and instructs a content data acquisition step of acquiring content data and a reference to partial data in the content data. An encryption method information obtaining step of obtaining encryption method information including instruction information and encryption method information including information for specifying an encryption processing target area in the content data; and An area specifying step of specifying an encryption processing target area in the content data based on the encryption method information by referring to partial data; and an encryption processing specified by the area specifying step in the content data. And an encryption processing step of encrypting or decrypting the target area. And it features.

Therefore, by using the encryption processing method according to the present invention, for example, based on encryption method information such as a program,
By referring to a part of the content data, the area to be subjected to the encryption processing in the content data can be appropriately specified to perform the encryption processing.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a state in which encryption processing is performed on content data. FIG. 1A is a diagram illustrating an example of an encryption processing target portion in content data configured from fixed-length packets, and FIG. FIG. 4 is a diagram showing an example of a portion to be subjected to encryption processing in content data composed of variable-length packets, and FIG. 4C is a diagram showing how encryption processing is repeatedly performed on content data at a fixed period.

FIG. 2 is a configuration diagram of a decoding device 1100 according to Embodiment 1.

FIG. 3 is an explanatory diagram of a function that can be used as the content of the encryption method specifying information.

FIG. 4 is a diagram showing an example of the content of encryption method specifying information described using the function shown in FIG. 3;

FIG. 5 is a flowchart showing an operation of the decoding device 1100.

FIG. 6 is a diagram showing content data 1232 to be decrypted according to the encryption method specifying information shown in FIG. 4;

FIG. 7 is a configuration diagram of an encryption device 1300.

FIG. 8 is a flowchart showing an operation of the encryption device 1300.

FIG. 9 is a configuration diagram of a cryptographic processing device 1400 according to Embodiment 2.

FIG. 10 is a diagram illustrating a data structure of type-specific encryption method identification information 1531 stored in a data storage unit 1530.

FIG. 11 is a diagram illustrating an example in which an encryption processing device 1400 is an IC card 1500.
FIG. 7 is a diagram showing a processing procedure when a content data file is recorded in a.

FIG. 12 is a diagram illustrating an example in which an encryption processing device 1400
FIG. 11 is a diagram showing a processing procedure when reading and decoding a content data file recorded in the “0”.

FIG. 13 is a configuration diagram of a cryptographic processing device 1600 according to Embodiment 3.

FIG. 14 is a flowchart showing the operation of the cryptographic processing device 1600.

FIG. 15 is a cryptographic processing system 200 according to a fourth embodiment.
FIG. 3 is a diagram showing a configuration of a zero.

FIG. 16 is a configuration diagram of an encryption processing device 2340 corresponding to an encryption device 2140 and a decryption device 2240 according to the fourth embodiment.

FIG. 17 is a diagram showing an instruction description as the contents of the encryption method specifying information 2111.

FIG. 18 is a diagram showing a data structure of synchronization description information.

FIG. 19 is a diagram showing a data structure of area description information.

FIG. 20 is a diagram showing a data structure of encryption description information.

FIG. 21 is a diagram exemplifying which encryption algorithm performs encryption processing on an area from an encryption start position to an encryption end position.

FIG. 22 is a diagram for describing an example of a method of specifying an area to be subjected to encryption processing in content data.

FIG. 23 is a flowchart showing a procedure for transmitting and receiving content data by the cryptographic processing system 2000.

FIG. 24 is a diagram illustrating an example of operation of the cryptographic processing device 2340.

FIG. 25 is a flowchart showing a synchronization detection operation based on a synchronization detection command by a synchronization detection unit 2342.

FIG. 26 is a flowchart showing a synchronization verification operation based on a synchronization verification command by a synchronization detection unit 2342.

FIG. 27 is a flowchart showing an area detection operation based on an area detection command by an area detection unit 2343.

FIG. 28 is a flowchart showing an encryption processing operation by the encryption processing unit 2344 based on an encryption processing instruction.

FIG. 29 is a flowchart showing an encryption selection process performed by the encryption processing unit 2344.

FIG. 30 is a diagram illustrating the structure of a stream as an example of content data 2131 input to the cryptographic processing device 2340.

FIG. 31 shows encryption method specifying information 21 input to encryption processing apparatus 2340 to process the stream shown in FIG.
It is a figure showing the example of No. 11.

[Explanation of symbols]

 1100 Decryption device 1300 Encryption device 1400, 1600 Cryptographic processing device 1110, 1310, 1410, 1610 Control unit 1111 Cryptographic method specific information acquisition / interpretation unit 1112 Content data acquisition unit 1313 Cryptography method specific information update unit 1314 Content data update unit 1416 Content data Recording unit 1120 Header detection unit 1130 Frame length detection unit 1140 Decryption unit 1340 Encryption unit 1440 Encryption / decryption unit 1150 Key generation unit 1415 File name designation unit 1460 Content data storage unit 1200 1500 1500 IC card 1210, 1510 Control unit 1220 Media ID storage unit 1230, 1530 Data storage unit 1231 Encryption method specification information 1232 Content data 1531 Type-specific encryption method specification information 1532 Content Data file 1710, 1720 Recording medium 2100 Transmission device 2110 Encryption method specific information storage unit 2120 Key storage unit 2130 Content data storage unit 2140 Encryption device 2150 Multiplexing transmission unit 2200 Receiving device 2210 Encryption method specification information storage unit 2220 Key storage unit 2230 Content data storage unit 2240 Decoding device 2250 Reception separation unit

 ──────────────────────────────────────────────────の Continuing on the front page (72) Inventor Shinji Inoue 1006 Kadoma Kadoma, Osaka Prefecture Inside Matsushita Electric Industrial Co., Ltd. (72) Inventor Makoto Tatebayashi 1006 Okadoma Kadoma Kadoma City, Osaka Pref.

Claims (84)

[Claims] 1. A data reading means for reading content data and encryption method information including information for specifying an encryption processing target area in the content data from a single portable storage medium; Area specifying means for specifying an encryption processing target area in the content data read by the data reading means based on the encryption method information read by the reading means; An encryption processing device comprising: encryption processing means for encrypting or decrypting the encryption processing target area specified by the area specification means in the content data. 2. The storage medium stores a plurality of content data as files, and stores encryption method information for each type of file. 2. The encryption processing device according to claim 1, wherein content data constituting one file and encryption method information corresponding to the type of the file are read. 3. The encryption method information includes instruction information for instructing reference to partial data in content data, and the area specifying unit refers to the partial data in accordance with the instruction information, and 3. An encryption processing target area in data is specified.
The cryptographic processing device according to the above. 4. The encryption method information includes bit pattern information indicating a certain bit string, and the area specifying unit searches the content data for bit data composed of a bit string indicated by the bit pattern information, 4. The encryption processing apparatus according to claim 3, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the bit data is specified. 5. The partial data designated to be referred to by the instruction information indicates the length of the encryption target area, and the area specifying means refers to the partial data according to the instruction information. 5. The encryption processing target area in the content data is identified by calculating the length of the encryption processing target area.
The cryptographic processing device according to the above. 6. The encryption method information includes a value indicating a unit of partial data for which a reference is instructed by the instruction information, and the area specifying unit refers to the partial data in accordance with the instruction information. Multiplying the partial data by a unit indicated by the encryption method information to calculate a length of the encryption processing target area, thereby identifying the encryption processing target area in the content data. The cryptographic processing device according to claim 5, wherein 7. The encryption method information further includes second instruction information for detecting bit data composed of a bit string indicated by the bit pattern information from the content data, and an operation of instructing each instruction information should be performed. The area specifying means specifies the encryption processing target area in the content data by performing an operation according to each instruction information in an order specified in the encryption method information. 7. The cryptographic processing device according to claim 6, wherein: 8. The encryption method information further includes information for specifying an encryption algorithm used for encryption processing, wherein the encryption processing unit uses the encryption algorithm to
4. The encryption processing device according to claim 3, wherein the encryption processing area is encrypted or decrypted. 9. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing, and the cryptographic processing means uses the algorithm specified by the algorithm information to execute the cryptographic processing. 3. An area is encrypted or decrypted.
The cryptographic processing device according to the above. 10. The cipher system information includes instruction information for instructing reference to partial data in content data, and the area specifying unit refers to the partial data in accordance with the instruction information, and 2. An encryption processing target area in data is specified.
The cryptographic processing device according to the above. 11. The encryption processing means performs encryption on the encryption processing target area, and the encryption processing device further transmits the content data resulting from encryption by the encryption processing means to the storage medium. 11. The cryptographic processing apparatus according to claim 10, further comprising: content data recording means for recording the content data in a content. 12. The encryption processing means decrypts the encryption processing target area, and the encryption processing device further includes a second encryption method including information for specifying the encryption processing target area in the content data. Information in the recording destination medium, which reads information from a portable second storage medium different from the data to be read by the data reading means; and information read out by the encryption method information in the recording destination medium. An encryption area specifying unit that specifies an encryption processing target area in the content data obtained as a result of decryption by the encryption processing unit based on the second encryption scheme information; Encryption means for encrypting the encryption processing target area specified by the encryption area specifying means in the content data; and encryption by the encryption means. It has been the result cryptographic processing apparatus according to claim 10, wherein further comprising a content data recording means for recording the second storage medium content data. 13. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing. The cryptographic processing means uses the algorithm specified by the algorithm information to execute the cryptographic processing. 2. An area is encrypted or decrypted.
The cryptographic processing device according to the above. 14. The encryption method information includes a plurality of algorithm information and application range information indicating an application range of each algorithm information, wherein the encryption processing unit performs: 14. The encryption processing device according to claim 13, wherein algorithm information is selected based on the applicable range information, and the range is encrypted or decrypted using an algorithm specified by the algorithm information. 15. The encryption method information includes information indicating a priority regarding application of the algorithm information, and the selection of the algorithm information by the encryption processing unit is performed by applying each of the algorithm information indicated by the application range information. 15. The cryptographic processing device according to claim 14, wherein when the ranges overlap, the priority is determined according to the priority. 16. The encryption processing means performs encryption on the encryption processing target area, and the encryption processing device further comprises: a storage medium that stores the content data resulting from the encryption performed by the encryption processing means. 2. The cryptographic processing apparatus according to claim 1, further comprising: content data recording means for recording the content data in the storage device. 17. The encryption processing apparatus according to claim 1, wherein the encryption processing means performs decryption on the encryption processing target area. 18. The apparatus according to claim 18, wherein said encryption processing device further stores second encryption method information including information for specifying an encryption processing target area in the content data, the second encryption method information having a different portability from the data to be read by the data reading means. (2) an encryption method information reading means in the recording destination medium read from the storage medium; and a second encryption method information read out by the encryption method information reading means in the recording destination medium. Encryption area specifying means for specifying an encryption processing target area in the content data obtained as a result, and an encryption processing target area specified by the encryption area specifying means in the content data obtained as a result of decryption by the encryption processing means. Encrypting means for encrypting the content data, and storing the content data resulting from the encryption by the encrypting means in the second storage medium. Cryptographic processing apparatus according to claim 17, characterized in that it comprises a Ceiling data recording means. 19. An encryption processing apparatus for encrypting content data and recording the encrypted content data on a storage medium, comprising: content data obtaining means for obtaining content data; and information for specifying an encryption processing target area in the content data. Encryption information reading means for reading encryption information from a portable storage medium including: a content obtained by the content data obtaining means based on the encryption information read by the encryption information reading means Area specifying means for specifying an encryption processing target area in data; encryption processing means for performing encryption on the encryption processing target area specified by the area specification means in the content data; and encryption by the encryption processing means. Content data recording means for recording the encrypted content data on the storage medium. Cryptographic processing apparatus characterized by obtaining. 20. The storage medium is capable of storing a plurality of pieces of content data as files, and stores encryption method information for each type of storable file. Means for reading encryption method information corresponding to one file type from the storage medium; and the content data recording means for encrypting the encrypted content data by the encryption method information reading means. 20. The encryption processing device according to claim 19, wherein the file is recorded on the storage medium as a file of a file type corresponding to system information. 21. The cryptographic method information includes bit pattern information indicating a certain bit string, and the area specifying means searches the content data for bit data composed of a bit string indicated by the bit pattern information, 21. The encryption processing device according to claim 20, wherein an encryption processing target area located at a predetermined relative position based on the location of the bit data is specified. 22. The encryption method information includes instruction information for instructing to refer to data indicating the length of the encryption processing target area, which is partial data in content data. 3. The encryption processing target area in the content data is identified by calculating a length of the encryption processing target area by referring to the partial data according to information.
2. The encryption processing device according to 1. 23. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing. The cryptographic processing means uses the algorithm specified by the algorithm information to execute the cryptographic processing. 22. The encryption processing device according to claim 21, wherein the region is encrypted. 24. The encryption system information includes bit pattern information indicating a certain bit string, and the area specifying means searches the content data for bit data composed of a bit string indicated by the bit pattern information, 20. The encryption processing device according to claim 19, wherein an encryption processing target area located at a predetermined relative position based on the location of the bit data is specified. 25. The encryption method information includes instruction information for instructing a reference to data indicating the length of the encryption processing target area, which is partial data in content data. 3. The encryption processing target area in the content data is identified by calculating a length of the encryption processing target area by referring to the partial data according to information.
5. The cryptographic processing device according to 4. 26. The cryptographic method information further includes algorithm information for specifying an algorithm to be used for cryptographic processing. The cryptographic processing means uses the algorithm specified by the algorithm information to execute the cryptographic processing. 20. The encryption processing device according to claim 19, wherein the region is encrypted. 27. The encryption method information includes a plurality of pieces of algorithm information and coverage information indicating the coverage of each piece of algorithm information. 27. The encryption processing device according to claim 26, wherein algorithm information is selected based on the applicable range information, and the range is encrypted using an algorithm specified by the algorithm information. 28. The encryption method information includes information indicating a priority regarding application of the algorithm information, and the selection of the algorithm information by the encryption processing unit is performed by applying each of the algorithm information indicated by the application range information. 28. The encryption processing device according to claim 27, wherein when the ranges overlap, the priority is determined according to the priority. 29. Receiving data in which content data and encryption method information including information for specifying an encryption processing target area in the content data are multiplexed and transmitted, and the content data and the encryption method are received. Data acquisition means for acquiring information; and area identification means for identifying an encryption processing target area in the content data acquired by the data acquisition means, based on the encryption method information acquired by the data acquisition means. An encryption processing unit for encrypting or decrypting the encryption processing target area specified by the area specification unit in the content data acquired by the data acquisition unit. 30. The encryption system information includes instruction information for instructing reference to partial data in content data, and the area specifying unit refers to the partial data in accordance with the instruction information, and 3. An encryption processing target area in data is specified.
10. The encryption processing device according to 9. 31. The encryption method information includes synchronization pattern information indicating a certain bit string, and the area specifying unit searches the content data for a synchronization pattern including a bit string indicated by the synchronization pattern information, 31. The encryption processing device according to claim 30, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the synchronization pattern is specified. 32. The area specifying means checks whether or not bit data consisting of a bit string indicated by the synchronization pattern information exists at a position separated by a specific position from the location of the searched synchronization pattern. The cryptographic processing device according to claim 31, wherein the validity of the retrieved synchronization pattern is verified. 33. The encryption method information includes flag pattern information indicating a bit string and position information for specifying the position in addition to the synchronization pattern information. 32. The cryptographic processing apparatus according to claim 31, wherein it is verified whether or not a bit string indicated by the flag pattern information exists at a position specified by the position information. 34. The partial data designated to be referred to by the instruction information indicates the length of the encryption target area, and the area specifying means refers to the partial data according to the instruction information. 4. The encryption processing target area in the content data is identified by calculating the length of the encryption processing target area.
2. The encryption processing device according to 1. 35. The cryptographic method information includes a value indicating a unit of partial data for which reference is instructed by the instruction information, and the area specifying unit refers to the partial data in accordance with the instruction information. Multiplying the partial data by a unit indicated by the encryption method information to calculate a length of the encryption processing target area, thereby identifying the encryption processing target area in the content data. The cryptographic processing device according to claim 34, wherein 36. The encryption method information further includes second instruction information for detecting bit data composed of a bit string indicated by the bit pattern information from the content data, and an operation of instructing each instruction information should be performed. The area specifying means specifies the encryption processing target area in the content data by performing an operation according to each instruction information in an order specified in the encryption method information. 36. The cryptographic processing device according to claim 35, wherein: 37. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing, wherein the cryptographic processing means uses the algorithm specified by the algorithm information to perform the cryptographic processing. 4. An area is encrypted or decrypted.
2. The encryption processing device according to 1. 38. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing. The cryptographic processing means uses the algorithm specified by the algorithm information to perform the cryptographic processing. 3. An area is encrypted or decrypted.
10. The encryption processing device according to 9. 39. The encryption method information includes a plurality of algorithm information and application range information indicating an application range of each algorithm information, wherein the encryption processing unit performs: 39. The cryptographic processing apparatus according to claim 38, wherein algorithm information is selected based on the applicable range information, and the range is encrypted or decrypted using an algorithm specified by the algorithm information. 40. The encryption method information includes information indicating a priority regarding application of the algorithm information. The selection of the algorithm information by the encryption processing unit is performed by applying each of the algorithm information indicated by the application range information. 40. The cryptographic processing apparatus according to claim 39, wherein when the ranges overlap, the priority is determined according to the priority. 41. The encryption processing means according to claim 29, wherein the encryption processing means decrypts the encryption processing target area.
The cryptographic processing device according to the above. 42. A cryptographic processing apparatus for performing cryptographic processing on content data, comprising: a content data obtaining means for obtaining content data; and an encryption method including instruction information for instructing reference to partial data in the content data. Encryption method information obtaining means for obtaining encryption method information including information for specifying an encryption processing target area in the content data; and referring to partial data in the content data according to at least the instruction information. An area specifying unit that specifies an encryption processing target area in the content data based on the encryption method information, and encrypts the encryption processing target area specified by the area specification unit in the content data. And a cryptographic processing means for performing encryption or decryption. 43. The cryptographic method information includes bit pattern information indicating a certain bit string, and the area specifying means searches the content data for bit data composed of a bit string indicated by the bit pattern information, 43. The encryption processing device according to claim 42, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the bit data is specified. 44. The encryption method information includes instruction information for instructing to refer to data indicating the length of the encryption processing target area, which is partial data in content data, 5. The encryption processing target area in the content data is identified by calculating a length of the encryption processing target area by referring to the partial data according to information.
3. The encryption processing device according to 3. 45. The cryptographic method information includes a value indicating a unit of partial data instructed to be referred to by the instruction information, and the area specifying unit refers to the partial data according to the instruction information. Multiplying the partial data by a unit indicated by the encryption method information to calculate a length of the encryption processing target area, thereby identifying the encryption processing target area in the content data. The cryptographic processing device according to claim 44, wherein 46. The cryptographic method information further includes second instruction information for detecting bit data composed of a bit string indicated by the bit pattern information from the content data, and an operation of instructing each instruction information should be performed. The area specifying means specifies the encryption processing target area in the content data by performing an operation according to each instruction information in an order specified in the encryption method information. 46. The cryptographic processing device according to claim 45, wherein: 47. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing, and the cryptographic processing means uses the algorithm specified by the algorithm information to execute the cryptographic processing. 5. An area is encrypted or decrypted.
3. The encryption processing device according to 2. 48. The encryption method information includes a plurality of algorithm information and application range information indicating an application range of each algorithm information, wherein the encryption processing unit performs: 48. The encryption processing device according to claim 47, wherein algorithm information is selected based on the applicable range information, and the range is encrypted or decrypted using an algorithm specified by the algorithm information. 49. The encryption method information includes information indicating a priority regarding application of the algorithm information, and the selection of the algorithm information by the encryption processing unit is performed by applying each algorithm information indicated by the application range information. 49. The encryption processing device according to claim 48, wherein when the ranges overlap, the priority is determined according to the priority. 50. The encryption processing means performs encryption on the encryption processing target area specified by the area specification means in the content data, and the encryption processing device further performs encryption by the encryption processing means. 43. The cryptographic processing apparatus according to claim 42, further comprising a multiplex transmission unit that multiplexes and transmits the content data obtained as a result and the encryption method information. 51. A program recording medium storing a control program for causing a computer to execute content data encryption processing, wherein the content data encryption processing is for identifying content data and an encryption processing target area in the content data. A data reading step of reading out the encryption method information including the information of the above from a single portable storage medium; and reading out the data by the data reading step based on the encryption method information read out by the data reading step. An area specifying step of specifying an encryption processing target area in the read content data; and encrypting the encryption processing target area specified by the area specifying step in the content data read by the data reading step. Or a cryptographic processing step of performing decryption Program recording medium characterized. 52. The storage medium stores a plurality of content data as files, and stores encryption method information for each file type. The data reading step includes: 52. The program recording medium according to claim 51, wherein content data constituting one file and encryption method information corresponding to the type of the file are read. 53. The encryption method information includes bit pattern information indicating a certain bit string. The area specifying step searches the content data for bit data composed of a bit string indicated by the bit pattern information, 52. The program recording medium according to claim 51, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the bit data is specified. 54. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing, and the cryptographic processing step uses the algorithm specified by the algorithm information to execute the cryptographic processing. The program recording medium according to claim 51, wherein the area is encrypted or decrypted. 55. The encryption processing step includes encrypting the encryption processing target area, and the content data encryption processing further includes storing the content data resulting from the encryption performed in the encryption processing step. The program recording medium according to claim 51, further comprising a content data recording step of recording on the medium. 56. The program recording medium according to claim 51, wherein said encryption processing step decrypts said encryption target area. 57. The content data encryption processing further includes a second encryption method information including information for specifying an encryption processing target area in the content data, which is different in portability from a read target in the data reading step. Decryption in the encryption processing step based on the second encryption method information read in the recording destination medium encryption method information reading step to read from the second storage medium; An encryption area specifying step for specifying an encryption processing target area in the content data obtained as a result of the encryption processing; and an encryption processing target specified by the encryption area specifying step in the content data obtained as a result of decryption by the encryption processing step. An encryption step of encrypting the area; and a result of the encryption performed by the encryption step. Program recording medium of claim 56, characterized in that it comprises a content data recording step of recording content data to the second storage medium. 58. A program recording medium recording a control program for causing a computer storing content data to execute a content data encryption process of encrypting the content data and recording the encrypted content data on a storage medium, The content data encryption processing includes: an encryption method information reading step of reading encryption method information including information for specifying an encryption processing target area in the content data from a portable storage medium; and the encryption method information reading step. An area identification step of identifying an encryption processing target area in the content data based on the encryption method information read by the method; and encrypting the encryption processing target area specified by the area identification step in the content data. Encryption processing step of performing encryption, and Program recording medium characterized by comprising a content data recording step of recording the content data encrypted is applied to the storage medium Te. 59. The storage medium is capable of storing a plurality of pieces of content data as files, and stores encryption method information for each type of storable file. Reading encryption method information corresponding to one file type from the storage medium; and storing the encrypted content data in the encryption data read in the encryption method information reading step. The program recording medium according to claim 58, wherein the program recording medium records the file as a file of a file type corresponding to the method information on the storage medium. 60. The cryptographic method information includes bit pattern information indicating a certain bit string. The area specifying step searches the content data for bit data composed of a bit string indicated by the bit pattern information, 59. The program recording medium according to claim 58, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the bit data is specified. 61. The cryptographic method information further includes algorithm information for specifying an algorithm to be used for cryptographic processing. The cryptographic processing step uses the algorithm specified by the algorithm information to execute the cryptographic processing. The program recording medium according to claim 58, wherein the area is encrypted. 62. A program recording medium storing a control program for causing a computer to execute content data encryption processing, wherein the content data encryption processing is for specifying content data and an encryption processing target area in the content data. A data acquisition step of receiving the transmitted data multiplexed with the encryption method information including the information of the above, and acquiring the content data and the encryption method information; and the encryption method information acquired by the data acquisition step Based on the area identification step of identifying the encryption processing target area in the content data acquired in the data acquisition step, and the area identification step in the content data acquired in the data acquisition step Encrypt the encryption target area Program recording medium characterized by comprising a cryptographic processing step of performing decoding. 63. The encryption method information includes synchronization pattern information indicating a certain bit string, and the area specifying step searches a synchronization pattern including the bit string indicated by the synchronization pattern information from the content data, 63. The program recording medium according to claim 62, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the synchronization pattern is specified. The area specifying step checks whether or not bit data composed of a bit string indicated by the synchronization pattern information exists at a position separated from the location of the searched synchronization pattern by a specific position. 64. The program recording medium according to claim 63, wherein validity of the retrieved synchronization pattern is verified. 65. The cryptographic method information further includes algorithm information for specifying an algorithm used for cryptographic processing, and the cryptographic processing step uses the algorithm specified by the algorithm information to perform the cryptographic processing. 63. The program recording medium according to claim 62, wherein the area is encrypted or decrypted. 66. A program recording medium recording a control program for causing a computer to execute content data encryption processing, wherein the content data encryption processing includes: a content data obtaining step of obtaining content data; and a part in the content data. Method for obtaining cryptographic information that includes instruction information for instructing to refer to specific data, and that includes information for specifying an encryption processing target area in the content data; and An area specifying step of specifying an encryption processing target area in the content data based on the encryption method information by referring to partial data in the content data according to the instruction information; and the area in the content data. Cryptographic process specified by specific step Program recording medium characterized by comprising a cryptographic processing step of encrypting or decoding to elephants region. 67. The encryption method information includes bit pattern information indicating a certain bit string, and the area specifying step searches for bit data including the bit string indicated by the bit pattern information from the content data, 67. The program recording medium according to claim 66, wherein an encryption processing target area located at a predetermined relative position with respect to the location of the bit data is specified. 68. The partial data designated to be referenced by the instruction information indicates the length of the encryption processing target area, and the area specifying step refers to the partial data according to the instruction information. 68. The program recording medium according to claim 67, wherein the encryption processing target area in the content data is specified by calculating the length of the encryption processing target area. 69. The cryptographic method information further includes algorithm information for specifying an algorithm to be used for cryptographic processing. The cryptographic processing step uses the algorithm specified by the algorithm information to perform the cryptographic processing. 67. The program recording medium according to claim 66, wherein the area is encrypted or decrypted. 70. A single data recording medium which is generally capable of recording encrypted content data, wherein the content data in which a region to be subjected to encryption processing is encrypted is recorded. A data recording medium comprising: a content data recording area; and an encryption method information recording area in which encryption method information including information for specifying an encryption processing target area in the content data is recorded. 71. The content data recording area includes:
8. A method according to claim 7, wherein a plurality of encrypted content data are recorded as files, and said encryption method information recording area records encryption method information for each file type.
0. A data recording medium according to item 0. 72. The method according to claim 71, wherein the encryption method information includes instruction information for instructing a decryption device that decrypts the content data to refer to partial data in the content data. Data recording medium. 73. The instruction information includes a bit pattern information indicating a certain bit string and a bit data consisting of a bit string indicated by the bit pattern information from the content data, and a predetermined position is determined based on a location of the bit data. 73. The data recording medium according to claim 72, further comprising information for instructing the decryption device to specify an encryption processing target area located at a relative position. 74. The instruction information indicates a length of the encryption processing target area, and the area identification step refers to the partial data in accordance with the instruction information to thereby determine the length of the encryption processing target area. 74. The data recording medium according to claim 73, wherein the encryption processing target area in the content data is identified by calculating the content. 75. The data recording medium according to claim 71, wherein said encryption method information further includes algorithm information for specifying an algorithm to be used when decrypting said content data. 76. The method according to claim 70, wherein the encryption method information includes instruction information for instructing a decryption device that decrypts the content data to refer to partial data in the content data. Data recording medium. 77. The encryption method information further includes second instruction information for detecting bit data composed of a bit string indicated by the bit pattern information from the content data, and the operation instructed by each instruction information is performed by the decryption device. 77. The data recording medium according to claim 76, wherein an order to be performed is determined. 78. The data recording medium according to claim 70, wherein said encryption method information further includes algorithm information for specifying an algorithm to be used when decrypting said content data. 79. The data recording medium according to claim 78, wherein said encryption method information includes a plurality of algorithm information and application range information indicating an application range of each algorithm information. 80. The cryptographic method information includes information indicating a priority to be used for selecting which one to apply when the applicable ranges of a plurality of pieces of algorithm information overlap with respect to the application of the algorithm information. 80. The data recording medium according to claim 79, wherein: 81. A data reading step of reading content data and encryption method information including information for specifying an encryption processing target area in the content data from a single portable storage medium; An area specifying step of specifying an encryption processing target area in the content data read in the data reading step based on the encryption method information read in the reading step; An encryption processing step of encrypting or decrypting the encryption processing target area specified by the area specification step in the content data. 82. An encryption processing method for encrypting content data and recording the encrypted content data on a storage medium, wherein encryption method information including information for specifying an encryption processing target area in the content data is portable. An encryption method information reading step for reading from a storage medium; an area identification step for identifying an encryption processing target area in the content data based on the encryption method information read in the encryption method information reading step; An encryption processing step of encrypting the encryption processing target area specified by the area identification step in the content processing; and a content data recording step of recording the content data encrypted by the encryption processing step on the storage medium. And a cryptographic processing method. 83. An encryption processing method for performing encryption processing on content data, wherein the content data and encryption method information including information for specifying an encryption processing target area in the content data are multiplexed and transmitted. Receiving the content data and acquiring the content data and the encryption method information; and the content acquired by the data acquisition step based on the encryption method information acquired by the data acquisition step. An area specifying step of specifying an encryption processing target area in the data; and a cipher for performing encryption or decryption on the encryption processing target area specified by the area specifying step in the content data acquired by the data acquisition step. And a processing step. 84. A cryptographic processing method for performing cryptographic processing on content data, comprising: a content data obtaining step of obtaining content data; and an encryption method including instruction information for instructing reference to partial data in the content data. An encryption method information obtaining step of obtaining encryption method information including information for specifying an encryption processing target area in the content data, and referring to partial data in the content data according to at least the instruction information An area specifying step of specifying an encryption processing target area in the content data based on the encryption method information; and encrypting the encryption processing target area specified by the area specifying step in the content data. Encryption processing step of performing encryption or decryption Management method.