JP2002229858A - Computer and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unauthorized duplication when recording digital data in a hard disk built in a personal computer. SOLUTION: This computer comprises a first memory means 108 and a second memory means 106 storing a specified number of a second coding key 110 and a third key 107 for enciphering a first key 103 used for enciphering enciphered data 105, a second enciphering means enciphering the first key 103 by using all or a part of a second key 109, and a storing means 7 recording the enciphered data 105 and a first coding key 113 in a pair.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer and a program for preventing unauthorized copying of digital data contents.

[0002]

2. Description of the Related Art Conventionally, personal computers have been
It has been processing various digital data contents such as video, audio and document data.

When these contents are inputted to a personal computer, the personal computer records the inputted contents on a built-in or external hard disk drive or the like as necessary.

FIG. 6 shows such a conventional personal computer 12 (hereinafter, a personal computer is referred to as a PC).

The PC 12 is a PCI (Periphera).
l Component Interconnect)
Bus 1, north bridge 2, south bridge 3, main storage unit 4, central processing unit 5, IDE bus 6, storage unit 7,
It comprises a display control means 8, a display means 9, and a first transfer means 10.

[0006] The north bridge 2 is a means for connecting the PCI bus 1 to the main processing means 4 and the central processing means 5 constituted by a microcomputer.

The south bridge 3 is a means for connecting the IDE bus 6 for connecting the storage means 7.

[0008] The storage means 7 is a hard disk for storing contents.

The display control means 8 is a means for converting a digital video signal into an analog video signal and displaying it on a graphic display.

The display means 9 is a graphic display.

The first transfer means 10 is a PCI device for transferring digital data 11 composed of a multiplexed stream obtained by multiplexing digital video and digital audio to the main storage means 4 or storage means 7, central processing means 5, etc. Means.

Next, the operation of the conventional PC 12 will be described.

When digital data 11 is input, the first
Transfer means 10 transfers the input digital data 11 to the storage means 7 via the PCI bus 1. Storage means 7
The input digital data 11 stored in the main memory 4 is read out by a program on the main memory 4 and displayed on the display 9 by the display controller 8.

However, the PC 12 has the following problems.

That is, in the PC 12, since a general-purpose hard disk is used as the storage means 7, it is possible to easily copy digital data from the hard disk on which it is recorded to another hard disk.

Therefore, illegal copying in a form not intended by the copyright holder and subsequent modification of the data pose a major problem. However, in the PC 12 shown in FIG. Record on the hard disk or take out the storage means itself and use another PC
There is a problem that reproduction can be easily performed by using this method.

In order to solve such a problem of the PC 12, when a copyright owner records a content intended to protect copyright in the storage means 7, the content is encrypted and recorded. There is also.

[0018]

However, even when the content is encrypted and recorded, if the key for encrypting the content is once known to another person, the hard disk is removed from the PC. Another P
C, the content can be decrypted and reproduced by another PC using the key, so that illegal copying of the content cannot be prevented.

That is, even in the case of encrypting the contents, if the key for encrypting the contents is known, it is impossible to prevent illegal copying of the contents requiring copyright protection.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a computer and a program capable of preventing illegal copying of contents requiring copyright protection in consideration of the above problems.

[0021]

In order to solve the above-mentioned problems, the key for encrypting the content for each content or each part of the content may be changed to a different key. In this way, even if the key that encrypts certain content is known to others, other content and other parts of the content can be encrypted with a different key than the known key. Therefore, illegal copying can be prevented.

In this case, it is necessary to hold a table indicating the correspondence between the content and the portion of the content and the key, and it is necessary to hold this table not in the storage means but in the computer main body.

However, as the number of contents to be recorded in the storage means increases, the size of the table also increases. Therefore, when recording a large number of contents in the storage means, the table is held in the computer main body. There is a problem that it will not be possible. The present invention solves such a problem as described below, thereby preventing an illegal copy requiring copyright protection.

That is, the first aspect of the present invention (corresponding to claim 1) is to store a predetermined number of second keys for encrypting a first key used in encrypting data. 1 storage means, second encryption means for encrypting the first key using all or a part of the second key, and encrypted data and the encrypted first data. And a storage means for recording the keys in pairs.

Further, the second invention (corresponding to claim 2)
Means for storing a predetermined number of third keys for decrypting the encrypted second key, and decrypting the encrypted second key with the third key The second key is the computer according to the first aspect of the present invention, wherein the second key is encrypted and stored in the first storage means.

The third invention (corresponding to claim 3)
When decrypting the encrypted data, the decryption means decrypts the encrypted second key with the third key, and the encrypted first key is decrypted. Said the second
The computer according to the second aspect of the present invention, wherein the data decrypted and encrypted with the first key is decrypted with the decrypted first key.

The fourth invention (corresponding to claim 4)
Is the computer according to the third aspect of the present invention, comprising: a communication unit that obtains the encrypted second key.

The fifth invention (corresponding to claim 5)
Means for storing a predetermined number of third keys for encrypting the second key, and storing the second key in the third key.
And third encryption means for encrypting with the second key.
Is the computer according to the first aspect of the present invention, which is encrypted and stored in the first storage means.

The sixth invention (corresponding to claim 6)
Is a computer according to any one of the first to fifth aspects of the present invention, comprising: a first encryption unit that encrypts the data using the first key to create the encrypted data. is there.

The seventh invention (corresponding to claim 7)
Receiving means for receiving a signal including one or more channels digitally modulated with digital data, selecting an arbitrary channel, and demodulating digital data of the selected channel; The computer according to the sixth aspect of the present invention, further comprising conditional access means for selecting data to be encrypted by the first encryption means from digital data of the selected channel.

An eighth aspect of the present invention (corresponding to claim 8)
Comprises key generation means for generating the second key based on key generation information sent via the Internet, wherein the second encryption means generates the second key A first computer according to the present invention for using the first key to encrypt.

The ninth invention (corresponding to claim 9)
Comprises key generation means for generating the second key based on the key generation information sent using broadcast radio waves, wherein the second encryption means comprises the second key generation means. A computer according to the first aspect of the present invention, wherein the first key is encrypted using:

According to a tenth aspect of the present invention (corresponding to claim 10), the computer according to the first aspect of the present invention is adapted to encrypt a first key used for encrypting data. First storage means for storing a predetermined number of second keys, second encryption means for encrypting the first key using all or a part of the second key, And a program for causing a computer to function as all or part of storage means for recording the data and the encrypted first key as a pair.

[0034]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to FIGS.

(First Embodiment) FIG. 1 shows the configuration of a PC 115 according to a first embodiment of the present invention. PC
Reference numeral 115 denotes a digital compressed video stream (ISO 13818-2) compliant with MPEG-2.

The PC 115 is a PCI (Peripherer)
al Component Interconnect
t) bus 1, north bridge 2, south bridge 3, main storage unit 4, central processing unit 5, IDE bus 6, storage unit 7, display control unit 8, display unit 9, PCI card 116
Consists of

The PCI card 116 includes a first transfer unit 10, a first key generation unit 102, a first encryption unit 104, a second storage unit 106, and a first storage unit 10.
8, a decryption unit 111, a second encryption unit 112, and a second transfer unit 114.

Among them, PCI bus 1, north bridge 2, south bridge 3, main storage means 4, central processing means 5, IDE bus 6, storage means 7, display control means 8, display means 9, first transfer means Reference numeral 10 is the same as that described in the related art as shown in FIG.

Reference numeral 101 denotes digital data composed of the above-mentioned MPEG-2 digital compressed video stream, and reference numeral 103 denotes a first key.

The first key generation means 102 generates the first key 10
3 is generated.

The first encrypting means 104 stores the first key 10
This is means for encrypting the digital data 101 at 3 and outputting the encrypted digital data 105.

The second storage means 106 stores the third key 107
Is a means for storing

The first storage means 108 stores the second key 109
Is a means for storing a second encryption key 110 obtained by encrypting

The decryption means 111 generates the second encryption key 110
Is decrypted by the third key 107 and the second key 109 is output.

[0045] The second encryption means 112 uses the first key 10
3 with a second key 109 and a first encryption key 113
Is a means for outputting.

The second transfer means 114 is a means for transferring the second encryption key 110.

The first encryption key 11 of the present embodiment
3 is an example of the encrypted first key of the present invention, and the second encryption key 110 of the present embodiment is an example of the encrypted second key of the present invention.

Next, the operation of the present embodiment will be described.

First, the operation when recording the digital data 101 will be described.

The digital data 101 is, for example, image data, video and audio data, music data, document data such as novels, map information data, game software, application software, and the like. The digital data 101 is assumed to have been distributed via the Internet or the like. It is also assumed that the copyright holder who has the copyright of the digital data 101 has an intention not to want the digital data 101 to be copied illegally.

It is assumed that a second encryption key 110 obtained by encrypting the second key 109 with the third key 107 in advance is stored in the first storage means 108 in a nonvolatile memory or the like. . That is, the PC 115 includes a third encryption unit (not shown). The third encryption unit encrypts the second key 109 with the third key 107 and converts the second encryption key 110 into a second encryption key 110. Is generated.

The third key 107 is stored in the second storage means 106, but the contents of the second storage means 106 cannot be read from application software.

First, the first key generation means 102 in FIG.
A first key 103 is generated by generating a random number.

Then, the first encryption means 104 encrypts the input digital data 101 using the first key 103 and outputs the encrypted digital data 105 to the first transfer means 10.

At this time, the second encryption key 110 read from the first storage means 108 is added to the decryption means 111, and the decryption means stores the third encryption key 110 stored in the second storage means 106. The second encryption key 110 is decrypted using the key 107 and given to the second encryption means 112 as the second key 109.

Next, the second encryption unit 112 obtains the first encryption key 113 by encrypting the first key 103 with the second key 109, and obtains the first encryption key 113.
Output to

Then, the first transfer means 10 transmits the encrypted digital data 105 and the first encryption key 113 to the PC.
The data is transferred to the storage means 7 via the I bus 1.

As a result, the storage means 7 stores the encrypted digital data 105 and the first encryption key 113 in association with each other.

Next, the operation for displaying the encrypted digital data 105 recorded as described above will be described.

FIG. 2 shows a part of a flowchart of a program executed by the central processing unit 5.

The following is an explanation based on this flowchart.

Assuming that the program is stored in the storage means 7, the program is loaded into the main storage means 4 and executed by the central processing means 5 in accordance with the flowchart shown in FIG.

That is, in step 1, a request is issued to the second transfer means 114 to read and acquire the second encryption key 110 from the first storage means 108, and the process proceeds to step 2.

In step 2, the second encryption key 110 is decrypted with the third key 107 to extract the second key 109, and the process proceeds to step 3.

In step 3, the first encryption key 113 is read from the storage means 7, and the flow advances to step 4.

In step 4, the first encryption key 113 is decrypted with the second key 109 to extract the first key 103, and the process proceeds to step 5.

In step 5, the encrypted digital data 105 is read from the storage means 7, and the flow advances to step 6.

In step 6, the encrypted digital data 105 is decrypted with the first key 103 to obtain a digitally compressed video stream.

In step 7, the digital compressed video stream is expanded, the obtained digital video signal is converted from digital to analog by the display control means 8, and the display means 9 displays it.

Next, the reason why illegal copying can be prevented by performing the above operation will be described.

The encrypted digital data 105 stored in the storage means 7 and the first encryption key 11 for decrypting the encrypted digital data even if the program is duplicated.
In order to decrypt 3, the second encryption key 110 is required.

However, the second encryption key 110 is stored in the first storage unit 108 when the above program is executed.
Since the program is obtained from the second transfer means 114 via the second transfer means 114, the first storage means 108 storing the second encryption key 110 is required. The first storage means 108 is a PC
Since it is mounted on the I card 116, it cannot be taken out. For the above reasons, it is possible to prevent unauthorized duplication.

As described above, since the encrypted digital data 105 and the first encryption key 113 are stored in the storage means 7 in association with each other, the encrypted digital data 105 and the encrypted digital data 105 are stored. There is no need to maintain a table showing the correspondence between the encrypted key 113 and the encryption key 113 in the main unit. Therefore, even when a large number of digital data 105 are stored in the storage means 7, illegal copying of the digital data 105 can be prevented.

The storage means 7 is not limited to a hard disk, but may be another recording medium such as an optical disk or a magneto-optical disk.

Further, in the present embodiment, the digital data 105 is described as being encrypted using the first key 103, but the digital data 105 is encrypted with one first key 10
3 may be used, or the digital data 105 may be encrypted using a plurality of first keys 103, for example, by changing the first key 103 for each part of the digital data 105.

Further, in the present embodiment, the third encrypting means has been described as encrypting the second key 109 with the third key 107. However, the present invention is not limited to this. Instead of providing the second encryption key 110, the second encryption key 110 may be obtained from the outside by a communication unit that performs communication using the Internet or the like. In this case, the third key 107 is also
It is used to decrypt the second encryption key 110 as described above.

(Second Embodiment) FIG. 3 is a block diagram showing a PC 115 according to a second embodiment of the present invention.

The PC 115 is a PCI (Peripherer)
al Component Interconnect
t) bus 1, north bridge 2, south bridge 3, main storage unit 4, central processing unit 5, IDE bus 6, storage unit 7, display control unit 8, display unit 9, PCI card 116
Consists of

The PCI card 116 includes a first transfer unit 10, a first key generation unit 102, a first encryption unit 104, a second storage unit 106, and a first storage unit 10.
8, decoding means 111, second encryption means 112, second transfer means 114, channel selection demodulation means 202, conditional access means 2
03.

Reference numeral 201 denotes a high-frequency signal.

The channel selecting and demodulating means 202 is a means for receiving a signal including a plurality of channels obtained by digitally modulating an MPEG-2 digital compressed video stream, selecting an arbitrary channel, and performing digital demodulation.

The conditional access means 203 is a means for selecting the selected channel and sending pay digital data to the first encrypting means 104 or sending free digital data to the first transfer means 10.

Reference numeral 204 denotes pay digital data.
205 is free digital data.

The other parts are the same as those of the first embodiment, and the description is omitted.

Next, the operation of the present embodiment will be described focusing on differences from the first embodiment.

In FIG. 3, channel selecting and demodulating means 202 receives a high frequency signal 201 including a plurality of channels, selects and demodulates an arbitrary channel, and outputs a digital compressed video stream to conditional access means 203. .

The conditional access means 203 includes the channel selection demodulation means 20
It is determined whether the digital compressed video stream output from 2 is a pay broadcast or a free broadcast. Then, in the case of a pay broadcast, the pay digital data 204 is sent to the first encryption means 104, and in the case of a free broadcast, the free digital data 205 is sent to the first transfer means 10.

Thus, in the case of a pay broadcast, the digital data is recorded in the storage means 7 as encrypted digital data 105, and in the case of a free broadcast, the digital data is recorded in the storage means 7 without being encrypted.

Other operations are the same as those of the first embodiment.

As a result, as in the first embodiment, illegal duplication of the pay digital data can be prevented.

As described above, according to the present embodiment, in addition to the effect of the first embodiment, it is possible to obtain an effect that pay digital data can be selected and encrypted.

(Third Embodiment) FIG. 4 is a block diagram showing a PC according to a third embodiment of the present invention.

In FIG. 4, the PC 115 includes a modem means 302 in addition to the first embodiment.

The modem means 302 is connected to the telephone line 301 and is means for connecting to the Internet.

The server 304 of the Internet site 305 is connected to the Internet.

The other parts are the same as those of the first embodiment, and the description is omitted.

The central processing unit 5, the modem unit 302, the storage unit 7, and the first storage unit 108 of the present embodiment are examples of the key updating unit of the present invention. Is an example of key update information of the present invention.

Next, the operation of the present embodiment will be described focusing on the differences from the first embodiment.

In FIG. 4, PC 115 is connected to telephone line 30.
1. Internet site 3 via modem means 302
05 is connected to the server 304.

The second encryption key update data is downloaded from the server 304 via the telephone line 301 and the modem means 302, temporarily stored in the storage means 7 via the PCI bus 1, and further passed through the second transfer means. Stored in the first storage means.

As described above, it is possible to receive the encryption key update data from the server 304 and update the second encryption key.

Therefore, when the second encryption key is illegally decrypted, the second encryption key can be updated, so that the damage of the unauthorized copy can be minimized.

As described above, according to the present embodiment, by updating second encryption key 110, the reliability of PC 115 against unauthorized copying can be further improved.

(Fourth Embodiment) FIG. 5 is a block diagram showing a PC 115 according to a fourth embodiment of the present invention.

In FIG. 5, in addition to the second embodiment, the PC 115 includes a second encryption key update data extracting means 4
01 is provided.

Second encryption key update data extracting means 401
Is means for extracting the second encryption key update data multiplexed and transmitted to the broadcast.

Reference numeral 402 denotes second encryption key update data.

The central processing unit 5, the channel selection demodulation unit 202, and the encryption key update data extraction unit 40 of the present embodiment
1. The first storage unit 108 is an example of the key updating unit of the present invention, and the encryption key update data of the present embodiment is an example of the key updating information of the present invention.

Next, the operation of this embodiment will be described focusing on the differences from the second embodiment.

In FIG. 5, second encryption key update data 40
2 is multiplexed with the broadcast and transmitted, and the second encryption key update data extraction means 401 extracts the second encryption key update data 402 from the output of the channel selection demodulation means 202 and outputs the first The second encryption key 110 is updated by writing to the storage unit 108.

As described above, the second encryption key 110 can be updated based on the encryption key update data 402 transmitted using the broadcast radio wave.

Therefore, when the second encryption key 110 is illegally decrypted, the second encryption key can be updated, so that the damage of the illegal copy can be minimized.

As described above, according to the present embodiment, by updating the second encryption key 110, the reliability of the PC 115 against unauthorized copying can be further improved.

Note that the computer of the present invention described above
All or part of the first storage unit, the second encryption unit, and the storage unit may be any of the following cases.

That is, the first storage means, the second encryption means, and the storage means may all be included. Also, of the functions of the first storage unit, except for functions realized by hardware such as a RAM, functions realized by a computer program, all functions of the second encryption unit, The function of the means may include all functions realized by a computer program except functions realized by hardware such as a recording medium. Also, a case where all of the functions of the second encryption unit and all of the functions of the storage unit, excluding the functions realized by hardware such as a recording medium, are realized by a computer program It may be. The functions of the first storage unit, except for the functions realized by hardware such as a RAM, except for the functions realized by a computer program, and the functions of the second encryption unit are realized by hardware such as an LSI chip. If the functions are realized by hardware and a computer program, the functions of the second encryption unit are realized by a computer program excluding the functions realized by hardware. A case may be included in which all of the functions and all of the functions of the storage unit, except for the functions realized by hardware such as a recording medium, are realized by a computer program.

The present invention is a program for causing a computer to execute the functions of all or a part of the computer of the present invention described above, and is a program that operates in cooperation with the computer.

The present invention also includes a computer-readable recording medium on which the program of the present invention is recorded.

[0118] One embodiment of the program of the present invention may be a mode in which the program is recorded on a computer-readable recording medium and operates in cooperation with the computer.

[0119] One use form of the program of the present invention may be such that the program is transmitted through a transmission medium, read by a computer, and operates in cooperation with the computer.

The data structure of the present invention includes a database, a data format, a data table, a data list, a type of data, and the like.

The recording medium includes a ROM and the like, and the transmission medium includes a transmission medium such as the Internet, light, radio waves, and sound waves.

As described above, the configuration of the present invention may be realized by software or hardware.

[0123]

As is apparent from the above description, the present invention can provide a computer and a program capable of preventing unauthorized copying of contents requiring copyright protection.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a schematic configuration of a data processing device according to a first embodiment of the present invention.

FIG. 2 is a schematic flowchart of a program of a data processing device according to the first embodiment of the present invention.

FIG. 3 is a block diagram illustrating a schematic configuration of a data processing device according to a second embodiment of the present invention.

FIG. 4 is a block diagram illustrating a schematic configuration of a data processing device according to a third embodiment of the present invention.

FIG. 5 is a block diagram illustrating a schematic configuration of a data processing device according to a fourth embodiment of the present invention.

FIG. 6 is a diagram of a conventional system configuration.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 PCI bus 4 Main storage means 5 Central processing means 7 Storage means 10 First transfer means 102 First key generation means 104 First encryption means 106 Second storage means 108 First storage means 111 Decryption means 114 Second transfer means

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 5/91 H04N 7/167 Z 7/167 F-term (Reference) 5B017 AA03 AA06 BA07 BA09 CA05 5C053 FA13 FA23 GA11 GB06 GB11 GB38 JA01 JA16 JA21 KA05 LA06 LA11 LA15 5C064 CA14 CA16 CB01 CB06 CC01 CC04 5J104 AA13 AA15 AA16 EA04 EA06 EA17 NA02 NA35 NA37 NA40 PA05 PA07

Claims (10)

[Claims] 1. The first method used when encrypting data.
First storage means for storing a predetermined number of second keys for encrypting the first key; and second storage means for encrypting the first key using all or a part of the second key. A computer comprising: encryption means; and storage means for recording the encrypted data and the encrypted first key in pairs. 2. A storage means for storing a predetermined number of third keys for decrypting the encrypted second key; and storing the encrypted second key in the third key. 2. The computer according to claim 1, further comprising: decryption means for decrypting with a key, wherein the second key is encrypted and stored in the first storage means. 3. When decrypting the encrypted data,
The decrypting means converts the encrypted second key to the third key.
The first key that has been decrypted and encrypted with the first key is decrypted with the decrypted second key, and the encrypted data is decrypted with the decrypted first key. Item 3. The computer according to Item 2. 4. The computer according to claim 3, further comprising communication means for obtaining the encrypted second key. 5. A second storage means for storing a predetermined number of third keys for encrypting the second key, and a third memory for encrypting the second key with the third key. 2. The computer according to claim 1, further comprising an encryption unit, wherein the second key is encrypted and stored in the first storage unit. 6. The computer according to claim 1, further comprising a first encryption unit that encrypts the data using the first key and creates the encrypted data. . 7. A channel demodulation means for receiving a signal including one or more channels digitally modulated with digital data, selecting an arbitrary channel, and demodulating the digital data of the selected channel. 7. The computer according to claim 6, further comprising a conditional access unit for selecting data to be encrypted by said first encryption unit from digital data of a selected channel. 8. A key generation unit for generating the second key based on key generation information sent via the Internet, wherein the second encryption unit generates the second key. The computer of claim 1, wherein the first key is encrypted using the first key. 9. Key generating means for generating the second key based on key generation information sent using broadcast radio waves, wherein the second encrypting means includes a key for generating the second key. The computer of claim 1, wherein the first key is encrypted using a second key. 10. A computer according to claim 1, wherein said first storage means stores a predetermined number of second keys for encrypting a first key used when encrypting data. Second encryption means for encrypting the first key using all or a part of the second key; and pairing the encrypted data with the encrypted first key. For causing a computer to function as all or part of storage means for recording data.