JP2001217821A - Method and device for data processing and storage medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To authenticate object data every time they are used. SOLUTION: An authentication manager 42 examines the operation situation of an authentication program 44 necessary for authentication every time the object data are used. When the needed authentication program 44 is not loaded, whether the program 44 necessary for authentication can be loaded or not is examined and corresponding authentication program 44 is loaded from an external storage device 46 or the outside through a communication I/F 48 when the program 44 can be loaded. When the corresponding authentication program 44 can not be loaded, the manager 42 notifies an IPMP controller 40 of the effect. When the needed authentication program 44 exists, authentication is carried out with the authentication program 44, and the manager 42 informs the controller 40 of the authentication results.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a data processing method and apparatus and a storage medium, and more particularly, to a data processing method and apparatus for authenticating each use of object data when reproducing information from a plurality of object data. About.

[0002]

2. Description of the Related Art In recent years, optical fiber networks have been provided in backbone communication networks, cable television systems and local area networks have become widespread, and satellite communications have been put into practical use. In particular, with the spread of large-capacity digital data storage media such as DVDs and high-bandwidth digital data communication media such as CS broadcasts, digital data services have become popular. Because of digital data, various information providing forms are considered, and access authentication to digital data according to the information providing form is performed.

[0003] DVDs are encrypted in title units. That is, each title is encrypted with a different encryption key called a title lock, and the title locks are also hierarchically encrypted. This enables both use and protection of the title. However, since these title keys are ultimately encrypted with an encryption key called a master key located at the highest level,
In D, it can be considered that all titles are encrypted by the master key. The master key is D
The access authentication to the DVD media is realized by incorporating in advance into the VD device or DVD software.

[0004] CS broadcasts are encrypted in units of programs. Each program is encrypted with a different encryption key called a session lock, and the session keys are also hierarchically encrypted. This enables both use and protection of the program. However, like the DVD, these session keys are ultimately encrypted with an encryption key called a master key located at the highest level.
It can be considered that all programs of the S broadcast are encrypted by the master key. Authentication for viewing a program is realized by incorporating a master key into an IC card built in a device such as a tuner or the device itself in advance.

[0005] Authentication is performed for both DVD and CS broadcasting, but this is realized by incorporating an encryption key in advance in a device that is not directly related to digital data to be reproduced or transmitted, such as a title or a program.

In recent years, stream data such as moving images and audio have been compressed and coded, each coded data has been treated as object data, and these so-called multimedia data have been combined and transmitted as a single bit stream. MPEG-4 in ISO
(Moving picture Experts Gr
The standardization work of up Pahse4) is in progress.
On the receiving side (reproducing side) of MPEG-4 data, for example, audio and moving image scenes can be reproduced in association with each other.

[0007] In such an MPEG-4 system, it is easy to reorganize the received bitstream into individual pieces of object data one by one because of the characteristic that data is treated as object data. However, if a copyright exists in each object data, it is necessary to be able to restrict the use of all or a part of the object data in order to protect the copyright.

[0008] Unlike conventional multimedia streams, MPEG-4 can transmit and receive several video scenes or video object data independently on a single stream. Similarly, for audio, several object data can be transmitted and received independently on a single stream. As information for generating a scene by combining these object data, V
BIFS (Binary Format) with RML modified
t For Scenes). BIFS is
The scene is described in binary, and the scene is synthesized according to the BIFS.

Such individual object data necessary for synthesizing a scene is individually and optimally encoded and transmitted. The playback device or the reception device decodes each object data individually, and according to the description of BIFS,
Each scene is synthesized and output by synchronizing the time axis of each object data with the time axis inside the playback device.

As a method of combining a plurality of object data into a single bit stream, there is a method of combining the object data itself into a bit stream. Further, in MPEG-4, instead of synthesizing the object data itself, the URL (U
niform Resource Locators)
Can be combined with the bit stream by specifying.

[0011]

In data in which a plurality of object data are combined, such as MPEG-4, it is conceivable that secret information used for authentication differs for each object data. In this case, the conventional authentication method in which confidential information used for authentication is preliminarily incorporated into a device cannot be dealt with effectively.

In addition, URLs are used for synthesizing object data.
In the case of data that can be specified and can bring a plurality of object data from various places, the authentication procedure may be different for each object data. In this case, the conventional authentication method in which the secret information used for the authentication is incorporated in the device in advance cannot be handled.

The present invention has been made in view of such circumstances, and has as its object to present a data processing method and apparatus and a storage medium which enable authentication every time object data is used. .

[0014]

A data processing method according to the present invention is a data processing method for reproducing a plurality of object streams each having predetermined information, and is used for authentication corresponding to each of the object streams. According to the secret information, an authentication procedure corresponding to each of the object streams is executed, and access to each of the object streams is independently authenticated.

[0015] A data processing device according to the present invention is a data processing device for reproducing a plurality of object streams each having predetermined information, wherein secret information used for authentication corresponding to each of the object streams is used.
It is characterized by comprising means for executing an authentication procedure corresponding to each object stream, and means for independently authenticating access to each object stream.

With such a configuration, the object data can be effectively authenticated for each use.

Further, the key sharing information used for key sharing corresponding to the object stream allows the key to be shared independently for each object by independently performing key sharing according to a predetermined key sharing procedure corresponding to each object stream. it can.

The storage medium according to the present invention stores program software for executing the above-described data processing method.

[0019]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 shows an embodiment of an MPEG according to the present invention.
4 shows a schematic block diagram of a playback device. Transmission line 10
Is composed of, for example, various networks and computer paths. An MPEG-4 stream is input to the demultiplexer 14 of the playback device 12 via the transmission path 10. The transmission path 10 may be a CD-R in addition to the data transmission path.
It may be an interface with a playback mechanism or a playback device of a recording medium such as an OM, a DVD-ROM, and a DVD-RAM.

The demultiplexer 14 separates the MPEG-4 stream input from the transmission path 10 into scene description data, moving image object data, audio object data, object description data, and control data (IPMP information to be described later). Synchronization layer 1 corresponding to the description data, moving image object data, audio object data, and object description data
6,18,20,22 and control data (IPMP
Information) to the IPMP device 24.

The MPEG-4 stream contains information necessary for controlling reproduction of individual object data such as audio and moving images constituting a scene in order to protect copyrights, etc., ie, IPMP information. The IPMP information is added to the IPMP stream, and the IPMP stream is added to the MPEG-4 stream and transmitted like other objects.

The voice object data is, for example, a known CELP (Code Excited Line Pr).
The coding is performed by a high-efficiency coding method such as an edition coding or a transform domain weighted interleaved vector quantization (TWINVQ) coding. The moving image object data is, for example, a well-known MPEG-2 format or H
High-efficiency coding is performed by the -263 system. Scene description data includes graphic data.

Each of the synchronization layers 16, 18, 20, 22
In accordance with time information called a time stamp added to the MPEG-4 stream, the scene description data, audio object data, moving image object data and object description data are time-synchronized to decode circuits 26 and 2.
8, 30, 32. According to the IPMP information from the demultiplexer 14, the IPMP device 24 supplies data from the synchronization layers 16 to 22 to the decoding circuits 26 to 32 and executes the decoding operation of the decoding circuits 26 to 32 (start / start).
Stop). Although details will be described later, the IPMP device 2
4 is, for example, as shown in FIG.
2, the reproduction of the object data # 3, the reproduction of the object data # 3, and the reproduction of the object data # 2 are controlled independently for each object data.

In this embodiment, the audio object data, the moving image object data, and the object description data can be decoded even if a plurality of different types of object data exist in the MPEG-4 stream. The synchronization layers 18, 20, 2
2 and a plurality of decoding circuits 28, 30, and 32, respectively.

The scene description data, audio object data, moving image object data and object description data decoded by the decoding circuits 26, 28, 30, and 32 are applied to a scene synthesizing circuit 34. Based on the scene description data decoded by the scene description decoding circuit 26, the scene synthesis circuit 34
And synthesizes and graphically processes the decoded audio object data, moving image object data, and object description data. The final data sequence thus obtained is supplied to an output device 36 such as a display and a printer device, and is visualized.

FIG. 3 is a schematic block diagram showing a first configuration example of the IPMP device 24. 40 is an IPMP control device,
42 is an authentication manager, 44 is an authentication program, 46 is an external storage device, and 48 is a communication I / F.

The IPMP control unit 40 corresponds to an MPEG-4 IPMP control unit and controls the use of object data. The authentication manager 42 includes an authentication program 44
Manage the operating status of Specifically, authentication program 4
4 is checked to see if it is in a loaded state, which is an executable state, and the authentication program 44 is made executable through the communication 1 / F 48 or the external storage device 46.

The authentication program 44 includes an external storage device 46
And performs authentication processing. External storage device 46
Stores secret information. The external storage device 46 may be a tamper-resistant storage device such as an IC card or a remote storage device connected via a network. The secret information may be secret information used for authentication or an authentication procedure.

The authentication manager 42 can obtain a newly loaded authentication means, for example, its program and / or data from another device via the communication I / F 48.

As described above, the authentication manager 42
Manages the operations of the authentication program 44 and the external storage device 46. The authentication program 44 and the external storage device 46 loaded to make the executable state may be single or plural.

FIG. 3 shows a logical configuration, which is different from a physical configuration. For example, a plurality of confidential information may be stored in one IC card and correspond to a plurality of external storage devices.

The operation of the configuration shown in FIG. 3 will be described with reference to FIG. The authentication manager 42 checks the operation status of the authentication program 44 required for authentication, and if the required authentication program 44 has not been loaded (S1), determines whether the authentication program 44 required for authentication can be loaded. Investigation (S2), if it is possible to load (S2), the corresponding authentication program 44 is read from the external storage device 46 or the communication I / O.
Load from outside via F48 (S3). If the corresponding authentication program 44 cannot be loaded (S
2), the authentication manager 42 notifies the IPMP control device 40 to that effect (S5).

When the necessary authentication program 44 already exists (S1) and when the required authentication program 44 can be loaded (S3), the authentication is executed by the authentication program 44. (S4). The authentication manager 42 notifies the IPMP control device 40 of the authentication result (S5).

In this embodiment, one or more authentication means are loaded from an external storage device as required for authentication.
This makes it possible to provide an authentication unit and an external storage device for each object data, and can easily cope with a plurality of authentication procedures. The operation of the system after the authentication processing is not limited. The IPMP control device 40 that has received the authentication result determines the system operation after the authentication.

The authentication process in S4 will be described with reference to FIG. The authentication program 44 checks whether it is possible to access the local external storage device 46 (S11).
If access is possible (S11), the authentication program 44
Sets the source of the authentication information in the local external storage device 46 and obtains the information necessary for the authentication therefrom (S1).
2). If the local external storage device cannot be accessed (S11), it is checked whether or not the remote external storage device can be accessed (S13).
13), an accessible external storage device is set as a source of authentication information, and information necessary for authentication is obtained therefrom (S14). If the remote external storage device cannot be accessed (S13), the process ends. When the information necessary for the authentication is obtained (S12, S14), the authentication is executed (S1).
5).

By using a local external storage device and a remote external storage device properly, authentication can be performed efficiently. That is, a URL such as MPEG-4
The authentication of the object data specified by the user can be easily performed. In addition, by providing a local external storage device with tamper resistance such as an IC card and storing secret information or an authentication procedure used for authentication in the local external storage device, authentication equivalent to authentication performed remotely is performed. Becomes locally feasible. Thereby, the authentication time can be reduced.

The authentication procedure in the present invention may be any of a password method, a challenge and response method, and a public key encryption-based method as described later. The present invention
Authentication required for each object data can be realized, and a different authentication procedure can be adopted for each object data.

The password-based authentication method is a method in which secret information is shared between the authenticator and the person to be authenticated, and the authenticated person performs authentication by sending the secret information to the authenticator. Bank CD (cash dispenser) and ATM
(Automated-teller machine
This is the authentication method used in e).

In the challenge-and-response authentication method, secret information is shared between the authenticator and the subject,
This is a method of performing authentication in the following procedure. First, the certifier
Sends a question (called a challenge) to the subject. Next, the subject generates a response (called a response) to the challenge using the secret information and sends it to the authenticator. The authenticator generates an answer to the question using the secret information, and compares the answer with the answer sent from the subject.

The authentication method based on the public key cryptosystem is a method in which a person to be authenticated performs authentication by sending a digital signature to the authenticator. The public key encryption method is an encryption method in which an encryption key and a decryption key are different, and the encryption key is made public and the decryption key is kept secret.

The characteristics of public key cryptography are as follows. Since the encryption key and the decryption key are different and the encryption key can be made public, there is no need to secretly distribute the encryption key, and key distribution is easy. Since each user's encryption key is public, the user need only secretly store his or her own decryption key. It is possible to realize an authentication function in which the receiver confirms that the sender of the transmitted message is not a fake and that the message is not falsified.

The public key encryption protocol is as follows. Assuming that the encryption operation using the public encryption key kp is E (kp, M) and the decryption operation using the secret decryption key ks is D (ks, M), the public key encryption The algorithm first satisfies the following two conditions. First,
Given kp, the calculation of E (kp, M) is easy, and given ks, the calculation of D (ks, M) is also easy. Second, if ks is not known, it is difficult to determine M even in the calculation procedure of kp and E and C = E (kp, M) in terms of the amount of calculation.

The secret communication can be realized by adding the following third condition to these two conditions. That is, E (kp, M) can be defined for all messages (plaintext) M,
(Ks, E (kp, M)) = M holds. That is, k
Since p is public, anyone can calculate E (kp, M), but can calculate M by calculating D (ks, E (kp, M)) because the secret key ks Only the person who has it.

Authentication communication can be realized by adding the following fourth condition to the first and second conditions. That is, D (ks, M) can be defined for all messages (plaintext) M, and E (kp, D (ks, M)) = M holds. That is, only the person who has the secret key ks can calculate D (ks, M), and another person calculates D (ks ', M) using the fake secret key ks' and has the ks. E (kp, D (ks', M))
Since ≠ M, the receiver can confirm that the received information is incorrect. Further, even if D (ks, M) is falsified, E (kp, D (ks, M) ') ≠ M.
The receiver can confirm that the received information is incorrect.

In public key cryptography, process E using a public key is called encryption, and process D using a secret key is called decryption. Therefore, in the secret communication, the sender performs encryption, and then the receiver performs decryption. In the authentication communication, the sender performs decryption, and thereafter, the receiver performs encryption.

A description will be given of each protocol in the case of performing a secret communication, an authentication communication, and a signed secret communication from the sender A to the receiver B by public key encryption. The secret key of A is ksA, the public key is kpA, the secret key of B is ksB, and the public key is kpB.

The procedure for secretly communicating a message (plaintext) M from A to B is as follows. That is, A encrypts M with B's public key kpB and sends ciphertext C to B. That is, C = E (kpB, M) Next, B decrypts C with its own secret key ksB to obtain the original plaintext M. That is, M = D (ksB, C) Since the public key of the receiver B is disclosed to an unspecified majority,
Not only A but also everyone can communicate with B secretly.

The procedure for authenticating communication message (plain text) M from A to B is as follows. A is my secret key k
The transmission message S is generated by sA and sent to B. That is, S = D (ksA, M) This sentence S is called a signature sentence, and an operation for obtaining the signature sentence is called a signature. Next, B restores and converts S with A's public key kpA to obtain the original plaintext M. That is, M = E (kpA, S) If it is confirmed that M is a meaningful sentence, it can be authenticated that the transmission source of M is A. Since the public key of the sender A is disclosed to an unspecified number of persons, not only B but all persons can authenticate the signature of A.

FIG. 6 is a schematic block diagram showing another configuration example of the IPMP device 24. 50 is an IPMP control device,
52 is an authentication manager, 54 is an authentication program, 56 is a key sharing unit, 58 is an external storage device, and 60 is a communication I / F. The functions of the IPMP control device 50, the authentication manager 52, and the communication I / F 60 are the same as the functions of the IPMP control device 40, the authentication manager 42, and the communication I / F 48 in FIG.

The external storage device 58 stores secret information. The configuration may be either a tamper-resistant storage device such as an IC card or a remote storage device connected via a network. The secret information may be any of secret information used for authentication, an authentication procedure, information used for key sharing, and a key sharing procedure.

The authentication program 54 includes the authentication program 4
4 and the key sharing unit 56 and the external storage device 5
8 and has a key sharing function.

The key sharing unit 56 shares a key. The operation status of the key sharing device 56 is managed by the authentication manager 52, similarly to the authentication program 54 and the external storage device 58. The number of key sharing units 56 may be single or plural, and in the case of a plurality, the plurality of key sharing units 56 can operate simultaneously.

FIG. 7 shows an operation flowchart of the apparatus shown in FIG. The authentication manager 52 checks the operation status of the authentication program 54 required for authentication (S21), and if the authentication program 54 is not loaded, checks whether the authentication program 54 required for authentication can be loaded (S2).
2). If loading is possible (S22), the authentication manager 5
2 loads the authentication program 54 from a remote external storage device or a local external storage device 58 via the communication I / F 60 (S23). If loading is not possible (S22), the user is not authenticated substantially, and the
The P control device 50 is notified (S25, S30).

The authentication program 54 executes authentication (S
24). If authenticated (S25), the authentication manager 5
2 checks the operation status of the key sharing unit 56 necessary for key sharing,
If the key sharing unit 56 has not been loaded (S26),
It is checked whether the key sharing unit 56 necessary for key sharing can be loaded (S27), and if it can be loaded (S27), it is loaded (S28). The key sharing unit 56 has not been loaded (S2
6) If the load is not possible (S27), the authentication manager 52 notifies the IPMP control device 50 of the fact.

When the key sharing unit 56 exists (S2
6, S28), the authentication program 54 executes key sharing (S29), and the authentication program 54
Then, the authentication result is notified to the IPMP control device 50 via S2 (S30).

As in the case of FIG. 2, the configuration shown in FIG. 6 can also load a single or a plurality of authentication programs 54 and a key sharing unit 56 as required for authentication, and provide a single or a plurality of external storage devices. 58 are available. This makes it possible to provide the authentication program 54, the key sharing unit 56, and the external storage device 58 for each object data. As a result, it is possible to easily cope with a plurality of authentication procedures and a plurality of key sharing procedures. Also, it is possible to share a key simultaneously with authentication. This means that there is no need to hold a fixed encryption key as in the case of DVD and CS broadcasting, and an encryption key can be generated as needed.

The key sharing procedure may be either an interactive key sharing method or a non-interactive key sharing method. In the case of the interactive type, key sharing is performed by communicating with a local or remote external storage device as in the case of authentication. By providing the local external storage device with tamper resistance such as an IC card and storing the information necessary for key sharing or the key sharing procedure in the local external storage device, a key sharing equivalent to the remote key sharing can be achieved. Key sharing can be achieved locally. As a result, the time for key sharing can be reduced.

The interactive key sharing method is a method of sharing a common key while communicating between key sharing parties. For example, a DH public key sharing method (Reference: Diffie, W. and ME E. He)
llman, "New directions in
cryptography ”, IEEE Tran
actions on Information T
heory, Vol. IT-22, pp. 644
-654, November 1976), and ID
Authenticated key distribution method (Reference: Sakae Okamoto, "Key distribution method based on ID", IEICE Technical Report, IT86-53, 19)
86. )and so on.

The non-interactive key sharing method is as follows.
This is a method of sharing a common key without performing communication for key sharing between key sharers. For example, the KPS method (Reference: Matsumoto, T. and H. Im)
ai, "On the key distributi
on system: A practical so
lution to the key distrib
union problem ", Advances
in Cryptology-Proceedings
of CRYPTO '87, Lecture N
otes inComputer Science,
Vol. 293 pp. 185-193, Sp
ringer-Verlag, 1988), and ID
NIKS (ID-based Non-Interac
five Key Sharing Schemes)
Law (Hatsuichi Tanaka, “Identity-Based No
n-Interactive Key Sharing
Using a New One-Way Hash
Function ", Proceedings of the 21st Symposium on Information Theory and Its Applications, SITA98, pp. 727-7
30, Dec. 1998).

It is clear that the present invention can handle not only two-dimensional image objects but also three-dimensional image objects. Further, not only one object data corresponds to one logical object but also one logical object, such as formation of a three-dimensional image object by texture image data, modeling data and animation data. The case where a plurality of object data correspond to each other is also included in the technical scope of the present invention.

That is, such object data can be authenticated for each object data by treating it in the same manner as the above-described object data. In addition, by unifying the secret information and the authentication method required for authentication of all object data constituting the logical object, authentication for each logical object is also possible.

Examples of the use of the three-dimensional object formation include a home game machine, a personal computer, a graphic computer, and the like.

The present invention is not limited to an apparatus and a method for realizing the above-described embodiments, and to a method combining the above-described methods. The present invention is implemented by supplying a computer (CPU or MPU) with software program codes for realizing the functions of the above-described embodiments, operating the computer according to a stored program, and operating the various devices. Are also included in the scope of the present invention.

In this case, the software program code itself implements the functions of the above-described embodiment, and the program code itself and means for supplying the program code to the computer, for example,
A storage medium storing such a program code constitutes the present invention. As a storage medium for storing such a program code, for example, a floppy disk, hard disk, optical disk, magneto-optical disk, CD-ROM, magnetic tape, nonvolatile memory card, ROM and the like can be used.

When the computer executes the supplied program code, not only the functions of the above-described embodiment are realized, but also the OS (Operating System) or other operating system running on the computer. Such a program code is also included in the scope of the present invention when the functions of the above-described embodiments are realized in cooperation with application software or the like.

Further, the supplied program code is
After being stored in the memory provided in the function expansion board of the computer or the function expansion unit connected to the computer, the CPU or the like provided in the function expansion board or the function expansion unit performs one of the actual processing based on the instruction of the program code. The invention according to the present application also includes a case where the functions of the above-described embodiments are realized by performing the processes of all or a part.

[0068]

As can be easily understood from the above description, according to the present invention, authentication can be performed for each object data.

[Brief description of the drawings]

FIG. 1 is a schematic block diagram of an embodiment of the present invention.

FIG. 2 is a schematic diagram showing a procedure for decoding controlled object data using an IPMP stream.

FIG. 3 is a schematic configuration block diagram of a first configuration example of an IPMP device 24;

FIG. 4 is an operation flowchart of the configuration shown in FIG. 3;

FIG. 5 is another operation flowchart of the configuration shown in FIG. 3;

FIG. 6 is a schematic configuration block diagram of a second configuration example of the IPMP device 24;

7 is an operation flowchart of the configuration shown in FIG. 6;

[Explanation of symbols]

 10: Transmission path 12: Reproduction device 14: Demultiplexer 16, 18, 20, 22: Synchronization layer 24: IPMP device 26, 28, 30, 32: Decoding circuit 34: Scene synthesis circuit 36: Output device 40: IPMP control device 42: Authentication Manager 44: Authentication Program 46: External Storage Device 48: Communication I / F 50: IPMP Controller 52: Authentication Manager 54: Authentication Program 56: Key Sharing Unit 58: External Storage Device 60: Communication I / F

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (reference) H04N 7/167 H04N 7/167 Z F term (reference) 5B017 AA01 BA05 BA07 BB02 BB03 CA09 CA16 5C053 FA13 FA24 FA28 FA29 GB37 JA21 KA01 KA24 KA26 LA14 5C064 CA14 CB05 CB08 CC02 CC04 5J104 AA07 AA09 BA03 KA01 NA03 PA04 PA05 PA07 PA14 9A001 BB04 CC02 DD15 EE03 JJ12 JJ13 LL03

Claims (27)

[Claims] 1. A data processing method for reproducing a plurality of object streams each having predetermined information, wherein an authentication procedure corresponding to each object stream is performed by using secret information used for authentication corresponding to each object stream. And independently authenticating access to each of the object streams. 2. The data processing method according to claim 1, wherein the secret information is information locally accessible by the authentication procedure. 3. The secret information is information that can be accessed via a network by the authentication procedure.
Data processing method. 4. The data processing method according to claim 2, wherein the secret information is information equivalent to information accessible via the network, and is local information protected by a tamper-resistant method. 5. The data processing method according to claim 1, wherein said authentication procedure permits access to said object stream by retaining the same information as said secret information. 6. The secret information includes first and second information, and the authentication procedure includes:
2. The data processing method according to claim 1, wherein access to said object stream is permitted by holding said second information corresponding to said first information. 7. The method according to claim 1, wherein the secret information is an inspection key of a digital signature, and the authentication procedure permits access to the object stream by holding a digital signature that can be verified with the inspection key. Claim 1
Data processing method. 8. The key sharing method according to claim 1, wherein key sharing is performed independently by a predetermined key sharing procedure corresponding to each of the object streams, based on key sharing information used for key sharing corresponding to the object stream. The data processing method according to claim 1. 9. The data processing method according to claim 8, wherein the key sharing information is information locally accessible by the authentication procedure. 10. The data processing method according to claim 8, wherein the key sharing information is information accessible via a network by the authentication procedure. 11. The data processing method according to claim 8, wherein the key sharing information is information equivalent to information accessible via the network, and is local information protected by a tamper-resistant method. 12. The data processing method according to claim 8, wherein said key sharing procedure generates a shared key from said key sharing information. 13. The data processing method according to claim 8, wherein said key sharing procedure generates a shared key from said key shared information and second key shared information. 14. A data processing device for reproducing a plurality of object streams each having predetermined information, wherein an authentication procedure corresponding to each object stream is performed by using secret information used for authentication corresponding to each object stream. And a means for independently authenticating access to each of the object streams. 15. The data processing apparatus according to claim 14, wherein the secret information is information locally accessible by the authentication procedure. 16. The data processing apparatus according to claim 14, wherein the secret information is information that can be accessed via a network by the authentication procedure. 17. The data processing apparatus according to claim 15, wherein the secret information is information equivalent to information accessible via the network, and is local information protected by a tamper-resistant method. 18. The data processing apparatus according to claim 14, wherein the authentication procedure permits access to the object stream by holding the same information as the secret information. 19. The secret information includes first and second information, and the authentication procedure holds the second information corresponding to the first information in response to the disclosure of the first information. 15. The data processing device according to claim 14, wherein access to the object stream is permitted by performing the operation. 20. The apparatus according to claim 20, wherein the secret information is a check key of a digital signature, and the authentication procedure permits access to the object stream by holding a digital signature that can be verified with the check key. The data processing device according to claim 14. 21. The key sharing device according to claim 14, wherein key sharing is performed independently by a predetermined key sharing procedure corresponding to each of said object streams, based on key sharing information used for key sharing corresponding to said object stream. The data processing device according to claim 1. 22. The data processing device according to claim 21, wherein the key sharing information is information locally accessible by the authentication procedure. 23. The data processing apparatus according to claim 21, wherein the key sharing information is information accessible via a network by the authentication procedure. 24. The data processing apparatus according to claim 21, wherein the key sharing information is information equivalent to information accessible via the network, and is local information protected by a tamper-resistant method. 25. The data processing apparatus according to claim 21, wherein said key sharing procedure generates a shared key from said key sharing information. 26. The data processing apparatus according to claim 21, wherein said key sharing procedure generates a shared key from said key shared information and second key shared information. 27. A storage medium storing program software for executing the data processing method according to claim 1. Description: