JP2001175605A - Data processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data processor which can effectively protect the profit of a provider of content data. SOLUTION: Secure container 104 containing content data ciphered by using content key data, the mentioned ciphered content key data, and title deed data showing the handling of the content data is inputted from a content provider management part 180, and a charging process part 187 determines at least one of the purchase style and use style of the content data according to the handling that the title deed data indicate. The charging process part 187 generates history data showing the result of the mentioned decision. Each process part is stored in a tamper-resisting circuit module.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing device for performing processing related to provided content data.

[0002]

2. Description of the Related Art There is a data providing system which distributes encrypted content data to a data processing device of a user who has made a predetermined contract, and in which the content data is decrypted, reproduced and recorded. One of such data providing systems is a conventional EMD (Electronic Music Distribution) system for distributing music data.

FIG. 109 shows a conventional EMD system 700.
FIG. EMD system 700 shown in FIG.
Then, the content providers 701 a and 701 b provide the service provider 710 with the content data 70.
4a, 704b, 704c and copyright information 705a, 7
05b and 705c are encrypted with session key data obtained after mutual authentication and supplied online,
Or supply offline. Here, copyright information 7
05a, 705b, and 705c include, for example, SCMS (S
(Erial Copy Management System) information, digital watermark information requesting embedding in content data, and information relating to copyright requesting embedding in the transmission protocol of the service provider 710.

[0004] The service provider 710 decrypts the received content data 704a, 704b, 704c and the copyright information 705a, 705b, 705c using the session key data. Then, the service provider 710 embeds copyright information 705a, 705b, 705c in the decrypted or offline received content data 704a, 704b, 704c to generate content data 707a, 707b, 707c. At this time, the service provider 710, for example,
The digital watermark information of the copyright information 705a, 705b, 705c is converted into the content data 704a, 704b, 70.
A predetermined frequency region is changed and embedded in 4c, and SCMS information is embedded in a network protocol used when transmitting the content data to the user. Further, the service provider 710 determines that the content data 707a,
707b and 707c are encrypted using the content key data Kca, Kcb and Kcc read from the key database 706, respectively. Thereafter, the service provider 710 transmits the encrypted content data 707a, 707
Secure container 722 storing 07b and 707c
Is encrypted with the session key data obtained after the mutual authentication, and the CA (Conditi
onal Access) module 711.

[0005] The CA module 711 decrypts the secure container 722 using the session key data. Further, the CA module 711 uses the billing function such as electronic payment or CA to retrieve the content key data Kca, Kcb,
It receives Kcc and decrypts it using the session key data. This makes it possible for the terminal device 709 to decrypt the content data 707a, 707b, and 707c using the content key data Kca, Kcb, and Kcc, respectively. At this time, the CA module 7
11 performs a billing process for each content, generates billing information 721 corresponding to the result, encrypts the billing information 721 with session key data, and transmits the encrypted billing information 721 to the right processing module 720 of the service provider 710. In this case, CA
The module 711 collects user contract (update) information, which is an item that the service provider 710 wants to manage with respect to the service provided by the service provider 710, network rent such as a monthly basic fee, charging processing for each content, and physical network networking. Layer security.

When the service provider 710 receives the billing information 721 from the CA module 711, the service provider 710 and the content providers 701a, 701a, 7
01b and 701c. At this time,
The profit distribution from the service provider 710 to the content providers 701a, 701b, and 701c is performed, for example, by using the Japanese Society for Rights of Aut
hors, Composers and Publishers: Japan Music Copyright Association. Also, by JASRAC,
The profits of the content provider are distributed to the copyright owner, artist, lyricist / composer, affiliated production, etc. of the content data.

[0007] In the terminal device 709, when the content data 707a, 707b, 707c decrypted using the content key data Kca, Kcb, Kcc is recorded on a RAM type recording medium 723 or the like, the copyright information 70
The copy control is performed by rewriting the SCMS bits of 5a, 705b, and 705c. That is, on the user side, copy control is performed based on the SCMS bits embedded in the content data 707a, 707b, 707c,
Copyright is protected.

[0008]

SUMMARY OF THE INVENTION By the way, SCMS
The method prohibits copying of content data over, for example, two or more generations, and there is a problem that one generation can be copied without limitation, which is insufficient as protection for a copyright owner.

Further, in the above-mentioned EMD system 700, since the service provider 710 can freely handle unencrypted content data in a technical manner, a person involved in the content provider 701 can use the service provider 71
There is a problem that it is necessary to monitor the act 0 or the like, and the burden of the monitoring is large, and the profit of the content provider 701 is likely to be unduly damaged. In the above-described EMD system 700, the user terminal device 7
It is difficult to regulate the act of authoring the content data distributed by the service provider 710 and redistributing it to another terminal device or the like, which undesirably impairs the profit of the content provider 701.

SUMMARY OF THE INVENTION The present invention has been made in view of the above-mentioned problems of the prior art, and has as its object to provide a data processing apparatus capable of appropriately protecting the interests of the right holder (related party) of a content provider. . Another object of the present invention is to provide a data processing apparatus capable of reducing the burden of an audit for protecting the interests of the right holder of the content provider.

[0011]

In order to solve the above-mentioned problems of the prior art and to achieve the above-mentioned object, a data processing apparatus according to a first aspect of the present invention employs an encryption method using content key data. Based on the handling indicated by the right-sign data, input processing means for performing a process of inputting the encrypted content data, the encrypted content key data, and right-sign data indicating the handling of the content data. Determining means for determining at least one of a purchase mode and a usage mode of the content data; history data generating means for generating history data indicating the result of the determination; and decryption means for decrypting the content key data, the tamper-resistant Have in the circuit module.

The operation of the data processing apparatus according to the first aspect of the present invention will be described below. For example, the content data provided by the data providing device that provides the content data, the content data encrypted using the content key data, the encrypted content key data, and the rights document data indicating the handling of the content data are included. Is input to the input means. Next, at least one of the purchase mode and the use mode of the content data is determined based on the handling indicated by the rights document data, in response to an operation of the user to determine the purchase mode and the use mode of the content data. Is done. That is, the determination of the content data by the user is performed in accordance with the handling of the content data indicated by the license data. In this case, the related party of the data providing apparatus creates the rights document data, so that the related party can control the purchase and use of the content data. Next, history data indicating the result of the determination is generated by the history data generating means. The history data is sent, for example, to a management device that distributes profits obtained with the use of the content data to related parties. In addition, the first
In the data processing device according to the aspect of the present invention, the content key data is decrypted by the decryption means. In other words, by decrypting the content key data in the tamper-resistant circuit module, it is possible to decrypt the content data using the content key data only after a predetermined purchase mode determination process. Thus, illegal use of the content data can be effectively prevented.

Further, the data processing apparatus according to the first aspect of the present invention is preferably arranged such that, when the purchase mode is determined,
A use control data generating unit that generates use control data according to the determined purchase mode; and a use control unit that controls use of the content data based on the use control data. Having further within.

Further, the data processing apparatus according to the first aspect of the present invention preferably stores the content key data and the usage control data when the content data for which the purchase mode is determined is recorded on a recording medium. The encryption means for encrypting using the recording key data corresponding to the recording device used when recording the content data on the recording medium and the media key data corresponding to the recording medium is the tamper resistant. Further included in the circuit module.

Further, in the data processing apparatus according to the first aspect of the present invention, preferably, the input processing means further performs a process of inputting the content key data and the signature data of the rights certificate data, The apparatus further includes signature processing means for verifying the validity of the signature data in the tamper-resistant circuit module, and the determining means, after the validity of the signature data is confirmed by the signature processing means, Make the decision.

Further, in the data processing apparatus according to the first aspect of the present invention, preferably, the data processing apparatus stores a list of invalidated devices when transmitting / receiving data to / from another device. With reference to the described revocation list, if the revocation list does not indicate that the other device is invalid, data transmission / reception is performed with the other device.

Further, a data processing device according to a second aspect of the present invention receives provision of content data from a data providing device, and uses a profit obtained in accordance with at least one of purchase and use of the content data with a predetermined right A data processing device managed by a management device that performs a profit distribution process for distributing the content data to a user, wherein the content data provided by the data providing device and encrypted using content key data; The content key data;
Input processing means for performing a process of inputting rights document data indicating handling of the content data, and determining means for determining at least one of a purchase mode and a usage mode of the content data based on the handling indicated by the right document data A history data generating unit that generates history data indicating the result of the determination, an output unit that outputs the history data to the management device, and a decryption unit that decrypts the content key data, in a tamper-resistant circuit module. To have.

The operation of the data processing apparatus according to the second aspect of the present invention will be described. A process of inputting content data encrypted by using the content key data, the encrypted content key data, and right certificate data indicating handling of the content data, provided by the data providing device, in the input processing means Is performed. Next, the determining means determines at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data. Next, history data indicating a result of the determination is generated in a history data generation unit.
Next, the output unit outputs the history data to the management device.

The data processing apparatus according to the second aspect of the present invention preferably performs a process of inputting a module storing the content file and the key file.

Further, in the data processing apparatus according to the second aspect of the present invention, preferably, the input processing means includes a content file storing the content data, and a key storing the content key data and the rights certificate data. Perform the process of inputting the file.

Further, the data processing apparatus according to the second aspect of the present invention preferably further comprises decompression software for decompressing the compressed content data when the content data is compressed data. The data processing apparatus further includes control means for performing input processing of the module storing the stored content file and controlling the content data to be expanded using the expansion software.

Further, a data processing device according to a third aspect of the present invention is a data processing device, comprising: content data encrypted using content key data; the encrypted content key data; Input processing means for inputting a module storing the license data with a predetermined communication protocol in a format independent of the communication protocol or via a recording medium; and Determining means for determining at least one of a purchase mode and a use mode of the content data, history data generating means for generating history data indicating a result of the determination, and decryption means for decrypting the content key data. In a tamper-resistant circuit module.

The operation of the data processing apparatus according to the third aspect of the present invention will be described. In the input processing means, a module storing the content data encrypted using the content key data, the encrypted content key data, and the right certificate data indicating the handling of the content data is executed by a module that executes a predetermined communication protocol. The data is input in a format independent of the communication protocol or via a recording medium. Next, the determining means determines at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data. Next, history data indicating a result of the determination is generated in a history data generation unit. Also, in the decoding means,
The content key data is decrypted.

Further, a data processing device according to a fourth aspect of the present invention receives a content data provided by a data providing device from a data distribution device, and obtains a profit obtained in accordance with at least one of purchase and use of the content data. Is a data processing device managed by a management device that performs a profit distribution process for distributing to a predetermined right holder, provided by the data providing device, content data encrypted using content key data, Input processing means for inputting the encrypted content key data, rights document data indicating handling of the content data, and price data attached to the content data by the data distribution device; Based on the handling indicated by the data, the purchase form and the use form of the content data are reduced. Determining means for determining one of the contents data, history data generating means for generating history data indicating the result of the determination, and outputting the price data when a process of determining the purchase mode of the content data is performed. Output means for outputting data to the management device and decryption means for decrypting the content key data are provided in a tamper-resistant circuit module.

The operation of the data processing apparatus according to the fourth aspect of the present invention will be described. In the input means, the content data provided by the data providing device and encrypted by using the content key data, the encrypted content key data, right certificate data indicating handling of the content data, and the data distribution A process of inputting price data attached to the content data by the device is performed. Next, the determining means determines at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data. Next, history data indicating a result of the determination is generated in a history data generation unit. Further, the price data is output by the output means when the purchase process of the content data is determined. Further, the output unit outputs the history data to the management device. The decryption means decrypts the content key data.

[0026] In the data processing apparatus according to a fourth aspect of the present invention, preferably, the input processing means performs a process of inputting a module storing the content file and the key file.

[0027] In the data processing apparatus according to a fourth aspect of the present invention, preferably, the input processing means includes: a content file storing the content data; and a key file storing the content key data and the rights certificate data. And inputting the price data.

In a data processing apparatus according to a fifth aspect of the present invention, preferably, the input processing means includes: first signature data of the data providing apparatus, which is a creator and a sender of the content file; The second signature data of the data distribution device that is the sender of the content file, the third signature data of the management device that is the creator of the key file, and the second signature data of the data providing device that is the sender of the key file. 4, further storing signature data of the key file, fifth signature data of the data distribution device that is the sender of the key file, and sixth signature data of the data distribution device that is the creator and the sender of the price data. The data processing device performs a process of inputting a module, and the data processing device performs processing for the first signature data, the second signature data, and the third signature data. A signature processing unit for verifying the validity of the fourth signature data, the fifth signature data, and the sixth signature data in a tamper-resistant circuit module; The validity of the first signature data, the second signature data, the third signature data, the fourth signature data, the fifth signature data, and the sixth signature data is confirmed by signature processing means. After that, the above determination is made.

A data processing device according to a sixth aspect of the present invention receives a content data provided by a data providing device from a data distribution device, and obtains a profit obtained in accordance with at least one of purchase and use of the content data. Is a data processing device managed by a management device that performs a profit distribution process for distributing to a predetermined right holder, provided by the data providing device, content data encrypted using content key data, A module that stores the encrypted content key data, rights document data indicating the handling of the content data, and price data attached to the content data by the data distribution device, using a predetermined communication protocol to store the module. Performs input processing in a format independent of the communication protocol or via a recording medium. Input processing means, deciding means for deciding at least one of a purchase form and a use form of the content data based on the handling indicated by the rights document data, and history data generating means for producing history data indicating the result of the decision And an output unit that outputs the price data when the purchase process of the content data is determined and outputs the history data to the management device, and a decryption unit that decrypts the content key data. In a tamper-resistant circuit module.

The operation of the data processing device according to the sixth aspect of the present invention will be described. In the input processing means, the content data provided by the data providing device and encrypted by using the content key data, the encrypted content key data, right certificate data indicating handling of the content data, and the data A module storing the price data attached to the content data by the distribution device,
The data is input in a format independent of the communication protocol using a predetermined communication protocol or via a recording medium. Next, the determining means determines at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data. next,
In the history data generation means, history data indicating the result of the determination is generated. In the output unit, the price data is output when the purchase mode of the content data is determined, and the history data is output to the management device. Also, in the decoding means,
The content key data is decrypted.

A data processing device according to a seventh aspect of the present invention is a data processing device which receives content data provided by a data providing device from a data distribution device and is managed by a management device, Provided by the content data encrypted using the content key data, and the encrypted content key data,
Using a predetermined communication protocol, the module that stores the rights document data indicating the handling of the content data and the price data attached to the content data by the data distribution device in a format independent of the communication protocol. A first processing module for receiving from the device, decrypting the received module using shared key data, and performing a charging process for a distribution service of the module by the data distribution device. Further, the data processing device according to the seventh aspect, based on the handling indicated by the rights document data stored in the received module, determines a purchase mode and a usage mode of the content data stored in the received module. Determining means for determining at least one of them; history data generating means for generating history data indicating a result of the determination; and outputting the price data when the processing of determining the purchase mode of the content data is performed, and the history data. And a decryption means for decrypting the content key data, comprising a tamper-resistant second circuit module.

A data processing apparatus according to an eighth aspect of the present invention comprises:
A data processing device that performs a rights process on content data encrypted using the content key data based on the rights document data, and decrypts the encrypted content key data. A storage circuit that stores the content data, the content key data, and signature data indicating the validity of the rights document data are verified using corresponding public key data, and the contents data, the content key data, and the rights document are verified. A public key cryptographic circuit that uses the secret key data to create signature data indicating the validity of the content data, the content key data, and the rights document data for recording data on a recording medium or transmitting the data to another device. And the content data, the content key data and the A random number generation circuit that generates a random number for performing mutual authentication with the other device when transmitting online to the device, and decrypting the content key data, the content data, the content key data and When transmitting and receiving the rights document data to and from another device online, the content data, the contents key data and the rights document are used by using the session key data obtained by the mutual authentication with the other device. An external bus is used to transfer data between a common key encryption circuit that encrypts and decrypts data and an external storage circuit that stores at least one of the content data, the content key data, and the right data. Based on the external bus interface performed through the Determining at least one of the purchase form and usage form of the Ceiling data, and an arithmetic processing circuit for generating record data indicating the result of the determination in the tamper-resistant circuit module.

Further, the data processing apparatus according to the eighth aspect of the present invention preferably further comprises a hash value generation circuit for generating a hash value of the content data, the content key data, and the rights certificate data, The public key encryption circuit verifies the signature data and creates the signature data using the hash value.

In the data processing apparatus according to the eighth aspect of the present invention, preferably, control of access to the storage circuit and access to the external storage circuit via the external bus interface is performed. And a storage circuit control circuit that performs the operation in response to an instruction from the arithmetic processing circuit.

Further, the data processing apparatus according to the eighth aspect of the present invention preferably further comprises a storage management circuit for managing an address space of the storage circuit and the external storage circuit.

Preferably, in the data processing apparatus according to the eighth aspect of the present invention, when the content key data is encrypted using license key data having an expiration date, the storage circuit stores the content key data. Storing license key data, the data processing device further includes a real-time clock that generates real time, and the arithmetic processing circuit converts the license key data within an expiration date based on the real time indicated by the real-time clock. Read from the storage circuit, the common key encryption circuit decrypts the content key data using the read license key data.

In the data processing apparatus according to the eighth aspect of the present invention, preferably, at least one of the public key encryption circuit, the common key encryption circuit, and the hash function circuit is stored in the storage circuit. The program thus executed is implemented by the arithmetic processing circuit.

A data processing apparatus according to a ninth aspect of the present invention performs rights processing on content data encrypted using content key data based on the rights document data,
A data processing device for decrypting encrypted content key data, the storage circuit storing secret key data of the data processing device, and indicating the validity of the content data, the content key data, and the right certificate data. The content data and the content key data are used to verify the signature data using the corresponding public key data, and to record the content data, the content key data and the right certificate data on a recording medium or transmit the content data to another device. And a public key encryption circuit for creating signature data indicating the validity of the rights document data using the secret key data, and transmitting the contents data, the contents key data and the rights document data to another device online. In this case, a random number is generated to perform mutual authentication with the other device. A generating circuit, for decrypting the content key data and, when transmitting and receiving the content data, the content key data, and the rights certificate data to and from another device online, by obtaining the mutual authentication with the other device. A common key encryption circuit for encrypting and decrypting the content data, the content key data and the rights data using the session key data obtained, and at least one of the contents data, the content key data and the rights data. A tamper-resistant circuit module having an external bus interface for performing data transfer between an external external storage circuit for storing two data via an external bus, and Decide at least one of the content data purchase form and use form And has an arithmetic processing circuit that executes based on tamper-resistant program processing for generating history data indicating the result of the determination.

A data processing apparatus according to a tenth aspect of the present invention is a data processing apparatus mounted on a recording medium having a ROM type or RAM type recording area. A storage circuit that stores key data used when encrypting data stored in the recording area, a hash value generation circuit that generates a hash value of data input / output to / from another device, Perform mutual authentication with the device, verify the signature data created by another device using the secret key data using the corresponding public key data and the hash value, and authenticate the hash value and the secret key data. A public key cryptographic circuit for generating signature data using the same; a random number generation circuit for generating a random number for performing the mutual authentication; and data input / output to / from another device by the mutual authentication. A common key encryption circuit for encrypting and decrypting using the obtained session key data, an external interface, an arithmetic processing circuit, and storage for performing access to the storage circuit in accordance with an instruction from the arithmetic processing circuit The circuit control circuit is provided in a tamper-resistant circuit module.

In a data processing apparatus according to a tenth aspect of the present invention, preferably, the storage circuit is configured such that when content data recorded in the recording area is encrypted using content key data, The encrypted content key data is stored.

In a data processing apparatus according to a tenth aspect of the present invention, preferably, the storage circuit stores a revocation list indicating information for judging the validity of another apparatus when communicating with another apparatus. When storing, the arithmetic processing circuit stops communication with the other device when determining that the other device is invalid based on the revocation list.

A data processing device according to an eleventh aspect of the present invention is a data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, and includes secret key data of the data processing device. A storage circuit that stores key data used when encrypting data stored in the recording area, a hash value generation circuit that generates a hash value of data input / output to / from another device, Perform mutual authentication with the device, verify the signature data created by another device using the secret key data using the corresponding public key data and the hash value, and authenticate the hash value and the secret key data. A public key encryption circuit that creates signature data using the same; a random number generation circuit that generates a random number for performing the mutual authentication; an external interface; an arithmetic processing circuit; and the storage circuit. The to access, and a storage circuit control circuit for in response to a command from the arithmetic processing circuit in the tamper-resistant circuit module.

A data processing apparatus according to a twelfth aspect of the present invention is a data processing apparatus mounted on a recording medium having a ROM-type or RAM-type recording area, and includes secret key data of the data processing apparatus. A storage circuit that stores key data used when encrypting data stored in the recording area, and a mutual authentication between another device and a signature created by another device using secret key data. Verifying the data using the corresponding public key data, a public key encryption circuit that creates signature data using the secret key data, a random number generation circuit and an external interface that generate a random number for performing the mutual authentication, An arithmetic processing circuit and a storage circuit control circuit for accessing the storage circuit in accordance with an instruction from the arithmetic processing circuit are provided in a tamper-resistant circuit module.

A data processing device according to a thirteenth aspect of the present invention is a data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, and includes secret key data of the data processing device. A storage circuit that stores key data used when encrypting data stored in the recording area, and a mutual authentication between another device and a signature created by another device using secret key data. A public key encryption circuit that verifies data using corresponding public key data and creates signature data using the secret key data, a random number generation circuit that generates a random number for performing the mutual authentication, and an external interface. And a calculation processing circuit that executes processing for controlling circuits in the circuit module based on a tamper-resistant program.

A data processing apparatus according to a fourteenth aspect of the present invention is a data processing apparatus mounted on a recording medium having a ROM type or RAM type recording area. A storage circuit for storing key data used when encrypting data stored in the recording area, and verifying, using the corresponding public key data, signature data created by another device using the secret key data. A public key encryption circuit for generating signature data using the secret key data, an external interface, an arithmetic processing circuit, and a storage circuit for accessing the storage circuit in accordance with an instruction from the arithmetic processing circuit The control circuit is provided in a tamper-resistant circuit module.

A data processing apparatus according to a fifteenth aspect of the present invention is a data processing apparatus mounted on a recording medium having a ROM type or RAM type recording area. A storage circuit for storing key data used when encrypting data stored in the recording area, and verifying, using the corresponding public key data, signature data created by another device using the secret key data. A tamper-resistant circuit module having a public key cryptographic circuit for creating signature data using the secret key data, an external interface, and controlling a circuit in the circuit module based on a tamper-resistant program. And an arithmetic processing circuit to execute.

A data processing device according to a sixteenth aspect of the present invention is a data processing device for performing at least one of compression and decompression of content data, and performs mutual authentication with another device. A common key encryption circuit for encrypting and decrypting data input and output with the device using the session key data obtained by the mutual authentication,
A random number generation circuit for generating a random number for performing the mutual authentication, an arithmetic processing circuit, a compression / decompression circuit for performing at least one of data compression and decompression, and an electronic circuit for the data to be compressed and decompressed. An electronic watermark information processing circuit for detecting and embedding watermark information is provided in a tamper-resistant circuit module.

The data processing apparatus according to the sixteenth aspect of the present invention preferably further includes a semi-disclosed control circuit for controlling the data to be partially expanded.

A data processing apparatus according to a seventeenth aspect of the present invention is a data processing apparatus for accessing a ROM-type or RAM-type recording medium, and is provided for data input / output to / from another apparatus. A hash value generation circuit that generates a hash value and mutual authentication are performed between another device, signature data created by another device is verified using common key data and the hash value, and the hash value and the hash value are compared. A common key encryption circuit that creates signature data using the common key data and encrypts and decrypts data input / output with another device using the session key data obtained by the mutual authentication; A random number generation circuit for generating a random number for performing mutual authentication, an arithmetic processing circuit, encoding data to be recorded on the recording medium, and decoding data read from the recording medium That has a encoding and decoding circuit in the tamper-resistant circuit module.

The data processing apparatus according to a seventeenth aspect of the present invention preferably includes a storage circuit for storing an identifier of the data processing apparatus, and the storage circuit storing the identifier of the data processing apparatus and the identifier of the recording medium. A recording key data generation circuit that generates unique recording key data on a recording medium, wherein the common key encryption circuit uses the recording key data to generate content data recorded on the recording medium. Perform encryption and decryption.

A data processing apparatus according to an eighteenth aspect of the present invention is a data processing apparatus for accessing a ROM-type or RAM-type recording medium, and is provided for data input / output to / from another apparatus. A hash value generation circuit for generating a hash value and mutual authentication are performed between another device, signature data created by another device is verified using public key data and the hash value, and the hash value and the A public key encryption circuit that creates signature data using the public key data;
A random number generation circuit that generates a random number for performing the mutual authentication, an arithmetic processing circuit, and an encoding / decoding circuit that encodes data to be recorded on the recording medium and decodes data read from the recording medium; In the circuit module.

A data processing apparatus according to a nineteenth aspect of the present invention is a data processing apparatus for accessing a ROM-type or RAM-type recording medium, and is provided for data input / output to / from another apparatus. A hash value generation circuit that generates a hash value and mutual authentication are performed between another device, signature data created by another device is verified using common key data and the hash value, and the hash value and the hash value A common key encryption circuit that creates signature data using the common key data and encrypts and decrypts data to be input / output with another device using the session key data obtained by the mutual authentication; A random number generation circuit for generating a random number for performing mutual authentication; an encoding / encoding circuit for encoding data to be recorded on the recording medium and decoding data read from the recording medium; It has a circuit module tamperproof, and an arithmetic processing circuit for executing, based on the circuit processing the tamper resistance of a program for controlling the circuit in the module and a code circuit.

A data processing apparatus according to a twentieth aspect of the present invention is a data processing apparatus for accessing a ROM-type or RAM-type recording medium, and is provided for data input / output to / from another apparatus. A hash value generation circuit for generating a hash value and mutual authentication are performed between another device, signature data created by another device is verified using public key data and the hash value, and the hash value and the A public key encryption circuit that creates signature data using the public key data;
A tamper-resistant circuit module comprising: a random number generation circuit that generates a random number for performing the mutual authentication; and an encoding / decoding circuit that encodes data to be recorded on the recording medium and decodes data read from the recording medium. And an arithmetic processing circuit that executes processing for controlling a circuit in the circuit module based on a tamper-resistant program.

[0054]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an EMD (Electronic Music Distribution) system according to an embodiment of the present invention will be described. First Embodiment FIG. 1 is a configuration diagram of an EMD system 100 according to the present embodiment. In the present embodiment, the content data distributed to the user refers to digital data in which the information itself has a value, and will be described below using music data as an example. As shown in FIG. 1, the EMD system 100 includes a content provider 101, an EMD service center (clearing house, hereinafter also referred to as ESC) 102, and a user home network 103. Here, the content provider 101, the EMD service center 102, and the SAMs 105 _{1 to} 105 ₄ correspond to the data providing device, the management device, and the data processing device of the present invention, respectively. First, an outline of the EMD system 100 will be described. In the EMD system 100, the content provider 101 uses a license (e.g., content key data Kc used when encrypting the content data C of the content to be provided by the content provider 101 and a license such as a license condition of the content data C). UCP: Usage Control P
licy) data 106 and digital watermark information management data indicating the content and the embedding position of the digital watermark information are transferred to the EMD service center 1 which is a highly reliable authority.
Send to 02.

The EMD service center 102 receives the content key data K received from the content provider 101.
(c) Register (authentication and authorization) the right certificate data 106 and the digital watermark information key data. Further, EMD service center 102, the corresponding period of the license key data KD ₁ ~KD5 ₆ in encrypted content key data K
c, creates a key file KF in which the license data 106 and its own signature data are stored, and sends it to the content provider 101. Here, the signature data is
It is used to verify whether the key file KF has been tampered, the validity of the creator of the key file KF, and whether the key file KF has been registered properly in the EMD service center 102.

The content provider 101 encrypts the content data C with the content key data Kc to generate a content file CF, and generates the content file CF, the key file KF received from the EMD service center 102, and Secure container (module of the present invention) 10 storing signature data of
4 is distributed to the user home network 103 using a network such as the Internet or a package medium such as digital broadcasting or a recording medium. Here, the signature data stored in the secure container 104 is used to verify whether the corresponding data has been tampered with, and to verify the creator and sender of the data.

The user home network 103 includes, for example, a network device 160 ₁ and an AV device 160 ₂
With a 160 _4. The network device 160 ₁
AM has a built-in (Secure Application Module) 105 _1. The AV devices 160 _{2 to} 160 ₄ are SAM
It has a built-in 105 _{2-105 4.} SAM105 ₁ ~
105 ₄ mutual, for example, IEEE (Institute ofEle
ctrical and Electronics Engineers) are connected via a bus 191 such as a 1394 serial interface bus.

The SAMs 105 _{1 to} 105 ₄ store the recording medium on the secure container 104 received by the network device 160 ₁ online from the content provider 101 via a network or the like, and / or the recording media from the content provider 101 to the AV devices 160 _{2 to} 160 _4. after it decrypted using the license key data KD ₁ ~KD ₃ of period corresponding the secure container 104 supplied offline via verifies the signature data. SAM1
05 _{1 to} 105 ₄ Secure container 104 supplied
Is the network device 160 ₁ and the AV device 160
In _{2-160 4,} after the purchase and usage mode is determined in response to the user's operation, a target such as a recording of the reproducing or recording medium. The SAMs 105 _{1 to} 105 ₄ record the purchase / use history of the secure container 104 described above as a use history.
(Usage Log) The data is recorded as data 108, and usage control data 166 indicating the purchase mode is created. The usage history data 108 is, for example, the EMD service center 102
User home network 103 in response to a request from
To the EMD service center 102. The usage control data 166 is transmitted from the user home network 103 to the EMD service center 102 every time the purchase mode is determined, for example.

The EMD service center 102 determines (calculates) the billing content based on the usage history data 108,
Based on the result, settlement is made to a settlement agency 91 such as a bank via the payment gateway 90. As a result, the money paid by the user of the user home network 103 to the settlement institution 91 is transferred to the EMD service center 102.
By the content provider 101
Paid for. In addition, the EMD service center 102
The settlement report data 107 is transmitted to the content provider 101 at regular intervals.

In this embodiment, the EMD service center 1
02 has an authentication function, a key data management function, and a right processing (profit distribution) function. That is, the EMD service center 102 sends a request to the root certificate authority 92, which is the highest authority in a neutral position, (the root certificate authority 92).
Second Certificate Authority (located below)
e Authority), and attaches a signature to the public key certificate data of the public key data used in the signature data verification processing in the content provider 101 and the SAMs 105 _{1 to} 105 ₄ using the secret key data of the EMD service center 102. This authenticates the validity of the public key data. As described above, the EMD service center 102 also registers the rights document data 106 of the content provider 101 and authorizes it.
This is one of the authentication functions of the service center 102. Also,
EMD service center 102, for example, has a key data management function for managing the key data, such as license key data KD ₁ ~KD _6. Further, the EMD service center 102 transmits the standard retail price SRP (Suggested Retailer 'Price) and S
Based on the usage history data 108 input from the AM 105 _{1 to the} SAM 105 _4, a right processing (profit distribution) function of performing settlement for purchase and use of content by the user and distributing the money paid by the user to the content provider 101. Having.

FIG. 2 is a diagram summarizing the concept of the secure container 104. As shown in FIG. 2, the secure container 104 stores the content file CF created by the content provider 101 and the EMD service center 10.
2 stores the key file KF created. The content file CF includes header data including a header portion and a content ID, encrypted content data C using the content key data Kc, and secret key data K of the content provider 101 for these.
_And signature data using _{CP and S} are stored. The key file KF includes header data including a header portion and a content ID, content key data Kc encrypted by the license key data KD _{1 to} KD ₆ , and rights certificate data 106, and secret information of the EMD service center 102 regarding these. Key data K _{ESC, S} and signature data are stored. Note that, in FIG.
06 may not be encrypted by the license key data. However, even in this case, the license data 106
Contains the secret key data K of the content provider 101.
_Adds signature data using _{CP and S.}

Hereinafter, each component of the EMD system 100 will be described in detail. [Content Provider 101] Before communicating with the EMD service center 102, the content provider 101, for example, generates its own public key data K _{CP, P} , its own identification card, and its bank account number (for settlement). EMD Service Center 1 Offline
02 and obtain its own identifier (identification number) CP_ID. In addition, the content provider 101 sends the EMD service center 102
Receiving the public key data K _ESC, and _P, public key data K _R-CA of the route certificate authority _92, and a _P of.

The content provider 101 is configured as shown in FIG.
(A), the signature data SIG6 _{, CP} of the content file CF, the key file KF shown in FIG. 3B corresponding to the content file CF read from the key file database 118b, and Key file KF signature data SIG _{7, CP}
When, it generates the public key certificate data CER _CP of the content provider 101 read from the storage unit 119, the public key certificate data CER _CP of the signature data SIG _{1, ESC} and the secure container 104 storing the. The content provider 101 supplies the secure container 104 online or offline, the network device 160 ₁ of the user home network 103 shown in FIG. As described above, in the present embodiment _, the public key certificate CE of the public key data K _{CP, P} of the content provider 101 is used.
In-band to be sent to the user home network 103 stores the R _CP in the secure container 104 (In-band)
The method is adopted. Therefore, the user home network 103 does not need to communicate with the EMD service center 102 to obtain the public key certificate CER _CP .
In the present invention, the public key certificate CER _CP is not stored in the secure container 104, and the user home network 103 obtains the public key certificate CER _CP from the EMD service center 102 (Out-Of-band). )
A method may be adopted.

In this embodiment, the signature data is stored in the content provider 101 and the EMD service center 10.
2 and each of the SAMs 105 _{1 to} 105 ₄ take the hash value of the data to be signed and are created using their own private key data K _{CP, S} , K _ESC , K _{SAM1 to} K _SAM4 . Here, the hash value is generated using a hash function. The hash function is a function that receives target data as input, compresses the input data into data having a predetermined bit length, and outputs the data as a hash value.
It is difficult to predict the input from the hash value (output), and the hash function is one of the data input to the hash function.
When bits change, many bits of the hash value change, and it is difficult to find input data having the same hash value.

Hereinafter, each data in the secure container 104 will be described in detail. <Signature Data SIG _{6, CP} > The signature data SIG _{6, CP} is used at the destination of the secure container 104 to verify the validity of the creator and sender of the content file CF. <Signature Data SIG _{7, CP} > The signature data SIG _{7, CP} is used at the destination of the secure container 104 to verify the validity of the sender of the key file KF. Note that the validity of the creator of the key file KF at the destination of the secure container 104 is verified by checking the key file KF.
This is performed based on the signature data SIG _{K1, ESC} in F. The signature data SIG _{K1 and ESC} are stored in the key file KF.
It is also used to verify whether or not it is registered in the EMD service center 102.

<Content File CF> FIG.
FIG. 4 is a diagram for explaining the content file CF shown in FIG. As shown in FIGS. 3A and 4, the content file CF includes header data, metadata Meta and content data C, A / V encrypted with the content key data Kc respectively input from the encryption unit 114. It stores decompression software Soft and a digital watermark information module (Watermark Module) WM. FIG. 3A shows a DSP (Digital S / D) as an AV compression / expansion device for expanding the content data C.
ignal Processor)
This is the configuration of F. In this DSP, secure container 1
Using the A / V decompression software and the digital watermark information module in 04, the content data C in the secure container 104 is decompressed and the digital watermark information is embedded and detected. Therefore, the content provider 101 can employ an arbitrary compression method and an electronic watermark information embedding method. A / V as AV compression / decompression device
When the decompression processing and the processing for embedding and detecting digital watermark information are performed using hardware or software stored in advance, the A / V
Decompression software and a digital watermark information module need not be stored.

As shown in FIG. 4, the header data includes, as shown in FIG. 4, a synchronization signal, a content ID, signature data based on the secret key data _{KCP, S} of the content provider 101 for the content ID, directory information, hyperlink information,
Signature data by the secret key data _{KCP, S} of the content provider 101 regarding the serial number, the expiration date of the content file CF, creator information, file size, presence / absence of encryption, information on encryption algorithm, signature algorithm, and directory information. Is included.

As shown in FIG. 4, the metadata Meta includes a description of the product (content data C), product demonstration advertisement information, product-related information, and signature data of these items by the content provider 101. In the present invention, as shown in FIGS. 3A and 4, a case where the metadata Meta is stored in the content file CF and transmitted is exemplified. However, the metadata Meta is not stored in the content file CF. , Content file C
F may be transmitted from the content provider 101 etc. SAM 105 ₁ in a different route than that to send.

The content data C is obtained, for example, by adding source digital watermark information (Source Watermark) to content data read from a content master source database.
ark) Ws, digital watermark information for copy management (Copy Control
Watermark) Wc, User Watermark Information (User Watermar
k) Wu and digital watermark information for link (Link Watermark)
After embedding the WL or the like, for example, ATRAC3 (Ada
ptive Transform Acoustic Coding 3) (trademark)
c as a common key, DES (Data Encryption Stand
ard) or Triple DES. Here, the content key data Kc is obtained, for example, by generating a random number of a predetermined number of bits using a random number generator. Note that the content key data K
c may be generated from information on music provided by the content data. The content key data Kc is updated, for example, every predetermined time. When there are a plurality of content providers 101, the content key data K unique to each content provider 101 is determined.
c may be used, or all content providers 10
1 may use common content key data Kc.

The source digital watermark information Ws is information relating to copyright, such as the name of the copyright holder of the content data, the ISRC code, the authoring date, the authoring device ID (Identification Data), and the distribution destination of the content. The copy management digital watermark information Wc is information including a copy prohibition bit for copy prevention via an analog interface. The user digital watermark information Wu includes, for example, an identifier CP of the content provider 101 for specifying a source and a destination of the secure container 104.
_ID and SAM of user home network 103
Identifiers SAM_ID _{1 to} SAM_ of 105 _{1 to} 105 ₄
ID ₄ is included. Link digital watermark information (Link Wate
rmark) WL includes, for example, the content ID of the content data C. By embedding the link digital watermark information WL in the content data C, for example, even when the content data C is distributed by analog broadcasting such as television or AM / FM radio, an EMD service center is provided in response to a request from a user. 102 can introduce the content provider 101 handling the content data C to the user. That is, the content data C
Of the link, the link digital watermark information WL embedded in the content data C using the digital watermark information decoder is detected, and the content ID included in the detected link digital watermark information WL is transmitted to the EMD service center 102. By doing so, the EMD service center 10
2 can introduce the content provider 101 handling the content data C to the user.

Specifically, for example, when the user listens to the radio in a car and presses a predetermined button when the user thinks that the tune being broadcast is good, the user can use the electronic device built in the radio. The watermark information decoder detects the content ID included in the link electronic watermark information WL embedded in the content data C, the communication address of the EMD service center 102 in which the content data C is registered, and the like. Media SAM mounted on portable media such as semiconductor memory such as memory stick or optical disk such as MD (Mini Disk)
To record. Then, the portable medium is set to a network device equipped with a SAM connected to the network. After the SAM and the EMD service center 102 perform mutual authentication, the personal information loaded on the media SAM and the recorded content I
D and the like are transmitted from the network device to the EMD service center 102. After that, the network device receives, from the EMD service center 102, an introduction list or the like of the content provider 101 handling the content data C. In addition, for example, EMD
When the service center 102 receives a content ID or the like from a user, the service center 102 may notify the content provider 101 that provides the content data C corresponding to the content ID of information identifying the user.
In this case, the content provider 1 that received the communication
01 may transmit the content data C to the user's network device if the user is a contractor, and may transmit promotion information relating to the user to the user's network device if the user is not a contractor.

In the second embodiment to be described later, the EMD service center 302 can introduce the service provider 310 handling the content data C to the user based on the link digital watermark information WL.

In the present embodiment, preferably, the contents and embedding position of each digital watermark information are defined as a digital watermark information module WM, and the EMD service center 102 registers and manages the digital watermark information module WM. I do. Electronic watermark information module WM, for example, the network device 160 ₁ and AV apparatuses 160 ₂ to 160 ₄ in the user home network 103,
Used to verify the validity of digital watermark information. For example, in the user home network 103, based on the user digital watermark information module managed by the EMD service center 102, when both the embedding position of the digital watermark information and the content of the embedded digital watermark information match, the digital watermark information is By determining that the digital watermark information is valid, the embedding of the false electronic watermark information can be detected with a high probability.

The A / V decompression software Soft is installed on the network device 16 of the user home network 103.
In 0 ₁ and AV apparatuses 160 ₂ to 160 _4, a software used when decompressing the content file CF, for example, a decompression software ATRAC3 technique. Thus, by storing the A / V decompression software Soft in the secure container 104, SAM 105 ₁ to 105 ₄ in the software stored A / V decompression in the secure container 104 So
The content data C can be expanded using ft. Even if the content provider 101 freely sets the compression and expansion method of the content data C for each content data C or each content provider 101, a great burden is imposed on the user. We do not put on.

Also, the contents file CF includes
As shown in the figure, a file reader and secret key data K _{cp, S}
And the signature data of the file reader. By doing so, the SAMs 105 ₁ to 10 5
In 5 _4, a plurality of secure containers of different series 104
Secure containers 104 each storing content files CF of different formats received from
Can be processed efficiently.

Here, the file reader is used when reading the content file CF and the corresponding key file KF, and shows the reading procedure of these files. However, in the present embodiment, the EMD service center 102 to the SAM 105 ₁ to 105 _4, which illustrates the case where sending the files reader in advance. That is, in the present embodiment, the content file CF of the secure container 104 does not store a file reader.

In the present embodiment, the compression method of the content data C, the presence or absence of compression, the encryption method (including both the common key encryption method and the public key encryption method), and the The encrypted content data C is stored in the secure container 104 in a format that does not depend on the specifications (such as the sampling frequency) and the signature data creation method (algorithm). That is,
These items can be freely determined by the content provider 101.

<Key File KF> FIG.
FIG. 6 is a diagram for describing in detail the key file KF shown in FIG. In the present embodiment, for example, as shown in FIG.
After the registration module Mod ₂ is sent to the registration module ₂ and the registration processing is performed, the key file KF for, for example, six months is stored in the EM.
D service center 102 to content provider 10
1 and stored in the key file database.
At this time, when transmitting and receiving the registration module Mod ₂ and the key file KF, the content provider 101
Mutual authentication with the MD service center 102 and encryption and decryption by the session key data K _SES are performed. The key file KF exists for each content data C, and as described later, a link relationship with the corresponding content file CF is specified by the directory structure data DSD in the header of the content file CF. The key file KF includes FIGS. 3 (B) and 5
As shown in the figure, the header, the content key data Kc, the license data (license conditions) 106, the SAM program
Download containers SDC ₁ ~SDC ₃ and the signature data SIG _{K1, ESC} are stored. Here, the signature data using the secret key data K _{ESC, S} of the content provider 101 is stored in the key file K as shown in FIG.
Signature data for all data stored in F
_{K1, ESC} , or signature data for the data from the header to the information on the key file as shown in FIG.
6 may be provided separately from the signature data for the SAM program download container SDC. The content key data Kc and the usage control policy data 106, and the SAM program download containers SDC ₁ ~SDC _3, is encrypted by using the license key data KD ₁ ~KD ₆ of the corresponding period. Note that the license data 106 may not be stored in the key file KF. In this case, for example,
The license data 106 adds signature data without performing encryption using license key data.

As shown in FIG. 5, the header data includes a synchronization signal, a content ID, signature data of the content provider 101 using the secret key data K _{ESC, S} for the content ID, directory structure data, hyperlink data, Information about the key file KF and signature data of the content provider 101 with the secret key data K _{ESC, S} for the directory structure data and the like are included. Various information can be considered as information to be included in the header data, and can be arbitrarily changed according to the situation.
For example, the header data may include information as shown in FIG. The content ID includes, for example, information shown in FIG. The content ID is the EMD service center 102 or the content provider 10
Created in the 1, EMD service center when it is created in 102 the secret key data K _ESC of the EMD service center 102 as shown in FIG. _8, the signature data by the _S is attached, if it is created in the content provider 101 Is attached with the secret key data K _{CP, S} of the content provider 101. The content ID is the content provider 101 and the EMD service center 10
2 may be created.

The directory structure data indicates the correspondence between the content files CF in the secure container 104, the content file CF and the key file K
The correspondence with F is shown. For example, the content file CF ₁ ~CF ₃ in the secure container 104, if the key file KF ₁ ~KF ₃ corresponding thereto is stored, as shown in FIG. 9, the content file CF ₁ ~CF ₃ and links between them, and the link relationship between the content files CF ₁ ~CF ₃ and the key files KF ₁ ~KF ₃ is established by the directory structure data. Hyperlink data is secure container 1
04, the hierarchical structure between the key files KF and the content file CF
And the key file KF. Specifically, as shown in FIG. 10, address information of a link destination for each content file CF and key file KF and its authentication value (hash value) are stored in the secure container 104, and a hash function H (x) is stored. And verifies the link relationship by comparing the hash value of its own address information obtained by using the authentication value of the other party with the authentication value of the other party.

The license data 106 is a descriptor (descriptor) defining the operation rule of the content data C. For example, the wholesale price desired by the operator of the content provider 101, the copy rule of the content data C, etc. Is described. Specifically, as shown in FIG. 5, the license data 106 includes a content ID, an identifier CP_ID of the content provider 101, an expiration date of the license data 106, and the EMD service center 102.
Communication address, usage space survey information, wholesale price information SR
It includes P (Suggested Retailer 'Price), handling policy, handling control information (Usage Control), handling control information of product demonstration (listening), and signature data about them.
Here, the handling control information is, for example, a re-distribution (Re-Distribution
), Playback Charge (PayPer Use), Complete Purchase (Sell T
hrough), Time Limited Sell Throug
h), limit purchase out (Shell Through Pay Per Play
N), information indicating a licensed purchase form among purchase forms such as time billing (Pay Per Time), reproduction billing to the SCMS device, and block billing (Pay Per Block).

When the secure container 304 is transmitted to the user home network 303 via the service provider 310 as in a second embodiment to be described later, the rights certificate data 106 includes the contents provider 3
01 contains the identifier SP_ID of the service provider 310 that provides the secure container 104.

Also, the SAM program download
Containers SDC _{1 to} SDC ₃ have, as shown in FIG.
SAM 105 ₁ to 105 ₄ within the downloading driver showing a procedure of downloading for use in performing the downloading of the program, the usage control policy data (UCP) U1
UCP-L (Label) showing the syntax (grammar) of 06
. Label reader such as R (Reader) and SAM105 ₁
To 105 ₄ built in the storage unit 192 (mask ROM1
Flash-R such as 104, nonvolatile memory 1105
Lock key data for making the rewriting and erasing of the OM) into a locked state / unlocked state in block units, and signature data thereof are included. SAM105 ₁
To 105 In the _fourth mask ROM1104 and nonvolatile memory 1105, based on the lock key data for controlling whether or not to allow rewriting and erasing the stored data in block units.

Hereinafter, the secure container 10 is transferred from the content provider 101 to the user home network 103.
A mode for supplying 4 will be described. As described above, the content provider 101
4 to the user home network 103 offline and / or online. The content provider 101 is connected to the secure container 104 online.
Is supplied to the network device 160 ₁ of the user home network 103,
Perform mutual authentication with the ₁ share session key (common key) data K _SES, sends to the EMD service center 102 is encrypted using the secure container 104 to the session key data K _SES. Session key data K
_{The SES} is newly generated each time mutual authentication is performed. At this time, if the communication protocol for transmitting the secure container 104 is digital broadcasting, MHEG (Multimedia an
d Hypermedia information coding Experts Group) protocol, if it is Internet, XML / SMI
Using L / HTML (Hyper Text Markup Language), the secure container 104 is included in these communication protocols.
Is embedded by tunneling in a format independent of the encoding method. Therefore, the communication protocol and the secure container 1
The format of the secure container 104 can be flexibly set without the necessity of maintaining the consistency of the format with the format of the secure container 104. Note that the secure container 104 is transferred from the content provider 101 to the user home network 103.
The communication protocol used when transmitting is not limited to the one described above, and is optional. In the present embodiment, as a module for communicating between each other which is incorporated in the content provider 101, EMD service center 102 and the network apparatus 160 _1, for example, monitoring of the internal processing content (monitoring) and can not tamper or difficult A communication gateway having a tamper-resistant structure is used.

When the content provider 101 supplies the secure container 104 to the user home network 103 off-line, the content provider 101 records the secure container 104 on a ROM or RAM type recording medium as described below. The recording medium is supplied to the user home network 103 via a predetermined distribution channel. FIG. 11 shows a ROM type recording medium 1 used in the present embodiment.
It is a diagram for explaining the 30 _1. As shown in FIG. 11, the ROM type recording medium 130 ₁
1. Secure RAM area 132 and media SAM1
33. The ROM area 131 stores the content file CF shown in FIG. Also,
The secure RAM area 132 is an area that requires a predetermined permission (authentication) to access the stored data.
The key file KF and the public key certificate data CER _CP shown in (B) and (C) and the recording key data K _STR having a unique value according to the type of device are used as arguments to the MAC (Messa).
The signature data generated by using the (ge Authentication Code) function and the data obtained by encrypting the key file KF and the public key certificate data CER _CP using the media key data K _MED having a value unique to the recording medium. It is memorized.
Further, in the secure RAM area 132, for example, public key certificate discard data (revocation list) for specifying the content provider 101 and the SAMs 105 _{1 to} 105 ₅ that have been invalidated due to fraud or the like are stored. The media SAM used in the present embodiment and the media drive SAM 260 described below compare the time of creation of their own revocation list with the other party's revocation list when they communicate with each other. If the revocation list is created before, the revocation list is updated by the revocation list of the other party. Further, the secure in the RAM area 132, and user home SAM 105 ₁ to 105 usage control status _{which 4} purchase and usage of the content data C is generated when it is determined in the network 103 (UCS) data 166 as described below Is stored. As a result, the usage control data 166 becomes secure RA
By being stored in the M region 132, the recording medium 130 ₁ of ROM type purchase and usage mode is determined. Media S
The AM 133 includes, for example, a ROM-type recording medium 130 ₁
ID, which is an identifier of the media key data K
_MED is stored. The media SAM 133 has, for example, a mutual authentication function.

[0086] As ROM-type recording medium used in the present embodiment, for example, in addition to those shown in FIG. 11, RO shown in the recording medium 130 ₂ and 13 of the ROM type shown in FIG. 12
Such as M-type recording medium 130 ₃ is also conceivable. A ROM-type recording medium 130 ₂ shown in FIG. 12 has a ROM area 131 and a medium SAM 133 having an authentication function.
No secure RAM area 132 is provided unlike the ROM type recording medium 130 ₁ shown in FIG. In the case of using the recording medium 130 ₂ of ROM type, and records the content file CF in the ROM area 131, and stores the key file KF in the media SAM 133. The ROM shown in FIG.
Recording medium 130 ₃ type has a ROM area 131 and the secure RAM region 132, does not have the media SAM133 like recording medium 130 ₁ of ROM type shown in FIG. 11. In the case of using the recording medium 130 ₃ of ROM type, and records the content file CF in the ROM area 131, and records the key file KF in the secure RAM region 132. When the ROM type recording medium 130 ₃ is used, mutual authentication with the SAM is not performed. In this embodiment, a RAM-type recording medium is used in addition to a ROM-type recording medium.

As a RAM type recording medium used in the present embodiment, for example, as shown in FIG.
33, a RAM-type recording medium 130 ₄ having a secure RAM area 132 and an insecure RAM area 134
There is. In the RAM type recording medium 130 ₄ , the medium S
The AM 133 has an authentication function and stores a key file KF. In the RAM area 134, a content file CF is recorded. Also, the RAM used in the present embodiment
Other types of recording media include the RAM shown in FIG.
Like recording medium 130 ₆ RAM type shown in the recording medium 1350 ₅ and 16 of the mold is also conceivable. RA shown in FIG.
Recording medium 130 ₅ M type has a RAM area 134 is not secure and the media SAM133 having an authentication function, does not have the secure RAM region 132 as the recording medium 130 ₄ of RAM type shown in FIG. 14. In the case of using the recording medium 130 ₅ of RAM type, RAM region 134
The content file CF is recorded in the media SAM1.
33 stores the key file KF. The recording medium 130 ₆ RAM type shown in FIG. 16 has a RAM area 134 is not a secure RAM region 132 and the secure,
It has no media SAM133 like recording medium 130 ₄ of RAM type shown in FIG. 14. In the case of using the recording medium 130 ₆ RAM type records the content file CF in the RAM region 134, the secure RAM region 132
Record the key file KF. In the case of using the recording medium 130 ₆ RAM type, mutual authentication is not performed between the SAM.

[0088] Here, distribution of the content data C from the content provider 101 to the user home network 103, either right as when using the case and a network carried out using the recording medium 130 ₁ as described above performs online A common format secure container 104 in which the document data 106 is stored is used. Therefore, the SAMs 105 _{1 to} 105 ₄ of the user home network 103
Now, whether you ’re offline or online,
Rights processing based on the common rights data 106 can be performed.

As described above, in this embodiment,
In the secure container 104, the content key data Kc
An in-band method is used in which the content data C encrypted by the above method and the content key data Kc for decrypting the encrypted content data are enclosed. The in-band method has an advantage in that it is not necessary to separately distribute the content key data Kc when the content data C is to be reproduced on a device of the user home network 103, and the load of network communication can be reduced. The content key data Kc is the license key data KD _{1 to} KD.
₆ , the license key data KD _1-
The KD ₆ is managed by the EMD service center 102 and the SAM 105 _{1 of the} user home network 103
To 105 in advance to ₅ (SAM105 _{1 ~105 4} is EM
D service center 102 for the first time), the user home network 103 does not connect to the EMD service center 102 online, but stores the content data C
Can be used. The present invention has the flexibility of adopting an Out-Of-Band method for separately supplying the content data C and the content key data Kc to the user home network 103 as described later. are doing.

Hereinafter, a flow of processing related to creation of the secure container 104 in the content provider 101 will be described. FIG. 17, FIG. 18, and FIG. 19 are flowcharts for explaining the flow of the processing. Step S17-1: The related party of the content provider 101 performs registration processing in the EMD service center 102 offline using, for example, its own ID card and a bank account for performing payment processing, and obtains a globally unique identifier CP_ID. Have gained. Further, the content provider 101 determines in advance its own public key certificate data CER.
_{The CP} is obtained from the EMD service center 102. Step S17-2: The content provider 101
Content master sources such as newly authored content data and already stored legacy content data are digitized, and content IDs are further allocated and stored in a content master source database for centralized management. Step S17-3: The content provider 101
In step S17-2, metadata Meta is created in each of the content master sources managed centrally,
This is stored and managed in the metadata database.

Step S17-4: The content provider 101 reads out content data as a content master source from the content master source database and embeds digital watermark information. Step S17-5: The content provider 101
The content of the digital watermark information embedded in step S17-4 and the embedding position are stored in a predetermined database. Step S17-6: Compress the content data in which the digital watermark information is embedded. Step S17-7: The content provider 101
The content data compressed in step S17-6 is expanded to generate content data. Step S17-8: The content provider 101
An auditory test is performed on the expanded content data. Step S17-9: The content provider 101
The digital watermark information embedded in the content data is detected based on the embedded content and the embedded position stored in the database in step S17-5. If both the auditory test and the detection of the digital watermark information succeed, the content provider 101 proceeds to step S1.
The process of 7-10 is performed, and if one of the processes fails, the process of step S17-4 is repeated.

Step S17-10: The content provider 101 generates a random number and generates the content key data Kc
And retain it. Further, the content provider 101 encrypts the content data compressed in step S17-6 using the content key data Kc.

Step S17-11: The content provider 101 checks the content file C shown in FIG.
F is created and stored in the content file database.

Step S17-12: The content provider 101 creates the license data 106 for the content data C. Step S17-13: Content Provider 101
Determines the SRP. Step S17-14: Content Provider 101
Outputs the content ID, the content key data Kc, and the license data 106 to the EMD service center 102. Step S17-15: Content Provider 101
Inputs the encrypted key file KF by the license key data KD ₁ ~KD ₃ from the EMD service center 102. Step S17-16: Content Provider 101
Stores the input key file KF in the key file database.

Step S17-17: The content provider 101 connects the link relationship between the content file CF and the key file KF by a hyperlink. Step S17-18: Content provider 101
Takes the hash value of the content file CF and generates the signature data SIG6 _{, CP} using the secret key data _{KCP, S.} Further, the content provider 101 obtains a hash value of the key file KF and generates signature data SIG7 _{, CP} using the secret key data _{KCP, S.}

Step S17-19: As shown in FIG. 4, the content provider 101 sets the content file CF, the key file KF, and the public key certificate data CE.
R _CP , signature data SIG _{6, CP} , SIG _{7, CP} , SIG
_1. Create a secure container 104 storing _{the ESC} .

Step S17-20: When providing content data in a composite format using a plurality of secure containers, the processing of steps S17-1 to B19 is repeated to create each secure container 104,
The link relationship between the content file CF and the key file KF is linked to the link relationship between the content files CF using a hyperlink or the like. Step S17-21: Content provider 101
Stores the created secure container 104 in the secure container database.

[EMD Service Center 102] FIG.
FIG. 3 is a diagram showing main functions of the EMD service center 102. EMD service center 102, mainly, as shown in FIG. 20, a process for supplying the license key data to the content provider 101 and SAM 105 ₁ to 105 _4, the public key certificate data CER _CP, CER _SAM1 ~CE
R _SAM4 issuance processing, key file KF issuance processing, and settlement processing (profit distribution processing) based on usage history data 108 are performed.

<License Key Data Supply Process> First,
A flow of processing when transmitting license key data from the EMD service center 102 to the SAMs 105 _{1 to} 105 ₄ in the user home network 103 will be described. EMD
In the service center 102, for example, 3
The license key data KD ₁ ~KD ₃ of months of reading out from the key database, taking each of the hash value, EM
Using the secret key data K _{ESC, S} of the D service center 102, the corresponding signature data SIG _{KD1, ESC to} S
Create IG _{KD3, ESC} . Then, the EMD service center 102 transmits the license key data KD _{1 to} KD for three months.
D ₃ and their signature data SIG _{KD1, ESC} ~SIG
_{KD3 to, ESC,} after encrypting using the session key data K _SES obtained by the mutual authentication between the SAM 105 ₁ to 105 _4, and transmits to the SAM 105 ₁ to 105 _4. Also,
Likewise, EMD service center 102 to the content provider 101, for example, transmits the 6 months of the license key data KD ₁ ~KD _6.

<Public key certificate data issuance processing>
EMD service center 102 is content provider 1
A description will now be given of a process performed when a request for issuing the public key certificate data CER _CP is received from No. 01. EMD service center 10
2 is an identifier CP_I of the content provider 101
When D, public key data K _{CP, P} and signature data SIG _{9, CP} are received from the content provider 101, they are decrypted using the session key data K _SES obtained by mutual authentication with the content provider 101. . After verifying the validity of the decrypted signature data SIG9 _{, CP} , the identifier CP_ID and the public key data K
Based on _{CP and P} , it is confirmed whether or not the content provider 101 which has issued the public key certificate data issuance request is registered in the CP database. Then, the EMD service center 102 transmits the content provider 10
X of 1 509 format public key certificate data CER _CP is read from the certificate database, and the public key certificate data C
The hash value of the ER _CP is obtained, and the EMD service center 10
2 using the secret key data K _{ESC, S
1,} Create _ESC . Then, the EMD service center 10
2 encrypts the public key certificate data CER _CP and its signature data SIG _{1 and ESC} using the session key data K _SES obtained by mutual authentication with the content provider 101, and then transmits the encrypted data to the content provider 101. Send.

Note that the EMD service center 102 has the SA
From M105 _1, also processing when receiving a request for issuing the public key certificate data CER _SAM1, except that treatment with the SAM 105 ₁ is made, the public key certificate data CER _CP
Is the same as the process when the issuance request is received. The public key certificate data CER _CP is also X. 509 format. In the present invention, the EMD service center 102
For example, when the SAM 105 ₁ is shipped,
₁ private key data K _{SAM1, S} and public key data K
_SAM1, when stored _P to SAM 105 ₁ of the storage unit,
At the time of the shipment _, the public key certificate data CER _SAM1 of the public key data K _{SAM1, P} may be created. At this time, the public key certificate data CER _SAM1 is
The information may be stored in the _first storage unit.

<Issue Processing of Key File KF> When the EMD service center 102 receives the registration module Mod ₂ shown in FIG.
Registration module M using session key data K _SES obtained by mutual authentication with content provider 101
to decode the od _2. Then, the EMD service center 10
2 is the public key data K read from the key database
The validity of the signature data SIG _{M1, CP} is verified using _{cp, P.} Next, EMD service center 102, usage control policy data 106 stored in the registration module Mod _2, the content key data Kc, electronic watermark information management data WM
And the SRP are registered in the rights certificate database.

Next, the EMD service center 102 uses the license key data KD _{1 to} KD ₆ of the corresponding period read from the key server to use the content key data Kc and the rights certificate data 106, the SAM program download container SDC _{1 to} SDC ₃ are encrypted.
Next, the EMD service center 102 transmits the header data, the content key data Kc and the
And SAM program download container SDC
_A hash value is obtained for the whole of _{1 to} SDC ₃ and EM
The signature data SIG _{K1, ESC} is created using the secret key data K _{ESC, S} of the D service center 102. Next, the EMD service center 102 creates a key file KF shown in FIG. 4B and stores it in the KF database. Next, the EMD service center 102 encrypts the key file KF obtained by accessing the KF database using the session key data K _SES obtained by mutual authentication with the content provider 101, and then encrypts the key file KF. Send to 101.

<Settlement Process> Next, a settlement process performed in the EMD service center 102 will be described. EM
D service center 102, usage log data 10 from the user home for example SAM 105 ₁ of the network 103
8 and its signature data SIG _{200, SAM1}
Usage history data 108 and signature data SIG _{200, SAM1}
Is decrypted using the session key data K _SES obtained by mutual authentication with the SAM 105 ₁ ,
5 ₁ signature data SIG by the public key data K _SAM1 of
Verify _{200, SAM1} .

FIG. 21 is a diagram for explaining data described in the usage history data 108. As shown in FIG. As shown in FIG. 21, the usage history data 108 includes, for example, an ESC_content ID which is an identifier globally uniquely assigned to the content data C stored in the secure container 104 by the EMD service center 102, Content provider 1 for C
CP_content I, which is an identifier assigned by
D, a user ID which is an identifier of a user to whom the secure container 104 has been distributed, user information of the user, and the SAMs 105 ₁ to ₁ to which the secure container 104 has been distributed.
05 ₄ identifier SAM_ID, an identifier of the SAM belongs a home network group HNG_ID,
Discount information, tracing information, price tag, identifier CP_ID of the content provider 101 that provided the content data, referral agent (portal: P
ortal) ID, hardware provider ID, and identifier Media_I of the recording medium on which the secure container 104 is recorded.
D, a component ID which is an identifier of a predetermined component such as a compression method used for providing the secure container 104, an identifier LH_ID of a license holder of the secure container 104, a secure container 104
Service center 102 that performs settlement processing for
, Etc. are described. In the second embodiment described later, the usage history data 308 includes
In addition to the data described in the usage history data 108 described above, SP_content ID which is an identifier assigned to the content data C by the service provider 310, and an identifier SP_ID of the service provider 310 which distributed the content data C Is described.

The EMD service center 102 needs to distribute the money paid by the user of the user home network 103 to a license owner such as a compression method or a recording medium other than the owner of the content provider 101. , The amount to be paid to each party is determined based on a predetermined distribution ratio table, and the settlement report data 107 and the settlement claim data 152 are created in accordance with the determination. The distribution ratio table is created for each content data stored in the secure container 104, for example.

Next, the EMD service center 102 performs a settlement process based on the usage history data 108, the standard retail price data SRP and the sales price included in the right certificate data 106 read from the right certificate database, and requests for payment. Rights data 152 and settlement report data 107
Generate Here, the settlement request right data 152 is authoritative data that can request payment to the settlement agency 91 based on the data. For example, in the case where the money paid by the user is distributed to a plurality of right holders Is created for each individual right holder.

Next, the EMD service center 102 setstle the billing right data 152 and its signature data SIG.
After performing the mutual authentication and the decryption by the session key data K _SES , ₉₉ is transmitted to the clearing house 91 via the payment gateway 90 shown in FIG. This allows
The amount of money shown in the settlement claim data 152 is paid to the content provider 101. Further, the EMD service center 102 transmits the settlement report data 107 to the content provider 101.

[User Home Network 103] As shown in FIG. 1, the user home network 103 includes a network device 160 ₁ and A / V devices 160 ₂ to 160 1.
It has a 60 _4. The network device 160 ₁
AM105 has a _built-1. Also, the AV device 160 ₂
160 ₄ are respectively built SAM 105 ₂ to 105 _4. The SAMs 105 _{1 to} 105 ₄ are connected to each other via a bus 191 such as an IEEE 1394 serial interface bus. Note that the AV devices 160 _{2 to} 160 ₄ may have a network communication function or may not have a network communication function, and use the network communication function of the network device 160 ₁ via the bus 191. Is also good. Further, the user home network 103 may include only AV devices having no network function.

[0110] The following describes the network apparatus 160 _1. Figure 22 is a block diagram of the network device 160 _1. As shown in FIG.
0 ₁ is the SAM 105 ₁ , communication module 162, AV
SAM 163 for compression / decompression, purchase / usage mode determination operation unit 165, download memory 167, playback module 1
69 and an external memory 201.

The SAMs 105 _{1 to} 105 ₄ are modules for performing a billing process for each content, and communicate with the EMD service center 102. SAM105
_{1-105 4} is, for example, EMD service center 102
The license and the license are transferred to a home device maker as a charging module of a black box for performing charging for each content if the mounting is desired. For example, a home appliance developer
SAM105 ₁ ~105 ₄ of IC (Integrated Circuit)
The EMD service center 102 unifies the internal specifications of the IC,
Accordingly it is mounted on the network device 160 ₁ and AV apparatuses 160 ₂ to 160 _4.

The SAMs 105 _{1 to} 105 ₄ have their processing contents completely shielded from the outside, their processing contents cannot be monitored and falsified from the outside, and the data stored in advance and the data being processed are stored in the SAMs 105 _{1 to} 105 _4. It is a tamper-resistant hardware module (such as an IC module) that cannot be monitored and tampered with from the outside, or a functional module that is realized by executing software (secret program) on a CPU. SAM10
5 _1-105 case of realizing ₄ functions in the form of IC has a secret memory inside IC, there secret programs and secret data are stored in. The SAM is not limited to the physical form of IC, and if its function can be incorporated into any part of the device, that part may be defined as SAM.

[0113] The following is a detailed description of the function of SAM105 _1. Note that the SAMs 105 _{2 to} 105 ₄ are SA
M105 has _one basically the same function. FIG.
Is a block diagram of the function of SAM 105 _1. Note that FIG.
3 shows the flow of data related to the process of inputting the secure container 104 from the content provider 101 and decrypting the key file KF in the secure container 104. As shown in FIG. 23, SAM 105 ₁
Are the mutual authentication unit 170, the encryption / decryption units 171, 17
2,173, content provider management unit 180, download memory management unit 182, AV compression / decompression SAM
Management section 184, EMD service center management section 185, usage monitoring section 186, charging processing section 187, signature processing section 18
9, SAM management unit 190, media SAM management unit 19
7. Working memory 200 and external memory management unit 811
Having. Here, the content provider management unit 180
And the download memory management unit 182 corresponds to the input processing unit of the present invention, the charging unit 187 corresponds to the determining unit, the history data generating unit and the use control data generating unit of the present invention, and the encrypting / decrypting unit 172 corresponds to the input processing unit. The use monitoring unit 186 corresponds to the use control unit of the present invention, corresponding to the decryption unit of the present invention. Further, the encryption / decryption unit 173 corresponds to the encryption means in claim 3 or the like. Also, a media drive SAM management unit 855 shown in FIG. Further, the signature processing unit 189 corresponds to a signature processing unit according to claim 9 or the like.

[0114] Note that the functions of the SAM 105 ₁ shown in FIG. 23, as described above, or be implemented by executing a secret program in CPU, or realized by the predetermined hardware. The external memory 201 also stores the usage history data 108 and the SAM registration list as shown in FIG. 24 through the following processing. Here, the memory space of the external memory 201 is SAM105 ₁
External (e.g., a host CPU (not shown)) can not be seen from, SAM 105 only _one external memory 201
Access to the storage area can be managed. As the external memory 201, for example, a flash memory or a ferroelectric memory (FeRAM) is used. As the working memory 200, for example, an SRAM is used, and as shown in FIG.
4. Content key data Kc, license data (UCP)
106, the lock key data K _LOC of the storage unit 192, the public key certificate CER _{CP of} the content provider 101, the usage control data (UCS) 166, and the SAM program.
Download containers SDC _{1 to} SDC ₃ are stored.

Hereinafter, among the functions of the SAM 105 ₁ , the secure container 104 from the content provider 101 will be described.
With reference to FIG. 23, the processing contents of each functional block when "."

When the SAM 105 ₁ transmits / receives data between the content provider 101 and the EMD service center 102 online, the mutual authentication unit 170
Mutual authentication is performed between the content provider 101 and the EMD service center 102 to generate session key data (shared key) K _SES , and this is encrypted / decrypted by the encryption / decryption unit 17.
Output to 1. The session key data K _SES is newly generated each time mutual authentication is performed.

The encryption / decryption unit 171 encrypts / decrypts data transmitted / received between the content provider 101 and the EMD service center 102 using the session key data K _SES generated by the mutual authentication unit 170.

The download memory management unit 182 is configured as shown in FIG.
When the download memory 167 has a media SAM 167a having a mutual authentication function as shown in FIG. 2, after performing mutual authentication between the mutual authentication unit 170 and the media SAM 167a, a session obtained by the mutual authentication is performed. The data is encrypted using the key data K _SES and written into the download memory 167 shown in FIG. As the download memory 167, for example, a nonvolatile semiconductor memory such as a memory stick is used. As shown in FIG. 26, a memory such as an HDD (Hard Disk Drive) that does not have a mutual authentication function is stored in the download memory 211.
In this case, since the contents of the download memory 211 are not secure, the content file CF is downloaded to the download memory 211, and the highly confidential key file KF is stored in, for example, the working memory 200 shown in FIG. Download to the external memory 201. When storing the key file KF in the external memory 201, for example, in SAM 105 _1, the key file KF and MAC key data K _MAC in the CBC mode
And stores it in the external memory 201, and a part of the last ciphertext block is MAC (Message Authenticatio
n Code) value is stored in SAM105 _1. And
Key file K from external memory 201 to SAM 105 ₁
When reading F, by the read out key file KF was decrypted by using the MAC key data K _MAC in SAM105 within _1, compares it with a MAC value obtained, the MAC value already stored It verifies whether the key file KF has been falsified. In this case, a hash value may be used instead of the MAC value.

[0119] The encryption / decryption unit 172 receives the secure container 104 input from the download memory management unit 182.
Content key data Kc in the key file KF stored in the usage control policy data 106 and the SAM program download containers SDC ₁ ~SDC _3, the storage unit 1
The decryption is performed using the license key data KD _{1 to} KD ₃ of the corresponding period read out from the memory 92. The decrypted content key data Kc, right certificate data 106 and SAM
Program download container SDC _1- SDC
₃ is written to the working memory 200.

An EMD service center management unit 185 manages communication with the EMD service center 102 shown in FIG.

The signature processing section 189 reads the public key data K of the EMD service center 102 read from the storage section 192.
The signature data in the secure container 104 is verified using the _{ESC, P} and the public key data K _{CP, P} of the content provider 101.

[0122] storage unit 192, as secret data which can not be read and rewritten from SAM 105 ₁ of the external,
As shown in FIG. 27, a plurality of license key data KD _{1 to} KD ₃ with an expiration date, SAM_ID, user ID,
Password, home network group identifier HNG_ID to which the SAM belongs, information reference ID, SAM
Registration list, revocation list of devices and recording media, recording key data K _STR , root CA public key data K _{R-CA, P} , EMD service center 102 public key data K _{ESC, P} , EMD service center 102 Public key data K _{ESC, P} , drive SAM authentication original key (when a common key encryption method is adopted), drive SA public key certificate (when a secret key encryption method is adopted), SAM 105
₁ of the secret key data K _{SAM1, S} (the case of adopting the common key encryption system), in the case of adopting the public key certificate CER _SAM1 (secret key encryption system that stores the SAM105 ₁ of the public key data K _{SAM1, P} ), Signature data SIG _{22 of} public key certificate CER _ESC using secret key data K _{ESC, S} of EMD service center 102, and original key data (mutual key encryption) for mutual authentication with SAM 163 for AV compression / decompression. Encryption key), original key data for mutual authentication with the media SAM (when a common key encryption key is used), media SA
M public key certificate data CER _MEDSAM (when the public key encryption method is used), the specifications of the signals that can be handled, the compression method, the monitor display capability to be connected, the format conversion function, the presence or absence of a bit stream recorder, the rights processing (profit (Distribution) data, IDs of related entities for profit distribution, and the like. Incidentally, in FIG. 27, the data marked with "*" on the left side, SAM 105 ₁ of which is stored in the storage unit 192 at the time of shipment, the other data stored in the storage unit 192 at the time of user registration performed after shipment .

The storage unit 192 stores a secret program for realizing at least some of the functions shown in FIG. As the storage unit 192, for example, a flash-EEPROM (Electrically Erasable Program
mable RAM) is used.

[0124] <Processing at the time of reception of the license key data> Hereinafter, FIG flow of processing in SAM105 within ₁ when storing the license key data KD ₁ ~KD ₃ received from the EMD service center 102 in the storage unit 192 26 And FIG.
This will be described with reference to FIG. FIG. 28 shows license key data KD ₁ -KD received from EMD service center 102.
It is a flowchart showing a flow of processing in SAM105 within ₁ when storing the KD ₃ to the memory unit 192. Step S28-1: Mutual Authentication Unit 17 of SAM 105 ₁
0 and the EMD service center 102 perform mutual authentication. Step S28-2: step license key data KD ₁ ~KD ₃ of 3 months worth of encrypted with the obtained session key data K _SES by mutual authentication of S28-1 and the signature data SIG _{KD1, ESC} ~SIG _{KD3, ESC} , EM
Data is written from the D service center 102 to the working memory 200 via the EMD service center management unit 185.

Step S28-3: Encryption / Decryption Unit 17
1 uses the session key data K _SES to generate license key data KD _{1 to} KD ₃ and its signature data SIG.
_{KD1, ESC to} SIG Decode _{KD3, ESC} . Step S28-4: The signature processing section 189 checks the signature data SIG _{KD1, ESC to} SI stored in the working memory 200.
After confirming the validity of G _{KD3 and ESC} , the license key data KD _{1 to} KD ₃ are written into the storage unit 192.

<Process when Secure Container 104 is Input from Content Provider 101> Hereinafter, the secure container 104 provided by the content provider 101 will be described.
FIG. 2 shows the flow of processing in the SAM 105 ₁ when inputting
3 and FIG. 29. In the following example, the case where various signature data are verified when the secure container 104 is input in the SAM 105 ₁ is exemplified. However, when the secure container 104 is input, the signature data is not verified. Alternatively, the signature data may be verified when the purchase / usage mode is determined. Step S29-1: performs mutual authentication with the SAM 105 ₁ of the mutual authentication unit 170 and the content provider 101 shown in FIG. 23. Step S29-2: Mutual Authentication Unit 17 of SAM 105 ₁
0 and media SAM 167 in download memory 167
Mutual authentication is performed with a.

Step S29-3: The secure container 104 received from the content provider 101 is written in the download memory 167. At this time, encryption of the secure container 104 in the mutual authentication unit 170 and decryption of the secure container 104 in the media SAM 167a are performed using the session key data obtained in step S29-2. Step S29-4: The SAM 105 ₁ performs step S2
The secure container 104 is decrypted using the session key data obtained in 9-1.

Step S29-5: Signature Processing Unit 189
After verifying the signature data SIG1 _{, ESC} shown in FIG. 3C, the public key certificate data C shown in FIG.
Using the public key data K _{CP, P} of the content provider 101 stored in the ER _CP , the signature data SIG _{6, CP} , S
Verify the validity of IG _{7, CP} . At this time, the signature data S
When the IG _{6, CP} is verified as valid, the creator and sender of the content file CF are verified. When the signature data SIG7 _{, CP} is verified to be valid, the validity of the sender of the key file KF is confirmed.

Step S29-6: signature processing section 189
Is the public key data K _{ESC, P} read from the storage unit 192.
, The validity of the signature data SIG _{K1, ESC} in the key file KF shown in FIG.
It verifies the validity of the creator of F and whether the key file KF is registered in the EMD service center 102.

Step S29-7: Encryption / Decryption Unit 17
2, by using the license key data KD ₁ ~KD ₃ periods corresponding read from the storage unit 192, content key data Kc in the key file KF shown in FIG. 3 (B), the usage control policy data 106 and the SAM program The download containers SDC _{1 to} SDC ₃ are decrypted, and these are written to the working memory 200.

The processing contents of each functional block related to the processing of using and purchasing the content data C downloaded to the download memory 167 will be described below with reference to FIG.

The use monitoring unit 186 includes the work memory 200
, The license card data 106 and the usage control data 166 are read out, and the purchase and use of the content are monitored within the range permitted by the read license card data 106 and the usage control data 166. here,
The license data 106 is stored in the key file KF stored in the working memory 200 after decryption, as described with reference to FIG. In addition, usage control data 1
66 is stored in the work memory 200 when the purchase mode is determined by the user, as described later. The usage control data 166 includes the user ID of the user who purchased the content data C and the tracing (T
racing) information is described, and the same data as the rights certificate data 106 shown in FIG. 3 is described except that the purchase mode determined in the purchase mode determination process is described as the handling control information.

[0133] The billing processing unit 187 is provided with the
The usage history data 108 corresponding to the operation signal S165 from the usage mode determination operation unit 165 is created. Here, as described above, the usage history data 108 describes the history of the form of purchase and use of the secure container 104 by the user. Used to determine the payment of the license fee.

[0134] The charging unit 187 notifies the user of the sales price or the standard retail price data SRP read from the working memory 200 as necessary. Here, the sales price and the standard retail price data SRP are stored in the rights certificate data 106 of the key file KF shown in FIG. 3B and stored in the working memory 200 after decryption. The charge processing by the charge processing unit 187 is performed based on the right contents such as the license conditions indicated by the right data 106 and the use control data 166 under the monitoring of the use monitoring unit 186. That is, the user purchases and uses the content within a range according to the content of the right.

[0135] The billing processing section 187 operates the operation signal S1.
Usage control (UCS: Usage Control S) that describes the content purchase mode determined by the user based on
tatus) generates data 166 and stores it in the working memory 20.
Write to 0. In the present embodiment, the case where the usage control data 166 is stored in the work memory 200 after the purchase mode is determined has been described as an example, but the usage control data 166 and the content key data Kc are stored in the external memory 201 which is an external memory. You may make it. External memory 201
As described above, a flash memory such as an NVRAM is used as described above. When writing to the external memory 201, an integrity check, which is a verification of the validity of the external memory 201, is performed. At this time, the storage area of the external memory 201 is divided into a plurality of blocks. -1 or a MAC is used to obtain a hash value, and the hash value is used as the SAM 105
Manage within _one . In the SAM 105 ₁ , the secure container 104 is replaced with another SA without determining the purchase mode.
M105 ₂ ~105 may be transferred to the _4. In this case, the usage control data 166 is not created.

[0136] As a content purchase form, for example,
Buy-out (Sell Through) that does not limit the reproduction by the purchaser or the copy for the use of the purchaser (Sell Through), Time Limited (Time Limited) to limit the use period, Playback charging (Pay Per Play), a playback charge (Pay Per SCMS) that charges each time a copy is reproduced using an SCMS device, a copy permission (Sell Through SCMSCopy) on a SCMS device, and a reproduction charge without guarding the copy. Playback billing (Pay Per Copy
N without copy guard). Here, the usage control data 166 is generated when the user determines the purchase mode of the content, and thereafter, controls the user to use the content within the range permitted by the determined purchase mode. Used for The usage control data 166 includes a content ID, a purchase mode, a price corresponding to the purchase mode, and S at which the content was purchased.
SAM_ID of AM, USER of user who made purchase
_ID and the like are described.

[0137] Incidentally, if the purchase mode determined is the reproduction charge, for example, transmits in real time from SAM 105 ₁ and the purchase of the content data C utilizing control data 166 to the content provider 101, content provider 101 EMD In the service center 102,
The usage history data 108 is stored in the SAM 105 ₁ within a predetermined period.
And tell them to go. In the case where the determined purchase mode is purchase out, for example, the usage control data 166 is transmitted to both the content provider 101 and the EMD service center 102 in real time. Thus, in this embodiment, the usage control data 166 is transmitted to the content provider 101 in real time in any case.

The EMD service center management unit 185 embeds the usage history data 108 read from the external memory 201 via the external memory management unit 811 at predetermined intervals.
The data is transmitted to the D service center 102. At this time, EMD
The service center management unit 185 _{causes the} signature processing unit 189 to use the usage history data 1 using the secret key data K _{SAM1, s.}
08 signature data _{SIG200, SAM1} is created, and the signature data _{SIG200, SAM1} is transmitted to the EMD service center 102 together with the usage history data 108. The transmission of the usage history data 108 to the EMD service center 102 is performed by, for example, E
It may be performed in response to a request from the MD service center 102 or periodically, or may be performed when the amount of history information included in the usage history data 108 exceeds a predetermined value. The information amount is determined, for example, according to the storage capacity of the external memory 201.

[0139] For example, when a content reproduction operation is performed in response to an operation signal S165 from the purchase mode determination operation unit 165 shown in FIG. The content key data Kc read from the work memory 200 and the user digital watermark information data 196 input from the charging processing unit 187 are AV-compressed.
Output to the decompression SAM management unit 184. Further, the AV compression / expansion SAM management unit 184, when a content preview operation is performed in response to the operation signal S165 from the purchase mode determination operation unit 165 shown in FIG. , And the content key data Kc and the semi-disclosed parameter data 199 read from the working memory 200 are output to the AV compression / decompression SAM management unit 184.

Here, the semi-disclosed parameter data 199
Is described in the license data 106 and indicates the handling of the content in the preview mode. AV compression
In the SAM 163 for decompression, the semi-disclosed parameter data 19
9, the encrypted content data C can be reproduced in a semi-disclosed state. As a semi-disclosed method, for example, utilizing the fact that the AV compression / expansion SAM 163 processes data (signals) in units of predetermined blocks,
There are a block for designating a block to be decrypted and a block not to be decrypted using the content key data Kc, a limitation on a playback function at the time of trial listening, and a limitation of a period during which trial listening is possible.

<Process of Determining Purchased Form of Secure Container Downloaded> Hereinafter, the flow of processing up to determining the purchase mode of the secure container 104 downloaded from the content provider 101 to the download memory 167 will be described with reference to FIGS. 30 and 31. I will explain it. In the process described below, when determining the purchase mode of the secure container 104, the signature data of each data in the secure container 104 is not verified (as described above, the signature data is verified when the secure container 104 is received). Is performed), the signature data may be verified when the purchase mode is determined. FIG.
Download memory 1 from content provider 101
It is a flowchart which shows the flow of a process until the purchase form of the secure container 104 downloaded to 67 is determined. Step S31-1: The purchase and purchase shown in FIG.
It is determined whether or not the operation signal S165 indicating the trial listening mode according to the operation of the usage mode determination operation unit 165 has been output to the charging processing unit 187. If it is determined that the data has not been output, the process of step S31-5 is executed.

Step S31-2: Working memory 200
Are output to the AV compression / decompression SAM 163 shown in FIG. At this time, after the mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, the content key data Kc and the semi-disclosure parameter data 19
9 is encrypted and decrypted using session key data K _SES .

Step S31-3: FIG. 22 by the user
The operation signal S165 indicating the trial listening mode is generated by the operation of the purchase / use mode determination operation unit 165 shown in FIG.
87, for example, the download memory 16
7 is output to the AV compression / decompression SAM 163 shown in FIG. 22 via the AV compression / decompression SAM management unit 184. At this time, the mutual authentication unit 17
0 and the media SAM 167a for mutual authentication and encryption / decryption by the session key data K _SES , and between the mutual authentication unit 170 and the mutual authentication unit 220 for mutual authentication and encryption / decryption by the session key data K _SES. Is performed. The content file CF is the AV file shown in FIG.
After being decrypted by the decryption unit 221 of the compression / decompression SAM 163 using the session key data K _SES , it is output to the decryption unit 222.

Step S31-4: The decrypted semi-disclosure parameter data 199 is output to the semi-disclosure processing unit 225, and under the control of the semi-disclosure processing unit 225,
The decryption of the content data C using the content key data Kc is performed in a semi-disclosure manner. Next, the content data C decrypted in the semi-disclosure is output to the digital watermark information processing unit 224 after being expanded in the expansion unit 223. Next, the digital watermark information processing section 224 stores the user digital watermark information data 196 in the content data C.
Is embedded, and the content data C is
At 69, sound is output according to the content data C. Further, the digital watermark information processing unit 224 detects digital watermark information embedded in the content data C, and determines whether or not to stop the processing based on the detection result.

Step S31-5: When the user operates the purchase / use mode determination operation section 165 to determine the purchase mode, an operation signal S165 indicating the determined purchase mode is output to the charging section 187. Step S31-6: The usage history data 108 and the usage control data 166 according to the determined purchase mode are generated in the charging processing unit 187, and the usage history data 108
Is written to the external memory 201 via the external memory management unit 811, and the usage control data 166 is written to the working memory 200. Thereafter, the usage monitoring unit 186
Is controlled (monitored) so that the purchase and use of the content are performed within the range permitted by the use control data 166.

Step S31-7: FIG. 32 to be described later
New key file KF ₁ shown in (C) is created, the key file KF ₁ to which the created is stored in the download memory 167 or other memory via the download memory management unit 182. As shown in FIG. 32 (C), the key file KF ₁ usage control data 166 stored in the are sequentially encrypted by utilizing the CBC mode of DES by using the storage key data K _STR and the media key data K _MED I have. Here, the recording key data K
_STR is, for example, SACD (Super Audio Compact Disc),
This data is determined according to the type of DVD (Digital Versatile Disc) device, CD-R device, MD (Mini Disc) device, etc., and is used to associate the type of device with the type of recording medium on a one-to-one basis. . The media key data K _MED is data unique to a recording medium.

[0147] Step S31-8: the signature processor 189, using the SAM 105 ₁ of the secret key data K _{SAM1, S,} the hash value H _K1 of the key file KF ₁ is created,
The created hash value H _K1 is used as the key file KF ₁
Is written in the working memory 200 in association with
The hash value H _K1 is used to verify whether or not the key file creator legitimacy and key file KF ₁ KF ₁ has been tampered with. Note that the content data C for which the purchase mode has been determined is recorded on, for example, a recording medium,
In the case of transmission via online, as shown in FIG. 32, the key file KF ₁ and the hash value H _K1 , the content file CF and its signature data SIG _{6, CP} ,
Key file KF and its signature data SIG _{7, CP} , public key certificate data CER _cp and its signature data SIG
_1, Secure container 104 storing _ESC , public key certificate data CER _SAM1 and its signature data SIG _{22, ESC}
p is created. As described above, the secure container 10
When the purchase mode of SAM1 is determined, the usage control data 166 is generated and stored in the working memory 200.
05 again in ₁ to re-determine the purchase mode for the same secure container 104, the operation signal S165 work memory 200 utilizing control data 166 stored in the according to is updated.

<Content Data Reproduction Processing> Next, the flow of processing for reproducing the content data C stored in the download memory 167 and for which the purchase mode has already been determined will be described with reference to FIG. FIG.
It is a flowchart which shows the said process. As a premise of performing the process, the use control data 166 is stored in the work memory 200 by the above-described purchase mode determination process. Step S33-1: The usage control data 166 is read from the working memory 200 to the usage monitoring unit 186, the reproduction conditions indicated by the usage control data 166 are interpreted and verified, and the subsequent reproduction processing is performed based on the result. Watched to be watched. Step S33-2: Mutual authentication section 170 shown in FIG.
And the mutual authentication unit 220 of the SAM 163 for AV compression and decompression shown in FIG. 22, mutual authentication is performed, and the session key data K _SES is shared.

Step S33-3: Step S33-1
After the playback condition interpreted and verified in step S3 and the content key data Kc read from the work memory 200 are encrypted using the session key data K _SES obtained in step S33-2, the AV compression is performed. -Output to the decompression SAM 163. As a result, the decryption unit 221 of the AV compression / decompression SAM 163 shown in FIG. 22 decrypts the reproduction condition and the content key data Kc using the session key data K _SES .

Step S33-4: The content file CF read from the download memory 167 is stored in the session key data K _SES obtained in step S33-2.
SAM1 for AV compression / decompression after being encrypted using
63 is output. As a result, the decryption unit 221 of the AV compression / decompression SAM 163 shown in FIG. 22 decrypts the content file CF using the session key data K _SES . Subsequently, in the decompression unit 223 of the AV compression / decompression SAM 163, the content data C in the content file CF is decompressed, and the digital watermark information processing unit 2
After embedding the user digital watermark information in 24, it is reproduced in the reproduction module 169.

Step S33-5: The use control data 166 read out in step S33-1 is updated and written into the working memory 200 again, if necessary. Further, the usage history data 108 stored in the external memory 201 is also updated.

<Usage control status data of one device (US
Processing when using C) 166 to re-purchase another device> First, described above as shown in FIG. 34, for example, the purchase form of the content file CF downloaded on the download memory 167 of the network apparatus 160 ₁ after determining as, SAM10 to generate a new secure container 104x storing the content file CF, via the bus 191, and transfers the secure container 104x in the SAM 105 ₂ of the AV apparatus 160 ₂
The flow of processing in the 5 within ₁ will be described with reference to FIGS. 35 and 36.

FIG. 36 is a flowchart of the process. Given that the processing shown in FIG. 36, the purchase processing described above, the work memory 200 of the SAM 105 ₁ key file KF ₁ and the hash value H _K1 shown in FIG. 32 (C) is stored. Step S36-1: The user operates the purchase and usage form determination operation unit 165, and instructs the transfer of the purchase mode of the secure container to the SAM 105 ₂ which has already been determined. The accounting unit 187 updates the usage history data 108 stored in the external memory 201 based on the operation signal S165.

Step S36-2: The SAM 105 ₁
Verify the later-described SAM registration list, SA the SAM 105 ₂ of the destination of the secure container is regularly registered
It is verified whether or not it is M, and if it is determined that it has been registered properly, the processing after step S36-3 is performed. The SAM 105 ₁ also verifies whether the SAM 105 ₂ is a SAM in the home network.

Step S36-3: Mutual authentication section 170
Share the session key data K _SES obtained by performing mutual authentication with the SAM 105 ₂ .

Step S36-4: SAM management section 190
Reads the content file CF and the signature data SIG _{6, CP} shown from the download memory 211 in FIG. 32 (A), the signature processing unit signature data SIG _{41, SAM1} by using SAM 105 ₁ of the secret key data K _SAM1 about this 189.

Step S36-5: SAM management section 190
Reads the key file KF and the signature data SIG _{7, CP} shown from the download memory 211 in FIG. 32 (B), SAM105 ₁ secret key data K for this
Signature data _SIG42 using _SAM1 and signature processing unit 1
89.

Step S36-6: SAM management section 190
Creates the secure container 104x shown in FIG. Step S36-7: In the encryption / decryption unit 171,
Using the session key data K _SES obtained in step S36-3, the secure container 104x shown in FIG. 37 is encrypted.

Step S36-8: SAM management section 190
Outputs the secure container 104x in the SAM 105 ₂ of the AV apparatus 160 ₂ shown in FIG. 34. At this time, SA
M105 ₁ in parallel with the mutual authentication between the SAM 105 _2, mutual authentication of the bus 191 is a IEEE1394 serial bus is carried out.

Hereinafter, as shown in FIG.
Secure container 104x shown in Fig. 37 input from ₁
Figure 38, a flow of processing in SAM105 within ₂ for writing on the recording medium 180 130 ₄ such as a RAM type,
This will be described with reference to FIGS. 39 and 40. 39 and 40 are flowcharts showing the processing. Here, the RAM type recording medium 130 ₄ has, for example, a non-secure RAM area 134, a medium SAM 133, and a secure RAM area 132.

Step S39-1: The SAM 105 ₂
Verify the SAM registration list, verify whether the SAM to SAM 105 ₁ of the transfer source of the secure container is regularly registered, the processing in step S39-2 after when determining that is regularly registered I do. Also, SAM
105 _2, SAM 105 ₁ performs also verified whether a SAM in the home network.

Step S39-2: Step S described above
As a process corresponding to 36-2, the SAM 105 ₂
The session key data K _SES obtained by performing mutual authentication with the AM 105 ₁ is shared. Step S39-3: SAM management unit 1 of SAM 105 ₂
90, as shown in FIGS. 34 and 38, to enter the secure container 104x from SAM 105 ₁ of the network device 160 _1. Step S39-4: The encryption / decryption unit 171 decrypts the secure container 104x input via the SAM management unit 190 using the session key data K _SES shared in step S39-2.

Step S39-5: The content file CF in the secure container 104x decrypted using the session key data K _SES is stored in the media file shown in FIG.
Sectorize in Drab SAM260
, Sector header addition processing, scramble processing, EC
After C encoding, modulation and synchronization, R
It is recorded in the RAM area 134 of the AM type recording medium 130 _4.

Step S39-6: Signature data SIG _{6, CP} , SIG41 _{, SAM1} in secure container 104x decrypted using session key data K _SES , key file KF and its signature data SIG _{7, CP} , SIG
_42, and _SAM1, the key file KF ₁ and the hash value H _K1, and the public key signature data CER _CP and the signature data SIG _{1, ESC,} public key signature data CER _SAM1 and the signature data SIG _{22, ESC} and is, Working memory 200
Is written to.

Step S39-7: The signature processing unit 189 reads the public key data K read from the storage unit 192.
_{Using CP and P} , public key certificate data CER _CP and CER
The validity of _SAM1 is confirmed. Then, the signature processing unit 189
, The validity of the signature data SIG6 _{, CP} is verified using the public key data K _{CP, P} stored in the public key certificate data CER _SAM1 , and the validity of the creator of the content file CF is confirmed. . Further, the signature processing unit 189 verifies the validity of the signature data _{SIG41, SAM1} using the public key data K _{SAM1, P} stored in the public key certificate data CER _SAM1, and checks the validity of the sender of the content file CF. The validity is confirmed.

Step S39-8: Signature Processing Unit 189
_Uses the public key data K _CP , K _{SAM1, P} to _{generate the} signature data SIG _{7, CP} , SI stored in the working memory 200.
Verify the correctness of _{G42, SAM1} . Then, the signature data S
When IG7 _{, CP} , _{SIG42, and SAM1} are verified as valid, the validity of the sender of the key file KF is confirmed.

Step S39-9: Signature processing section 189
Is the public key data K _{ESC, P} read from the storage unit 192.
_{Is used,} the validity of the signature data SIG _{K1, ESC} stored in the key file KF shown in FIG. 37B is confirmed. When the signature data SIG _{K1 and ESC} are verified to be valid, the validity of the creator of the key file KF is confirmed.

Step S39-10: Signature processing section 189
Verifies the validity of the hash value H _K1 and
F ₁ of the author and to confirm the validity of the sender. In addition,
In this example, the creator of the key file KF ₁ and the transmission source is described where the same, if the author key file KF ₁ and the source are different, the author for the key file KF ₁ The signature data, the sender, and the signature data are created, and the signature processing unit 189 verifies the validity of both signature data.

Step S39-11: Usage monitoring unit 186
Is the key file K decrypted in step S39-10.
With usage control data 166 stored in the F _1, to control the purchase and usage of the subsequent content data C.

Step S39-12: The user purchases
The purchase mode is determined by operating the usage mode determination operation unit 165, and an operation signal S 165 corresponding to the operation is output to the charging processing unit 187. Step S39-13: The charging processing unit 187 updates the usage history data 108 stored in the external memory 201 based on the operation signal S165. Further, each time the purchase mode of the content data is determined, the billing processing unit 187 uses the usage control data 1 according to the determined purchase mode.
Update 66.

Step S39-14: Encryption / Decryption Unit 1
73 is the recording key data K read from the storage unit 192
_STR , media key data K _MED and purchaser key data K
_{Using the PIN} in order, the usage control data 166 generated in step S39-12 is encrypted and output to the media drive SAM management unit 855. Step S39-15: media drive SAM management unit 855, the key file KF ₁ which stores a new usage control data 166, sectorized processing, addition processing of the sector header, scrambling, ECC encoding, modulation processing and synchronization processing through the records in the secure RAM region 132 of the recording medium 130 ₄ of RAM type. Incidentally, media key data K _MED is being pre-stored in the storage unit 192 by the mutual authentication between the recording medium 130 ₄ media SAM133 of RAM type shown in the mutual authentication unit 170 and 34 shown in FIG. 38.

Here, the recording key data _KSTR is, for example, a SACD (Super Audio Compact Disc), a DVD (Digital
Versatile Disc) equipment, CD-R equipment and MD (Mini
Disc) The type of device or the like (in this example, the AV device 16
0 ₂ ), and is used to associate the type of device with the type of recording medium on a one-to-one basis.
Since the physical structure of the disk medium is the same between the SACD and the DVD, the SACD is
May be able to perform recording / reproduction on the recording medium. In such a case, the recording key data _KSTR plays a role of preventing unauthorized copying. In the present embodiment, encryption using the recording key data _KSTR may not be performed.

The media key data K _MED is data unique to a recording medium (in this example, a RAM type recording medium 130 ₄ ). The media key data K _MED is stored in a recording medium (in this example, a RAM-type recording medium 1 shown in FIG. 34).
30 ₄ ) is stored in the storage medium
It is preferable to perform encryption and decryption in M using the media key data K _MED from the viewpoint of security.
At this time, if the medium SAM is mounted on the recording medium, the medium key data K _MED is
If the recording medium is stored in the AM and the recording medium does not include the medium SAM, the recording medium is stored in, for example, an unillustrated area of the host CPU in the RAM area. As in the present embodiment, mutual authentication is performed between the SAM on the device side (SAM 105 _{2 in} this example) and the media SAM (media SAM 133 in this example).
The media key data K _MED may be transferred to the device-side SAM via a secure communication path, and the device-side SAM may perform encryption and decryption using the media key data K _MED . In the present embodiment, the recording key data K _STR and the media key data K _MED are used to protect the security at the physical layer level of the recording medium.

The purchaser key data K _PIN is data indicating the purchaser of the content file CF.
When the content is purchased out of stock, the content is allocated by the EMD service center 102 to the purchased user. The purchaser key data K _PIN is managed in the EMD service center 102.

Step S39-16: Key file KF
Is read out from the working memory 200, and via the media drive SAM management unit 855, by the media drive SAM 260 shown in FIG.
It is written into the secure RAM region 132 of 30 _4.

In the above-described embodiment, the media
After processing by Drab SAM 260, key file K
F and KF ₁ are stored in the secure R of the RAM type recording medium 130 ₄ .
A case has been exemplified to be recorded in the AM region 132, as indicated by a dotted line in FIG. 34, SAM 105 key file KF from ₂ to media SAM 133, may be recorded KF _1.

In the above embodiment, the SAM 10
5 ₁ from SAM 105 ₂ in a case has been exemplified for transmitting the secure container 104x, the network device 160 ₁
Host CPU and AV equipment 160 _second host CPU
Accordingly, the content file CF and Entitlement AV equipment 160 the data 106 from the network device 160 _1
May be sent to ₂ . In this case, the usage control data 166 and the content key data Kc are transmitted from the SAM 105 ₁ to the SAM 105 ₂ .

In another embodiment, for example,
To determine the purchase form in SAM105 _1, SAM10
5 without determining ₂ in purchase mode, may be used as the usage control data 166 generated in SAM 105 ₁ at SAM 105 _2. In this case, use history data 1
08 is generated in the SAM 105 ₁ and the SAM ₁₀
In 5 ₂ not generated. The purchase of the content data C may be performed, for example, by purchasing an album including a plurality of content data C. In this case, the plurality of pieces of content data C that make up the album may be provided by different content providers 101 (in the case of a second embodiment described later, they may be further provided by different service providers 310). Also, after purchasing a part of the content data C constituting the album, the other content data C is purchased.
May be purchased in the form of adding the content data, and finally, all the content data C constituting the album may be purchased.

FIG. 41 is a diagram for explaining examples of various purchase modes of the content data C. As shown in FIG. 41, the AV device 160 ₃ is a network device 160 ₁
Purchases the content data C received from the content provider 101 using the license data 106, and generates usage control data 166a. AV equipment 1
60 _2, the content data C received network apparatus 160 ₁ from the content provider 101, purchased with usage control policy data 106, usage control data 166
b. Also, the AV device 160 ₃ copies the content data C purchased by the AV device 160 ₂ and
And it determines the usage mode using the usage control data 166b created by V device 160 _2. Thereby, the AV device 1
In 60 _3, usage control data 166c is created. Moreover, the AV apparatus 160 _3, usage control data 16
The usage history data 108b is created from 6c. Also,
The AV device 160 ₄ inputs the content data C that the network device 160 ₁ has received from the content provider 101 and has determined the purchase mode, and the network device 16 1
Determining the purchase mode of the content data C using the 0 _first usage control data 166 is created. Thus, A
In V equipment 160 _4, the usage control data 166a is generated. Moreover, the AV apparatus 160 _4, the usage log data 108a is generated from the usage control data 166a.
The usage control data 166a, 166b, 166c
In the AV devices 160 ₄ , 160 ₂ , and 160 ₃
Each of them is encrypted using the unique recording key data S _STR and the media key data K _MED unique to the recording medium (medium), and is recorded on the recording medium. In this embodiment,
The user does not pay for the ownership of the content data C, but pays for the usage right. Copying of content data is equivalent to promotion of the content, and is an act that meets the request of the right holder of the content data from the viewpoint of expanding the market.

[0180] <purchase mode determination processing of the content data of the ROM type recording medium> As shown in FIG. 42, the recording medium 130 ₁ of ROM type purchase mode of the content shown in FIG. 11 undetermined user home network 303 when receiving the distribution offline 43 and the flow of processing when determining the purchase mode in the AV apparatus 160 ₂ 44
This will be described with reference to FIG. FIG. 44 is a flowchart of the process. Step S44-1: the AV apparatus 160 ₂ SAM 105
_2, first, ROM type medium recording medium 130 ₁ shown in the mutual authentication unit 170 and 11 shown in FIG. 43 SAM13
3 after performing mutual authentication with the media SAM 13
3 to input the media key data K _MED . Note that SA
M105 ₂ is, when the advance holds the media key data K _MED is may not be performed the input.

[0181] Step S44-2: 3 stored in the secure container 104 stored in the secure RAM region 132 of the recording medium 130 ₁ of ROM type (B),
(C) Key file KF and its signature data S
The media drive SAM stores the IG _{7, CP} , the public key certificate data CER _CP and its signature data SIG _{1, ESC.}
The data is input via the management unit 855 and written into the working memory 200.

Step S44-3: After confirming the validity of the signature data SIG1 _{, ESC in} the signature processing unit 189, the public key data K is obtained from the public key certificate data CER _CP.
CP, remove the _P, the public key data K _CP, using the _P, validity of the signature data SIG 7, _CP, that is key file K
The validity of the sender of F is verified. Also, the signature processing unit 18
9, the validity of the signature data SIG _{K1, ESC} stored in the key file KF, that is, the key file K using the public key data K _{ESC, P} read from the storage unit 192.
The validity of the creator of F is verified.

Step S44-4: When the validity of the signature data SIG _{7, CP} , SIG _{K1, ESC} is confirmed in the signature processing section 189, the key file KF is read from the working memory 200 to the encryption / decryption section 172. . Next, encryption
In the decoding unit 172, by using the license key data KD ₁ ~KD ₃ corresponding period, the key file KF in the stored content key data Kc, usage control policy data 106 and the SAM program download containers SDC
After decoding _{1 to} SDC ₃ , the data is written to the working memory 200.

Step S44-5: Mutual authentication unit 170 shown in FIG. 43 and AV compression / decompression SAM 16 shown in FIG.
After the mutual authentication with the 3, SAM 105 ₂ of the A
The V compression / expansion SAM management unit 184
00 semi-disclosure parameter data stored in the content key data Kc and the usage control policy data 106 stored in the 199, and the content data C stored in the content file CF read from the recording medium 130 ₁ ROM area 131 of the ROM type Is output to the AV compression / decompression SAM 163 shown in FIG. Next, in the AV compression / decompression SAM 163, the content data C is decrypted in the semi-disclosure mode using the content key data Kc, and then decompressed and output to the playback module 270. Then, in the playback module 270, the content data C from the AV compression / decompression SAM 163 is played back.

Step S44-6: FIG. 42 by user
The purchase mode of the content is determined by the purchase operation of the purchase mode determination operation unit 165 shown in FIG.

Step S44-7: Charge processing section 187
Creates the usage control data 166 according to the operation signal S165 and writes it in the working memory 200. Step S44-8: Encrypt / Restore from Working Memory 200
The content key data Kc and the usage control data 166 are output to the decryption unit 173. Encryption / decryption unit 173
Uses the recording key data K _STR , the media key data K _MED, and the purchaser key data K _PIN read from the storage unit 192 to sequentially convert the content key data Kc and the usage control data 166 input from the working memory 200. The data is encrypted and written into the working memory 200.

Step S44-9: The media SAM management unit 197 reads the encrypted content key data Kc and usage control data 166 read from the work memory 200,
Key file KF ₁ shown in FIG. 37 (C) is generated using containers SDC ₁ ~SDC _3. In the signature processing unit 189, the key file KF shown in FIG.
The hash value H _{K1 of 1} is generated, and the hash value H _K1 is output to the media drive SAM management unit 855.

Step S44-10: After performing mutual authentication between the mutual authentication unit 170 shown in FIG. 43 and the media SAM 133 shown in FIG. 42, the media drive SAM
The management unit 855 writes the key file KF ₁ and the hash value H _K1 to the secure RAM area 132 of the ROM-type recording medium 130 ₁ via the media drive SAM 260 shown in FIG. Thus, the recording medium 130 ₁ of ROM type purchase mode is determined is obtained. At this time,
The usage control data 166 and the usage history data 108 generated by the charging processing unit 187 are transmitted to the EMD service center 102 read from the working memory 200 and the external memory 201 at predetermined timing. The medium SA of the ROM type recording medium 130 ₁
When the key file KF is stored in the M133, as shown by a dotted line in FIG.
5 ₂ to enter the key file KF from the media SAM133. In this case, the SAM 105 ₂ writes the created key file KF ₁ to the media SAM 133.

[0189] <After determining the purchase mode of the content data of the ROM type storage medium, the processing of writing into the RAM type storage medium> or less, as shown in FIG. 45, the purchase form undetermined in the AV apparatus 160 ₃ ROM type from the recording medium 130 ₁ reads the secure container 104 to produce a new secure container 104y, this is transferred to the AV apparatus 160 ₂ determines the purchase mode in the AV apparatus 160 ₂ RAM type recording medium the flow of processing when writing to 130 ₅ 46, 47, will be described with reference to FIG. 48. Incidentally, RA from the recording medium 130 ₁ of ROM type
Secure container 104y to the recording medium 130 ₅ of the M-type
Transfer may be performed between any of the network devices 160 ₁ and AV apparatuses 160 ₁ to 160 ₄ shown in FIG. FIG. 48 is a flowchart of the process.

[0190] Step S48-1: SAM105 ₃ is,
Verify the SAM registration list, verify whether the SAM to SAM 105 ₂ of the destination of the secure container is regularly registered, the processing in step S48-2 after when determining that is regularly registered I do. Also, SAM
105 _3, SAM 105 ₂ is carried out also verified whether a SAM in the home network. Step S48-2: SAM105 ₃ and SAM105 _2
Are mutually authenticated with the session key data K _SES
Is shared.

[0191] Step S48-3: performs mutual authentication with the AV apparatus 160 ₃ SAM 105 ₃ and ROM type recording medium 130 ₁ of media SAM 133, the media key data K _MED1 of the recording medium 130 ₁ of ROM type SAM10
5. Transfer to ₃ . The recording medium 130 ₁ media SA of ROM type encryption using the media key data K _MED1
In the case of M133, the media key data K
_MED1 is not transferred.

[0192] Step S48-4: performs mutual authentication with the AV apparatus 160 ₂ in the SAM 105 ₂ and RAM type media recording medium 130 ₅ of SAM 133, the media key data K _MED2 of the recording medium 130 ₅ of RAM type SAM10
5 ₂ To transfer. Incidentally, the media SA of the recording medium 130 ₅ of RAM type encryption using the media key data K _MED2
In the case of M133, the media key data K
_MED2 is not transferred.

[0193] Step S48-5: SAM105 ₃ is,
As shown in FIG. 46, through the media drive SAM management unit 855, ROM-type recording medium 130 ₁ of ROM
The content file CF and its signature data SIG6 _{, CP} are read from the area 131, and are read out by the SAM management unit 19.
0, and the signature processing unit 189 uses the secret key data K _{SAM3, S}
Create _{350, SAM3} .

[0194] Step S48-6: SAM105 ₃ is,
As shown in FIG. 46, through the media drive SAM management unit 855 reads the key file KF and the signature data SIG _{7, CP} from the secure RAM region 132 of the recording medium 130 ₁ of ROM type, which SAM management unit 1
90, and the signature processing section 189 uses the secret key data K _{SAM3, S}
G _{352, SAM3} is created.

[0195] Step S48-7: In SAM105 _3, the public key certificate data CER _SAM3 and the signature data SIG from the storage unit 192 to the SAM management unit 190
_{351, ESC} is read.

[0196] Step S48-8: the SAM 105 ₃ of example SAM management unit 190, secure container 104y shown in FIG. 47 is generated.

[0197] Step S48-9: SAM105 in the encryption and decryption section 171 of the _3, using the session key data K _SES obtained in step S48-2, the secure container 104y is encrypted via the SAM management unit 190 is output to the SAM 105 ₂ of the AV apparatus 160 _2.

[0198] Step S48-10: The SAM 105 _2, as shown in FIG. 50, the session key in the encryption and decryption unit 171 secure container 104y is shown in Figure 47 input from the SAM 105 ₃ via the SAM management unit 190 data K _Decoded using _SES . Then, the key file K in the decrypted secure container 104y
F and its signature data SIG7 _{, CP} , SIG
_{350, SAM3} , public key certificate data CER _SAM3 and its signature data SIG _{351, ESC} , and public key certificate data CE
R _cp and its signature data SIG _{1 and ESC} are written to the working memory 200.

[0199] Step S48-12: SAM105 in ₂ of the signature processing unit 189, secure container 104y
Signature data SIG _{6, CP} , SIG _{350, SAM3 stored in the}
, That is, the creator and sender of the content file CF. Step S48-13: After the creator and the transmitter of the content file CF is confirmed to be valid, the content file CF in the RAM region 134 of the recording medium 130 ₅ of RAM type via the media drive SAM manager 855 Written.

Step S48-14: Signature processing unit 189
In, signature data SIG _{351, ECS} is verified by signature,
After the validity of the public key certificate data CER _SAM3 is confirmed, the public key certificate public key stored in the data CER _SAM3 data K _SAM3 and the public key data K _ESC, with _P, the signature data SIG 7, _CP , _{SIG352, SAM3, SIGK1} , _ESC , that is, the creator and sender of the key file KF are confirmed.

Step S48-15: Key file KF
When the validity of the creator and the sender of the key file is confirmed, the key file KF is read from the working memory 200 and output to the encryption / decryption unit 172. After being decoded using _{1 to} KD ₃ , it is written back to the working memory 200.

Step S48-16: Working memory 20
The right certificate data 106 stored in the key file KF already decrypted and stored in the key file KF is output to the use monitoring unit 186. Then, the usage monitoring unit 186 manages (monitors) the content purchase mode and the usage mode based on the rights document data 106.

Step S48-17: FIG. 3 by the user
The purchase / use form of the content is determined by operating the purchase / use form determination operation unit 165 shown in FIG. 8, and an operation signal S165 according to the determination is output to the billing processing unit 187. Step S48-18: The billing processing unit 187 uses the use control data 166 according to the determined purchase / use form.
And usage history data 108 are generated and written to the working memory 200 and the external memory 201, respectively. Usage control data 166 and usage history data 1
08 is the EMD service center 1 at a predetermined timing.
02.

Step S48-19: The content key data Kc and the usage control data 166 are stored in the work memory 2
00 to the encryption / decryption unit 173,
The decryption unit 173 _encrypts the recording key data K _STR , the media key data K _MED2, and the purchaser key data K _PIN read out from the storage unit 192 in that order, and sequentially encrypts them.
It is output to the AM management unit 197. The working memory 2
From 00, the key file KF is output to the media SAM management unit 197.

[0205] Step S48-20: In the media SAM management unit 197, creates a key file KF ₁ shown in FIG. 34 (C), the key file KF ₁ is media SA
Through M managing unit 197 is written to the media SAM133 recording medium 130 ₅ of RAM type. In addition, the key file KF is stored in the RA through the media SAM management unit 197.
It is written to the media SAM133 of M-type recording medium 130 _5.

Hereinafter, a method of implementing the SAMs 105 _{1 to} 105 ₄ will be described. When the functions of the SAMs 105 _{1 to} 105 ₄ are realized as hardware, an ASIC-type CPU having a built-in memory is used, and the memory is configured as shown in FIG.
2. Highly confidential data such as a security function module for realizing each function shown in FIG. 2, a program module for performing content right processing, and key data are stored. A series of rights processing program modules such as a cryptographic library module (public key cryptography, common key cryptography, random number generator, hash function), a content usage control program module, and a billing processing program module are, for example, software Implemented as

For example, the encryption / decryption unit 17 shown in FIG.
For example, the module such as 1 is implemented as hardware as an IP core in an ASIC-type CPU due to a problem of processing speed. Depending on the performance such as the clock speed and the CPU code system, the encryption / decryption unit 171 may be implemented as software. The storage unit 192 shown in FIG.
For example, a nonvolatile memory (flash-ROM) is used as a memory for storing program modules and data for realizing the functions shown in FIG. 22, and a high-speed writable memory such as an SRAM is used as a working memory. Used. In addition, SAM
A ferroelectric memory (FeRAM) may be used as a memory built in 105 _{1 to} 105 ₄ . Also, SA
M105 to _{1-105 4,} the other, a clock function to be used to verify the date and time, such as at the expiration date and the contract period for the use of content is being built.

As described above, the SAMs 105 _{1 to} 105
₄ has a tamper-resistant structure that shields program modules, data and processing contents from the outside. S
AM105 ₁ ~105 ₄ a equipped with the equipment of the host CPU
Via the bus, the contents of highly confidential programs and data stored in the memory inside the IC of the SAM, and the SAM system configuration (System
Configuration) related registers and cryptographic library and clock registers should not be read or newly written, i.e., exist in the address space allocated by the host CPU of the mounted device. In order to avoid this, the SAM uses an MMU (Memory Magagement Unit) that manages the memory space on the CPU side, and sets an address space invisible to the host CPU on the mounted device side. The SAMs 105 _{1 to} 105 ₄ are
It has a structure that can withstand external physical attacks such as X-rays and heat, and has a debugging tool (hardware IC
E, software ICE, etc., even if real-time debugging (reverse engineering) is performed, the processing contents are not known, or the debugging tool itself has a structure that cannot be used after IC manufacturing. . Each of the SAMs 105 _{1 to} 105 ₄ has a hardware-like structure, which is a normal AS with a built-in memory.
Although it is an IC-type CPU, its function depends on software for operating the CPU, but differs from a general ASIC-type CPU in having an encryption function and a tamper-resistant hardware structure.

When all the functions of the SAMs 105 _{1 to} 105 ₄ are implemented by software, the SAM 1051 is closed inside a tamper-resistant module to perform software processing. In some cases, the software processing is performed in such a manner that decoding cannot be performed only during the processing. The former is the same as the case where the cryptographic library module is stored in the memory as a normal software module instead of the IP core, and can be considered in the same way as the case where it is realized as hardware. On the other hand, the latter is called tamper-resistant software, and it is called ICE (debugger).
Even if the execution status is deciphered, the execution order of the tasks may vary (in this case, the task may be separated so that the task alone has a meaning as a program, that is, the previous and next lines are not affected). The task itself is encrypted, and can be realized in the same manner as a task scheduler (MiniOS) for a kind of secure processing. The task scheduler is embedded in the target program.

Next, the SA for AV compression / decompression shown in FIG.
M163 will be described. As shown in FIG.
The compression / decompression SAM 163 includes a mutual authentication unit 220, a decryption unit 221, a decryption unit 222, a decompression unit 223, a digital watermark information processing unit 224, and a semi-disclosure processing unit 225. The mutual authentication unit 220 determines that the SAM 163 for AV compression /
From AM105 ₁ when inputting the data, and generates the session key data K _SES performs mutual authentication with the mutual authentication unit 170 shown in FIG. 23.

[0211] decoding unit 221, SAM 105 ₁ content key data Kc input from the semi disclosure parameter data 199, data 196 and the content data C for the user digital watermark information is decrypted by using the session key data K _SES. The decryption unit 221 then decrypts the decrypted content key data Kc and content data C
22 and outputs the decrypted user digital watermark information data 196 to the digital watermark information processing unit 224, and outputs the semi-disclosed parameter data 199 to the semi-disclosed processing unit 225.

[0212] Under the control of the semi-disclosure processing unit 225, the decryption unit 222 uses the content key data Kc to
The content data C is decrypted in a semi-disclosed state, and the decrypted content data C is output to the decompression unit 223.

[0213] The decompression unit 223 decompresses the decrypted content data C and outputs it to the digital watermark information processing unit 224. The decompression unit 223 performs decompression processing using A / V decompression software stored in the content file CF shown in FIG. 3A, for example, and performs decompression processing using the ATRAC3 method.

The digital watermark information processing section 224 embeds the user digital watermark information corresponding to the decrypted user digital watermark information data 196 in the decrypted content data C, and generates new content data C. The digital watermark information processing unit 224 outputs the new content data C to the playback module 169. As described above, the user digital watermark information is embedded in the AV compression / decompression SAM 163 when the content data C is reproduced. In the present invention, the user digital watermark information data 196 may not be embedded in the content data C.

[0215] The semi-disclosure processing unit 225, based on the semi-disclosure parameter data 199, for example, stores the content data C
Instruct the decoding unit 222 which block is not to be decoded and which block is to be decoded. The semi-disclosure processing unit 22
In addition, the control unit 5 controls the reproduction function at the time of the trial listening and the period during which the trial listening can be performed based on the semi-disclosed parameter data 199.

[0216] The reproduction module 169 performs reproduction in accordance with the decrypted and decompressed content data C.

Next, the content provider 101, EM
A description will be given of a data format when transmitting and receiving data with signature data generated using private key data and public key certificate data between the D service center 102 and the user home network 103. FIG.
(A) shows that the content provider 101 sends the SAM 10
5 ₁ is a diagram for explaining the data format when transmitting the data Data in-band method. In this case, the content provider 101 sends the SAM1
05 _1, a content provider 101 SAM105
Session key data K obtained by the mutual authentication between the _1
The module Mod ₅₀ encrypted by the _SES is transmitted. The module Mod ₅₀ stores the module Mod ₅₁ and its signature data SIG _CP using the secret key data K _{CP, S.} The module Mod ₅₁ includes public key certificate data CER _CP storing the secret key data K _{CP, P} of the content provider 101, and signature data of the public key certificate data CER _CP by the secret key data K _{ESC, S.} SIG
_ESC and data to be transmitted are stored.
By transmitting the module Mod ₅₀ storing the public key certificate data CER _CP from the content provider 101 to the SAM 105 ₁ in this manner, when the SAM 105 ₁ verifies the signature data SIG _CP , the EMD service center 102 SAM105 need to send a public key certificate data CER _CP to ₁ is eliminated.

[0218] FIG. 51 (B), (C) are diagrams for explaining the data format when transmitting out-of-band method data Data from the content provider 101 to the SAM 105 _1. In this case, the module Mod ₅₂ shown in FIG. _51B encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the SAM 105 ₁ is transmitted from the content provider 101 to the SAM 105 ₁ . You.
The module Mod ₅₂ includes data Data to be transmitted,
The signature data SIG _CP based on the secret key data K _{CP , S} is stored. Also, the module Mod ₅₃ shown in FIG. _51C encrypted with the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the SAM 105 ₁ is transmitted from the EMD service center 102 to the SAM 105 ₁ . You. The module Mod ₅₃ stores public key certificate data CER _CP of the content provider 101 and signature data SIG _ESC using the secret key data K _{ESC, S.}

[0219] Figure 51 (D) are diagrams for explaining the data format when transmitting in-band method data Data to the content provider 101 from SAM 105 _1. In this case, the SAM 105 ₁ sends the content provider 101
01 and a module Mod encrypted with session key data K _SES obtained by mutual authentication between SAM 105 ₁ and SAM 105 _1
54 is sent. The module Mod ₅₄ stores the module Mod ₅₅ and signature data SIG _{SAM1 of the} secret key data K _{SAM1, S} of the module Mod ₅₅ . Module Mod _55
Includes public key certificate data CER _SAM1 storing the private key data K _{SAM1 and P} of the SAM 105 ₁ , signature data SIG _ESC with the private key data K _{ESC, S} for the public key certificate data CER _SAM1 , Data to be transmitted is stored. Thus, the public key certificate data CER
_The module Mod ₅₅ storing the _SAM1 is transferred to the SAM 105 ₁
Transmitted to the content provider 101, the content provider 101 sends the signature data SIG
When verifying _SAM1 , the EMD service center 102
_{Does not} need to transmit the public key certificate data CER _SAM1 to the content provider 101.

FIGS. 51E and 51F show the SAM 105 _1.
Is a diagram for describing a data format when data is transmitted from a to a content provider 101 in an out-of-band system. FIG. In this case, SA
The content provider 101 from M105 _1, module Mod ₅₆ shown in FIG. 51 (E) encrypted by the session key data K _SES obtained by the mutual authentication between the content provider 101 and SAM 105 ₁ is transmitted.
The module Mod ₅₆ includes data Data to be transmitted and
Signature data SIG _SAM1 using the secret key data K _{SAM1, S}
And are stored. In addition, the EMD service center 10
2 to the content provider 101, the module Mod ₅₇ shown in FIG. 51 (F) encrypted with the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the content provider 101 is transmitted. The module Mod ₅₇ includes the public key certificate data CER _SAM1 of the SAM 105 ₁ and its private key data K
_The signature data SIG _ESC by _{ESC, S} is stored.

FIG. 52 (G) shows the content provider 1
01 to the EMD service center 102
FIG. 3 is a diagram for explaining a data format when is transmitted in an in-band system. In this case, from the content provider 101 to the EMD service center 102
Then, the module Mod ₅₈ encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the EMD service center 102 is transmitted. The module Mod ₅₈ stores the module Mod ₅₉ and the signature data SIG _CP using the secret key data K _{CP, S} thereof. The module Mod ₅₉ includes public key certificate data CER _CP storing secret key data K _{CP, P} of the content provider 101 and public key certificate data CER _CP.
Signature data S with secret key data K _{ESC, S} for _CP
IG _ESC and data to be transmitted are stored.

FIG. 52H shows the contents provider 1
01 to the EMD service center 102
FIG. 4 is a diagram for explaining a data format when is transmitted in an out-of-band system. In this case,
The module Mod ₆₀ shown in FIG. _52H encrypted by the session key data K _SES obtained by the mutual authentication between the content provider 101 and the EMD service center 102 is transmitted from the content provider 101 to the EMD service center 102. . The module Mod ₆₀ includes the data Data to be transmitted and the secret key data K
_The signature data SIG _CP by _{CP and S} is stored. At this time, the public key certificate data CER _CP of the content provider 101 has already been registered in the EMD service center 102.

[0223] FIG. 52 (I) is, EM from SAM105 ₁
FIG. 3 is a diagram for explaining a data format when data Data is transmitted to a D service center 102 by an in-band method. In this case, SAM 105 ₁ through E
The MD service center 102 has the EMD service center 1
02 and the module Mod encrypted with the session key data K _SES obtained by mutual authentication between the SAM 105 ₁ and the SAM 105 _1
61 is sent. The module Mod ₆₁ stores the module Mod ₆₂ and its signature data SIG _SAM1 using the secret key data K _{SAM1, S.} Module Mod _62
Includes public key certificate data CER _SAM1 storing the private key data K _{SAM1 and P} of the SAM 105 ₁ , signature data SIG _ESC with the private key data K _{ESC, S} for the public key certificate data CER _SAM1 , Data to be transmitted is stored.

[0224] FIG. 52 (J) is, EM from SAM105 ₁
FIG. 4 is a diagram for explaining a data format when data Data is transmitted to a D service center 102 by an out-of-band method. In this case, the SAM 105
₁ to the EMD service center 102 using the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the SAM 105 ₁ .
The module Mod ₆₃ shown in (J) is transmitted. The module Mod ₆₃ stores data Data to be transmitted and signature data SIG _SAM1 based on the secret key data K _{SAM1, S.} At this time, the EMD service center 102
_Has already registered the public key certificate data CER _SAM1 of the SAM 105 ₁ .

[0225] The process of registering the SAMs 105 _{1 to} 105 _{4 with} the EMD service center 102 at the time of shipment will be described below. Since the registration processing of the SAMs 105 _{1 to} 105 ₄ is the same, the registration processing of the SAM 105 ₁ will be described below. When the SAM 105 ₁ is shipped,
The key server 141 of the D service center 102
The storage unit 1 shown in FIG. 23 and the like via the AM management unit 149
The following key data is initially registered in 92. Also, S
In the AM 105 ₁ , for example, a program used when the SAM 105 ₁ accesses the EMD service center 102 for the first time is stored in the storage unit 192 at the time of shipment. That is, in the storage unit 192, for example, FIG.
7, the SAM 105 ₁ with “*” attached to the left side
Identifier SAM_ID, recording key data K _STR, public key of the root certificate authority 2 data K _R-CA, the public key data K _ESC of the EMD service center 102, P, SAM105 ₁ secret key data K _{SAM1, S,} public key Certificate data CER _SAM1 and its signature data SIG _{22, ESC} , SA for AV compression / decompression
Original key data for generating authentication key data between M163 and the media SAM is stored by initial registration.
Note that the public key certificate data CER _SAM1 is
When registering ₁ after shipment, the EMD service center 102
It may be transmitted to the SAM105 ₁ from.

The storage unit 192 stores the SAM 105 ₁
At the time of shipment, the EMD service center 102 writes a file reader indicating the format in which the content file CF and the key file KF shown in FIG. The SAM 105 ₁ uses a file reader stored in the storage unit 192 when using data stored in the content file CF and the key file KF.

Here, the public key data K of the root certificate authority 2
_R-CA uses RSA, which is generally used in electronic commerce on the Internet, and has a data length of, for example, 10
24 bits. The public key data K _R-CA is issued by the root certificate authority 2 shown in FIG. The public key data K _{ESC, P} of the EMD service center 102 is generated using an elliptic curve cryptosystem having a short data length and a strength equal to or greater than that of RSA.
Is a bit. However, considering the strength of encryption, it is desirable that the public key data K _{ESC, P} has 192 bits or more. Further, the EMD service center 102 registers the public key data K _{ESC, P} in the root certificate authority 92. Further, the root certificate authority 92 creates public key certificate data CER _ESC of the public key data K _{ESC, P.} Public key data K _{ESC, P}
Public key certificate data CER _ESC storing the are preferably stored in the storage unit 192 at the time of shipment of the SAM 105 _1. In this case, the public key certificate data CER _ESC is signed with the private key data K _{ROOT, S} of the root certificate authority 92.

[0228] EMD service center 102 generates a random number SAM 105 ₁ of the secret key data K _{SAM1, S,} generates, generates the public key data K _{SAM1, P} to be this pair. Further, the EMD service center 102 receives the authentication of the root certificate authority 92, issues the public key certificate data CER _SAM1 of the public key data K _{SAM1, P ,} and uses its own private key data K _{ESC, S} for this. Attach signature data. That is, the EMD service center 102 establishes the second CA
(Certificate authority).

The SAM 105 ₁ is assigned by the EMD service center 102 a unique identifier SAM_ID under the control of the EMD service center 102, which is stored in the storage unit 192 of the SAM 105 ₁ and It is managed by the service center 102.

After shipment, the SAM 105 ₁ is connected to the EMD service center 102 by a user, for example, to perform a registration procedure, and to perform the registration procedure.
02 to the storage unit 192, the license key data KD _{1 to} KD
D ₃ is transferred. In other words, the user using the SAM 105 ₁ needs to perform the EMD before downloading the content.
A registration procedure is required for the service center 102. This registration procedure is performed, for example, by using the registration sheet attached when purchasing the device (in this example, the network device 160 ₁ ) on which the SAM 105 ₁ is mounted, by the user to identify himself / herself (user , The name, address, contact information, gender, settlement account, login name, password, etc.) are described, for example, by offline mail or the like. SAM1
05 _1, can not be used only after passing through the registration process described above.

[0231] The EMD service center 102 is
05 in accordance with the registration procedure according to _one of the user, by issuing a unique identifier USER_ID to the user, for example, SAM_I
The correspondence between D and USER_ID is managed and used at the time of charging. In addition, the EMD service center 102 uses the SAM
₁ of the identifier ID information reference to the user 105 assigns a password to be used for the first time, notifies the user. The user can use the information reference identifier ID and the password to make an inquiry to the EMD service center 102 for information on, for example, the usage status (usage history) of the content data up to the present. Also, E
When a user is registered, the MD service center 102 checks his / her identity with a credit card company or the like, or checks his / her identity offline.

Next, as shown in FIG.
A procedure for storing the SAM registration list in the storage unit 192 in ₁ will be described. The SAM 105 ₁ shown in FIG. 1 is a topology generated when, for example, an IEEE 1394 serial bus is used as the bus 191, a power supply of a device connected to the bus 191 is turned on, or a new device is connected to the bus 191. using the map, get the SAM105 ₂ ~SAM105 ₄ of the SAM registration list that exists in your system. The topology map generated according to the bus 191 which is an IEEE 1394 serial bus is as follows.
For example, as shown in FIG.
5 ₁ when to 105 ₄ in addition AV equipment 160 _5, 160 ₆ SCMS processing circuits 105 _5, 105 ₆ are connected, generates a target SAM 105 ₁ to 105 ₄ and SCMS processing circuits 105 _5, 105 ₆ Is done. Therefore, the SAM 105 ₁ obtains S
The information about the AMs 105 _{1 to} 105 ₄ is extracted and FIG.
The SAM registration list shown in FIG.

[0233] Then, SAM 105 ₁ is a SAM registration list shown in FIG. 54, to obtain a signature registered in the EMD service center 102. These processes, SAM105 ₁ is automatically performed by using a session of the bus 191, EM
It issues a SAM registration list registration command to the D service center 102. The EMD service center 102 uses the SAM1
Upon receipt of the SAM registration list shown in FIG. 54 from 05 _1,
Check the expiration date. And the EMD service center 1
02, the setting of the portion corresponding with reference to the presence or absence of a given settlement function than SAM105 ₁ at the time of registration. Also,
The EMD service center 102 stores in FIG.
Check revocation list CRL shown in 5 and S
Set the revocation flag in the AM registration list.
The revocation list is, for example, a list of SAMs whose use is prohibited (invalid) by the EMD service center 102 due to unauthorized use or the like. When each SAM communicates with another SAM, if the SAM of the communication partner is invalidated by the revocation list, the SAM stops communication with the SAM of the communication partner. Also, EMD
At the time of settlement, the service center 102 extracts the SAM registration list corresponding to the SAM 105 ₁ and checks whether the SAM described therein is included in the revocation list. Further, the EMD service center 102
Attach a signature to the M registration list. Thus, the SAM registration list shown in FIG. 56 is created. Note that the SAM revocation list is generated only for SAMs of the same system (connected to the same bus 191),
The revocation flag corresponding to the AM indicates whether the SAM is valid or invalid.

It is preferable that the revocation list CRL is automatically updated within the SAM according to, for example, update data broadcast from the EMD service center 102 to the SAM.

Hereinafter, the security function of the SAM will be described. The SAM has DES (Triple DES / AES) of a common key cryptosystem and elliptic curve cryptography (a signature generation / verification EC-D) of a public key cryptosystem as functions related to security.
SA, shared key generation EC-D. H. , Public key encryption EC-El
gamal), a hash function SHA-1 of a compression function, and an IP component of a cryptographic library of a random number generator (true random number). Public key cryptography (elliptic curve cryptography) is used for mutual authentication, signature generation, signature verification, and creation (distribution) of a shared key (session key), and common key cryptography (DES) is used for content encryption and decryption. A compression function (hash function) is used for message authentication during signature generation and verification.

FIG. 57 is a diagram for explaining the security function of the SAM. The security function managed by the SAM includes a security function (1) in the application layer that handles encryption and decryption processing related to the content, and a security function (a physical layer) that performs mutual authentication with a communication partner to secure a secure communication path ( 2). In the EMD system 100, it is assumed that all of the content data C to be distributed is encrypted and a key purchase procedure is performed at the same time as payment. Since the rights certificate data 106 is assumed to be transmitted in the in-band system together with the contents data C, the data is managed by a layer irrelevant to the medium of the network,
It is possible to provide a common right processing system regardless of distribution channels such as terrestrial, cable, wireless, and recording media. Specifically, when the copyright data 106 is inserted into the header of the protocol of the physical layer of the network, even if the data to be inserted is the same, depending on the network to be used, each network must decide where to insert the header. should not.

In this embodiment, the encryption of the content data C and the key file KF means protection at the application layer. Mutual authentication may be performed at the physical layer or the transport layer, or may be performed at the application layer. Incorporating a cryptographic function into the physical layer means incorporating the cryptographic function into the hardware used. Since it is the original purpose of mutual authentication to secure a secure communication path between both transmission and reception, it is desirable that it can be realized at the physical layer, but in actuality it is realized at the transport layer,
There are many mutual authentications at a level that does not depend on the transmission path.

The security functions implemented by the SAM include:
There are mutual authentication for confirming the legitimacy of the communication partner, and encryption and decryption of content data accompanied by accounting processing in the application layer. Mutual authentication between SAMs when performing communication between devices is usually implemented at the application layer level, but may be implemented at another layer such as a transport layer or a physical layer. Mutual authentication implemented on the physical layer is based on 5C1394CP (Content Protecti
on). 1394CP is 1394LINKIC
M6, which is a common key cryptosystem, is mounted on the IsochronousChannel (hardware), and the session key generated as a result of mutual authentication (elliptic curve cryptography, common key cryptography using a hash function) with the Asynchronous Channel is used as the IsochronousChannel.
The data is transferred to the M6 of the onous Channel, and the common key encryption by the M6 is realized.

When mutual authentication between SAMs is implemented on hardware of the physical layer, a session key generated by mutual authentication using public key encryption (elliptic curve encryption) is transmitted to the 1394 LINKIC via the host CPU. The data is transferred to M6, and the content data is encrypted together with the session key generated by the 1394CP. When mutual authentication between SAMs is performed in the application layer, SA
The encryption is performed using a common key encryption library (DES / Triple DES / AES) inside M.

In the present embodiment, for example, mutual authentication between SAMs is implemented in the application layer,
Is implemented in a physical layer (hardware) called 1394LINKIC. In this case, the encryption and decryption of the content data with the billing process is performed in the application layer. However, the application layer can be easily accessed by general users and analyzed indefinitely. In the present embodiment, the accompanying processing is performed inside tamper-resistant hardware that cannot monitor (monitor) any processing contents from outside. This is the most important reason for realizing the SAM with hardware having a tamper-resistant structure. When the accounting process is performed in the host CPU, tamper-resistant software is mounted on the CPU.

FIG. 58 is executed when the content data C stored in the secure container 104 transmitted from the content provider 101 to the network device 160 ₁ is written to a recording medium in the AV device (storage device) 160 ₁ . , Content provider 1
It is a diagram for explaining the security function in 01 and SAM 105 _1. Content provider 101
The content data C in the secure container 104 transmitted from the content provider 101 to the network device 160 ₁ is content key data Kc managed by the content provider 101.
Is encrypted. The content key data Kc and the license data 106 are encrypted with license key data KD managed by the EMD service center 102. In the example shown in FIG. 58, the secure container 104, are encapsulated in the network physical layer protocol, it is downloaded to the network device 160 ₁ client. In the process, the content providers 101 and S
AM105 generates a random number in _1, perform mutual authentication in combination with public key cryptography and common key cryptography. Then, the network device 160 _1, the secure container 104 downloaded and recorded in the medium. At this time, the purchase mode is determined, the content key data Kc and the rights certificate data 106 are encrypted using the license key data KD and then recorded on the medium, and the usage control data 166 is stored in the media key data K _MED and the recording key. The data is recorded on a medium after being encrypted using the data _KSTR .

FIG. 59A shows a commonly used OSI.
FIG. 59B is a diagram for explaining communication performed in each layer (layer) on the transmission side and the reception side in the reference model.
58 is a diagram for explaining in detail a protection function at the time of communication between the content provider 101 and the network device 160 ₁ (SAM 105 ₁ ) shown in FIG. 58. Figure 59
As shown in (A), in the OSI reference model, the physical layer, the data link layer, the transport layer,..., The socket layer, and the application layer are constructed in order from the bottom on the transmission side and the reception side, and Data is exchanged between the layers. Further, the content provider 101 and the network device 160 ₁ (SAM 105
Communication with ₁ ) is performed based on the hierarchical structure shown in FIG. In the example shown in FIG. 23 and / or X. 25, etc., IP and the like are used as a transport layer, Socket (API) is used as a socket layer, and http, XML /
SMIL / HTML or the like is used, and each layer has its own security function.

Here, protection on the transmission path is performed in the physical layer, and data relating to an application transmitting the transmission path can be protected. The protection at the physical layer is based on the implementation of a protection function in hardware. Protection at the transport layer does not depend on the transmission path, but is performed on data relating to all applications using the transport protocol. The protection at the socket layer is
This is performed for all data related to the application using the socket. Although protection at the application layer can protect data for all applications, there is a high possibility of analysis and tampering by general users.

There are at least two programs in the processing via the network. One is a program that runs on a local platform and is operated by the user. The other is a program (application) that provides a service, which runs on a (remote) platform at the other end of the network. As shown in FIGS. 59 (A) and (B), each layer communicates with elements above and below each other, so that communication becomes possible as a result. The information passed to and from the lower element can be viewed as directly interacting with the corresponding level element. That is, it appears that the transmitting physical layer is communicating with the receiving physical layer and the transmitting application is communicating with the receiving application.

In order to protect information between transmission and reception, as shown in FIGS. 59A and 59B, a mechanism for protecting between directly exchanged layers may be made. This means that encrypting information at a certain layer on the transmitting side cannot be decrypted without a corresponding layer on the receiving side.
In that case, encryption and protection are performed in each of the application layer, the transport layer, the data link layer,..., And the physical layer. Protection at the physical layer is protection at the hardware level. In a network, the part that depends on the hardware of the transmission path is encrypted. In the package, a part entangled with a hardware unit related to a recording medium is encrypted. Since the data link layer (MAC layer) is a layer that is relatively dependent on the physical layer, it is included in the category of protection in the physical layer. Transport layer is TCP / IP IP
Provides packet-level protection. This is famous for IP Sec which is a protection function for IP packets. In this method, if the other party also has the same mechanism (IP Sec),
All information contained in the packet can be protected. However, processing at the packet level requires kernel rebuilding. For protection at the socket level, for example, SS
L (Secure Socket Layer) is used. Socket AP
I is a kind of API for writing using this socket when writing TCP / IP related application software.
At the layer, protection at this level means that all applications that use the socket can be protected. Conversely, applications that do not use the socket cannot be protected. Finally, application-level protection is a method of protecting data inside an application. If this is used, all applications can be protected without depending on the transmission path.

A program protected at the application level is frequently used because it is not necessary to reconstruct a kernel and a system can be easily constructed. Then, if the data is all encrypted at the application layer, it seems easy and no problem, but the application layer is the only layer that can be operated by general users, and there is a chance that a hacker (decryption) can be performed indefinitely. Conversely, encryption that depends on the kernel or hardware
This is a part that cannot be operated by general users, and encryption depending on this part is very strong. Encryption at the layer that depends on the kernel and hardware cannot be established between transmission and reception unless both systems support the encryption.

FIG. 60 shows the network device 160 ₁ (SAM 105 ₁ ) and the AV device 160 ₂ (SA) shown in FIG.
FIG. 10 is a diagram for describing in detail a protection function at the time of communication with M105 ₂ ). As shown in FIG.
In O ₂ (SAM105 ₂ ), a sector and a file system are used as a physical layer, IP is used as a transport layer, and home network middleware such as HAVi is used between the transport layer and the application layer. Here, the communication data of all the layers from the physical layer (sector) to the application layer is stored in the media key data K when being recorded on the recording medium.
The communication data of all layers from the file system to the application layer is protected by being encrypted by using the _MED , and the recording key data K is used when recorded on the recording medium.
It is encrypted and protected using _STR .

[0248] The content data network device 160 ₁ receives, in case of recording on a recording medium (media) in the AV apparatus 160 _2, it is necessary to secure the physical layer that the hardware and the recording medium.
In order to realize security protection in such physical layer, in the present embodiment, it defines the key data for recording key data K _STR and the media key data K 2 types of _MED. The recording key data _KSTR may be encrypted in any layer from the application layer to the transport layer excluding the sector-level physical layer with a key defined for each type of device. Recording key data K _STR is stored in the SAM, encryption and decryption using the recording key data K _STR within SAM is performed.

The media key data K _MED is a key defined for each recording medium, and is defined and recorded for each recording medium. Encryption using the media key data K _MED may be performed at any layer, but since it is a key that requires protection at the physical layer level of the recording medium, it should be implemented in a part that depends on the physical layer of the recording medium. Better. For example,
Media SAM for encrypting and decrypting on recording medium
It is desirable to perform encryption and decryption in the media SAM. Alternatively, encryption and decryption may be performed by mounting as hardware in a signal processing portion related to the physical layer of the recording medium on the device side and transferring the media key data from the recording medium (necessary mutual authentication). Good. In order to perform encryption and decryption in a portion that does not depend on the physical layer of the recording medium, mutual authentication is performed with the SAM, and the media key data K _SES is generated using the generated session key data K _{SES.
The MED} may be encrypted and transferred to the SAM on the device side, where encryption and decryption may be performed. This means that the definition of the key alone protects the physical layer level on the media.

FIG. 61 shows, for example, the AV equipment 1 shown in FIG.
60 of ROM type shown in FIG. 11 in the _second recording medium 130
₁ reproduces the content data C from transmits the content data the reproduced AV apparatus 160 ₃ via the bus 191, RAM shown in FIG. 14 in the AV apparatus 160 ₃
It is a diagram for explaining the security process of recording the type recording medium 130 _4. (A) shown below
(M) indicates the procedure of the process, and corresponds to the reference numerals shown in FIG.

[0251] (A): the reproduction side of the AV equipment 160 ₂ and RO
Mutual authentication is performed with the medium SAM 133 ₁ of the M-type recording medium 130 ₁ . (B): performs mutual authentication with the recording side of the AV apparatus 160 ₃ and the recording medium 130 ₄ media SAM 133 ₄ of RAM type. Mutual authentication between Media-SAM and SAM. (C), (D): AV equipment 160 ₂ and the AV equipment 160 ₃
And mutual authentication (device-to-device authentication) using the function of the 1394 serial bus, and the session key data K
Share _SES . (E), (F): the (A), by using the authentication result (B), perform mutual authentication (End-to End authentication) between the SAM 105 ₂ and the SAM 105 _3, the session key is shared

(G): The content file CF and the key file KF read from the ROM area 131 by the media SAM 133 ₁ or SAM 105 ₂
Is decrypted (unlocked) using the media key data K _MED2 . (H): The SAM 105 ₂ converts the content file CF and the key file KF into the recording key data K _STR2.
Is decoded using (I): in SAM 105 _2, the reproduction of the content data stored in the content file CF, the rights processing such as signature verification and purchase mode determination processing accompanying the recording is performed. At the time of reproducing the content data C, a decryption process using the content key data Kc is performed. (J): Content file CF and key file K
F is, in the above-mentioned AV apparatus _{160 2 (E), (F} ) and (C), the session key data K generated by (D)
Encrypted using the _SES, it is sent to the AV apparatus 160 ₃ and is decrypted using the same session key data K _SES in the AV apparatus 160 _3.

[0253] (K): SAM105 _{when two} rights processing is not performed, the rights processing is carried out in SAM105 _3. (L): In the SAM 105 _3, the content file CF and the key file KF is, recording key data K _{STR 2}
Is encrypted using (M): SAM105 ₃ or media SAM133
In _4, the content file CF and the key file KF is encrypted using the media key data K _MED, is recorded in the RAM area 134 of the recording medium 130 ₄ of RAM type.

[0254] Hereinafter, will be described with reference to FIG. 62 of an example of a mounting configuration for various SAM of the user home network e.g. network device 160 within the _first 103 shown in FIG. As shown in FIG.
₁ , the host CPU 810 ₁ , SAM 105 ₁ , download memory 167, media drive SAM 26
0, a drive CPU 1003, and a Shock Proof memory 1004 such as a DRAM. Download memory 167 and shockproof memory 10
Part of the storage area 04 is used as a shared memory that can be accessed by both the SAM 105 ₁ and the host CPU 810 ₁ . The download memory 167 is connected to the host CPU bus 1 via a module 1005 having functions of a memory controller, a bus arbiter, and a bridge.
000. The download memory 167 and the shock proof memory 1004 store the content file CF and the key file KF described above. The storage area other than the storage area used as the shared memory in the storage area of the shockproof memory 1004 is temporarily stored until the content data input from the media drive SAM 260 via the data bus 1002 is output to the AV compression / decompression SAM 163. It is used to store information.

The AV compression / expansion SAM 163 is connected to the download memory 167 via the host CPU bus 1000.
And data transfer with the media drive SAM 260 via the data bus 1002.

In addition to the download memory 167, the host CPU bus 1000 has a SAM 105 ₁ ,
SAM163 for expansion and DMA (Direct Memory Acces
s) 1010 is connected. The DMA 1010 stores the download memory 16 via the host CPU bus 1000.
7 is controlled in accordance with an instruction from the host CPU 810 ₁ . Also, the host CPU bus 1
000 is LI of 1394 serial interface
It is used when communicating with other SAMs 105 _{2 to} 105 ₄ in the user home network 103 using the NK layer.

The drive CPU bus 1001 includes a drive CPU 1003, a media drive SAM 260,
F amplifier 1006, Media SAM interface 1
007 and the DMA 1011 are connected. The drive CPU 1003 receives, for example, an instruction from the host CPU 810 ₁ , and comprehensively controls processing when accessing the disk-type recording medium 130. In this case,
The host CPU 810 ₁ becomes the master and the drive CPU
1003 is a slave. Drive CPU 1003
Are treated as I / O from the viewpoint of the host CPU 810 ₁ . The drive CPU 1003 encodes and decodes data when accessing the recording medium 130 such as a RAM type. The drive CPU 1003
When RAM type recording medium 130 is set in the drive, RAM type recording medium 130 (subject to EMD system 100) that SAM 105 ₁ is subject to the rights processing by determining whether the recording medium, If the host CPU 810 determines that the recording medium is the recording medium,
₁ and instruct the media drive SAM 260 to perform mutual authentication with the media SAM 133.

Media SAM interface 1007
Is the recording medium 13 via the drive CPU bus 1001
It functions as an interface when accessing the media SAM 133 of No. 0. DMA1011
Are connected to the drive CPU bus 1001 and the data bus 10
02 to control the memory access to the shock proof memory 1004 via the H.02. The DMA 1011 controls, for example, data transfer between the media drive SAM 260 and the shockproof memory 1004 via the data bus 1002.

In the configuration shown in FIG. 62, for example, SAM1
₀₅ and when the communication, such as mutual authentication with the media SAM133 recording medium 130, the host CPU810
₁ , the host CPU 810 ₁ , the registers in the drive CPU 1003, the drive CPU bus 1001, and the media SAM.
Through the interface 1007, the data is transferred between the SAM 105 ₁ and the media SAM 133. When accessing the recording medium 130, mutual authentication is performed between the media drive SAM 260 and the media SAM 133. Further, as described above, the download memory 167 and the shockproof memory 10
SAM for AV compression / decompression in order to access 04
If the data is compressed or decompressed in 163,
SAM 105 ₁ and the mutual authentication with the AV compression and decompression SAM163 is performed.

In this embodiment, the SAM shown in FIG.
105 ₁ and AV compression and decompression SAM163, the host CPU 810 _1, are treated as devices connected to the I / O interface. SAM 105 ₁ and AV compression and decompression SAM163 and host CPU810
Communication and data transfer with the device ₁ are performed based on the control of the memory I / O & address decoder 1020. At this time, the host CPU 810 ₁ becomes the master, and the SAM 105 ₁ and the AV compression / decompression SAM 16 1
3 becomes a slave (Slave). SAM105 ₁ and A
The V compression / decompression SAM 163 is connected to the host CPU 810 ₁
The requested processing is performed based on the command from the CPU, and the result of the processing is notified to the host CPU 810 ₁ as necessary. Further, the media SAM 133 and the media drive SAM 260 are provided with I / O from the drive CPU 1003.
It is treated as a device connected to the O interface. Media SAM133 and Media Drive SA
Communication and data transfer between the M260 and the drive CPU 1003 are performed by the memory I / O & address decoder 102.
This is performed based on the control of No. 1. At this time, the drive CP
U1003 becomes the master, and the media SAM 133 and the media drive SAM 260 become the slaves. Media SAM 133 and Media Drive SAM 26
0 performs a requested process based on a command from the drive CPU 1003, and notifies the result of the process to the drive CPU 1003 as necessary.

[0261] The access control related to the content file CF and the key file KF in respect download memory 167 and the shock proof memory 1004, to SAM 105 ₁ may be performed centrally, or the access control of the content file CF host C
The SAM 105 ₁ may perform the access control of the key file KF by the PU 810 ₁ .

The content data C read from the recording medium 130 by the drive CPU 1003 passes through the RF amplifier 1006 and the media drive SAM 260, is stored in the shock proof memory 1004, and is then decompressed by the AV compression / decompression SAM 163. . The decompressed content data is converted from digital to analog by a D / A converter, and a sound corresponding to an analog signal obtained by the conversion is output from a speaker. At this time, the shock-proof memory 10
04 temporarily stores the content data C of a plurality of tracks that are discontinuously read from a discretely located recording area of the recording medium 130, and then stores the AV compression / decompression S
It may be continuously output to the AM 163.

Hereinafter, circuit modules provided for various SAMs in the user home network 103 to realize the above-described functions will be described. As described above, the SAM in the user home network 103 includes a SAM 105 (105 _{1 to} 105 ₄ ) for performing a process related to a right process (profit distribution) such as determination of a purchase mode, and a media SAM 133 provided on a recording medium. SAM 163 for AV compression / decompression and a media drive SAM 260. Hereinafter, the circuit modules provided in these SAMs will be described.

<First Form of SAM for Rights Processing> FIG.
FIG. 5 is a diagram for explaining a circuit module of the SAM 105a for right processing. As shown in FIG.
05a is the CPU 1100, the DMA 1101, the MMU 1
102, I / O module 1103, mask ROM 11
04, nonvolatile memory 1105, work RAM 110
6. Tamper resistant hardware (Tamper Registant H / W) (Circuit module of the present invention). Here, the CPU 1100 corresponds to the arithmetic processing circuit of the present invention, the DMA 1101 corresponds to the storage circuit control circuit of the present invention, the MMU 1102 corresponds to the storage management circuit of the present invention, and the I / O module 1103 corresponds to the interface of the present invention. Corresponding to the mask ROM 11
04, nonvolatile memory 1105 and work RAM 11
06 corresponds to the storage circuit of the present invention, the public key cryptographic module 1107 corresponds to the public key cryptographic circuit of the present invention, the common key cryptographic module 1108 corresponds to the common key cryptographic circuit of the present invention, and the hash function module 1109 corresponds to A (true) random number generator 1110 corresponding to the hash value generation circuit of the present invention
Corresponds to the random number generation circuit of the present invention, the real-time clock module 1111 corresponds to the real-time clock of the present invention, and the external bus I / F 1112 corresponds to the external bus interface of the present invention.

[0265] SAM105 and ₁ functional modules shown in FIG. 23 will be briefly described a relationship between the circuit module shown in FIG. 63. The CPU 1100 is, for example, a mask ROM 1
The functions of the accounting unit 187 and the usage monitoring unit 186 shown in FIG. 23 are realized by executing the programs stored in the nonvolatile memory 104 and the nonvolatile memory 1105. DMA1101
The download memory 167 shown in FIG. 22 and the storage unit 1 shown in FIG.
The access to the N. 92 is generally controlled. MMU1
102 manages the address spaces of the download memory 167 shown in FIG. 22 and the storage unit 192 shown in FIG. The I / O module 1103 realizes, for example, some functions of the media SAM management unit 197 illustrated in FIG. The mask ROM 1104 has an initialization program for the SAM 105a and an integrity check (Integrity Check).
ck) Unchanged programs and data, such as programs, are stored at the time of manufacture, and realize some functions of the storage unit 192 shown in FIG. The non-volatile memory 1105 stores, for example, an encryption program or key data that may be altered, and implements a part of the function of the storage unit 192 shown in FIG. The work RAM 1106 corresponds to the work memory 200 shown in FIG.

The public key cryptographic module 1107 is configured as shown in FIG.
Of the signature processing unit 189 shown in (1), for example, mutual authentication with the media SAM 133 or the like using public key cryptography, creation of signature data of the SAM 105, signature data (EMD service center 102, content The provider 101 verifies the signature data of the service provider 310 in the second embodiment), encrypts and decrypts the data when transferring a small amount of data (such as a key file KF), and performs key sharing. It is used when performing. The public key encryption module 1107 may be realized as a circuit module (H / W IP Solution),
The public key encryption program stored in the non-volatile memory 1105 may be executed and executed by the CPU 1100 (S
/ W IPSolution).

The common key cryptographic module 1108 is configured as shown in FIG.
189, encryption / decryption units 171, 17
2, 173 are used to perform mutual authentication and data encryption and decryption using session key data K _SES which is a common key obtained by mutual authentication. The common key cryptosystem can perform higher speed processing than the public key cryptosystem, and is used, for example, when encrypting and decrypting data having a large data amount such as content data (content file CF). The common key encryption module 1108 may be realized as a circuit module,
(H / W IP Solution) or a common key encryption program stored in the non-volatile memory 1105 may be executed by the CPU 1100 (S / W IP Solution). In the mutual authentication, one or both of encryption and decryption by the public key encryption module 1107 and encryption and decryption by the common key encryption module 1108 are adopted.

The hash function module 1109 is provided in FIG.
3 is implemented when a part of the function of the signature processing unit 189 shown in FIG. Specifically, the hash function module 1109 includes the content provider 101 and E
The signature data of the MD service center 102 and the like, and FIG.
Key file KF _{1 of the} secure container 104x shown in FIG.
_Is used when verifying the hash value H _K1 of. The hash function module 1109 may be realized as a circuit module (H / W IPSolution), or the nonvolatile memory 110
5 is stored in the CPU 1100.
(S / W IP Solution).

The random number generator 1110 realizes a part of the function of the mutual authentication unit 170 shown in FIG. 23, for example. The real-time clock module 1111 generates a real-time time. The time is used, for example, when selecting license key data KD with an expiration date or when judging whether or not the expiration date requirement indicated by the usage control data 166 is satisfied. External bus I /
F1112 includes the content provider management unit 180, the download memory management unit 182, and the EM shown in FIG.
The function of a part of the D service center management unit 185 is realized.

FIG. 64 is a diagram for describing a hardware configuration in SAM 105a. 64, the same circuit modules as those shown in FIG. 63 are denoted by the same reference numerals as in FIG. As shown in FIG.
05a, C via the SAM / CPU bus 1120
The PU 1100, the mask ROM 1104, and the nonvolatile memory 1105 are connected. The DMA 1101 is connected to the internal bus 1121. Internal bus 112
2 includes an I ² C interface 1130, a media SAM interface 1131, and an MS (Memory Stick).
k) The interface 1132 and the IC card interface 1133 are connected. Media SA
The M interface 1131 performs data transfer with the medium SAM 133 of the recording medium 130. The MS interface 1132 performs data transfer with the memory stick 1140. The IC card interface 1133 performs data transfer with the IC card 1141.

The external bus 1123 is connected to a public key encryption module 1107, a common key encryption module 1108, a hash function module 1109, a random number generator 1110, a real time clock generation module 1111, and an external bus I / F 1112.

SAM / CPU Bus 1120 and Internal Bus 1
121 is connected via a bus interface 116. The internal bus 1122 and the internal bus 1121 are connected via a bus interface 1117. The internal bus 1121 and the external bus 1123 are connected via a bus interface 1115.

The DMA 1101 responds to an instruction from the CPU 1100 via a mask RO via the internal bus 1121.
M1104, nonvolatile memory 1105 and work RA
The access to the M1106 is generally controlled. M
The MU 1113 manages the memory spaces of the mask ROM 1104, the nonvolatile memory 1105, the working RAM 1106, and the download memory 167 shown in FIG. The address decoder 1114 is connected to the internal bus 1121 and the external bus 1
When performing data transfer with the G.123, address conversion is performed. In addition, the write lock control circuit 1135
Based on the lock key data from U1100, writing and erasing of data in the flash ROM is managed in block units.

<Second form of SAM for rights processing> FIG.
FIG. 7 is a diagram for explaining a circuit module of the SAM 105b for right processing. In FIG. 65, the same components as those of the SAM 105a are denoted by the same reference numerals as in FIG. As shown in FIG. 65, the SAM 105b is realized by using a secure memory 105ba, a host CPU 810, tamper-resistant software 1130, and an I / O module 1103. In the SAM 105b, the host CPU 81
0, the same function as the CPU 1100 shown in FIG. 63 is realized by executing the tamper-resistant software 1130. As described above, the tamper-resistant software 1130 is software closed inside a tamper-resistant module, and is difficult to decode and rewrite. The secure memory 105ba has a mask R
OM 1104, nonvolatile memory 1105, working RAM
1106, public key encryption module 1107, common key encryption module 1108, hash function module 110
9, (intrinsic) tamper-resistant hardware having a random number generator 1110, a real-time clock module 1111 and an external bus I / F 1112. The public key encryption module 1107 and the common key encryption module 110
8 and the hash function module 1109 may be realized as a circuit module (H / W IP Solution), or the public key encryption program, the common key encryption program, and the hash function program stored in the nonvolatile memory 1105 may be stored in the host CPU 810. It may be realized by executing (S / W IP Solution).

Hereinafter, the configuration of various media SAMs functioning as the above-described media SAM 133 will be described. <First Form of Media SAM> FIG.
It is a figure for explaining a circuit module of M133a. As shown in FIG. 66, the media SAM 133a
CPU 1200, DMA 1201, I / O module 1
203, mask ROM 1204, nonvolatile memory 120
5, working RAM 1206, public key encryption module 12
07, a common key cryptographic module 1208, a hash function module 1209, and a (true) random number generator 1210 are tamper-resistant hardware (Tamper Registant H / W).

The CPU 1200 controls each circuit in the tamper-resistant hardware.

[0277] Public key encryption module 1207, for example, using the public key cryptosystem, for example, (1): SAM 105 ₁ and the drive CPU1003 the like shown in FIG. 62 and between mutual authentication, the signature data of (2) Media SAM133 Creation, signature data (EMD service center 102,
Verification of the content provider 101, in the case of the second embodiment, signature data of the service provider 310),
(3): Used when encrypting and decrypting a message with a small amount of data to be transferred, and (4): When performing key sharing of session key data K _SES obtained by mutual authentication. The public key encryption module 1107 may be realized as a circuit module (H / W IP Solution), or a public key encryption program stored in the non-volatile memory
It may be realized by executing in U1200 (S / W IPSol
ution).

[0278] common key encryption module 1208 is used when performing mutual authentication, key using the session key data K _SES is a common key obtained by mutual authentication file KF, the encryption and decryption of data, such as KF ₁ . The common key encryption module 1208 may be realized as a circuit module (H / W IP Solution),
05 stored in the CPU 1200
(S / W IP Solution).
In the mutual authentication, one or both of encryption and decryption by the public key encryption module 1207 and encryption and decryption by the common key encryption module 1208 are employed.

The hash function module 1209 is used when generating a hash value of data. Specifically, the hash function module 1109, used to verify the hash value H _K1 of the key file KF ₁ of the secure container 104x shown in FIG. 37. The hash function module 1209 may be realized as a circuit module (H / W IP Solution), or may be realized by executing the hash circuit module stored in the nonvolatile memory 1205 in the CPU 1200 (S / W IP Solution). ).

The random number generator 1210 is used, for example, when performing mutual authentication. The I / O module 1203 is
It is used when performing communication with the media SAMI / F 1007 shown in FIG.

In the mask ROM 1204, the media SA
Unaltered programs and data such as an initialization program and an integrity check program of the M133a are stored at the time of manufacture. The non-volatile memory 1205 stores, for example, an encryption program, key data, and the like that may be modified.

FIG. 67 shows that the media SAM 133a is RO
When mounted on an M-type recording medium, the media SAM1
FIG. 13 is a diagram showing data stored in a mask ROM 1204 and a nonvolatile memory 1205 at the time of shipment of a memory 33a. As shown in FIG. 67, when the ROM-type recording medium is shipped, the medium SAM 133a includes the identifier (ID) of the medium SAM, the recording key data K _STR (media key data K _MED ), and the public key of the EMD service center 102. Data K _{ESC, P} , public key data K of the root certificate authority 92
_{R-CA, P} , public key certificate data CER _MSAM of media SAM 133a, public key data K of media SAM 133a
_{MSAM, P} , the secret key data K of the media SAM 133a
_{MSAM, S} , revocation list, rights processing data, identifier (ID) of entity to be profit-distributed, media type (media type information, information specifying ROM or RAM), physical address of key file KF Information (address of register space), key file K of each content data C (content file CF)
F, a predetermined verification value (MAC value) and the like are stored. Here, the physical address information (address in the register space) of the key file KF, the key file KF of each content data C (content file CF), and the predetermined verification value (MAC value) are stored in a license managed by the EMD service center 102. It is encrypted using the key data KD.

FIG. 68 shows that the media SAM 133a is RO
When mounted on an M-type recording medium, the media SAM1
FIG. 14 is a diagram showing data stored in the mask ROM 1204 and the nonvolatile memory 1205 when the user registration and the purchase mode of the content data are determined after the shipment of 33a. As shown in FIG. 68, the media SAM 13
In 3a, a user ID is newly registered by user registration,
Password, personal preference information, personal payment information (such as credit card number) and electronic money information, data, such as key file KF ₁ is written.

FIG. 69 shows that the media SAM 133a
When mounted on an M-type recording medium, the media SAM1
FIG. 13 is a diagram showing data stored in a mask ROM 1204 and a nonvolatile memory 1205 at the time of shipment of a memory 33a. As shown in FIG. 69, when the RAM-type recording medium is shipped, the medium SAM 133a includes the identifier (ID) of the medium SAM, the recording key data K _STR (media key data K _MED ), and the public key of the EMD service center 102. Data K _{ESC, P} , public key data K of the root certificate authority 92
_{R-CA, P} , public key certificate data CER _MSAM of media SAM 133a, public key data K of media SAM 133a
_{MSAM, P} , the secret key data K of the media SAM 133a
_{MSAM, S} , revocation list, data for rights processing, identifier (ID) of entity to be profit-distributed, type of media (media type information, information specifying any of ROM and RAM) are stored, and key The physical address information (address in the register space) of the file KF, each content data C (content file C
F) key files KF, KF ₁ , predetermined verification values (MA
C value) is not stored.

FIG. 70 shows that the media SAM 133a
When mounted on an M-type recording medium, the media SAM1
When the user registration after shipment of 33a and the purchase mode determination processing of the content data are performed, the mask ROM 1204
FIG. 4 is a diagram showing data stored in a nonvolatile memory 1205. As shown in FIG.
In the M133a, by user registration, in addition to data such as a user ID, a password, personal preference information, personal settlement information (such as a credit card number) and electronic money information, physical address information of the key file KF (register space) Address), each content data C
Key files KF, KF of (content file CF)
₁ and a predetermined verification value (MAC value) are written.
The physical address information (address in the register space) of the key file KF, the key files KF and KF _{1 of} each content data C (content file CF), and a predetermined verification value (MAC value) are encrypted by the recording key data _KSTR . Has been

<Second Form of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133b. As shown in FIG. 71, the media SAM1
33b denotes a CPU 1200, a DMA 1201, an I / O module 1203, a mask ROM 1204, a nonvolatile memory 1205, a working RAM 1206, a public key encryption module 1207, a hash function module 1209,
(Intrinsic) Tamper-resistant hardware (Tamper Registant H / W) having a random number generator 1210. That is, the media SAM 133b is the media SAM shown in FIG.
The configuration is such that the common key cryptographic module 1208 is removed from 133a.

The public key cryptographic module 1207 of the media SAM 133b includes (1): SAM 105 shown in FIG.
₁ and mutual authentication between the drive CPU 1003 and the like,
(2) Creation of signature data of the media SAM 133, verification of signature data (signature data of the EMD service center 102, the content provider 101, and the service provider 310 in the case of the second embodiment), and (3): amount of data to be transferred Although encryption and decryption of a message with few data are performed, unlike the above-described public key encryption module 1207 of the media SAM 133a, (4): key sharing of session key data K _SES obtained by mutual authentication is not performed. The key is not shared because the common key encryption module 1208
It is because it does not have. Media SAM13
Public key encryption module 1207 3b, using the public key encryption method, performs further key file KF, the encryption and decryption of data, such as KF _1.

<Third Embodiment of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133c. As shown in FIG. 72, the media SAM1
33c is a tamper-resistant hardware (Tamper Registant H) having a CPU 1200, a DMA 1201, an I / O module 1203, a mask ROM 1204, a non-volatile memory 1205, a working RAM 1206, a public key encryption module 1207, and a (true) random number generator 1210. / W). That is, the media SAM 133c has a configuration obtained by removing the common key encryption module 1208 and the hash function module 1209 from the media SAM 133a shown in FIG. The public key cryptographic module 1207 of the media SAM 133c includes (1): SAM shown in FIG.
105 ₁ and drive CPU1003 such as between the mutual authentication, (2) the creation of the signature data in the media SAM 133,
(3): Encrypt and decrypt a message with a small amount of data to be transferred.
Unlike the public key cryptographic module 1207 of (a), verification of signature data and (4): key sharing of session key data K _SES obtained by mutual authentication is not performed. The hash function module 1209 does not perform verification of the signature data.
It is because it does not have. Media SAM13
Public key encryption module 1207 3c, using the public key cryptosystem, the key file KF, the encryption and decryption of data, such as KF ₁ performs. In this case, the media SAM
133c does not perform verification of the signature data.
The public key data K _{CP, P} and K _{ESC, P} (in the case of the second embodiment, the public key data K _{SP, P of the} service provider 310) are further received from 105.

<Fourth Embodiment of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133d. As shown in FIG. 73, the media SAM1
33d is a CPU 1200, an I / O module 120
3, mask ROM 1204, nonvolatile memory 1205,
Working RAM 1206, public key encryption module 120
7. Tamper-resistant hardware (Tamper Registant H / W) having a (true) random number generator 1210. That is, the media SAM 133c is obtained from the media SAM 133a shown in FIG.
Has been excluded. The public key encryption module 1207 of the media SAM 133c is basically similar to the public key encryption module 1207 of the media SAM 133c described above.
It has the same function as. The media SAM 133d is
Since there is no DMA 1201, the mask ROM 12
04, nonvolatile memory 1205 and working RAM 12
The access control for 06 is performed by the CPU 1200.

<Fifth Mode of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133e. As shown in FIG. 74, the media SAM1
33e is the secure memory 133ea, the host CPU 8
10 and tamper-resistant software 1130. The secure memory 133ea is a tamper-resistant hardware (Tamper Registant H / W) including an I / O module 1203, a mask ROM 1204, a nonvolatile memory 1205, a working RAM 1206, a public key encryption module 1207, and a (true) random number generator 1210. ). Each module in the secure memory 133ea is the same as the module of the media SAM 133d having the same code.

That is, the secure memory 133ea is
From the media SAM 133D shown in FIG.
00 is excluded. In the SAM 105e, the host CPU 810 executes the tamper-resistant software 1
By executing step 250, the CPU 1200 shown in FIG. 73 is executed.
Implement the same function as. Tamper resistant software 125
As described above, 0 is software that is closed inside a tamper-resistant module, and is difficult to decipher and rewrite.

<Sixth Embodiment of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133f. As shown in FIG. 75, the media SAM1
33f is a tamper-resistant hardware having a CPU 1200, a DMA 1201, an I / O module 1203, a mask ROM 1204, a nonvolatile memory 1205, a working RAM 1206, and a public key encryption module 1207.
(Tamper Registant H / W). That is, the media S
The AM 133f is a medium SAM 133C shown in FIG.
And a configuration excluding the random number generator 1210 from FIG. Public key encryption module 1207 of media SAM 133f
Is (2) creation of signature data of the media SAM 133,
(3): Encrypt and decrypt a message with a small amount of data to be transferred.
Unlike the public key cryptographic module 1207 of (a), verification of signature data, mutual authentication, and (4): key sharing of session key data K _SES obtained by mutual authentication is not performed. In this case, authentication of the media drive SAM 260 to the media SAM 133f is performed, but the media SAM 1 is authenticated.
Since 33f does not have the random number generator 1210, the media drive SAM 260
Authentication is not performed.

<Seventh Embodiment of Media SAM> FIG.
It is a figure for explaining a circuit module of media SAM133g. As shown in FIG. 76, the media SAM1
33g is the secure memory 133ga, the host CPU 8
10 and tamper-resistant software 1260. As shown in FIG. 76, the secure memory 133
ga denotes the I / O module 1203, the mask ROM 12
04, nonvolatile memory 1205, work RAM 1206
And a tamper-resistant hardware (TamperRegistant H / W) having a public key encryption module 1207. That is, the media SAM 133ga is different from the media SAM 133f shown in FIG.
1201 is excluded. Media SAM13
The function of the public key encryption module 1207 of 3g is basically the same as that of the public key encryption module 1207 of the media SAM 133f described above. In the SAM 105g, the tamper-resistant software 12
By executing 60, the same function as the CPU 1200 shown in FIG. 75 is realized. Tamper resistant software 1260
Is software closed inside a tamper-resistant module as described above, and is difficult to decipher and rewrite.

<SAM 163 for AV Compression / Expansion> The SAM 163 for AV compression / expansion implements, for example, the function described with reference to FIG. FIG. 77 shows the AV compression / decompression S
It is a figure for explaining a circuit module of AM163. As shown in FIG. 77, the AV compression / decompression SAM 16
Reference numeral 3 denotes a CPU / DSP 1300, a DMA 1301, a mask ROM 1304, a nonvolatile memory 1305, and a working R
AM 1306, common key encryption module 1308, (intrinsic) random number generator 1310, compression / decompression module 132
0, tamper-resistant hardware (Tamper Registant H / W) having a digital watermark information addition / detection module 1321 and an information semi-disclosure control module 1322.

The CPU / DSP 1300 is, for example, as shown in FIG.
In response to an instruction from the SAM 105 ₁ shown in FIG.
The program stored in the OM 1304 and the nonvolatile memory 1305 is executed, and the SAM 163 for AV compression / decompression is executed.
To control each circuit module in the system. DMA13
01 is in accordance with an instruction from the CPU / DSP 1300,
Access to the mask ROM 1304, the non-volatile memory 1305, and the working RAM 1306 is generally controlled. The mask ROM 1304 has an SA for AV compression / decompression.
M163 initialization program and integrity check
(Integrity Check) Unaltered programs such as programs, and unaltered data such as AVSAM_ID which is an identifier of the SAM 163 for AV compression / expansion are stored at the time of manufacture. The non-volatile memory 1305 stores, for example, an encryption program or key data that may be altered. Working RAM1306 stores such as key file KF input from SAM105 _1.

The symmetric key cryptographic module 1308 uses the SAM
Mutual authentication between 105 ₁ is used when performing the encryption and decryption, such content data using the session key data K _SES is a common key obtained by mutual authentication.
The common key encryption module 1308 may be realized as a circuit module (H / W IP Solution), or may execute a common key encryption program stored in the non-volatile memory
It may be implemented and executed by the DSP 1300 (S / WI
P Solution). Also, the common key encryption module 1308
Decrypts the content data using the content key data Kc input from the SAM for rights processing. The random number generator 1110 is used, for example, when performing a mutual authentication process with the SAM 105 ₁ .

The compression / decompression module 1320 realizes, for example, the function of the decompression unit 223 shown in FIG.
The expansion processing of the content data input from the download memory 167 and the shock proof memory 1004 and the compression processing of the content data input from the A / D converter are performed.

Electronic watermark information attachment / detection module 13
Reference numeral 21 realizes the function of the digital watermark information processing unit 224 shown in FIG. 22, and embeds predetermined digital watermark information in content data to be processed by the compression / decompression module 1320 and embeds the content data in the content data, for example. The electronic watermark information is detected, and the appropriateness of the processing by the compression / decompression module 1320 is determined.

The information semi-disclosure control module 1322 realizes the function of the semi-disclosure processing unit 225 shown in FIG. 22, and reproduces the content data in a semi-disclosed state as needed.

The AV compression / decompression SAM 163 is
For example, when processing is performed using the A / V decompression software Soft and the digital watermark information module WM shown in FIG. 3 stored in the content file CF, FIG.
As shown in FIG. 8, a configuration in which the compression / decompression module 1320 and the digital watermark information attachment / detection module 1321 are removed from the configuration shown in FIG. 77 can be adopted. In this way, the AV compression / decompression SAM 163 can perform arbitrary decompression processing and digital watermark processing according to the request of the content provider 101.

<First Embodiment of Media Drive SAM 260> FIG. 79 is a view for explaining a circuit module of the media drive SAM 260a. As shown in FIG. 79, the media drive SAM 260a
00, DMA 1401, mask ROM 1404, nonvolatile memory 1405, working RAM 1406, common key encryption module 1408, hash function module 140
9. Tamper-resistant hardware (Tamper Re) including (intrinsic) random number generator 1410, encoder / decoder module 1420, recording key data generation module 1430, and media unique ID generation module 1440
gistant H / W).

The CPU 1400, for example, responds to a command from the drive CPU 1003 shown in FIG.
Executing the programs stored in the OM 1404 and the non-volatile memory 1405, and executing the media drive SAM 260
Each circuit module in a is generally controlled. DMA1
Reference numeral 401 denotes a mask ROM 1404, a nonvolatile memory 1405, and a work RA in accordance with an instruction from the CPU 1400.
The access to M1406 is controlled overall. The media ROM SAM 26 is stored in the mask ROM 1404.
0a initialization program and integrity check (Int
egrity Check) Unmodified programs such as programs, and M which is an identifier of the media drive SAM 260a.
Unmodified data such as DSAM_ID is stored at the time of manufacture. The non-volatile memory 1405 stores, for example, an encryption program or key data that may be altered. The work RAM 1406 is used as a work memory when performing various processes.

The common key encryption module 1408 performs mutual authentication between the media SAM 133 and the AV compression / decompression SAM 163, and a content file C using the session key data K _SES which is a common key obtained by mutual authentication.
Encryption and decryption, such as F and the key file KF, and used when performing an encryption of the content key data Kc using the recording key data K _STR. The common key cryptographic module 1408 verifies and creates signature data using the common key data and the hash value of the data to be signed. The common key encryption module 1408
It may be realized as a circuit module (H / W IPSolutio
n), the common key encryption program stored in the non-volatile memory 1405 may be executed and executed by the CPU 1400 (S / W IP Solution). It should be noted that the encryption of the content key data Kc using the recording key data K _STR is, the media
This may be performed by any of the common key encryption module 1408 of the Drab SAM 260 and the media SAM 133. The hash function module 1409 is used when verifying signature data and generating a hash value of data for which signature data is to be created. The random number generator 1410
For example, it is used when performing mutual authentication processing with the media SAM 133.

Encoder / Decoder Module 1420
When the content data is accessed to the ROM area or the RAM area of the recording medium 130, an encoding process, a decoding process,
It performs CC (Error Correction Code) processing, modulation processing, demodulation processing, sectorization processing, de-sectorization processing, and the like.

Recording key data generation module 1430
Generates the recording key data _KSTR unique to each medium using the media unique ID generated by the media unique ID generation module 1440.

Media Unique ID Generation Module 1
Reference numeral 440 denotes a drive ID generated by the media drive SAM 260 and a media SAM of the media SAM 133.
A media unique ID unique to each recording medium is generated from the _ID.

As shown in FIG. 80, the public key encryption module 1 in place of the common key encryption module 1408 in the media drive SAM 260a shown in FIG.
Drive SAM 260 using 407
c may be used.

<Second Embodiment of Media Drive SAM 260> FIG. 81 is a view for explaining the media drive SAM 260b. In FIG. 81, the media drive S
The same components as those of the AM 260a are denoted by the same reference numerals as in FIG. As shown in FIG. 81, the media drive SAM 260b is realized using a secure memory 260ba, a drive CPU 1003 shown in FIG. 62, and tamper-resistant software 1450. In the media drive SAM 260b, the same function as the CPU 1400 shown in FIG. 80 is realized by executing the tamper-resistant software 1450 in the drive CPU 1003. As described above, the tamper-resistant software 1450 is software that is closed inside a tamper-resistant module, and is difficult to decipher and rewrite. The secure memory 260ba is a mask ROM 1
404, nonvolatile memory 1405, work RAM 140
6. Tamper-resistant hardware including a common key encryption module 1408, a hash function module 1409, a (true) random number generator 1410, an encoder / decoder module 1420, a recording key data generation module 1430, and a media unique ID generation module 1440 (Tamper Registant H / W).

As shown in FIG. 82, in the media drive SAM 260b shown in FIG. 81, instead of the common key encryption module 1408, the public key encryption module 140
7 may be used.

Hereinafter, the overall operation of the EMD system 100 shown in FIG. 1 will be described. FIG. 83 is a flowchart of the overall operation of the content provider 101. Step S1: The EMD service center 102 transmits the public key certificate CER _CP of the public key data K _{CP, P} of the content provider 101 to the content provider 101 after the content provider 101 goes through a predetermined registration process. In addition, the EMD service center 102 checks the SAM1
05 ₁ After to 105 ₄ which has passed through the predetermined registration processing, SAM
Public key data K _{SAM1, P to} K _{SAM4, P of} 105 _{1 to} 105 ₄
Public key certificates CER _CP1 to CER _CP4 of SAM105
To send to the _{1-105 4.} Further, EMD service center 102, SAM 105 ₁ to 10 of after the mutual authentication, each expiration of 3 months of 1 month license key data KD ₁ ～KD ₃ the user home network 103
To send to the 5 _4. Thus, in the EMD system 100, the license key data KD ₁ ~KD ₃ pre SAM1
05 _{1 to} 105 ₄ , the SAM 105 ₁
In the offline between -105 ₄ and the EMD service center 102 can purchase and use to decrypt the secure container 104 delivered from the content provider 101 in SAM 105 ₁ to 105 _4. In this case, the purchase / use history is described in the use history data 108, and the use history data 108 is stored in the SAMs 105 ₁ to 1
When 05 and ₄ and the EMD service center 102 is connected, because it is automatically transmitted to the EMD service center 102, it is possible to reliably perform settlement processing in the EMD service center 102. Note that a SAM in which the EMD service center 102 cannot collect the usage history data 108 within a predetermined period is set as an invalid target in the revocation list. The usage control status data 166
Is, in principle, in real time, the SAMs 105 ₁ to 1
05 ₄ is transmitted to the EMD service center 102.

Step S2: Content Provider 10
1 performs mutual authentication with the EMD service center 102, and then registers the right certificate data 106 and the content key data Kc in the EMD service center 102 and authorizes them. Further, the EMD service center 102 creates a key file KF for six months and transmits this to the content provider 101.

Step S3: Content Provider 10
1 is a content file C shown in FIGS. 3 (A) and 3 (B).
F and its signature data SIG _{6, CP} and key file K
F and its signature data SIG7 _{, CP,} and secure container 104 storing these and public key certificate data CER _cp and its signature data SIG1 _{, ESC} shown in FIG. Or, offline, the SAM 105 ₁ of the user home network 103
To distribute to to 105 _4. When online, the secure container 104 uses the delivery protocol for the content provider, and stores the content in a format independent of the protocol (that is, as data transmitted using a predetermined layer of a communication protocol having a plurality of layers). It is delivered from the provider 101 to the user home network 103. In the case of off-line, the secure container 104 is delivered from the content provider 101 to the user home network 103 while being recorded on a ROM-type or RAM-type recording medium.

[0313] Step S4: SAM105 ₁ ~SAM105 ₄ of the user home network 103, the signature data SIG ₆ in the secure container 104 which has received the distribution from the content provider _{101, CP, SIG 7, CP} , SIG
_K1, to validate the _ESC, after confirming the legitimacy of the creator and the sender of the content file CF and the key file KF, the corresponding period of the license key data KD ₁ ~KD
₆ to decrypt the key file KF.

Step S5: SAM105 _{1 to} SAM1
In 05 _4, the operation signal S165 in accordance with the operation of the purchase and usage form determination operation unit 165 shown in FIG. 22 by the user
The purchase / use form is determined based on the. At this time, in the usage monitoring unit 186 shown in FIG. 30, based on the rights document data 106 stored in the secure container 104,
The purchase / use form of the content file CF by the user is managed.

Step S6: SAM105 _{1 to} SAM1
05 In the charge processor 187 shown in FIG. 30 of _4, based on the operation signal S165, the usage log data 108 and the usage control status data 166 describing the operation of the purchase and usage of the decision by the user to produce, these EMD The data is transmitted to the service center 102.

Step S7: EMD service center 10
2 performs settlement processing based on the usage history data 108 and creates settlement claim right data 152 and settlement report data 107. The EMD service center 102 setstle the billing right data 152 and its signature data SIG.
₉₉ is transmitted to the settlement institution 91 via the payment gateway 90 shown in FIG. Further, the EMD service center 102 transmits the settlement report data 107 to the content provider 101.

Step S8: At the settlement institution 91,
After verifying the signature data SIG ₉₉ , the amount paid by the user is distributed to the owner of the content provider 101 based on the settlement claim data 152.

As described above, the EMD system 10
0, secure container 1 in the format shown in FIG.
04 is distributed from the content provider 101 to the user home network 103, and the processing for the key file KF in the secure container 104 is performed by the SAMs 105 ₁ to 105.
Carried out in 105 within _4. Further, the content key data Kc and the rights certificate data 106 stored in the key file KF are stored.
, The distribution key data KD ₁ is encrypted using ～KD _3, holds the distribution key data KD ₁ ~KD ₃ SA
Only it is decoded by the M105 ₁ to 105 within _4. And S
The AMs 105 _{1 to} 105 ₄ are tamper-resistant modules, and the purchase form and the use form of the content data C are determined based on the handling contents of the content data C described in the license data 106. Therefore, according to the EMD system 100, the purchase and use of the content data C in the user home network 103 can be surely performed based on the contents of the rights document data 106 created by a person related to the content provider 101.

In the EMD system 100, the content provider 101 sends the user home network 1
The distribution of the content data C to the secure container 104 is performed in both the online and offline cases.
, The right processing of the content data C in the SAMs 105 _{1 to} 105 ₄ can be shared in both cases.

In the EMD system 100, the network device 160 in the user home network 103
_When purchasing, using, recording, and transferring the content data C in the ₁ and the AV devices 160 _{2 to} 160 ₄ , a common right processing rule can be adopted by always performing processing based on the right data 106.

FIG. 84 is a view for explaining an example of a secure container delivery protocol employed in the first embodiment. As shown in FIG. 84, in the multiprocessor system 100, the secure container 104 is transmitted from the content provider 101 to the user home network 103.
For example, TCP / IP and XML / SMIL are used as a protocol for distributing XML. Also, as a protocol for transferring a secure container between the SAMs of the user home network 103 and a protocol for transferring a secure container between the user home networks 103 and 103a, for example, XML / SMIL constructed on a 1394 serial bus interface Is used. In this case, the secure container may be recorded on a ROM-type or RAM-type recording medium and delivered between the SAMs.

Second Embodiment In the above-described embodiment, the SAMs 105 ₁ through SAM 105 _{1 of the} user home network 103 are sent from the content provider 101.
A case has been exemplified for directly distributing the content data to 105 _4, in the present embodiment, the content data that the content provider will provide, the case of delivery to the SAM of the user home network via the service provider.

FIG. 85 shows the EMD system 3 of this embodiment.
FIG. As shown in FIG. 85, the EMD system 300 includes a content provider 301, an EMD service center 302, and a user home network 30.
3. It has a service provider 310, a payment gateway 90, and a clearing house 91. Content provider 301, EMD service center 302, SAM30
5 _{1-305 4} and the service provider 310, the data providing device of the present invention, respectively, the management apparatus, and corresponds to the data processing apparatus and a data distribution device. The content provider 301 is the same as the content provider 101 of the first embodiment described above, except that content data is supplied to the service provider 310. Further, EMD service center 302, in addition to the content provider 101 and SAM505 ₁ ~505 _4, also authentication to the service provider 310,
Except for having a key data management function and a right processing function, the EMD service center 10 of the first embodiment described above
Same as 2. Also, the user home network 30
3 is a network device 360 ₁ and an AV device 360
It has a _{2-360 4.} Network device 360 ₁
Has a built-in SAM 305 ₁ and the CA module 311, AV equipment 360 _{2-360 4} respectively SAM
It has a built-in 305 _{2-305 4.} Here, SAM3
05 _{1-305 4} that receives the distribution of the secure container 304 from the service provider 310 and, the signature data for the service provider 310 in addition to the content provider 301 verification processing and SP use purchase log data (purchase history data delivery device 309 of the first embodiment described above, except that data 309 is created.
Same as 105 _{1 to} 105 ₄ .

First, the outline of the EMD system 300 will be described. In the EMD system 300, the content provider 301 uses the same rights certificate (UCP: Usage C) as in the above-described first embodiment, which indicates the rights such as the license condition of the content data C of the content to be provided by the content provider 301.
ontrol Policy) data 106 and the content key data Kc are transmitted to the EMD service center 302 which is a highly reliable authority. The license data 106 and the content key data Kc are stored in the EMD service center 30.
2 and is authorized (authenticated).

The content provider 301 encrypts the content data C with the content key data Kc to generate a content file CF. Further, the content provider 301 receives, from the EMD service center 302, the key file KF for each of the content files CF for six months. The key file KF stores signature data for verifying whether the key file KF has been tampered with and validity of the creator and sender of the key file KF. Then, the content provider 301 sends the content file CF,
The secure container 104 shown in FIG. 3 that stores the key file KF and its own signature data is supplied to the service provider 310 using a network such as the Internet, digital broadcasting, a recording medium, an unofficial protocol, or off-line. Also, the signature data stored in the secure container 104 is used to verify whether the corresponding data has been tampered with, and to verify the creator and sender of the data.

Upon receiving the secure container 104 from the content provider 301, the service provider 310 verifies the signature data and confirms the creator and sender of the secure container 104. Next, the service provider 310 indicates, for example, a price obtained by adding a price for a service such as authoring performed by itself to a price (SRP) for content desired by the content provider 301 notified offline. Price tag data (PT: price data of the present invention) 312 is created. Then, the service provider 310 sends the content file CF and the key file KF extracted from the secure container 104 and the price tag data 3
Then, a secure container 304 storing the secret key data _{KSP, S and} their own secret key data K _{SP, S} is created. At this time, the key file KF has been encrypted with the license key data KD _{1 to} KD ₆ , and the service provider 310
Because it does not hold the _{1 ~KD 6,} service provider 310 or look at the contents of the key file KF, can not be or rewritten. EMD service center 3
02 registers and authorizes the price tag data 312.

The service provider 310 distributes the secure container 304 to the user home network 303 online and / or offline. At this time, when offline, the secure container 304 is recorded on a ROM-type recording medium or the like, and the SAM 305 _1-
As it is supplied to 305 _4. On the other hand, when online, the service provider 310 and the CA module 3
11 and the secure container 304
_Is encrypted by the service provider 310 using the session key data K _SES and transmitted, and the CA module 3
11, after decrypting the secure container 304 received using the session key data K _SES , the SAM 30
And transfers it to the 5 ₁ to 305 _4. In this case, as a communication protocol for transmitting the secure container 304 from the content provider 301 to the user home network 303, in the case of digital broadcasting, MHEG (Multimedia and Hydraulic) is used.
permedia information coding Experts Group) protocol, and if it is the Internet, XML / SMI
L / HTML (Hyper Text Markup Language) is used, and a secure container 3 is included in these communication protocols.
04 is embedded by tunneling in a format that does not depend on the communication protocol (such as an encoding method). Therefore,
There is no need to match the format between the communication protocol and the secure container 304, and the format of the secure container 304 can be flexibly set.

Next, each of the SAMs 305 _{1 to} 305 ₄ verifies the signature data stored in the secure container 304 and checks the validity of the creator and sender of the content file CF and key file KF stored in the secure container 304. Check the nature. And SAM305
In _{1-305 4,} when the validity is confirmed, E
Decrypting the key file KF by using the license key data KD ₁ ~KD ₃ period corresponding is delivered from MD service center 302. The secure container 304 supplied to the SAMs 305 _{1 to} 305 ₄ is the network device 3
In 60 ₁ and AV apparatuses 360 ₂ to 360 _4, after the purchase and usage mode is determined in response to the user's operation,
It is a target for reproduction and recording on a recording medium. SAM30
5 _{1-305 4,} usage history of the history of the purchase and use of secure container 304 as described above (Usage Log) data 308
Record as The usage history data (history data or management device history data) 308 is transmitted from the user home network 303 to the EMD service center 302 in response to a request from the EMD service center 302, for example. Also, SAM 305 ₁ to 305 _4, when the purchase mode of the content is determined, usage control data indicating the purchase mode (UCS: Usage control state Data) 16
6 to the EMD service center 302.

The EMD service center 302, based on the usage history data 308,
For each of the service provider 310 and the service provider 310, the content of the charge is determined (calculated). Thereby, the money paid by the user of the user home network 103 is distributed to the content provider 101 and the service provider 310 by the settlement processing by the EMD service center 102.

In this embodiment, the EMD service center 3
02 has an authentication function, a key data management function, and a right processing (profit distribution) function. In other words, the EMD service center 302 transmits a second certificate authority (Sec) to the root certificate authority 92 which is the highest authority in a neutral position.
ond Certificate Authority), the content provider 301 and the service provider 310
And the SAM 305 _{1 to} 305 ₄ attaches a signature to the public key certificate data of the public key data used for the verification processing of the signature data with the secret key data of the EMD service center 302 to authenticate the validity of the public key data. I do. Further, as described above, the right certificate data 106 of the content provider 301 and the content key data Kc
Also, the registration and authorization of the price tag data 312 of the service provider 310 is based on the authentication function of the EMD service center 302. Also, EMD
Service center 302, for example, has a key data management function for managing the key data, such as license key data KD ₁ ~KD _6. Also, the EMD service center 302
, Based on the price tag data 312 usage log data 308 and the service provider 310 to the content provider 301 has entered the usage control policy data 106 registered from SAM305 ₁ ~SAM305 ₄ has registered, the content by the user of the user home network 303 It has a right processing (profit sharing) function of performing payment for purchase / use and distributing the money paid by the user to the content provider 301 and the service provider 310 for payment.

Hereinafter, each component of the content provider 301 will be described in detail. [Content Provider 301] The content provider 301 is the same as the content provider 101 of the above-described first embodiment except that the secure container 104 shown in FIG. 3 is provided to the service provider 310 online or offline. That is, the content provider 301 creates the secure container 104 according to the procedures shown in FIGS. 17 to 19, and inserts the secure container 104 into the content provider product delivery protocol. And the service provider 310
Downloads and extracts the secure container 104 from the content provider product delivery protocol.

[Service Provider 310] The service provider 310 secures the content file CF and the key file KF in the secure container 104 provided by the content provider 301 and the price tag data 312 generated by itself. And the network device 360 ₁ and the AV devices 360 _{2 to} 36 of the user home network 303.
To 0 ₄ to deliver a secure container 304 in the online and / or offline. Service provider 310
Are broadly divided into independent services and linked services. The stand-alone service is, for example, a download-only service that individually distributes content. The linked service is a service that distributes content in conjunction with a program or CM (advertisement). For example, the content of the theme song or inserted song of a drama is stored in a stream of a drama program. When watching the drama program, the user can purchase the content of the theme song or the inserted song in the stream.

Upon receiving the provision of the secure container 104 from the content provider 301, the service provider 310 performs the following processing to execute the secure container 3
04 is created. Hereinafter, the flow of processing in the service provider 310 when the secure container 304 is created from the secure container 104 supplied from the content provider 301 and distributed to the user home network 303 will be described with reference to FIG. . Fig. 86
9 is a flowchart for explaining a process of distributing the secure container 304 from the content provider 301 to the user home network 303. <Step S86-1> The service provider 310
Online and / or offline, from the content provider 301 to the secure container 104 shown in FIG.
And store it. At this time, in the case of online, the secure container 10 uses the session key data K _SES obtained by mutual authentication between the content provider 301 and the service provider 310.
4 is decrypted. <Step S86-2> The service provider 310
The signature data SIG1 _{, ESC} shown in FIG. 3C of the secure container 104 is verified using the public key data K _{ESC, P} of the EMD service center 302, and after its validity is confirmed, the signature data SIG1 _{, ESC} shown in FIG. Public key certificate data CER _CP
From the public key data K _{CP, P.} Next, the service provider 310 checks the extracted public key data K _{CP, P}
3A of the secure container 104 using FIG.
Signature data SIG 6 shown in (B), _CP, verification SIG 7, _CP, i.e. performs a creator and senders content file CF, the verification of the validity of the sender of the key file KF. Further, the service provider 310 uses the public key data K _{ESC, P} to _{generate the} key file K shown in FIG.
Verification of the signature data SIG _{K1, ESC} stored in F, that is, verification of the creator of the key file KF. At this time, the verification of the signature data SIG _{K1, ESC} also serves as verification of whether the key file KF is registered in the EMD service center 302.

<Step S86-3> The service provider 310, for example, a price indicating the price obtained by adding the price of its service to the price for the content requested by the content provider 301 notified offline from the content provider 301. The tag data 312 is created. Further, the service provider 310 obtains a hash value of the content file CF, the key file KF, and the price tag data 312, and uses the secret key data K _{SP, P} of the service provider 310 to generate the signature data S.
IG62 _{, SP} , SIG63 _{, SP} , SIG64 _{, SP} are created.
Here, the signature data SIG62 _{, SP} is used to verify the validity of the sender of the content file CF, and the signature data SIG63 _{, SP} is used to verify the validity of the sender of the key file KF. , Signature data SIG64 _{, SP}
Is used to verify the creator and sender of the price tag data 312.

[0335] Next, the service provider 310 checks in FIG.
7 (A) to 7 (D), the content file C
F and its signature data SIG _{6, CP} , SIG _{62, SP} ,
Key file KF and its signature data SIG _{7, CP} , S
IG _{63, ESC} , price tag data 312 and its signature data SIG _{64, SP} , and public key certificate data CER _SP
Then, a secure container 304 storing the signature data SIG61 _{, ESC} and the public key certificate data CER _CP and the signature data SIG1 _{, ESC} is created and stored in the secure container database. The secure container 304 stored in the secure container database is used by the service provider 3 using, for example, a content ID.
10 are centrally managed. Note that FIG.
Is a configuration of a content file CF when a DSP (Digital Signal Processor) is used as an AV compression / expansion device for expanding the content data C. The DSP
Then, using the A / V decompression software and the digital watermark information module in the secure container 304, the content data C in the secure container 104 is decompressed, and the digital watermark information is embedded and detected. Therefore, the content provider 301 can employ an arbitrary compression method and a method of embedding digital watermark information. When performing A / V decompression processing and embedding / detection processing of digital watermark information using hardware or software stored in advance as an AV compression / decompression device, A / V decompression software and electronic The watermark information module need not be stored.

<Step S86-4> The service provider 310 reads out the secure container 304 in response to the request from the user home network 303 from the secure container database. At this time, the secure container 304 may be a composite container storing a plurality of content files CF and a plurality of key files KF respectively corresponding to the plurality of content files CF. For example, in a single secure container 304, songs, video clips,
A plurality of content files CF relating to lyrics cards, liner notes, and jackets may be stored in a single secure container 304. These plurality of content files CF and the like may be stored in the secure container 304 in a directory structure.

[0337] When the secure container 304 is transmitted by digital broadcasting, the MHEG (Multimedia announce) is used.
d When the Hypermedia Information Coding Experts Group (protocol) is used and transmitted over the Internet, XML / SMIL / HTML (Hyper Text Markup Lang)
uage) protocol is used. At this time, the content file CF and the key file KF in the secure container 304 are in a format that does not depend on an encoding system in which the MHEG and HTML protocols are tunneled.
It is stored in a predetermined layer in a communication protocol adopted between the service provider 310 and the user home network 303.

For example, when the secure container 304 is transmitted by digital broadcasting, as shown in FIG. 88, the content file CF contains the MHEG object (Object).
Is stored as MHEG content data. In the transport layer protocol, the MHEG object is a PES (Packetized) if it is a moving image.
Elementary Stream) -Video, if it is audio, it is stored in PES-Audio, and if it is a still image, it is stored in Private-Data. Also, as shown in FIG. 89, the key file KF, the price tag data 312 and the public key certificate data CER _CP ,
CER _SP is the transport layer protocol TS Packet
In the ECM (Entitlement Control Message). Here, the content file CF and the key file K
F, price tag data 312 and the public key certificate data CER _CP, CER _SP, the link between one another are established by the directory structure data DSD ₁ in the header of the content file CF.

Next, the service provider 310 supplies the secure container 304 to the user home network 303 offline and / or online.
The service provider 310 sends the secure container 304
Is distributed online to the network device 360 ₁ of the user home network 303, after mutual authentication, the secure container 304 is encrypted using the session key data K _SES and then distributed to the network device 360 ₁ via the network. I do.

When the service provider 310 broadcasts the secure container 304 via, for example, a satellite, it encrypts the secure container 304 using the scramble key data K _SCR . Further, the scramble key data K _SCR by encrypting the work key data K _W, encrypted with the work key data K _W master key data K _M. Then, the service provider 310 transmits the scramble key data K _SCR and the work key data K _W together with the secure container 304 to the user home network 303 via the satellite. Further, for example, the master key data K _M, is distributed to the user home network 303 off-line and stored like IC card.

[0341] Also, the service provider 310 sends, from the user home network 303, the content data C distributed by the service provider 310.
When the P purchase history data 309 is received, it is stored. The service provider 310 refers to the SP purchase history data 309 when determining future service contents. The service provider 310 based on the SP use purchase log data 309 analyzes the preference of the SAM 305 ₁ to 305 ₄ of the user who sent the SP use purchase log data 309 to generate the user preference filter data 900, which To the CA module 311 of the user home network 303.

[0342] Also, the person involved in the service provider 310 performs registration processing in the EMD service center 302 offline using, for example, his / her ID card and a bank account for performing settlement processing, and obtains a globally unique identifier SP_ID. Have gained.

[0343] Also, the service provider 310 has
The price tag data 312 is registered and authorized in the D service center 302.

[EMD Service Center 302] The EMD Service Center 302, as described above,
A: CertificateAuthority), Key Management
Acts as a bureau and Rights Clearing bureau. FIG. 90 is a diagram showing main functions of the EMD service center 302. As shown in FIG. 90, the EMD service center 302 mainly transmits the license key data to the content provider 301 and the SAMs 305 _{1 to} 305.
₄ and the public key certificate data CER _CP , C
ER _SP, performs a process of issuing CER _SAM1 ~CER _SAM4, issuance processing of the key file KF, the settlement processing based on the usage log data 308 and (profit distribution processing). Here, the license key data supply process and the public key certificate data CER
_CP, the issuing process of CER _SAM1 ~CER _SAM4, the generation process of the key file KF is the same as the EMD service center 102 of the first embodiment.

The EMD service center 302 differs from the EMD service center 102 in that the EMD service center 302 further issues the public key certificate data CER _SP of the service provider 310. Further, EMD service center 302, based on the usage log data 308, the benefit distribution processing for distributing the profit paid by the purchaser of the content data C in the SAM 305 ₁ to 305 ₄ to the parties of the content provider 301 and the service provider 310 Do. Here, the contents of the usage history data 308 are shown, for example, in FIG.

The EMD service center 302 uses the usage history data 3 based on the usage history data 308.
08, the user preference filter data 903 for selecting the content data C corresponding to the user's preference of the SAMs 305 _{1 to} 305 ₄ is generated, and the user preference filter data 903 is transmitted via the SAM management unit 149 to the use history. SAM 305 _{1 to} 305 that transmitted data 308
Send to ₄ .

[User Home Network 303] As shown in FIG.
Network device 360 ₁ and A / V equipment 360 ₂ ~
It has a 360 _4. The network device 360 ₁
Has a built-in CA module 311 and SAM 305 _1. Further, AV equipment 360 _{2-360 4} are respectively built SAM 305 ₂ to 305 _4. SAM30
5 _{1-305 4} mutual, for example, are connected via a bus 191, such as a 1394 serial interface bus. Note that the AV devices 360 _{2 to} 360 ₄ may have a network communication function or may not have a network communication function, and use the network communication function of the network device 360 ₁ via the bus 191. Is also good. Further, the user home network 303 may include only AV devices having no network function.

The following describes the network device 360 ₁ . FIG. 91 is a configuration diagram of the network device 360 ₁ . As shown in FIG.
0 ₁ indicates the communication module 162 and the CA module 31
1. Decoding module 905, SAM 305 ₁ , SAM 163 for AV compression / decompression, Purchase / usage form determination operation unit 16
5, download memory 167, playback module 169
And an external memory 201. In FIG. 91, components denoted by the same reference numerals as those in FIG. 22 are the same as the components denoted by the same reference numerals described in the first embodiment.

The communication module 162 performs communication processing with the service provider 310. Specifically, the communication module 162 outputs the secure container 304 received from the service provider 310 by satellite broadcasting or the like to the decryption module 905. In addition, the communication module 1
62 converts the user preference filter data 900 received from the service provider 310 via a telephone line or the like into CA.
Output to module 311 and CA module 3
The SP purchase history data 309 input from the server 11 is transmitted to the service provider 310 via a telephone line or the like.

FIG. 92 is a functional block diagram of the CA module 311 and the decoding module 905. As shown in FIG. 92, the CA module 311
6, a storage unit 907, an encryption / decryption unit 908, and an SP purchase history data generation unit 909. Mutual authentication unit 90
6 is the CA module 311 and the service provider 31
When sending and receiving data via a telephone line to and from
Mutual authentication is performed with the service provider 310 to generate session key data K _SES and output this to the encryption / decryption unit 908.

[0351] The storage unit 907 is, for example, after a contract is established between the service provider 310 and the user, and stores the master key data K _M supplied off-line using an IC card 912 from the service provider 310.

The encryption / decryption unit 908 receives the encrypted scramble key data K _SCR and work key data K _W from the decryption unit 910 of the decryption module 905, and reads the master key data K _M read from the storage unit 907. Is used to decrypt the work key data K _W. Then, the encryption / decryption unit 908 decrypts the scramble key data K _SCR using the decrypted work key data K _W and outputs the decrypted scramble key data K _SCR to the decryption unit 910. In addition, the encryption / decryption unit 908 transmits the communication module 162 to the service provider 31 via a telephone line or the like.
The user preference filter data 900 received from 0 is decrypted using the session key data K _SES from the mutual authentication unit 906 and output to the secure container selection unit 911 of the decryption module 905. Also, the encryption / decryption unit 908
Is the S input from the SP purchase history data generation unit 909.
The P purchase history data 309 is decrypted using the session key data K _SES from the mutual authentication unit 906 and transmitted to the service provider 310 via the communication module 162.

[0353] For SP purchase log data generation unit 909, usage control from the operation signal S165 or SAM 305 _1, in accordance with the purchase operation of the content data C by the user by using the purchase and usage form determination operation unit 165 shown in FIG. 91 Based on the data 166, SP purchase history data 309 indicating the purchase history of the content data C unique to the service provider 310 is generated, and this is encrypted / decrypted by the encryption / decryption unit 908.
Output to The SP purchase history data 309 is, for example,
The service provider 310 includes information that the service provider 310 wants to collect from the user regarding the distribution service, a monthly basic fee (network rent), contract (update) information, purchase history information, and the like.

When the service provider 310 has a billing function, the CA module 311 communicates with the billing database, customer management database, and marketing information database of the service provider 310. In this case, the CA module 311 transmits billing data for the content data distribution service to the service provider 310.

The decryption module 905 has a decryption section 910 and a secure container selection section 911. Decoding unit 9
Reference numeral 10 denotes an encrypted secure container 304 and a scramble key data K from the communication module 162, respectively.
To enter the _SCR and the work key data K _W. Then, the decryption unit 910 outputs the encrypted scramble key data K
CA module 311 transfers _SCR and work key data K _W
Is output to the encryption / decryption unit 908 of the
8 and inputs the decrypted scramble key data K _SCR . Then, the decryption unit 910 decrypts the encrypted secure container 304 using the scramble key data K _SCR and outputs the decrypted secure container 304 to the secure container selection unit 911.

[0356] Note that the secure container 304
When transmitted from the service provider 310 by the Transport Stream method, for example, the
The scramble key data K _SCR is extracted from the ECM (Entitlement Control Message) in the acket, and the EMM (Entitl
Work key data K _W is extracted from the ement management message). The ECM also contains, for example, program attribute information for each channel. Also, EMM
In addition, it includes individual trial contract information that differs for each user (viewer).

[0357] The secure container selection unit 911 performs a filtering process on the secure container 304 input from the decryption unit 910 using the user preference filter data 900 input from the CA module 311 to generate a secure container 304 according to the user's preference. Select SAM30
5 Output to ₁ .

[0358] Next, a description will be given SAM305 _1.
It should be noted that the SAM 3051 performs the _first process described above with reference to FIGS. and a SAM 105 ₁ and essentially perform functions and structure of the embodiment. are doing. SAM30
5 _{1-305 4} is a module that performs accounting processing units of content, and communicates with the EMD service center 302.

The configuration shown in FIG. 62 is also applicable to devices in user home network 303.
Also, S for rights processing described with reference to FIGS.
AM, Media SAM133, SAM for AV compression / decompression
163 and the media drive SAM 260
The present invention is also applied to various SAMs used in devices in the user home network 303. In addition, SAM305 ₂ ~
305 _4, SAM 305 ₁ basically have the same function

[0360] The following is a detailed description of the function of SAM305 _1. Figure 93 is a block diagram of the function of SAM 305 _1. FIG. 93 shows the service provider 310
2 shows a flow of data related to a process when the secure container 304 is input from the. As shown in FIG. 93, the SAM 305 ₁ includes a mutual authentication unit 170, encryption / decryption units 171, 172, 173, a download memory management unit 182, an AV compression / decompression SAM management unit 184,
D service center management unit 185, usage monitoring unit 186, S
It has an AM management unit 190, a storage unit 192, a media SAM management unit 197, a work memory 200, a service provider management unit 580, a billing processing unit 587, a signature processing unit 589, and an external memory management unit 811. The predetermined function of the SAM 305 ₁ shown in FIG. 93, as in the case of SAM 105 _1, it is realized by executing a secret program in CPU. In FIG. 93, functional blocks denoted by the same reference numerals as in FIG. 23 and the like are the same as the functional blocks denoted by the same reference numerals described in the first embodiment. Here, the content provider management unit 180 and the download memory management unit 182 correspond to the input processing unit of the present invention, and the charging processing unit 587 corresponds to the determination unit, the history data generation unit, and the usage control data generation unit of the present invention. The encryption / decryption unit 172 corresponds to the decryption unit of the present invention, and the usage monitoring unit 1
Reference numeral 86 corresponds to the use control means of the present invention. Further, the encryption / decryption unit 173 corresponds to the encryption unit of the present invention. Further, for example, a media drive SAM management unit 855 shown in FIG. 91 described below corresponds to the recording control unit of the present invention. Further, the signature processing unit 189 corresponds to the signature processing unit of the present invention.

Further, the use history data 308 and the SAM registration list are stored in the external memory 201 shown in FIG. 91 through the processing described in the first embodiment and the processing described later. Also, as shown in FIG. 94, the work memory 200 includes the content key data Kc, the right certificate data (UCP) 106, and the lock key data K in the storage unit 192.
_LOC , public key certificate data CER _{CP of} the content provider 301, public key certificate data CER _{SP of the} service provider 310, usage control data (UCS) 366, S
AM program download container SDC _{1 to} S
DC ₃ and price tag data 312 are stored.

[0362] Hereinafter, among the SAM 305 ₁ of the functional blocks newly described functional blocks denoted by reference numerals in FIG. 93. The signature processing section 589 reads the public key data K _{ESC, P of} the EMD service center 302 read from the storage section 192 or the working memory 200 _, the public key data K _{cp, p of the} content provider 301, and the public key data K of the service provider 310. The signature data in the secure container 304 is verified using _{SP and P.}

As shown in FIG. 95, the billing processing unit 587 converts the operation signal S 165 from the purchase / use form determination operation unit 165 shown in FIG. 91 and the price tag data 312 read from the work memory 200 into Based on this, a charging process is performed in accordance with the content purchase / use mode by the user. Incidentally, price tag data 312, when the user determines the purchase form etc. of the content data, via the predetermined output means is output to the SAM 305 ₁ of the external, in order to display such a sales price of the content data to the user Used. The charge processing by the charge processing unit 587 is performed based on the rights contents such as the license conditions indicated by the rights document data 106 and the use control data 166 under the monitoring of the use monitoring unit 186. That is, the user can purchase and use the content within a range according to the content of the right or the like.

[0364] In the billing process, the billing processing unit 587 generates the usage history data 308 and writes it into the external memory 201 via the external memory management unit 811.
Here, the usage history data 308 is, like the usage history data 108 of the first embodiment, the EMD service center 30.
2 is used in determining payment of a license fee associated with the secure container 304.

[0365] The billing processing section 587 also operates the operation signal S1.
65, a usage control state (UCS: Usage Control Sta
tus) data 166, which is stored in the working memory 200.
Write to. As a content purchase form, for example,
There are purchase-out without imposing restrictions on reproduction by the purchaser and duplication for use by the purchaser, and reproduction charging for charging each reproduction. Here, the usage control data 166 is
Generated when the user decides on the purchase form of the content, and thereafter used to control the user to use the content within the range permitted by the decided purchase form. The usage control data 166 describes the content ID, purchase type, purchase price, SAM_ID of the SAM for which the content was purchased, USER_ID of the user who purchased the content, and the like.

[0366] Incidentally, if the purchase mode determined is the reproduction charge, for example, transmitted from the SAM 305 ₁ of the usage control data 166 in real time to the service provider 310, the service provider 310 to the EMD service center 302, use history The data 308 is transferred to the SAM 105 ₁
Tell them to go get it. In the case where the determined purchase mode is purchase out, for example, the usage control data 166 is transmitted to the service provider 310 and the EMD service center 302 in real time.

[0367] In SAM 305 _1, as shown in FIG. 93, E via the EMD service center management unit 185
The user preference filter data 903 received from the MD service center 302 is stored in the service provider management unit 580.
Is output to Then, the service provider management unit 58
0, among the secure containers 304 input from the decryption module 905 shown in FIG. 91, the secure container 304 that is filtered based on the user preference filter data 903 and is selected according to the user preference is selected.
The selected secure container 304 is output to the download memory management unit 182. Thereby, the SAM
In _3051, as for all the service providers 310 to the SAM 305 ₁ of the user has subscribed, selection processing of the content data C based on the preference of the user obtained from the purchase situation of the content data C by the user Will be possible.

[0368] Hereinafter, the flow of processing in SAM305 within _1. <Process at the time of receiving license key data> The license key data KD ₁ to KD ₁ received from the EMD service center 302
Process flow in SAM305 within ₁ when storing the KD ₃ to the storage unit 192 are the same as those of the SAM 105 ₁ of the first embodiment described above with reference to FIG. 28.

[0369] <processing when inputting the secure container 304 from the service provider 310> Next, referring to FIG. 96 the flow of processing in SAM305 within ₁ when inputting the secure container 304 from the service provider 310 . In the following example, the SAM10
In 5 _1, it illustrates the case where the verification of the various signature data when entering the secure container 104, without verification of the signature data upon input of the secure container 104 and determines the purchase and usage modes At this time, the signature data may be verified. Step S96-1: performs mutual authentication with the SAM 305 ₁ of the mutual authentication unit 170 and the service provider 310 shown in FIG. 93. Step S96-2: SAM305 ₁ of the mutual authentication section 17
0 and media SAM 167 in download memory 167
Mutual authentication is performed with a.

Step S96-3: The secure container 304 received from the service provider 310 is written in the download memory 167. At this time, step S
Using the session key data obtained in 96-2, encryption of the secure container 304 in the mutual authentication unit 170 and decryption of the secure container 304 in the media SAM 167a are performed. Step S96-4: SAM305 ₁ is step S9
The secure container 304 is decrypted using the session key data obtained in 6-1.

Step S96-5: Signature Processing Unit 589
After verifying the signature data SIG _{61 and ESC} shown in FIG. 87 (D), the public key data K _SP of the service provider 310 stored in the public key certificate data CER _SP shown in FIG. 87 (D) _{, P} , the signature data SI
_{G 62, SP, SIG 63,} SP, verifies the validity of the SIG _{64, SP.} At this time, when the signature data SIG62 _{, SP} is verified to be valid, the validity of the sender of the content file CF is confirmed. When the signature data SIG63 _{, SP} is verified to be valid, the validity of the sender of the key file KF is confirmed. When the signature data SIG64 _{, SP} is verified to be valid, the price tag data 312
The creator and sender of the are verified.

Step S96-6: signature processing section 589
After verifying the signature data SIG1 _{, ESC} shown in FIG. 87D, the content provider 301 stored in the public key certificate data CER _CP shown in FIG.
Using the public key data K _{CP, P} of
Verify the validity of G _{6, CP} and SIG _{7, CP} . At this time, when the signature data SIG6 _{, CP} is verified to be valid,
The validity of the creator and sender of the content file CF is confirmed. When the signature data SIG7 _{, CP} is verified to be valid, the validity of the sender of the key file KF is confirmed.

Step S96-7: Signature processing unit 589
Is the public key data K _{ESC, P} read from the storage unit 192.
_87B, the validity of the signature data SIG _{K1, ESC} in the key file KF shown in FIG. 87B, that is, the validity of the creator of the key file KF and the
It verifies whether or not it is registered in the service center 102.

Step S96-8: Encryption / Decryption Unit 17
87 using the license key data KD _{1 to} KD ₃ of the corresponding period read from the storage unit 192 and FIG.
Content key data Kc in the key file KF shown in FIG.
The right certificate data 106 and the SAM program download containers SDC _{1 to} SDC ₃ are decrypted, and these are written in the working memory 200.

[0375] purchase mode determination processing of the secure container downloaded <purchase mode determination processing of the secure container downloaded> is basically in the first embodiment, is the same as that of the SAM 105 ₁ mentioned above with reference to FIG. 31 . By the purchase mode determination processing, FIG.
The key file KF ₁ shown in FIG.
00 and the download memory 167 via the download memory management unit 182.

<Reproduction Process of Content Data> The reproduction process of the content data C stored in the download memory 167 whose purchase mode has already been determined is basically described in the first embodiment with reference to FIG. SAM1
05 ₁ is the same as the process.

<Usage Control Data of One Device (USC) 1
Processing when repurchasing with another device using the network device 66> First, as shown in FIG.
The purchase form of the downloaded content file CF to 60 ₁ of the download memory 167 after determining as described above, generates a new secure container 304x storing the content file CF, the bus 191
Through, the flow of processing in SAM105 within ₁ to transferring the secure container 304x in the SAM 305 ₂ of the AV apparatus 360 ₂ with reference to FIGS. 98 and FIG. 99 will be described.

FIG. 99 is a flowchart of the process. Given that the processing shown in FIG. 99, the purchase processing described above, the work memory 200 of the SAM 305 ₁ key file KF ₁ and the hash value H _K1 shown in FIG. 100 (C) is stored. Step S99-1: The user operates the purchase / usage mode determination operation unit 165 as shown in FIGS.
Instruct ₂ to transfer. The accounting unit 587 updates the usage history data 308 stored in the external memory 201 based on the operation signal S165.

[0379] Step S99-2: SAM305 ₁ is,
The SAM registration list described above in the first embodiment to verify, when the SAM 305 ₂ of the destination of the secure container to verify whether the SAM that are regularly registered, and determined to be regularly registered The processing after step S96-3 is performed. The SAM 105 ₁ also verifies whether the SAM 105 ₂ is a SAM in the home network.

Step S99-3: Mutual authentication section 170
Shares the session key data K _SES obtained by performing mutual authentication with the SAM 305 _2.

Step S99-4: SAM Management Unit 190
The content file CF and signature data SIG _{6, CP} , shown in FIG.
SIG62 _{, SP} is read, and the SAM 105 for this is read.
Signature data SIG using _one secret key data K _{SAM1
41, Let the} signature processing unit 189 create _SAM1 .

Step S99-5: SAM management section 190
The key file KF and the signature data SIG7 _{, CP} , SIG shown in FIG.
_63, reads the _SP, which is created in the signature processor 589 and the signature data SIG _{42, SAM1} by using the secret key data K _SAM1 of SAM 305 ₁ of the.

Step S99-6: SAM management section 190
Creates the secure container 304x shown in FIG. Step S99-7: In the encryption / decryption unit 171,
Using the session key data K _SES obtained in step S96-3, the secure container 304x shown in FIG. 100 is encrypted.

Step S99-8: SAM Management Unit 190
Outputs the secure container 304x in the SAM 305 ₂ of the AV apparatus 360 ₂ shown in FIG. 97. At this time, SA
M305 ₁ in parallel with the mutual authentication between the SAM 305 _2, mutual authentication of the bus 191 is a IEEE1394 serial bus is carried out.

[0385] Hereinafter, as shown in FIG.
Secure container 304 shown in Fig. 100 input from ₁
The x, the flow of processing in SAM305 within ₂ for writing on the recording medium 180 130 ₄ such as a RAM type 10
This will be described with reference to FIGS. FIG.
02 and FIG. 103 are flowcharts showing the processing. Here, the RAM type recording medium 130 ₄ is, for example, an insecure RAM area 134, a medium SAM.
133 and a secure RAM area 132.

Step S102-1: SAM 305
_2, verifies the SAM registration list, SAM305 ₁ of the transfer source of the secure container has been registered in the regular SAM
Is verified, and if it is determined that the information is registered properly, the processing after step S99-2 is performed. Also,
SAM 305 ₂ is, SAM 305 ₁ performs also verified whether a SAM in the home network.

[0387] Step S102-2: a process corresponding to the step S99-3 described above, SAM 305 ₂ is
Sharing the session key data K _SES obtained by performing mutual authentication with the SAM 305 _1. Step S102-3: SAM305 ₂ of the SAM management unit 190, as shown in FIG. 97, the network device 36
From 0 to ₁ SAM305 ₁ to enter a secure container 304x. Step S102-4: The encryption / decryption unit 171 decrypts the secure container 304x input via the SAM management unit 190 using the session key data K _SES shared in step S99-2.

Step S102-5: Secure container 304x decrypted using session key data K _SES
97, the content file CF is stored in the media drive SAM 260 shown in FIG.
e), sector header addition processing, scramble processing, E
After CC encoding processing, modulation processing and synchronization processing,
It is recorded in the RAM area 134 of the recording medium 130 ₄ of RAM type.

Step S102-6: Secure container 304x decrypted using session key data K _SES
Data SIG _{6, CP} , SIG _{62, SP} , SIG
_{41, SAM1} , key file KF and its signature data S
_{IG 7, CP ,, SIG 63,} SP, and SIG _{42, SAM1,} the key file KF ₁ and the hash value H _K1, and the public key signature data CER _SP and the signature data SIG _{61, ESC,}
Public key signature data CER _CP and its signature data SIG
_{1, ESC} , the public key signature data CER _SAM1 and its signature data _{SIG22 , ESC} are written to the working memory 200.

Step S102-7: Signature processing unit 589
In, the signature data SIG _{61, ESC} , SIG _{1, ESC} , SIG _{22, ESC} read from the working memory 200 are verified using the public key data K _{ESC, P} read from the storage unit 192, and the public key Certificate data CER _SP , CER _CP ,
The validity of CER _SAM1 is confirmed. The signature processing unit 589 uses the public key data K _{CP, P} stored in the public key certificate data CER _CP to generate the signature data SIG.
_6. The validity of _{the CP} is verified, and the validity of the creator of the content file CF is confirmed. The signature processing unit 589 verifies the validity of the signature data SIG _{62, CP} using the public key data K _{SP, P} stored in the public key certificate data CER _SP, and verifies the validity of the sender of the content file CF. Is confirmed. In the signature processing unit 189, the public key data K stored in the public key certificate data CER _SAM1 is stored.
The validity of the signature data _{SIG41, SAM1} is verified using _{SAM1, P,} and the validity of the sender of the content file CF is confirmed.

Step S102-8: Signature Processing Unit 589
In the public key certificate data CER _CP , CER _SP , C
Public key data K _{CP, P} , K _{SP, P} , K stored in ER _SAM1
The signature data SIG7 _{, CP} , SIG63 _{, SP , SIG42, SAM1} stored in the working memory 200 using _{SAM1, P.}
Verify the validity of Then, the signature data SIG _{7, CP} , S
When the IG _{63, SP} , SIG _{42, and SAM1} are verified to be valid, the validity of the sender of the key file KF is confirmed.

Step S102-9: Signature processing unit 589
, The public key data K read from the storage unit 192
_{Using ESC, P} , the signature data SIG _K1, stored in the key file KF in FIG. _100B is verified.
When the signature data SIG _{K1 and ESC} are verified to be valid, the validity of the creator of the key file KF is confirmed.

Step S102-10: Signature processing unit 18
9 verifies the validity of the hash value H _K1 and confirms the validity of the creator and the sender of the key file KF ₁ . Incidentally, in this example, the creator of the key file KF ₁ and the transmission source is described where the same, if the author key file KF ₁ and the source are different, created for the key file KF ₁ The signature data of the sender, the sender and the signature data are created, and the signature processing unit 189 verifies the validity of both signature data.

Step S102-11: Usage monitoring unit 18
6, by using the usage control data 166 stored in the key file KF ₁ which has been decrypted in step S99-10, control the purchase and usage of the subsequent content data C.

Step S102-12: The user operates the purchase / usage mode determination operation unit 165 to determine the purchase mode, and outputs an operation signal S165 corresponding to the operation to the accounting processing unit 587. Step S102-13: The charging processing unit 587 updates the usage history data 308 stored in the external memory 201 based on the operation signal S165. Further, each time the purchase mode of the content data is determined, the charging processing unit 587 updates the usage control data 166 according to the determined purchase mode.

[0396] Step S102-14: The encryption / decryption unit 173 uses the recording key data K _STR , the media key data K _MED and the purchaser key data K _PIN read out from the storage unit 192 in this order, and uses this in order. Is encrypted and output to the media drive SAM management unit 855. Step S102-15: media drive SAM management unit 855, the key file KF ₁ which stores a new usage control data 166, sectorized processing, addition processing of the sector header, scrambling, ECC encoding, modulation processing and synchronization processing through the records in the secure RAM region 132 of the recording medium 130 ₄ of RAM type. Step S102-16: The key file KF is read from the working memory 200, and the media drive SAM
Via the management unit 855 and written into the secure RAM region 132 of the recording medium 130 ₄ of RAM type by the media drab SAM260 shown in FIG. 97.

[0397] Incidentally, the purchase mode determination processing of the content data of the ROM type storage medium in the SAM 305 _1, RO
The processing for writing to the RAM type recording medium after determining the purchase mode of the content data of the M type recording medium is performed by verifying the signature data SIG _SP attached by the service provider 310 using the secret key data K _{SP, P.} except for performing the processing is the same as the processing in the SAM 105 ₁ of the first embodiment described above. Also, the method of realizing the SAM 305 _{1 is} the same as that of the SAM 105 described in the first embodiment.
It is the same as the realization method of ₁ . The configuration shown in FIG. 62 described in the first embodiment is similarly applied to a device used for the user home network 303. In this case, the SAM 305 ₁ , the AV compression / decompression S
As the circuit modules of the AM 163, the media drive SAM 260, and the media SAM 133, the configurations described with reference to FIGS. 63 to 82 are similarly applied. Also,
The secure function described with reference to FIGS. 57 to 61 is similarly applied to the EMD system 300 except that the content provider 101 is replaced with the service provider 310.

[0398] Hereinafter, the connection form of various devices in the user home network 303 will be described again. FIG.
FIG. 4 is a diagram for explaining an example of a device connection mode in the user home network 303. here,
As shown in FIG. 104, the user home network 30
3, network devices 360 ₁ , AV devices 360 ₂ ,
The case where 360 ₃ is connected via the IEEE 1394 serial bus 191 will be described. Network device 3
60 ₁ has an external memory 201, SAM 305 _1, CA module 311, for AV compression and decompression SAM163 and download memory 167. CA module 3
Reference numeral 11 communicates with the service provider 310 via a network such as a public line. Also, SAM305
₁ communicates with the EMD service center 302 via a network such as a public line. As the download memory 167, a memory stick including the media SAM 167a, an HDD, or the like is used. The download memory 167 contains the service provider 310
Is stored. Each device has a plurality of built-in AV compression / decompression SAMs 163 corresponding to various compression / decompression methods such as ATRAC3 and MPEG. SAM30
5 _1, IC card 11 of the contact type or non-contact method
41 can be communicated with. IC card 114
1 stores various data such as a user ID,
SAM 305 ₁ is used in a case of performing user authentication at.

[0399] The AV device 360 ₂ is, for example, a storage device. After a predetermined process between the SAMs 305 ₁ and 305 ₂ , the secure container input from the network device 360 ₁ via the IEEE 1394 serial bus 191 is recorded on the recording medium. Record at 130. AV equipment 3
60 ₃ Similarly, for example, a storage device, SA
Through a predetermined process between the M305 ₂ and 305 _3, IE
AV equipment 36 via EE1394 serial bus 191
The secure container input from the 0 ₂ is recorded on the recording medium 130.

In the example shown in FIG. 104, the recording medium 1
Although the case where the media SAM 133 is mounted on the SAM 30 has been illustrated, for example, the media SAM 1 of the recording medium 130 may be used.
When the device 33 is not mounted, as shown by the dotted line in FIG.
SAM 305 _2, 305 ₃ and authentication between is performed.

Next, the EMD system 300 shown in FIG.
Will be described. FIG. 105 and FIG. 106
5 is a flowchart of the overall operation of the EMD system 300. Here, a case where the secure container 304 is transmitted from the service provider 310 to the user home network 303 online will be described as an example. Incidentally, as a premise of processing described below, the registration of the content provider 301, service provider 310 and SAM 305 ₁ to 305 ₄ to the EMD service center 302 is assumed to be already finished.

Step S21: EMD service center 3
02 is the public key data K of the content provider 301
The public key certificate CER _CP of _{CP, P} is transferred to its own signature data SI.
G1 _{, ESC} and transmitted to the content provider 301. Further, the EMD service center 302 transmits the public key certificate CER _SP of the public key data K _{SP, P} of the content provider 301 to the service provider 310 together with its own signature data SIG _{61, ESC} . Further, EMD service center 302, each expiration sends the license key data KD ₁ ～KD ₃ of 3 months of one month to SAM 305 ₁ to 305 ₄ of the user home network 303.

Step S22: Content Provider 3
01, after performing the mutual authentication, the right certificate data 106 and the content key data Kc are transferred to the EMD service center 3.
Register to 02 and authorize. Further, the EMD service center 302 creates a key file KF for six months shown in FIG. 3B and transmits this to the content provider 301.

Step S23: Content Provider 3
01 creates the content file CF and its signature data SIG6 _{, CP} and the key file KF and its signature data SIG7 _{, CP} shown in FIGS. The secure container 104 that stores the public key certificate data CER _cp and its signature data SIG _{1 and ESC shown in (1)} is provided to the service provider 310 online and / or offline.

Step S24: Service Provider 31
0 uses the public key data K _{CP, P} stored in the public key certificate data CER _CP after verifying the signature data SIG _{1, ESC} shown in FIG. signature data SIG _{6, CP} and SIG ₇ shown in _B), verifies the _CP, the secure container 104 is legitimate content provider 3
Check whether the data is transmitted from 01.

Step S25: Service Provider 31
0 creates the price tag data 312 and its signature data SIG64 _{, SP,} and creates the secure container 304 shown in FIG.

[0407] Step S26: service provider 31
0 authorizes the price tag data 312 by registering it in the EMD service center 302.

[0408] Step S27: service provider 31
0 is the CA of the user home network 303, for example.
In response to a request from the module 311, step S25
The secure container 304 created in step 3 is online or offline, and the network device 36 shown in FIG.
0 transmits to the _first decoding module 905.

Step S28: CA module 311
Creates SP purchase history data 309 and transmits it to the service provider 310 at a predetermined timing.

Step S29: SAM 305 _{1 to} SAM 305
In any of the _4, after verifying the signature data SIG _{61, ESC} shown in FIG. 87 (D), the public key certificate data CE
Using the public key data K _{SP, P} stored in R _SP , FIG.
Signature data SI shown in (A), (B) and (C)
_{G 62, SP, SIG 63,} SP, verifies the SIG _{64, SP,} predetermined data in the secure container 304 to confirm whether it is created and transmitted in a legitimate service provider 310.

Step S30: SAM 305 _{1 to} SAM 305
In any of the _4, after verifying the signature data SIG 1, _ESC shown in FIG. 87 (D), the public key certificate data CE
Using the public key data K _{CP, P} stored in R _CP , FIG.
(A), (B), signature data SIG6 _{, SP} shown in (C),
SIG7 _{, SP} is verified, and the content file CF in the secure container 304 is a valid content provider 3
01 and whether or not the key file KF has been transmitted from the legitimate content provider 301. Further, in any of the SAM 305 ₁ to 305 _4, the public key data K _ESC, with reference to _P, FIG. 87
Signature data SIG in key file KF shown in (B)
By verifying the validity of _{K1, ESC} , it is confirmed whether or not the key file KF has been created by a valid EMD service center 302.

[0412] Step S31: The user purchases the
By operating the use mode determination operation unit 165, the purchase / use mode of the content is determined.

[0413] Step S32: The SAM 305 is generated based on the operation signal S165 generated in step S31.
In _{1-305 4,} use history (the Usage Log) data 308 of the secure container 304 is produced. SAM3
05 _{1-305 4} to the EMD service center 302,
Usage history data 308 and its signature data SIG
_{205, SAM1} is transmitted. Moreover, in real time whenever the purchase form is determined, EM from SAM 305 ₁ to 305 ₄
The usage control status data 166 is transmitted to the D service center 302.

Step S33: EMD service center 3
02 determines (calculates) the billing content for each of the content provider 301 and the service provider 310 based on the usage history data 308, and creates the settlement claim data 152c and 152s based on the result.

Step S34: EMD Service Center 3
02 transmits the settlement claim right data 152c and 152s together with its signature data to the settlement institution 91 via the payment gateway 90, whereby the money paid by the user of the user home network 303 to the settlement institution 91 becomes the content. It is distributed to the owners of the provider 301 and the service provider 310.

As described above, the EMD system 30
0, secure container 1 in the format shown in FIG.
04 is distributed from the content provider 301 to the service provider 310, and the secure container 304 storing the content file CF and the key file KF in the secure container 104 as they are is distributed from the service provider 310 to the user home network 303,
SAM305 _1-3
05 Performed within ₄ . Further, the content key data Kc and the rights certificate data 106 stored in the key file KF are:
It is encrypted with the distribution key data KD ₁ ~KD _3, SAM holding the distribution key data KD ₁ ~KD ₃
305 is only decoded by _1-305 within _4. And SA
In M305 ₁ to 305 _4, a module having tamper resistance, based on the handling content of the written content data C in the usage control policy data 106, the purchase mode and the usage mode of the content data C are determined.

Therefore, according to the EMD system 300,
The purchase and use of the content data C in the user home network 303 is determined by the service provider 310.
Irrespective of the processing in the content provider 30
This can be reliably performed based on the contents of the license document data 106 created by one related person. That is, according to the EMD system 300, the license card data 106 can be prevented from being managed by the service provider 310. Therefore, according to the EMD system 300, even when the content data C is distributed to the user home network 303 via the plurality of service providers 310 of different series, the right processing for the content data C in the SAM of the user home network 303 is performed. To the common rights document data 1 created by the content provider 301.
06.

[0418] In the EMD system 300, for each file and data in the secure containers 104 and 304, signature data indicating the legitimacy of their creator and sender is stored. in _{1-305 4,} their creator and the sender of validity, and the like whether they are not tampered be confirmed. As a result, unauthorized use of the content data C can be effectively avoided.

In the EMD system 300, the service provider 310 sends the user home network 30
The distribution of the content data C to the SAM 305 is performed by using the secure container 304 in both the online and offline cases.
It can be shared rights processing of the content data C in ₁ to 305 _4.

In the EMD system 300, the network device 360 in the user home network 303
_When purchasing, using, recording, and transferring the content data C in the ₁ and the AV devices 360 _{2 to} 360 ₄ , a common right processing rule can be adopted by always performing processing based on the right data 106. For example, as shown in FIG. 107, the content data C provided by the content provider 301 is transferred from the service provider 310 to the user home network 303 by any of package distribution, digital broadcasting, the Internet, a dedicated line, digital radio, and mobile communication. Even in the case of distribution (distribution) by the method (route), the user home network 30
In the SAM 3,303a, a common rights processing rule is adopted based on the rights document data 106 created by the contents provider 301.

According to the EMD system 300, E
Since the MD service center 302 has an authentication function, a key data management function, and a right processing (profit) function,
The amount paid by the user with the use of the content is reliably distributed to the owners of the content provider 301 and the EMD service center 302 according to a predetermined ratio. Further, according to the EMD system 300, the usage control policy data 106 for the same content file CF same content provider 301 is supplied, independently of the service type of the service provider 310 is supplied as it is to the SAM 305 ₁ to 305 _4. Accordingly, the SAM 305 ₁ to 305 _4, based on the usage control policy data 106, the intention as a content provider 301, it is possible to perform use of the content file CF. That is, according to the EMD system 300,
When the service using the content and the use of the content by the user are performed, the auditing organization 72 is operated in a conventional manner.
5, without relying on technical means, the rights and interests of the owner of the content provider 301 can be reliably protected.

[0422] A delivery protocol for a secure container or the like employed in the EMD system 300 of the second embodiment will be described below. As shown in FIG. 108, the secure container 104 created by the content provider 301 uses the service provider 3 using a content provider delivery protocol such as the Internet (TCP / IP) or a dedicated line (ATM Cell).
10 is provided. Also, the service provider 310
Is a service provider, such as a digital broadcast (XML / SMIL on MPEG-TS), the Internet (XML / SMIL on TCP / IP), or a package distribution (recording medium). Is distributed to the user home network 303 by using the delivery protocol for communication. Also,
Within the user home networks 303 and 303a, or between the user home networks 303 and 303a, between the SMAs, a secure container is provided by a home EC (Electric Commerce) / delivery service (XML / SMIL on the 1394 serial bus interface). )
Or using a recording medium.

[0423] The present invention is not limited to the above embodiments. For example, in the above-described embodiment, the case where the key file KF is created in the EMD service centers 102 and 302 has been described as an example.
At 301, a key file KF may be created.

[0424]

As described above, according to the data processing apparatus of the present invention, it is possible to determine the purchase mode of the content data and the like based on the right data indicating the handling of the content data. As a result, if the person in charge of the provision of the content data creates the rights certificate data, it is possible to appropriately protect the profits related to the content data,
The burden of auditing by the concerned parties can be reduced.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of an EMD system according to a first embodiment of the present invention.

FIG. 2 is a diagram for explaining the concept of a secure container according to the present invention.

FIG. 3 is a diagram for explaining a format of a secure container transmitted from the content provider shown in FIG. 1 to the SAM.

FIG. 4 is a diagram for explaining in detail data included in the content file shown in FIG. 3;

FIG. 5 is a diagram for explaining in detail data included in the key file shown in FIG. 3;

FIG. 6 is a diagram illustrating content providers and Es shown in FIG. 1;
FIG. 4 is a diagram for explaining registration and transfer of a key file performed with an MD service center.

FIG. 7 is a diagram for explaining header data stored in a content file.

FIG. 8 is a diagram for explaining a content ID;

FIG. 9 is a diagram for explaining a directory structure of a secure container.

FIG. 10 is a diagram for explaining a hyperlink structure of a secure container.

FIG. 11 is a diagram for describing a first example of a ROM-type recording medium used in the present embodiment.

FIG. 12 is a diagram for explaining a second example of the ROM-type recording medium used in the present embodiment.

FIG. 13 is a diagram for describing a third example of the ROM-type recording medium used in the present embodiment.

FIG. 14 is a diagram for describing a first example of a RAM-type recording medium used in the present embodiment.

FIG. 15 is a diagram for explaining a second example of a RAM-type recording medium used in the present embodiment.

FIG. 16 is a diagram for explaining a third example of a RAM-type recording medium used in the present embodiment.

FIG. 17 is a flowchart of a secure container creation process performed by the content provider;

FIG. 18 is a flowchart of a secure container creation process performed by the content provider;

FIG. 19 is a flowchart of a secure container creation process performed by the content provider;

FIG. 20 is a diagram showing functions of the EMD service center shown in FIG. 1;

FIG. 21 is a diagram for explaining the usage history data shown in FIG. 1;

FIG. 22 is a configuration diagram of a network device in the user home network shown in FIG. 1;

FIG. 23 is a functional block diagram of a SAM in the user home network shown in FIG. 1, and shows a data flow until a secure container received from a content provider is decrypted.

FIG. 24 is a diagram for explaining data stored in the external memory shown in FIG. 22;

FIG. 25 is a diagram for explaining data stored in a work memory;

FIG. 26 is another configuration diagram of the network device in the user home network shown in FIG. 1;

FIG. 27 is a diagram for explaining data stored in a storage unit illustrated in FIG. 23;

FIG. 28 is a flowchart illustrating a SAM process when receiving license key data from an EMD service center;

FIG. 29 is a flowchart illustrating SAM processing when a secure container is input.

FIG. 30 is a functional block diagram of the SAM in the user home network shown in FIG. 1, and is a diagram showing a flow of data related to a process of using / purchasing content data.

FIG. 31 is a flowchart illustrating SAM processing when determining a purchase mode of content data.

FIG. 32 is a diagram for explaining a secure container whose purchase mode has been determined;

FIG. 33 is a flowchart showing SAM processing when reproducing content data.

FIG. 34 is a diagram illustrating an example of a case where a content file downloaded in a download memory of the network device shown in FIG.
Is a diagram for explaining a case in which the AV device is re-purchased in the AV device.

FIG. 35 is a diagram showing a flow of data in the transfer source SAM in the case shown in FIG. 34;

FIG. 36 is a flowchart showing a process shown in FIG. 34;

FIG. 37 is a diagram for explaining the format of the secure container transferred in FIG. 34;

FIG. 38 is a diagram illustrating a RAM or ROM type recording medium (media) in the transfer destination SAM in the case shown in FIG. 34;
FIG. 6 is a diagram showing a data flow when writing data to a memory.

FIG. 39 is a flowchart showing the process of the SAM at the transfer destination in the case shown in FIG. 34;

FIG. 40 is a flowchart showing the processing of the SAM at the transfer destination in the case shown in FIG. 34;

FIG. 41 is a diagram for explaining various purchase modes in a SAM in the user home network shown in FIG. 1;

FIG. 42 illustrates a case in which the purchase form is determined in the AV device when the user home network distributes the ROM-type recording medium illustrated in FIG. 11 in which the purchase form of the content has not been determined. FIG.

FIG. 43 is a diagram showing a data flow in the SAM of the AV device in the case shown in FIG. 42;

FIG. 44 is a diagram showing a SAM in the case shown in FIG. 42;
It is a flowchart of a process of.

FIG. 45 shows A in the user home network.
FIG. 11 is a diagram for explaining a flow of processing when a secure container is read from a ROM-type recording medium for which the purchase mode has not been determined in the V-device, transferred to another AV device, and written to a RAM-type recording medium. is there.

FIG. 46 is a diagram showing a data flow in the transfer source SAM in the case shown in FIG. 45;

FIG. 47 is a diagram showing a SAM of the transfer source in FIG.
FIG. 8 is a diagram for describing a format of a secure container transferred from a SAM to a transfer destination SAM.

FIG. 48 is a diagram showing a flowchart of processing of the SAM of the transfer source and the transfer destination in the case of FIG. 45;

FIG. 49 is a diagram showing a flowchart of the processing of the SAM of the transfer source and the transfer destination in the case of FIG. 45;

FIG. 50 is a diagram showing a flow of data in the transfer destination SAM in the case shown in FIG. 45;

FIG. 51 is a view for explaining a format of data transmitted and received between the content provider, the EMD service center, and the SAM according to the in-band method and the out-of-band method shown in FIG. 1; It is.

FIG. 52 is an exemplary view for explaining the format of data transmitted and received between the content provider, the EMD service center, and the SAM according to the in-band method and the out-of-band method shown in FIG. 1; It is.

[Fig. 53] Fig. 53 is a diagram for describing an example of a form of connection of a device to a bus in a user home network.

FIG. 54 is a diagram for explaining a data format of a SAM registration list created by a SAM;

FIG. 55 is a view for explaining the format of a public key certificate revocation list created by the EMD service center;

FIG. 56 is a diagram for explaining a data format of a SAM registration list created by an EMD service center;

FIG. 57 is a diagram for explaining a security function of the SAM.

[FIG. 58] FIG. 58 is a diagram illustrating an operation performed when an AV device (storage device) writes content data stored in a secure container transmitted from a content provider to a network device to a recording medium (media). FIG. 3 is a diagram for explaining a security function between the two.

FIG. 59 (A) is a diagram for explaining communication performed in each layer on the transmission side and the reception side in a commonly used OSI reference model, and FIG. 59 (B).
FIG. 59 is a diagram for describing in detail a protection function at the time of communication between the content provider and the network device (SAM) shown in FIG. 58;

FIG. 60 is a diagram for explaining in detail a protection function during communication between the network device (SAM) and the AV device (SAM) shown in FIG. 58;

FIG. 61 is a diagram showing an example in which one AV device shown in FIG. 1 reproduces content data from the ROM-type recording medium shown in FIG. 11 and transmits the reproduced content data to another AV device via a bus. FIG. 15 is a diagram for describing security processing when transmitting and recording the data on the RAM type recording medium shown in FIG. 14 in the other AV device.

FIG. 62 is a diagram for explaining an example of a mounting form on various SAMs in the user home network shown in FIG. 1, for example, in a network device.

FIG. 63 is a diagram illustrating a first embodiment of a circuit module of a SAM for right processing;

FIG. 64 is a diagram for explaining an example of a hardware configuration in a SAM when the circuit module shown in FIG. 63 is used.

FIG. 65 is a diagram for explaining a second mode of the SAM circuit module for right processing.

FIG. 66 is a diagram for describing a first embodiment of a circuit module of the media SAM;

FIG. 67 is a medium S of a ROM-type recording medium.
It is a figure for explaining storage data at the time of shipment of AM.

FIG. 68 shows a medium S of a ROM type recording medium.
FIG. 7 is a diagram for explaining storage data after AM registration.

FIG. 69 shows a medium S of a RAM type recording medium.
It is a figure for explaining storage data at the time of shipment of AM.

FIG. 70 shows a medium S of a RAM type recording medium.
FIG. 7 is a diagram for explaining storage data after AM registration.

FIG. 71 is a diagram for explaining a second mode of the circuit module of the media SAM.

FIG. 72 is a diagram for explaining a third mode of the circuit module of the media SAM;

FIG. 73 is a diagram for explaining a fourth embodiment of the circuit module of the media SAM;

FIG. 74 is a diagram for explaining a fifth embodiment of the circuit module of the media SAM;

FIG. 75 is a view for explaining a sixth embodiment of the circuit module of the media SAM;

FIG. 76 is a diagram for explaining a seventh embodiment of the circuit module of the media SAM;

FIG. 77 is a diagram illustrating a first embodiment of a circuit module of the AV compression / decompression SAM.

FIG. 78 is a diagram for explaining a second embodiment of the circuit module of the AV compression / decompression SAM.

FIG. 79 is an exemplary view for explaining a first embodiment of a circuit module of the media drive SAM;

FIG. 80 is a view for explaining a second mode of the circuit module of the media drive SAM.

FIG. 81 is a view for explaining a third mode of the circuit module of the media drive SAM.

FIG. 82 is an exemplary view for explaining a fourth embodiment of the circuit module of the media drive SAM;

FIG. 83 is a flowchart of an overall operation of the EMD system shown in FIG. 1;

FIG. 84 is an exemplary view for explaining an example of a secure container delivery protocol used in the EMD system according to the first embodiment;

FIG. 85 is an overall configuration diagram of an EMD system according to a second embodiment of the present invention.

FIG. 86 is a flowchart of a secure container creation process performed by a service provider;

FIG. 87 is a view for explaining the format of a secure container transmitted from the service provider shown in FIG. 85 to the user home network.

FIG. 88 is a view for explaining a transmission form of a content file stored in the secure container shown in FIG. 87;

FIG. 89 is a view for explaining a transmission form of a key file stored in the secure container shown in FIG. 87;

FIG. 90 is a diagram showing functions of the EMD service center shown in FIG. 85.

FIG. 91 is a configuration diagram of the network device shown in FIG. 85;

FIG. 92 is a functional block diagram of the CA module shown in FIG. 91;

FIG. 93 is a functional block diagram of the SAM shown in FIG. 85, showing a flow of data from input of a secure container to decryption thereof.

FIG. 94 is a view for explaining data stored in the work memory shown in FIG. 93;

FIG. 95 is a functional block diagram of the SAM shown in FIG. 85, and is a diagram showing a data flow in a case where a purchase / use mode of content is determined.

FIG. 96 is a flowchart showing a procedure of input processing of a secure container in the SAM shown in FIG. 85;

FIG. 97 is a diagram showing an example of a content file downloaded in the download memory of the network device shown in FIG.
FIG. 4 is a diagram for explaining a case of transferring to a.

FIG. 98 is a diagram illustrating an example in which a content file whose purchase form has been determined and which has been downloaded to the download memory of the network device shown in FIG.
FIG. 8 is a diagram for explaining the flow of processing in the transfer source SAM in the case of transfer to the SAM.

FIG. 99 is a flowchart showing a process of the transfer source SAM shown in FIG. 98;

FIG. 100 is a diagram showing the format of a secure container transferred from the transfer source SAM to the transfer destination SAM in the case shown in FIG. 97;

FIG. 101 is a diagram showing a data flow in the transfer destination SAM in the case shown in FIG. 97;

FIG. 102 is a flowchart of a process of a transfer destination SAM in the case shown in FIG. 97;

FIG. 103 is a flowchart of processing of the SAM of the transfer destination in the case shown in FIG. 97;

FIG. 104 is a diagram for explaining an example of a SAM connection form in the user home network shown in FIG. 85;

FIG. 105 is a flowchart of an overall operation of the EMD system shown in FIG. 85;

FIG. 106 is a flowchart of an overall operation of the EMD system shown in FIG. 85;

FIG. 107 is a diagram showing an example of a service mode of the EMD system shown in FIG. 85;

FIG. 108 is a diagram for explaining a secure container delivery protocol adopted in the EMD system shown in FIG. 85;

FIG. 109 is a configuration diagram of a conventional EMD system.

[Explanation of symbols]

90: payment gateway, 91: settlement institution, 92
... Root certificate authority, 100,300 ... EMD system, 1
01, 301 ... content provider, 102, 302
... EMD service center, 103, 303 ... user home network, 104, 304 ... secure container,
_{105 1 ~105 4, 305 1 ~305} 4 ... SAM, 1
06: rights certificate data, 107, 307: settlement report data, 108, 308: usage history data, 160 ₁ : network device, 160 _{2 to} 160 ₄ : AV device, 15
2, 152c, 152s... Settlement claim data, 191.
Bus, 310 service provider, 311 CA module, 312 price tag data, CF content file, KF key file, Kc content key data

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 7/173 640 H04N 7/167 Z F-term (Reference) 5B085 AC04 AE02 AE03 AE04 AE09 AE29 5C064 BA01 BB01 BB07 BC01 BC17 BC22 BD02 BD04 BD08 5J104 AA01 AA07 AA09 AA14 AA16 AA45 AA46 EA17 KA01 KA07 LA03 LA06 NA02 NA03 NA42 PA07 PA10 PA11 9A001 JJ19 JJ67 LL03

Claims (65)

[Claims] An input processing means for inputting content data encrypted using the content key data, the encrypted content key data, and rights data indicating handling of the content data; A determination unit that determines at least one of a purchase mode and a usage mode of the content data based on the handling indicated by the rights document data; a history data generation unit that generates history data indicating a result of the determination; A data processing device having a decryption means for decrypting key data in a tamper-resistant circuit module. 2. A usage control data generating means for generating usage control data according to the determined purchase mode when the purchase mode is determined, and using the content data based on the usage control data. 2. The data processing apparatus according to claim 1, further comprising: a use control unit for controlling the tamper resistance in the tamper-resistant circuit module. 3. When the content data for which the purchase mode is determined is recorded on a recording medium, the content key data and the use control data are encrypted using media key data corresponding to the recording medium. 3. The data processing device according to claim 2, further comprising an encryption unit in the tamper-resistant circuit module. 4. A recording apparatus used when recording the content data for which the purchase mode has been determined on a recording medium, by recording the content key data and the usage control data on the recording medium. 3. The data processing device according to claim 2, further comprising an encryption unit for encrypting the data using the recording key data corresponding to the recording medium and the media key data corresponding to the recording medium in the tamper-resistant circuit module. 5. When the recording medium has a secure RAM area, the tamper-resistant recording control means controls recording of the rights document data and the encrypted use control data in the secure RAM area. 5. The data processing device according to claim 4, further comprising: 6. When the recording medium has a tamper-resistant data processing device having a mutual authentication function, the rights certificate data and the encrypted use control data are transferred to the data processing device of the recording medium. 5. The data processing apparatus according to claim 4, further comprising a recording control means for controlling recording in the tamper-resistant circuit module. 7. The history data generating means includes at least an identifier of a data providing device that has provided the content data, an identifier of a user, an identifier of the data processing device, and an identifier of a license holder related to the content data. The data processing device according to claim 1, wherein the data processing device generates history data. 8. The data processing apparatus according to claim 2, wherein the use control data generating means generates the use control data in which at least the identifier of the user who has determined the purchase mode and the determined purchase mode are described. 9. The input processing means further performs a process of inputting the signature data of the content key data and the rights certificate data, and the data processing device includes a signature processing means for verifying the validity of the signature data. 2. The data processing apparatus according to claim 1, further comprising a tamper-resistant circuit module, wherein the determination unit performs the determination after the signature processing unit confirms the validity of the signature data. 10. The signature data is created using secret key data of a creator of the content key data and the rights data, and the signature processing means uses a public key data of the creator. The data processing device according to claim 9, wherein the validity of the signature data is verified. 11. The signature data is created by using the secret key data of the sender of the content key data and the rights certificate data, and the signature processing means uses the public key data of the sender. The data processing device according to claim 9, wherein the validity of the signature data is verified. 12. The input processing means further performs a process of inputting signature data of the content data, and the data processing device includes a signature processing means for verifying the validity of the signature data, and a tamper-resistant circuit module. 2. The data processing device according to claim 1, further comprising: the decision unit makes the decision after the signature processing unit confirms the validity of the signature data. 13. The input processing means according to claim 1, wherein at least one of said content data, said content key data and said right data is created using signature key data, Further performing a process of inputting public key data to be performed.The data processing device further includes a signature processing unit that verifies the validity of the signature data using the public key data in the tamper-resistant circuit module. 2. The data processing apparatus according to claim 1, wherein the determination unit performs the determination after the validity of the signature data is confirmed by the signature processing unit. 3. 14. The content key data is encrypted using license key data, the data processing device further includes a storage unit for storing the license key data, and the decryption unit stores the license key data. 2. The data processing device according to claim 1, wherein the content key data is decrypted by using the license key data read from a means. 15. The data processing device, when transmitting and receiving at least one of the content data, the content key data, and the rights certificate data to and from another device on-line, communicates with the other device. A mutual authentication unit that performs mutual authentication between the two, and an encryption / decryption unit that encrypts and decrypts the data to be transmitted and received by using the session key data obtained by the mutual authentication. The data processing device according to claim 1, further comprising a circuit module. 16. The data processing device, when transmitting / receiving data to / from another device, refers to a revocation list describing a list of invalidated devices, and stores the other revocation list in the revocation list. 16. The data processing device according to claim 15, wherein when the device is not indicated to be invalid, data is transmitted and received to and from the other device. 17. A management device that receives provision of content data from a data providing device and performs a profit distribution process for distributing profits obtained according to at least one of purchase and use of the content data to predetermined right holders. In the data processing device managed by the data providing device, provided by the data providing device, the content data encrypted using the content key data, the encrypted content key data, and a license showing handling of the content data Input processing means for performing a process of inputting data; determining means for determining at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data; and history data indicating a result of the determination. History data generating means for generating the history data; and outputting the history data to the management device. A data processing device comprising: an output unit for decrypting the content key data; 18. The data processing apparatus according to claim 17, wherein said input processing means performs a process of inputting a module storing said content file and said key file. 19. The input processing means for inputting a content file storing the content data and a key file storing the content key data and the rights certificate data.
9. The data processing device according to 8. 20. A usage control data generating means for generating usage control data indicating the determined purchase mode when the purchase mode is determined, and using the content data based on the usage control data. Use control means for controlling, and when the content data for which the purchase mode is determined is recorded on a recording medium, the content key data and the use control data are encrypted using media key data corresponding to the recording medium. Encrypting means for encrypting the content file, the key file, and the encrypted use control data in the recording medium. The data processing device according to claim 19. 21. A usage control data generating means for generating usage control data indicating the determined purchase mode when the purchase mode is determined, and using the content data based on the usage control data. A use control unit that controls the content key data and the use control data when the content data for which the purchase mode is determined is recorded on a recording medium, when the content data is recorded on the recording medium. Encryption means for encrypting using recording key data corresponding to a recording device and media key data corresponding to the recording medium; and transmitting the content file, the key file and the encrypted use control data to the Recording control means for controlling recording on a recording medium is further provided in the tamper-resistant circuit module. The data processing apparatus according to claim 20. 22. The input processing means includes: first signature data of the data providing device, which is the creator and sender of the content file; and second signature data of the management device, which is the creator of the key file. And inputting the module further storing the third signature data of the data providing device that is the sender of the key file. The data processing device executes the first signature data, the second signature data Signature processing means for verifying the validity of the signature data and the third signature data is further provided in a tamper-resistant circuit module, and the deciding means is configured to determine the first signature data and the third signature data by the signature processing means. 20. The data processing device according to claim 19, wherein the determination is performed after validity of the second signature data and the third signature data is confirmed. 23. The first signature data and the third signature data are created by using secret key data of the data providing device, and the second signature data is created by a secret key of the management device. The signature processing means verifies the first signature data and the third signature data using public key data of the data providing device, and generates a public key of the management device. 23. The data processing device according to claim 22, wherein the second signature data is verified using data. 24. The input processing means performs a process of inputting the module further storing public key data corresponding to secret key data of the data providing device, wherein the data processing device comprises: 24. The data processing apparatus according to claim 23, wherein the first signature data and the third signature data are verified using public key data stored in the module. 25. When the content data is compressed data, input processing of the module storing the content file further storing decompression software for decompressing the compressed content data is performed; 19. The data processing apparatus according to claim 18, wherein the data processing apparatus further includes a control unit that controls the content data to be expanded using the expansion software. 26. A module that stores content data encrypted using content key data, the encrypted content key data, and rights certificate data indicating handling of the content data, using a predetermined communication protocol. In a format that does not depend on the communication protocol,
Or, input processing means for performing a process of inputting via a recording medium; determining means for determining at least one of a purchase mode and a use mode of the content data based on the handling indicated by the rights document data; and a result of the determination A data processing apparatus comprising: history data generating means for generating history data indicating the following; and decryption means for decrypting the content key data in a tamper-resistant circuit module. 27. A profit distribution process for receiving content data provided by a data providing device from a data distribution device and distributing a profit obtained according to at least one of purchase and use of the content data to a predetermined right holder. In the data processing device managed by the management device that performs, the content data provided by the data providing device and encrypted using the content key data, the encrypted content key data, and handling of the content data Input processing means for performing a process of inputting right data indicating the right and price data attached to the content data by the data distribution device; and a purchase form of the content data based on the handling indicated by the right data. Determining means for determining at least one of the usage forms; History data generating means for generating history data indicating the result, and output means for outputting the price data and outputting the history data to the management device when a process of determining the purchase mode of the content data is performed, A data processing device having a decryption means for decrypting the content key data in a tamper-resistant circuit module. 28. The data processing apparatus according to claim 27, wherein said input processing means performs a process of inputting a module storing said content file and said key file. 29. The input processing means for inputting a content file storing the content data, a key file storing the content key data and the rights certificate data, and the price data.
A data processing device according to claim 1. 30. A usage control data generating means for generating usage control data indicating the determined purchase mode when the purchase mode is determined, and using the content data based on the usage control data. A use control unit that controls the content key data and the use control data when the content data for which the purchase mode is determined is recorded on a recording medium, when the content data is recorded on the recording medium. Encryption means for encrypting using recording key data corresponding to a recording device and media key data corresponding to the recording medium; and transmitting the content file, the key file and the encrypted use control data to the Recording control means for controlling recording on a recording medium is further provided in the tamper-resistant circuit module. The data processing apparatus according to claim 29. 31. The input processing means includes: first signature data of the data providing device that is a creator and sender of the content file; and second signature data of the data distribution device that is a sender of the content file. And third signature data of the management device that is the creator of the key file, fourth signature data of the data providing device that is the sender of the key file, and the data distribution that is the sender of the key file. Performing a process of inputting the module further storing the fifth signature data of the device and the sixth signature data of the data distribution device, which is the creator and sender of the price data, wherein the data processing device comprises: 1 signature data, the second signature data, the third signature data, the fourth signature data, the fifth signature data and Signature processing means for verifying the validity of the sixth signature data is further provided in a tamper-resistant circuit module, and the determination means is configured to determine the first signature data and the second signature by the signature processing means. 29. The data processing apparatus according to claim 28, wherein the determination is performed after validity of data, the third signature data, the fourth signature data, the fifth signature data, and the sixth signature data is confirmed. . 32. The first signature data and the fourth signature data are created using secret key data of the data providing device, and the second signature data, the fifth signature data and The sixth signature data is created using secret key data of the data distribution device; the third signature data is created using secret key data of the management device; The means verifies the first signature data and the fourth signature data using the public key data of the data providing device, and uses the public key data of the data distribution device to verify the second signature data. 32. The data processing device according to claim 31, wherein the fifth signature data and the sixth signature data are verified, and the third signature data is verified using public key data of the management device. 33. The input processing means inputs the module further storing public key data corresponding to secret key data of the data providing device and public key data corresponding to secret key data of the data distribution device. The data processing device, wherein the signature processing means verifies the first signature data and the fourth signature data using public key data of the data providing device stored in the module. And verifying the second signature data, the fifth signature data, and the sixth signature data using public key data of the data distribution device stored in the module.
3. The data processing device according to 2. 34. When the content data is compressed data, a process for inputting the module storing the content file further storing decompression software for decompressing the compressed content data is performed. 29. The data processing apparatus according to claim 28, wherein the data processing apparatus further includes a control unit that controls the content data to be expanded using the expansion software. 35. A profit distribution process for receiving content data provided by a data providing device from a data distribution device and distributing a profit obtained according to at least one of purchase and use of the content data to a predetermined right holder. In the data processing device managed by the management device that performs, the content data provided by the data providing device and encrypted using the content key data, the encrypted content key data, and handling of the content data And a module storing price data attached to the content data by the data distribution device using a predetermined communication protocol in a format independent of the communication protocol or via a recording medium. Input processing means for performing processing to perform Determining means for determining at least one of a purchase mode and a usage mode of the content data based on the handling; history data generating means for generating history data indicating a result of the determination; determining the purchase mode of the content data A data processing unit that outputs the price data when the process is performed, and outputs the history data to the management device; and a decryption unit that decrypts the content key data in a tamper-resistant circuit module. apparatus. 36. A data processing device which receives content data provided by a data providing device from a data distribution device and is managed by a management device, wherein the content provided by the data providing device is encrypted using content key data. A module that stores data, the encrypted content key data, the rights document data indicating the handling of the content data, and the price data attached to the content data by the data distributing device is stored in a predetermined communication protocol. Received from the data distribution device in a format independent of the communication protocol using the shared key data, decrypts the received module using shared key data, and performs a charging process for the distribution service of the module by the data distribution device. A first processing module; and the received module. Determining means for determining at least one of a purchase mode and a use mode of the content data stored in the received module based on the handling indicated by the rights document data stored in the module, and history data indicating a result of the determination. History data generation means for generating the content data, output means for outputting the price data when the processing for determining the purchase mode of the content data is performed, and outputting the history data to the management device, and decrypting the content key data And a second processing module having tamper resistance. 37. A data processing device for performing a rights process on content data encrypted using the content key data based on the rights document data and decrypting the encrypted content key data, wherein the secret of the data processing device is provided. A storage circuit for storing key data, the content data, the content key data and signature data indicating the validity of the rights document data are verified using corresponding public key data, and the content data;
In order to record the content key data and the rights document data on a recording medium or transmit the same to another device, the contents data, the content key data and signature data indicating the validity of the rights document data are stored in the secret key data. A public key encryption circuit to be created using the content data, the content key data and the rights certificate data, and a random number for performing mutual authentication between the other device when transmitting the right data to another device online. A random number generation circuit that generates the content key data, and when the content data, the content key data, and the rights certificate data are transmitted / received to / from another device online, the Using the session key data obtained by the mutual authentication, the content data, the content Data between a common key encryption circuit for encrypting and decrypting the data and the right data, and an external external storage circuit for storing at least one of the content data, the content key data and the right data. An external bus interface for performing a transfer via an external bus, and at least one of a purchase mode and a use mode of the content data is determined based on the handling indicated by the rights document data, and history data indicating a result of the determination is generated. A data processing device having a tamper-resistant circuit module and an arithmetic processing circuit that performs the processing. 38. A hash value generation circuit for generating a hash value of the content data, the content key data and the right certificate data, wherein the public key encryption circuit uses the hash value to generate the signature. 38. The data processing device according to claim 37, wherein the data is verified and the signature data is created. 39. A storage circuit control for controlling access to the storage circuit and access to the external storage circuit via the external bus interface in accordance with an instruction from the arithmetic processing circuit. 38. The data processing device according to claim 37, further comprising a circuit. 40. The data processing device according to claim 37, further comprising a storage management circuit for managing an address space of said storage circuit and said external storage circuit. 41. The data processing apparatus according to claim 37, further comprising an interface for communicating with at least one of a data processing circuit having a mutual authentication function, a semiconductor storage circuit, and an IC card mounted on the recording medium. 42. When the content key data is encrypted using license key data having an expiration date, the storage circuit stores the license key data, and the data processing device stores the real time. Further comprising a real-time clock to be generated, wherein the arithmetic processing circuit reads out the license key data within an expiration date from the storage circuit based on a real time indicated by the real-time clock; The data processing device according to claim 37, wherein the content key data is decrypted by using the obtained license key data. 43. At least one of the public key encryption circuit, the common key encryption circuit, and the hash function circuit is implemented by executing a program stored in the storage circuit by the arithmetic processing circuit. 38. The data processing device according to 37. 44. A data processing apparatus for performing a right process on content data encrypted using the content key data based on the right certificate data and decrypting the encrypted content key data, wherein the secret of the data processing device is provided. A storage circuit for storing key data, the content data, the content key data and signature data indicating the validity of the rights document data are verified using corresponding public key data, and the content data;
In order to record the content key data and the rights document data on a recording medium or transmit the same to another device, the contents data, the content key data and signature data indicating the validity of the rights document data are stored in the secret key data. A public key encryption circuit to be created using the content data, the content key data and the rights certificate data, and a random number for performing mutual authentication between the other device when transmitting the right data to another device online. A random number generation circuit that generates the content key data, and when the content data, the content key data, and the rights certificate data are transmitted / received to / from another device online, the Using the session key data obtained by the mutual authentication, the content data, the content Data between a common key encryption circuit for encrypting and decrypting the data and the right data, and an external external storage circuit for storing at least one of the content data, the content key data and the right data. A tamper-resistant circuit module having an external bus interface for performing a transfer via an external bus, and at least one of a purchase mode and a use mode of the content data is determined based on a handling indicated by the right data, A data processing device having an arithmetic processing circuit for executing a process of generating history data indicating a result of the determination based on a tamper-resistant program. 45. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, and encrypts secret key data of the data processing apparatus and data stored in the recording area. A storage circuit for storing key data used in the process, a hash value generation circuit for generating a hash value of data input / output to / from another device, and mutual authentication between the other device and A public key encryption circuit that verifies the signature data created by the device using the secret key data using the corresponding public key data and the hash value, and creates the signature data using the hash value and the secret key data, A random number generation circuit that generates a random number for performing the mutual authentication, and encrypts data input / output with another device using session key data obtained by the mutual authentication. A tamper-resistant circuit module comprising: a common key encryption circuit for decrypting and decrypting; an external interface; an arithmetic processing circuit; Data processing device to have in. 46. The storage circuit according to claim 45, wherein when the content data recorded in the recording area is encrypted using content key data, the storage circuit stores the encrypted content key data. Data processing equipment. 47. The data processing apparatus according to claim 46, wherein said storage circuit stores right certificate data indicating handling of content data recorded in said recording area. 48. The storage circuit stores a revocation list indicating information for judging the validity of the device when communicating with another device, and the arithmetic processing circuit stores the revocation list based on the revocation list. 46. The data processing device according to claim 45, wherein when it is determined that the other device is invalid, the communication with the other device is stopped. 49. When the recording area of the recording medium is a ROM type, and when the recording area stores content data encrypted with content key data, the storage circuit stores the encrypted data in an initial state. 46. The data processing apparatus according to claim 45, wherein the content key data stored and license data indicating handling of the content data are stored. 50. When the recording area of the recording medium is of a RAM type, the storage circuit, when recording the content data encrypted with the content key data in the recording area, 46. The data processing device according to claim 45, wherein the data processing device stores content key data and right certificate data indicating handling of the content data. 51. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, which encrypts secret key data of the data processing apparatus and data stored in the recording area. A storage circuit for storing key data used in the process, a hash value generation circuit for generating a hash value of data input / output to / from another device, and mutual authentication between the other device and A public key encryption circuit that verifies the signature data created by the device using the secret key data using the corresponding public key data and the hash value, and creates signature data using the hash value and the secret key data; A random number generation circuit that generates a random number for performing the mutual authentication, an external interface, an arithmetic processing circuit, and an access to the storage circuit. A data processing device comprising: a storage circuit control circuit that performs in accordance with an instruction in a tamper-resistant circuit module. 52. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, wherein secret key data of the data processing apparatus and data stored in the recording area are encrypted. When performing mutual authentication between the storage circuit that stores the key data used at the time and another device, and verifying the signature data created by the other device using the secret key data using the corresponding public key data, A public key encryption circuit for generating signature data using the secret key data, a random number generation circuit for generating a random number for performing the mutual authentication, an external interface, an arithmetic processing circuit, and an access to the storage circuit And a storage circuit control circuit that performs the operation in response to an instruction from the arithmetic processing circuit in a tamper-resistant circuit module. 53. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, which encrypts secret key data of the data processing apparatus and data stored in the recording area. When performing mutual authentication between the storage circuit that stores the key data used at the time and another device, and verifying the signature data created by the other device using the secret key data using the corresponding public key data, A public key encryption circuit that creates signature data using the secret key data, a random number generation circuit that generates a random number for performing the mutual authentication, a tamper-resistant circuit module having an external interface, and the circuit module A data processing device comprising: an arithmetic processing circuit that executes processing for controlling the internal circuits based on a tamper-resistant program. 54. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, which encrypts secret key data of the data processing apparatus and data stored in the recording area. A storage circuit for storing the key data used at the time, and verifying the signature data created by the other device using the secret key data using the corresponding public key data, and creating the signature data using the secret key data. A tamper-resistant circuit module includes a public key encryption circuit, an external interface, an arithmetic processing circuit, and a storage circuit control circuit for performing access to the storage circuit in accordance with an instruction from the arithmetic processing circuit. Data processing device. 55. A data processing device mounted on a recording medium having a ROM-type or RAM-type recording area, which encrypts secret key data of the data processing apparatus and data stored in the recording area. A storage circuit for storing the key data used at the time, and verifying the signature data created by the other device using the secret key data using the corresponding public key data, and creating the signature data using the secret key data. A data processing device comprising: a tamper-resistant circuit module having a public key cryptographic circuit; an external interface; and an arithmetic processing circuit that executes control of a circuit in the circuit module based on a tamper-resistant program. 56. A data processing device for performing at least one of compression and decompression of content data, performing mutual authentication with another device, and transmitting and receiving data to and from another device. A common key encryption circuit for encrypting and decrypting using session key data obtained by mutual authentication; a random number generation circuit for generating random numbers for performing the mutual authentication; an arithmetic processing circuit; Compression that does at least one
A data processing device comprising, in a tamper-resistant circuit module, a decompression circuit and a digital watermark information processing circuit that detects and embeds digital watermark information in data to be compressed and decompressed. 57. A circuit according to claim 56, further comprising a semi-disclosed control circuit for controlling the data to be partially expanded.
A data processing device according to claim 1. 58. The data processing apparatus according to claim 56, further comprising a storage circuit control circuit for accessing said storage circuit in accordance with an instruction from an arithmetic processing circuit. 59. A data processing device for performing at least one of compression and decompression of content data, performing mutual authentication with another device, and transmitting and receiving data to and from another device. A common key encryption circuit that encrypts and decrypts using the session key data obtained by the mutual authentication, a random number generation circuit that generates a random number for performing the mutual authentication, and software input corresponding to the content data. Based on at least one of compression and decompression of the content data, and an arithmetic processing circuit for detecting and embedding digital watermark information in the content data to be compressed and decompressed, in a tamper-resistant circuit module. Data processing device. 60. A data processing device for accessing a ROM or RAM type recording medium, comprising: a hash value generation circuit for generating a hash value of data input / output to / from another device; Mutual authentication between the two devices, verifying the signature data created by another device using the common key data and the hash value, creating signature data using the hash value and the common key data, A common key encryption circuit that encrypts and decrypts data input and output between using the session key data obtained by the mutual authentication, and a random number generation circuit that generates a random number for performing the mutual authentication, An arithmetic processing circuit; and an encoding / decoding circuit for encoding data to be recorded on the recording medium and decoding data read from the recording medium. Data processing apparatus having a circuit in the module. 61. The data processing device according to claim 60, further comprising a storage circuit control circuit for accessing said storage circuit in accordance with an instruction from an arithmetic processing circuit. 62. A storage circuit for storing an identifier of the data processing device, and recording key data for generating recording key data unique to the recording medium based on the identifier of the data processing device and the identifier of the recording medium. And a generating circuit, wherein the common key encryption circuit uses the recording key data,
62. The data processing device according to claim 61, which performs encryption and decryption of content data recorded on the recording medium. 63. A data processing device for accessing a ROM or RAM type recording medium, comprising: a hash value generation circuit for generating a hash value of data input / output to / from another device; Public key cryptographic circuit that performs mutual authentication between the two devices, verifies signature data created by another device using public key data and the hash value, and creates signature data using the hash value and the public key data. A random number generation circuit that generates a random number for performing the mutual authentication; an arithmetic processing circuit; and an encoding / decoding circuit that encodes data to be recorded on the recording medium and decodes data read from the recording medium. A data processing device included in a tamper-resistant circuit module. 64. A data processing device for accessing a ROM or RAM type recording medium, comprising: a hash value generation circuit for generating a hash value of data input / output to / from another device; Mutual authentication between the two devices, verifying the signature data created by another device using the common key data and the hash value, creating signature data using the hash value and the common key data, A common key encryption circuit that encrypts and decrypts data input and output between using the session key data obtained by the mutual authentication, and a random number generation circuit that generates a random number for performing the mutual authentication, An encoding / decoding circuit for encoding data to be recorded on the recording medium and decoding data read from the recording medium; A data processing device comprising: a module for controlling a circuit in the circuit module based on a tamper-resistant program. 65. A data processing device for accessing a ROM or RAM type recording medium, comprising: a hash value generation circuit for generating a hash value of data input / output to / from another device; A public key cryptographic circuit that performs mutual authentication between the two, verifies signature data created by another device using public key data and the hash value, and creates signature data using the hash value and the public key data. A random number generation circuit that generates a random number for performing the mutual authentication; and an encoding / decoding circuit that encodes data to be recorded on the recording medium and decodes data read from the recording medium. A circuit module, and an arithmetic processing circuit that executes processing for controlling a circuit in the circuit module based on a tamper-resistant program. Data processing apparatus for.