JP2002313020A - Cipher recorder, cipher recording method, program for making computer carry out the method, and computer readable recording medium with the program recorded thereon - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify operation sequence or procedures for the applied system of a network using type optical disk. SOLUTION: A sub-information recording area is provided to the optical disk, and an ID or a cryptographic key or a decoding key different from a disk to a disk is recorded at a factory. Operation sequence or procedures can be obviated by a user's using the ID for deciphering software, the cryptographic key when transmitting a cipher, the decoding key when receiving a cipher, and safe distribution of information via a communication means is realized by checking the record of contents using prescribed information.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an optical disk, an optical disk system, and an encryption communication method.

[0002]

2. Description of the Related Art In recent years, with the spread of networks such as the Internet and optical ROM disks, distribution of network software using optical ROM disks has begun. The study of e-commerce is also in progress.

As a conventional technique, a soft electronic distribution system using a CD-ROM as a medium has been put to practical use. In this case, a method of giving a password and decrypting the software recorded and encrypted in advance on the CD-ROM is generally used.

[0004]

However, CD-ROMs
In the case of, the ID of each disk cannot be set individually since additional recording cannot be performed on the disk. Therefore, if used simply,
One password decrypts all disks manufactured from the same master. For this reason, CD-ROM
In the case of using the ID, it is necessary to create an ID unique to each disk on the hard disk of the personal computer or to send the ID created at the center to the user by mail.

In an electronic distribution system using a conventional optical disk or optical disk system, it is required to easily supply an ID or an encryption key to the optical disk or the system. An object of the present invention is to realize an easy supply of an ID and an encryption key to an electronic distribution system using a ROM disk.

[0006]

In order to solve this problem, a write-once area (hereinafter abbreviated as BCA) in which a barcode is overwritten is provided in a pit portion of an optical disk, and a different ID for each disk is provided in the BCA area during manufacture of the optical disk. When necessary, the encryption key for communication and the decryption key of the decryption key for communication are recorded separately, so that the user can receive the user ID number and the communication The transmission encryption key and the reception decryption key are automatically distributed, and some procedures that make the conventional system complicated can be omitted. In this way, the encrypted communication and the identification of the disk containing the content are simultaneously realized.

[0007]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described based on embodiments. In the text, the additional recording area using the BCA method is referred to as BC.
The data recorded by area A and BCA is called BCA data. The first identification information is ID or disk I
Also called D.

FIG. 1 shows a typical process of a disc with BCA. First, the first cipher 805 obtained by encrypting the content 777 by the cipher encoder 803 using the first cipher key 802 such as a public key is transmitted to the 8-16 modulator 9 such as a mastering device.
The modulated signal is recorded in the first recording area 919 of the master 800 by laser as pits having irregularities. Using this master 800, a disk-shaped transparent substrate 918 is formed by a forming machine 808a, and a reflection film forming machine 80 is formed.
8b, an A1 reflection film is formed to produce 0.6 mm thick single-sided disks 809a and 809b, and the second recording area 920 of the completed disk 809 bonded by a bonding machine 808c.
In the trimming device 807, the disk ID 921, the decryption key 922 of the first encryption, or the second encryption key 923 for Internet communication is modulated by the PE-RZ modulator 807a combining PE modulation and RZ modulation, and the BCA is modulated by the pulse laser 807b. After trimming, a disk 801 with BCA is manufactured. Since the bonded disk is used, the BCA contained therein cannot be falsified and can be used for security purposes.

Before starting the description, BCA will be briefly described.

As shown in FIG. 2A, in the BCA, the aluminum reflective film 809 is trimmed on the dual-layer disc 800 with a pulse laser 808 to form a stripe-like low-reflecting portion 81.
0 is recorded based on the PE modulation signal. A BCA stripe is formed on the disk as shown in FIG.
When this stripe is reproduced by a normal optical head, the BCA portion loses the reflected signal, and therefore, as shown in FIG. 2 (3), the missing portions 810a, 810b, 8 where the modulation signal is intermittently lost.
10c occurs. The modulation signal is the first slice level 91
Sliced at 5. On the other hand, since the signal level of the missing portion 810a and the like is low, the slice can be easily sliced at the second slice level 916. As shown in the recording / reproducing waveform diagram of FIG. 3, the formed barcodes 923a and 923b can be reproduced by level slicing at the second slice level 916 with a normal optical pick as shown in FIG. The waveform is shaped by the LPF filter as shown in FIG. 3 (6), PE-RZ demodulated, and a digital signal is output as shown in FIG. 3 (7). The demodulation operation will be described with reference to FIG. First, the disc 801 with BCA is bonded so that two transparent substrates and the recording layer 801a are located inside, and there are a case where the recording layer 801a is one layer and a case where there are two recording layers 801a and 801b. In the case of two layers, the first recording layer 80 close to the optical head 6
A BCA flag 922 indicating whether BCA is recorded in the control data 1a is recorded. B
Since CA is recorded in the second layer 801b,
The optical head 6 is moved to the radial position of the control data 924 on the innermost periphery of the second recording area 919 by focusing on the layer recording layer 801a. Since the control data is main information, it is EFM or 8-15 or 8-16 modulated.
Only when the BCA flag 922 in the control data is “1”, the one-layer / two-layer switching unit 827 focuses on the second recording layer 801b to reproduce the BCA. When sliced by the level slicer 590 at a general first slice level 915 as shown in FIG. 2C, the slice is converted into a digital signal. This signal is subjected to EF in the first demodulation unit.
M925 or 8-15 modulation 926 or 8-16 modulation 92
, And error correction is performed by the ECC decoder 36, and the main information is output. The control data in this main information is reproduced, and only when the BCA flag 922 is 1, the BC
I go to read A. When the BCA flag 922 is 1, the CPU
Reference numeral 923 issues an instruction to the one-layer / two-layer switching unit 827, drives the focus adjustment unit 828, and switches the focus from the first recording layer 801a to the second recording layer 801b. At the same time, the BCA recorded at the radial position of 920 in the second recording area, that is, between 22.3 mm and 23.5 mm on the inner peripheral side of the control data in the case of the DVD standard, is read by the optical head 6.
To read the BCA. Figure 2 in the BCA area
A signal in which the envelope is partially missing as shown in (3) is reproduced. By setting the second slice level 916 having a light quantity lower than the first slice level 915 in the second level slicer 929, the missing portion of the reflection portion of the BCA can be detected, and a digital signal is output. The signal is subjected to PE-RZ demodulation in the second demodulation section 930 and ECC decoding is performed in the ECC decoder 930d to output BCA data as sub-information. In this way, the main information is PE-coded by the first demodulator 928 of 8-16 modulation.
Sub-information, that is, BCA data is demodulated and reproduced by the second demodulation unit 930 of RZ modulation.

FIG. 5A shows a reproduced waveform before passing through the filter 943, and FIG. 5B shows the processing dimensional accuracy of the slit of the low reflection portion 810. It is difficult to reduce the width of the slit to 5 to 15 μm or less. Also, if the data is not recorded on the inner circumference of 23.5 mm, the recorded data will be destroyed. From this, in the case of DVD, the shortest recording cycle = 30 μm and the maximum radius = 23.5 m
The maximum capacity after formatting is 188 bytes due to the limitation of m
It is limited to es or less.

The modulation signal is recorded in pits using the 8-16 modulation method, and is stored in the high-frequency signal section 93 shown in FIG.
3 is obtained. On the other hand, the BCA signal is a low-frequency signal like the low-frequency signal section 932. As described above, when the main information is the DVD standard, the maximum is about 4.5 MHz.
The high frequency signal 932 of FIG. 5A, as shown in FIG.
Since the sub information is a low frequency signal 933 of a period of 8.92 μs, that is, about 100 KHz, it is easy to separate the frequency of the sub information using the LPF 943. The frequency separation means 934 including the LPF 943 as shown in FIG. 4 can easily separate the two signals. In this case, LPF9
43 has the effect that a simple configuration is sufficient.

The above is the outline of BCA.

Referring now to FIG. 6, the entire system of the encryption software unlocking system will be described focusing on the operations of password issue, encryption communication, and orderer authentication. First, since the steps of the press factory are manufactured in substantially the same procedure as in FIG. 1, the illustration of the master 800 and the completed disk 809 is omitted.

In the press factory 811, the plaintext 810 of the first to n-th contents is subjected to data encryption or scrambling of the video signal by the encryption encoder 812 using the first to n-th encryption keys 813, respectively. 800. After a reflection film is formed on a disc-shaped substrate 809 manufactured by pressing the master disc 800, two disc-shaped substrates are bonded to each other, and a completed disc 809 is produced. The ID 815 and / or the first encryption key 816 (public key) and / or the second encryption key 817 (public key) different for each disk and the connection address 818 of the second computer are recorded in the BCA area 814 on the completed disk 809. The BCA-equipped disk 801 is distributed to users.

Since the contents of this disc are encrypted, it is necessary to obtain a password from a password issuing center, that is, an online store or a mall, by paying a price or the like to reproduce the contents. This procedure will be described.

In the user's first computer 909, when the distributed disk 801 with BCA is reproduced by the reproducing device 819, the BCA reproducing unit 820 including the PE-RZ demodulating unit is reproduced.
, ID 815, first encryption key 816, second encryption key 8
17. The data of the connection address 818 is reproduced. In order to get a password, the password issuance center 82
The second computer 821a is connected to the connection address 818 of the second computer 821a, which is the first server, via the communication unit 822 via the network 823 such as the Internet.
The ID is transmitted to 21a.

Here, the procedure of the encrypted communication will be described.
The second computer 821a is connected to the user's playback device 819.
ID 815 is received. Then, the second computer of the password issuing center 821 called “mall” or “electronic store”, that is, the server 821 a has the encryption key database DB 824. In this database, a secret key which is a decryption key corresponding to the ID of the disk or the first encryption key 816 of the ID, that is, a first decryption key 825 is stored.
And a table of IDs are stored. Therefore, the server can search for the first decryption key 825 based on the received ID. Thus, the first computer to the second computer 8
The encrypted communication to 21a is established. In this case, the first encryption key and the first decryption key are not public key encryption but are the same key if they are common keys of common key encryption.

The user stores, for example, in the disk 801
One of the 1000 encrypted contents stored
For example, when the user wants to use the content whose content number 826 is n, the content number 826, that is, n, is encrypted by a first encryption encoder 827 including a public key encryption function using a public key that is a first encryption key 816. The encrypted code is transmitted to the second computer 821a. As described above, the second computer 821a searches for and knows the first decryption key 825 for decrypting this encryption. Therefore, this code can be plainly written. Thus, there is an effect that the privacy of the user's order information is protected by encryption.

In this case, the first encryption key 816 may be signed using a secret key of public key encryption. This method is called "digital signature". For a detailed description of the operation, refer to an encryption technical book, for example, “E-Mail Security by.”
"Br Di Schneier 1995"
digital signature "and the like.

Returning to the cipher communication, this cipher is
2 and the network 823 to the first encryption decoder 827 of the password issuing center 821. Thus, the encryption is decrypted in the first encryption decoder 827 using the first encryption key 825 paired with the first encryption key 816.

In this case, since the public key has only one specific disk, an unauthorized order from a third-party disk can be eliminated. That is, since authentication of one disk can be performed, authentication of the user who owns the disk can be performed. Thus, the content number n is proved to be a specific individual order, so that an unauthorized order by a third party can be excluded.

At this time, if the public key 816 is kept secret,
This technique can also be used technically to transmit billing information such as credit card numbers that require high security. However, in stores usually called "malls,"
Because there is no security guarantee, electronic payment does not handle user billing information. Only credit card-based and bank-based billing centers 828 can handle user financial information. Currently, security standards such as SET are being standardized, and there is a high possibility that financial information encryption will be realized using RSA 1024-bit public key encryption.

Next, an encryption communication procedure of accounting information in the case of the present invention will be described. First, using the second encryption key 817 of the public key encryption played back by the BCA playback unit 820, the billing information 830 such as a personal credit card number is stored in the second encryption encoder 8.
At 31, the data is encrypted by a public key cryptosystem such as RSA and transmitted from the communication unit 822 to the encryption decoder 832 of the third computer 828 via the second computer 821. In this case, when a digital signature is to be made, the second encryption key 81 is used.
7 uses a secret key 829.

The ID or the second decryption key 829 corresponding to the second encryption key 817 is searched from the encryption key database DB 824a in the same manner as the procedure for the encryption key of the second computer 821a of the password issuing center 821, and this is used. Thus, the accounting information encrypted in the second encryption decoder 832 can be decrypted.

Note that the second encryption encoder 831 uses the secret key 8
29, the second encryption decoder 8
At 32, the signature of the user can be confirmed. In this way, the charging center 828 can safely obtain the charging information such as the user's credit card number, bank card number, and bank password using the Internet. In an open network such as the Internet, security is a problem. However, in this system, since an encryption key (public key) for cryptographic communication or a secret key of a digital signature is recorded in the BCA, cryptographic communication or authentication is not possible. It can be done reliably. For this reason, there is an effect that illegal charging and an illegal order by an unauthorized third party can be prevented. Further, since a different public key can be used for each disk, that is, for each user, the confidentiality of communication is improved, and the possibility that the user's billing information is leaked to a third party is reduced.

Returning to FIG. 6, a password issuing procedure and a password unlocking procedure will be described. In the password issuing center 821, a password is generated by a password generation unit 834 using an arithmetic expression such as public key encryption based on three pieces of information: an ID, a content number that the user wants to unlock, and time information indicating a user's use permission period. Generated and transmitted to the first computer 909. To describe the simplest configuration example, the second computer encrypts information obtained by mixing the decryption key disk ID for decrypting the n-th content and the time information with the public key of the public key encryption, and creates a secret key for decrypting the information. The mixed n-th password 834a is created by the password generator 834 and transmitted to the first computer 909. The first computer receives the n-th password and decrypts the disc ID, the time information, and the decryption key of the n-th content with the secret key. Here, the ID 835a of the BCA reproduced from the disc and the current second time information 8
35b, permitted ID 833a and first time information 833
Are compared and the password calculation unit 836 calculates whether or not they match. If they match, permit, and the nth decryption key 836
a to the encryption decoder 837, the encryption 837a of the n-th content is decrypted, and the n-th content 838
Is output. The output period is limited only while the first time information 833 and the second time information 835b match. On the first computer 909 side, the password calculation unit 836 calculates three pieces of information of the ID, the password 835, and the time information from the clock 836b indicating the current time.
If the time information is correct, the correct decryption key is output as the operation result, and the n-th encryption is performed by the encryption decoder 837.
Then, plaintext data of the n-th content 838 or a descrambled video signal or audio signal is output.

In this case, the second time information 8 of the clock 836b
If 35b does not match the first time information 833 of the password, the cipher will not be correctly decrypted and will not be reproduced. Use of the time information makes it possible to apply to a time-limited type rental system in which a movie can be played for only three days when using the rental.

Although the procedure has been described with reference to the block diagram in FIG. 6, a flowchart of this procedure will be described later with reference to FIGS.

Next, a device for the capacity of the encryption key will be described. By inserting both the first encryption key 816 and the second encryption key 817 into the BCA as shown in FIG. 7A, the product transaction with the “mall” and the payment settlement with the “charging center” are performed. The effect of maintaining two security is obtained.

In this case, standardization such as SET is planned for security with the charging center.
A1024 That is, the 128-byte encryption key is
It will be stored in the encryption key area 817a. Then
Since BCA has only 188 bytes, only 60 bytes remain for the encryption key of the transaction with “mall”. 2
Elliptic function-based public key cryptography is known as a cryptographic function having a size of 0 bytes and the same security as that of 128 bytes of RSA1024.

In the present invention, an elliptic function is used for the first encryption key area 816a. The elliptic function provides security equivalent to RSA1024 in 20 bytes. Therefore, there is an effect that both the first encryption key 816 and the second encryption key 717 can be accommodated in the BCA area of 188 bytes by using the elliptic function.

As described above, by applying BCA to an optical ROM disk, an ID number unique to the disk,
The first and second encryption keys and connection addresses can be recorded. In this case, if you use the Internet, you will be automatically connected to the mall,
Security such as product purchase authentication and confidentiality and authentication and confidentiality at the time of payment is realized only by distributing the disk on which the encryption key is recorded to the BCA. Therefore, according to the method of the present invention, it is possible to omit and streamline the conventional operation of using an IC card, a floppy or a letter to distribute an ID and an encryption key to a user without lowering security. effective. The URL, which is the Internet connection address, is not fixed but is changed. A URL is recorded on the master, and it is sufficient to connect to the URL. However, changing the master when it is changed is inefficient in terms of time and cost. BCA
Is recorded in advance, and only when the connection address 931 is reproduced from the BCA, the connection is performed by giving priority to the BCA connection address 931 over the connection address of the master.
There is an effect that connection is made to the changed connection address 931 without creating a new master.

FIG. 6 shows a case where the first public key and the first public key are recorded in the BCA.

In FIG. 8, the first encryption key 8 of the public key is stored in the BCA.
16 shows two types of embodiments, namely, a case where two of 16 and a third decryption key 817a of a secret key are recorded, and a case where an encryption key is generated and encrypted communication is performed. Since the procedure is the same as that of FIG. 6, only different points will be described. First, at the press factory, the first encryption key 816 and the third decryption key 817a are recorded in the BCA. The third decryption key 817a is used for receiving a code encrypted with a public key from a charging center. In this case, there is an effect that security of reception is improved.

First, a more specific example of encrypted communication for generating an encryption key will be described with reference to FIG. Since the first encryption key 816 is a public key, it is necessary to record the third decryption key 817a for reception in the BCA. On the other hand, BCA has a small capacity. The public key requires processing time. Therefore, in FIG. 8, the first computer 836 generates an encryption key / decryption key pair of a public key or a common key using an encryption key generation unit 838a using a random number generator or the like.
An example of a common key will be described. The common key K838 is used as the first encryption key 81
6 and encrypted by the first encryption encoder 842 and sent to the second computer 821a. In the second computer, using the main decryption key 844, the main encryption decoder 843 decrypts the encryption to obtain a common key K838a. Since both have the common key K, by passing the common key K to the second encryption encoder 842a and the second encryption decoder 847a, encrypted communication from the store to the user, that is, from the second computer 821a to the first computer 836 can be performed. Naturally, the common key K is transmitted to the second encryption encoder 827a and the second encryption decoder 845a.
, The user can also perform encrypted communication from the store, that is, the first computer 836 to the second computer 821a. The effect of the method of recording the first encryption key, which is the public key, in the BCA and generating the encryption key will be described. First, the first
The recording of the decryption key can be omitted simply by recording the encryption key. Therefore, the capacity with less BCA is not reduced. Next, BC
Since the decryption key is recorded in A, security is improved. In the case of a common key, the key may be changed every time.

Since the operation time is short, there is an effect that the processing time is short. In this case, the encryption key generation unit 838a
Generates a pair of a public key encryption key and a decryption key instead of a common key, transmits the encryption key to the second computer 821a and uses it as the encryption key of the second encryption encoder 842a, and uses the decryption key as the second encryption key. If it is used as a decryption key for the decoder 847, the processing time will be longer, but security can be further improved as compared with the common key. It is desirable to use a public key when the performance of the CPU for processing is high. When a new public key is generated, no security problem occurs because only the public key of the first encryption key is recorded in the BCA. B
CA capacity is not consumed. In addition, since there is no need to change the encryption key, maintenance becomes easy.

When the common key K838a is defined by the second computer 821a of the password issuing center 821, the common key is encrypted by the third encryption encoder 840 using the third encryption key 839 and transmitted to the personal computer 836.
On the personal computer 836 side, the third encryption decoder 841 uses the third decryption key 837, which is a secret key reproduced from the BCA, to obtain a common key K838b. In this case, since the third decryption key 817a, which is a secret key, has only this user, there is an effect that the contents of communication from the center to the user are prevented from leaking to a third party. The format in this case is shown in FIG.
The third decryption key 839b can be accommodated in the BCA because an elliptic function requires only 20 bytes.

Next, with reference to FIG.
A description will be given of an embodiment in which the master production cost is reduced using A.

When there are n, for example, 1000 plaintext contents 850, the contents are encrypted by the encryption encoder 852 using the 1st to mth encryption keys 851 respectively. The decrypted program 854a for the encrypted first to m-th content 853, the first to m-th content, and the second encryption decoder 861a for decrypting the second encryption were recorded as pits with irregularities on the master. Then, after forming a reflection film by molding on one substrate, the two substrates are bonded to each other to complete the optical disc 801. At this time, disk 1
Disc-specific identification information different from the first disc,
A second code obtained by encrypting D855 and decryption information 854 such as a password or decryption key for unlocking the nth content, for example, the first content, by the second encryption encoder 860 is recorded in the BCA in advance. Then, in the playback device, the BCA playback unit 820 plays back the second cipher. Since the second encryption decoder 861 is reproduced from the data reproducing unit 862 which reproduces normal recorded data other than the BCA, the second encryption is decrypted using this, and the ID 855a and the n-th password 854a are reproduced. You. The encryption decoder 855b uses the ID 855a and the password 854 by using the decryption program 854a for the n-th content reproduced by the data reproducing unit 862.
The first cipher is decrypted using a to obtain the plaintext 855c and the identification information 855a of the n-th content. In the case of a personal computer, the content and the ID are recorded on the hard disk 863. The ID 855a checks whether there is the same ID on the network at the time of starting the program and activates the network protection. Therefore, there is a secondary effect that illegal installation of software can be prevented. That is,
If a single master contains 1,000 encrypted contents and records decryption information such as a password corresponding to specific software, an optical ROM disk of one specific content can be created. Is equivalent. 100 for one master
The same effect as cutting a master of zero types of software can be obtained, and there is an effect that the cost and labor for creating the master can be reduced.

FIG. 10 describes a procedure for encrypting content using BCA when recording content on a RAM disk. First, the BCA playback unit 82 is read from the RAM disk 856.
0, the BCA data is reproduced, the ID 857 is output, and the ID is transmitted to the encryption unit 859 via the interfaces 858a and 858b and the network. In the encryption unit 859, the content 860 is encrypted or the video / audio signal is scrambled by the encryption encoder 861 using the key including the ID 857. The encrypted content is sent to a recording / reproducing device and is recorded by a recording circuit 862 on a RAM disk 856.
Will be recorded.

Next, when reproducing this signal, the data reproducing section 865 demodulates the main data, reproduces the encrypted signal, and decrypts it in the encryption decoder 863. At this time, information including the ID 857 is reproduced from the BCA area of the RAM disk 856 by the BCA reproducing unit 820 and sent to the encryption decoder 863 as a part of the key. At this time, if the copy is authorized, the encryption key recorded on the RAM disk is the authorized disk ID, and the ID of the RAM disk is also the authorized disk ID, so the encryption is decrypted or descrambled.
The plaintext 864 of the nth content is output. In the case of video information, an MPEG signal is expanded to obtain a video signal.

In this case, the encryption is performed using the disk ID as a key. Since there is only one disk ID in the world, an effect is obtained that it can be copied to only one RAM disk.

Here, if a copy is made from this legitimate RAM disk to another RAM disk, ID1 which is the first legitimate disk ID is different from ID2 which is the disk ID of another illegal RAM disk. Incorrect RA
When the BCA of the M disk is reproduced, ID2 is reproduced.
However, since the content is encrypted with ID1,
Even if the encryption decoder 863 tries to release the key with ID2, the encryption is not decrypted because the key is different. Thus,
There is an effect that the signal of the illegally copied RAM disk is not output and the copyright is protected. The present invention is a Disk
Since the ID method is used, the regular RA copied once
There is an effect that the encryption of the M disk can be unlocked even if it is reproduced by any drive. However, the encryption unit 859 may be an IC card equipped with an encryption encoder instead of the center.

The copy protection method will be described with reference to the block diagram of FIG. 11 and the flowchart of FIG. Step 87
The installation program is operated at 7a. From the optical disk 801 bonded in step 877b, the BCA
The reproduction unit 820 outputs the ID of the sub information. In step 877d, the content and the network check software 870 are reproduced from the main information by the data reproducing unit 865.
The content and the ID 857 are recorded on the HDD 872.
ID85 to prevent unauthorized tampering in step 877c
7 performs a specific secret cryptographic operation and is recorded on the HDD 857 as a soft ID. Thus, the soft ID 873 is stored in the HDD 872 of the personal computer 876 together with the contents.
Is recorded. Here, a case where the program of step 877f of FIG. 12 is started will be described. When the program is started, in step 877g, the software ID 873a of the HDD 872 is reproduced, and the software ID 873a in the HDD 872a of another personal computer 876a on the network 876 is checked via the interface 875. In step 877h, the software ID 87 of another personal computer
It is checked whether 3a and its own software ID 873 have the same number. If the numbers are the same, the process proceeds to step 877j, where the activation of the program of the personal computer 876 is stopped or a warning message is displayed on the screen.

If the software IDs 873a of the other personal computers are not the same, it is determined that there is no evidence that the content has been installed on a plurality of computers at least on the network and that there is no illegal copy, and the flow advances to step 877k.
Allow the program to start. In this case, the software ID 873 may be transmitted to another personal computer via a network. In this personal computer, an illegal installation can be detected by checking the duplication of the software ID of each personal computer. If there is any fraud, a warning message is sent to the computer.

In this way, by recording the ID in the BCA and recording the network check program in the pit recording area, it is possible to prevent a plurality of software having the same ID on the same network from being installed. Thus, simple unauthorized copy protection is realized.

By providing a writable writing layer 850 made of a white material as shown in FIG. 13, not only can characters be printed or a password can be written with a pen, but also the writing layer 850 can be made thicker. Therefore, an effect of preventing damage to the substrate of the optical disk can be obtained. BCA area 8 on this write layer 850
By printing characters 851 and general barcodes 852, which are plain text and converted to alphanumeric characters, of the disc ID 815, which is a part of the BCA data 849 recorded by trimming in 01a, a retailer or user can read the BCA on a playback device. POS barcode reader and ID by visual recognition without taking
Can be checked and collated. A visually recognizable ID is unnecessary when the user notifies the center of the ID via a personal computer. However, if the user verbally conveys the ID to the center by telephone, the same ID as the BCA ID must be printed in a format that can be visually recognized on the disc, so that the user can read the ID visually and insert the disc into a personal computer. The ID can be transmitted to the center without any change. The manufacturing steps of the optical disc will be described with reference to the flowchart of FIG. In step 853d, a disk is formed from the master to create a substrate on which pits are recorded. Step 85
3e, an aluminum reflective film is formed. 2 at step 853f
The two disk substrates are bonded with an adhesive to complete a DVD disk or the like. In step 853g, label printing for screen printing is performed on one side of the disc. At this time, unique identification information is recorded on the master using a bar code. Step 853
In step h, identification information such as an ID that differs for each disc in the POS barcode format is printed by an inkjet barcode printer or a thermal transfer barcode printer. In step 853i, the barcode is read by a barcode reader, and in step 853j, BCA data corresponding to the identification information is printed on the second recording area of the disc. According to this manufacturing method, the BCA data is recorded after confirming the disc identification information after completing all the steps including the POS barcode except for the BCA. BCA cannot be read unless the disc is reproduced, but POS barcodes can be read with a commercially available barcode reader due to their low density. At every step in the factory, the disk ID can be identified. By recording the disc ID with a POS barcode before BCA trimming, erroneous recording of the BCA and POS barcode can be almost completely prevented.

A method of using BCA, which can perform secondary and tertiary recording in the BCA method, will be described. As shown in FIG. 15, the software maker can also secondary record the piracy prevention mark and the verification code as shown in step (2). In the step (2), a disk 944b may be created in which a different ID number or an encryption key for secret communication with a user is recorded for each disk. The discs 944c and 944d can be reproduced without inputting a password.

As another application, in step (3), information such as an encrypted or scrambled MPEG video signal is recorded on a disk 944e. The detailed operation of the MPEG scramble will not be described. In step (4), the software company creates a disk 844f in which the sub-public key for decrypting the ID number and the descrambling information is secondarily recorded by BCA. This disc cannot be played alone. In step (5), after receiving the price of the disk at the store, a password is created using the sub-secret key paired with the sub-public key, and the password is tertiarily recorded on the disk. Or give the receipt with the password printed to the user. after this,
Since the disk 844g has a password recorded thereon, the user can reproduce it. When this method is used, the scramble of the video is not released even if the unpaid disk is shoplifted, so that the picture is not normally reproduced, so that the shoplifting becomes meaningless and reduced.

In a store such as a rental video, a password is permanently BCA-recorded, and if a shoplifting is performed, the password is used. In this case, as shown in step (6), BCA
Is read by a POS barcode reader, a password for descrambling is issued in step 951g, and printed on a receipt in step 951i, and a step 951j.
Hand over to customer. At step 951k, the customer inputs the receipt password to the player using the numeric keypad at step 951k.
In step 951p, the content is reproduced only for a predetermined day. If you want to use other software when you rent it by giving only the password for a part of the software on the disk, you can notify the password of the software at step 951u and enter it at step 951k by telephone, and You can play the software. Although an example of a rental video store has been described, a password may be printed and handed over at a POS terminal when encrypted personal computer software is sold at a personal computer software store.

The cell dealers in steps (5) and (6) in FIG.
The operation in the rental shop will be described more specifically with reference to FIG. The cell store receives the encrypted or scrambled disk 944f from the software maker and confirms the payment from the user, and then checks the bar code recording device 94.
5 to the password issuing center 9 via the POS terminal 946.
52. In the case of a small-scale system, a password issuing center, that is, a system including a sub-secret key of a sub-public key may be provided in the POS terminal. The password issuing center inputs the disk ID number and time information in step 951q, performs an operation in step 951s, encrypts the information using the sub secret key in step 951t, issues a password in step 951g, and
BCA barcode recording device 94 via OS terminal 846
The password is sent to 5, and the recorded disk 944g is given to the customer. This disk 944g can be reproduced as it is.

Next, in the case of a rental shop or a PC software shop, first, a ROM in which the encryption and the scramble have not been released.
The disk 944f is displayed at the store. Customer has a specific ROM
When the disk 944f is designated, the user holds the circular barcode reader 950 having a built-in rotary optical head 953 that scans in a spiral manner in the hand and presses the disk bar 950 on the center of the disk 900 in a transparent case.
The bar code of the reflection layer by the non-reflection portion 915 of f is read, and the disk ID number is read. By printing the product barcode of the disc ID as shown by 852 in FIG. 13, the barcode can be read by a normal POS terminal barcode reader. It may be read from a circular barcode recorded and pressed in advance on the master. The information including these disc IDs is processed by the POS terminal 946, the fee is settled from the credit card, and the password corresponding to the ID number is issued from the password issuing center in step 951g as described above. For rental use, step 9 to limit the number of days that can be viewed
Add the date information as used in
Encrypt the number and create a password. In the case of this password, since it operates only on a specific date, there is an effect that, for example, a lending period of three days can be set in the password.

The password for descrambling issued in this way is printed on a receipt 949 together with the rental date, return date and rental title fee in step 951i, and is passed to the customer together with the disc. The customer brings back the disk 944j and the receipt 949, and inputs the password to the first computer 90 in FIG.
The password 835 is calculated as an ID number 835a by inputting it into the ten-key input unit 954 of No. 9 and input to the encryption decoder 837, where it is divided using the decryption key. Only when the password is correct, the data of the program is descrambled by the encryption decoder 837 and the video output is output.

In this case, when time information is included in the password, the password is collated with the date data of the clock section 836b, and descrambling is performed for the period of the coincident date. The input password is stored together with the corresponding ID number in the nonvolatile memory 755a of the memory 755, and once the user inputs the password, the user is descrambled without having to input the password again. Thus, there is an effect that the key of the disk can be opened and closed electronically during distribution.

Referring to FIG. 16, a method of decrypting software on a disk on which software is recorded as encrypted data will be described in detail.

Step 865 shows the entire flow of distributing the encrypted data and the individual ID to the user. First, in step 865a, the secret first area is stored in the ROM area of one master disk.
M data encrypted with an encryption key and m encrypted data
The program that decodes two data is recorded. In step 865b, a plurality of completed ROM disks are created by forming a substrate from the master and bonding the two substrates to which the reflection film has been added. In step 865c, decryption information (disc identification information and / or decryption key for encrypted data, which is different for each pressed disk) necessary for decrypting the encrypted data is stored in the non-rewritable sub-recording area (referred to as BCA) of the completed disk. Recording is performed using a modulation method different from the area. In step 865d, the user plays the distributed disk, selects desired encrypted data n, and starts decryption processing. In step 865e, the user's first computer reproduces the encrypted data and the decryption program from the ROM area and reads the decryption information from the sub recording area (BCA). If the second decryption information is not obtained online at step 865f, the decryption auxiliary information such as the ID is displayed on the screen at step 871a in FIG. Step 871b
Then, the user obtains the second decryption such as the password corresponding to the ID and inputs the second decryption to the first computer. Step 87
At 1c, a specific operation of a public key cryptographic function is performed using the disc identification information, the second decryption information, and the encrypted data n. If the result is correct in step 871d, step 871f
Then, the n-th data is written in plain text, and the user can operate the software of the data n.

Next, using the flowchart of FIG.
A method of encryption communication that is essential for the Internet or the like using CA will be described. Step 868 is a routine of a method for distributing the communication program and the communication encryption key to the user. First, in step 868a, at least a communication program and connection information are recorded in the ROM area of one master. In step 868b, a substrate is formed from the master, and two substrates are bonded to create a plurality of completed ROM disks. In step 868c, different disc identification information and an encryption communication encryption key for each pressed disc are recorded in the unrewritable sub-recording area (BCA) of the completed disc. In some cases, the connection address of the second computer and / or the decryption key for encrypted communication are recorded by a modulation method different from that of the ROM area. In step 868d, the user's first computer reproduces the communication program and the encryption program from the ROM area, and reads the disc identification information and the communication encryption key from the sub recording area. Proceeding to FIG. 19, in step 867a,
If there is a connection address in the BCA area, step 86
In step 7b, a connection is made to the second computer based on the connection address such as the URL in the BCA area. If there is no connection address, the connection is made to the computer having the connection address in the ROM area in step 867c. In step 867d, the transmission data is input. In step 867e, if there is an encryption communication encryption key in the BCA area, in step 867g, the transmission data is encrypted using the encryption communication encryption key in the BCA area, and the third encryption Create If not, step 867f
Then, the data is encrypted using the encryption key for encrypted communication in the ROM area or HDD, and the third encryption is created.

Next, in FIG. 20, the routine for generating the decryption key for the encryption received from the second computer 910 is performed in step 86.
This is described in Section 9. First, in the first computer, step 86
If a communication decryption key is required in step 9a, step 869b
Check whether the BCA has a communication decryption key. If there is no decryption key, the ROM is read in step 869c.
Using a program for generating an encryption key / decryption key reproduced from the area, a user's key input or data of a random number generator is reproduced by the second encryption device reproduced from the ROM area to form a pair of second communication encryption key / second communication decryption key. Generate a new one. In step 869d, the “second communication encryption key and / or user data” is encrypted using the communication encryption key recorded in the BCA and encryption software obtained by reproducing from the ROM area.
Create a cipher. In step 869e, the fourth encryption and the disc identification information and / or the user address are transmitted to the second computer having the connection address obtained by reproducing the disc. In the process of the second computer, in step 869f, the fourth encryption, the disc identification information, and the user address are received. In step 869g, a communication decryption key paired with the disc identification information is selected from the decryption key database, and the fourth decryption key is decrypted using the communication decryption key.
Obtain the plaintext of the communication encryption key. In step 869h, the fifth communication in which the server data including a part of the user data is encrypted using the second communication encryption key is transmitted to the first computer via the Internet 908. Step 869i
Then, the fifth cipher (and the disc identification information) is received and decrypted by using the second communication decryption key and the decryption function recorded in the ROM area to obtain the plaintext of the server data. Thus, bidirectional encrypted communication between the first and second computers is realized by the method of step 869 in FIG.

Step 870 of FIG. 21 describes a charging information receiving routine. In step 870a, when billing information is input, a request is made to the second computer for a third encryption key of public key encryption for billing communication. Step 87
In 0b, the second computer requests a third encryption key from the third computer. Although the exchange step is omitted, the third computer 911 stores the ID and the third encryption key in the second
Send to computer 910. At step 870c,
The second computer receives the ID and the third encryption key, and in step 870e, transmits the seventh encryption obtained by encrypting the third encryption key using the second communication encryption key or the like to the first computer. In step 870f, the first computer receives the seventh encryption, and in step 870g, decrypts the received seventh encryption using the above-described second communication decryption key, and obtains the third encryption key (the public key of the public key function). Get) In step 870h, the third encryption key is recorded on the HDD as necessary. This will be used for the next transmission. In step 870i, when charging information having a high secret value, such as a credit card number or a settlement password, is input, in step 870j, the eighth encryption obtained by encrypting the charging information using the third encryption key is transmitted to the second computer. Via a third computer. The second computer receives the eighth cipher at step 870k and retransmits it to the third computer. Since only the third computer 912 which is a financial institution has the decryption key of the third encryption,
It cannot be decrypted by computer electronic stores. In step 870m, the third computer searches the encryption key database for a third decryption key corresponding to the third encryption key using the identification information of the disk or the like, and retrieves the third decryption key corresponding to the secret key of the public key encryption.
The eighth cipher is decrypted with the decryption key to obtain the plaintext of the billing information. In step 870n, it is checked whether or not the payment can be collected from financial information such as the credit information of the user and the balance of the deposit. In step 870p, the result of the investigation is notified to the second computer. The second computer, a so-called electronic store, determines in step 870q whether or not the payment can be collected, and if not, in step 870r, does not send out the product or send a key for decrypting the encryption software. When it is determined that the payment can be collected, in the case of the key providing system as shown in FIG. 16, the process proceeds to step 870s, and the decryption key of the encryption software, that is, the product is transmitted to the user's second computer via the Internet 908. In the first computer, step 870t
In step 870u, the decryption key of the encryption software is received.
To decrypt the n-th encryption software, and step 8
At 70w, you get soft plaintext. Thus, a content key providing system is realized.

The method of step 870 in FIG. 21 requests the third computer, that is, a financial institution, to issue and issue a public key of a third encryption key, which is required to have high security, that is, billing information, as necessary. It is not necessary to record in the BCA in advance. Therefore, RSA2048 25 is used as the third encryption key.
There is an effect that a 6-byte stronger RSA-based encryption key can be used without consuming the BCA capacity. Further, since it is not necessary to record in advance in the BCA of all disks, the total number of issued third encryption keys is reduced,
The CPU time of the computer required for calculating the third encryption key is reduced. In addition, since the third cipher is not in the BCA and is not disclosed, security is slightly improved. B in this case
The role of the CA, as shown in FIGS.
This is a record of the identification information of the secret communication disk using a 4-grade encryption key. With one BCA disk, the effect is high because encrypted communication with the second computer is realized.

Next, the step 872 of the encrypted communication when both the communication encryption key and the communication decryption key are recorded in the BCA will be described with reference to FIG. In step 872g, the first computer 909 encrypts the user data with the communication encryption key reproduced from the BCA, the ninth encryption, the basic identification information recorded in the ROM area when the master is created, and the ninth encryption recorded in the BCA area. The disc identification information to the second computer 910
Send to In the second computer, step 872b
Then, the ninth encryption, the disc identification information, and the basic identification information are received. At step 872c, a decryption key database is searched for a communication decryption key paired with the disc identification information.
Decrypt the cipher and get the plaintext of the user data. In step 872e, a second encryption key corresponding to the disc identification information is selected from the encryption key database, and the server data and the third encryption key received from the third computer in the procedure described with reference to FIG. The tenth cipher that has been transmitted to the first computer. Step 8 on the first computer
At 72f, the tenth cipher is received, and at step 872g,
Using the aforementioned communication second decryption key recorded in the BCA,
The received seventh cipher is decrypted to obtain the plaintext of the server data and the third cipher key (public key of the public key function). Step 87
In 2h, the third encryption key is recorded in the HDD as needed. When charging information is input in step 872i, the process proceeds to step 872j, and the eighth encryption and the first encryption obtained by encrypting the charging information are transmitted to the third computer via the second computer by using the third encryption key. In step 872m, the second computer retransmits the eleventh cipher to the third computer. In the third computer, step 872m
Then, the third encryption key paired with the identification information of the disk or the like is searched from the database, and the eighth encryption is decrypted to obtain the plaintext of the billing information. In step 872n, a check is made to see if the user can be charged, and in step 872p, the survey result is transmitted to the second computer.
In step 872q, the second computer checks whether the user can collect the charge. When it is determined that the money can be collected In the case of the key providing system as shown in FIG.
Proceeding to step 872s, the decryption key of the encryption software, ie, the product, is transmitted to the user's second computer over the Internet. The first computer receives the decryption key of the encryption software in step 872t, decrypts the n-th encryption software in step 872u, and obtains the plaintext of the software in step 872w. Thus, a content key providing system is realized.

The advantage of the method of step 872 in FIG. 22 is that, since both the encryption key and the decryption key are recorded in the BCA area, the transmission of the decryption key and the encryption key required for reception from the second computer is not possible. It is not necessary. Since the capacity of BCA is a maximum of 188 bytes, for a cryptographic function such as a public key, 512 bytes of RSA and two 64 bytes, 128
It can be recorded because it only needs bytes. The RSA 512 can perform grade bidirectional encryption. Since the elliptic function can accommodate 7 to 8 ellipse functions as shown in FIG. 7, the effect is even higher.

The operation and effect when the first encryption key and the third encryption key are recorded in advance in the BCA will be described with reference to FIG. Steps 872a to 872w in FIG. 22 and FIG.
The third steps 873a to 873w have almost the same configuration, so only different steps will be described.

First, since the third encryption key for protecting the security of financial information such as billing information is recorded in the BCA, in step 873e, the second and third computers make the third
Generation and transmission of the encryption key is not required. Step 873e,
The transmission and reception of the twelfth cipher are performed at 873f and 873g. In step 873j, the third encryption key is read from the BCA area, and the user's billing information is sent to the third computer via the second computer. The method of FIG. 23 has an effect that the procedure is simplified because generation, transmission and reception of the third encryption key are not required at all.

In the case of the electronic payment system, there are usually a plurality of charging centers as in the case of starting credit.
Therefore, a plurality of third encryption keys, which are public keys, are required. As described with reference to FIG. 7B, when the RSA encryption function is used, RSA1024 or more, that is, 128 bytes or more is required. Therefore, only one third encryption key 817b is included in 188 bytes of BCA. However, an elliptic function cryptographic key (elliptical cryptography) that has recently appeared has a small capacity and can provide security equivalent to that of RSA. In recent years, RSA of RSA function
1024 is the minimum standard for financial information security. The RSA function requires 128 bytes, but to achieve the same security, the elliptical encryption requires 20 to 20 bytes.
It is said that about 22 bytes are sufficient. Therefore, FIG.
As shown in (c), a plurality of, and up to seven to eight, third ciphers for handling financial information can be accommodated in the BCA. By using the elliptical encryption, a BCA-based electronic payment system corresponding to a plurality of financial centers that are practically essential is realized. Although the description has been focused on the third cipher, even if it is used as the public key of the first cipher key, the effect of the elliptical cipher is the same because high security between a plurality of electronic stores is maintained.

Next, referring to FIG. 24, B shown in FIG.
The RAM disk recording / reproducing apparatus using CA will be described in more detail. As one example, the so-called Pay p
The recording procedure on the RAM disk in the erView system will be described. First, a software company such as a CATV company sends a content 8 such as movie software to a program transmitter 883.
80 in a first encryptor using a first encryption key 882 to generate a first cipher 900 and generate a CAT of each user.
Transmit to a decoder 886, such as a V decoder. On the decoder 886 side, the key issuing center 88 is connected via a network.
4 sends a request for a specific program to the key issuing center 884
Is the system ID of a specific software and a specific decoder
The first decryption information 885a including the number and the scramble descrambling key for the specific time limit information 903 and including the recording permission card 901 for the RAM disk is transmitted to the first decryption unit 887 of the first decoder 886. Send to The first decoding unit 887 stores the system ID 888 and the first
From the decryption information 885a, the first cipher 900 is decrypted, and in the case of a video signal, a signal that has been descrambled once and a scrambled signal for copy protection with another cipher is output from the third cipher output unit 889, In general TV899,
The original TV signal is copy-guarded but can be viewed.
Here, when the recording permission code 901a is NO, RA
Cannot record on M disk 894. However, in the case of OK, data can be recorded only on one RAM disk 894. This method will be described.

In the decoder 886, the IC card 902 is inserted, and the B of the RAM disk 894 of the RAM recorder is read.
The CA is read by the BCA reproducing unit 895 and the disc ID 90 is read.
5 is sent to the IC card 902. The IC card 902 checks the current time information 904 and the recording permission code 901a obtained from the disk IC 905 and the decoder 886,
A copy check 907 of the shake hand method is performed bidirectionally with the third encryption output unit 889, and if the recording permission code and the copy check are OK, the second sub-encryptor 891 in the IC card 902 issues the second encryption key 906. . Second encryptor 8
At 90, the third cipher is re-encrypted to generate a second cipher in which the content 880 is encrypted with the disc ID of the specific one disc, sent to the RAM recorder 892, and stored in the recording means 893 at 8-15 or Modulated by the first modulating unit using 8-16 modulation, and RAM
In the first recording area 894a of the disc 894, the second encryption 91
2 is recorded. Thus, the data on the RAM disk 894 is encrypted with the specific disk ID number.

Next, this disc is played back by ordinary reproducing means 896.
When the reproduction signal is demodulated by the first demodulation unit 896a of 8-16 modulation, the second cipher of the content is output. The second decryption unit 897 includes a plurality of second decryption keys 898a, 898b, 898
c. This means that each program supply company such as each CATV station has a decryption key corresponding to the encryption key of each IC card which is different. In this case, the decoding key identification information of the decoder 886 or the IC card 902 is stored in the first recording area 8 at the time of recording.
94a. The playback device reads the decryption key identification information 913 from the first recording area 894a, and the decryption key selection unit 914 uses the decryption key 898a to 898z based on the second decryption key 898 corresponding to each encryption key.
a is automatically selected, and the second cipher is decrypted by the second decryptor 897 using the disk ID 905a as one key. An IC card containing a specific decryption key may be used.
In the case of a video, a normal video descrambled by the TV 899a can be obtained.

In the system shown in FIG. 24, a disc ID 905 is stored in an IC card inserted in a decoder at home of each user.
And encrypt the image data etc., so the software company 8
83 does not need to individually change the encryption of the content to be delivered to each user. Accordingly, when pay-per-view scrambled video is broadcast to a large number of viewers such as satellite broadcast or CATV, it is possible to permit each user to record on only one RAM disk.

In the system shown in FIG. 24, the data is recorded on one disk, and at the same time, the RAM of the second disk, ie, another disk ID is used.
When trying to copy or record illegally on a disc, BC
In the case of A, since a two-layer disc is used, the disc ID cannot be falsified, so that illegal copying to the second disc is prevented at the same time. Next, the pseudo recording permission code 901a and the third encryption are transmitted to the decoder and the IC card in another time zone, and the data is encrypted with the specific disk ID. Recording on a RAM disk with a different disk ID is conceivable. Such misconduct is also
The decoder time information management unit 902 in the C card compares the time of the time restriction information 903 of the key issuing center 884 or the time of the content time information with the current time of the time information unit 904a in the decoder, and The IC card 902 permits encryption of the second cryptographic operation unit 990 if it is OK.

In this case, a shake hand time check method in which the second encryptor 890 and the first decryption unit 887 communicate check data bidirectionally may be used.

In the case of the shake hand method, the second cryptographic operation unit 890 including an IC card, the first decryption unit 887 and the third
The encryption unit 889 confirms the encrypted data in both directions. Therefore, illegal copying in another time zone that is not the same as the content transmission time is prevented.

Thus, the decoder 886 of each user
In, the content of the software company is recorded on only one of the RAM disks 894 having a specific disk ID that exists only in the world. This disc can be reproduced by any RAM disc player. There is an effect that the copyright of the software company is protected even when the data is recorded on the RAM disk by the method shown in FIG.

In the description of the figures in the main text, encryption is performed by the encryption encoder and decryption is performed by the encryption decoder. However, an encryption algorithm and a decryption algorithm, which are programs in the CPU, are actually used.

[0076]

As described above, the ID and the encryption key and the decryption key of the encryption are recorded in the BCA area of the optical disk in advance, so that the decryption of the encrypted contents can be realized by a simpler procedure. In addition, communication confidentiality is achieved without a conventional registration procedure. By storing the network check program in the content, multiple installations of the same ID software on the same network can be prevented.
Thus, there are various effects of improving security.

[Brief description of the drawings]

FIG. 1 is a process diagram of an optical disc according to an embodiment of the present invention.

FIG. 2 is a sectional view of trimming by a pulse laser according to an embodiment of the present invention.

FIG. 3 is a signal reproduction waveform diagram of a trimming unit according to the embodiment of the present invention.

FIG. 4 is a block diagram of a reproducing apparatus according to an embodiment of the present invention.

5A is a diagram showing a reproduced signal waveform of a BCA section of the present invention. FIG.

FIG. 6 is a diagram showing an encryption communication method and an encryption key method using a password according to the embodiment of the present invention.

FIG. 7 is a format diagram of the BCA of the present invention.

FIG. 8 is a diagram showing a method of encrypted communication and a method of decryption using a password according to the embodiment of the present invention.

FIG. 9 is an operation procedure diagram of a disc in which the use of the content part according to the embodiment of the present invention is permitted.

FIG. 10 is a block diagram when BCA is recorded on a RAM disk according to the embodiment of the present invention.

FIG. 11 is a block diagram of an unauthorized copy prevention method according to an embodiment of the present invention;

FIG. 12 is a flowchart for preventing unauthorized copying according to the embodiment of the present invention;

FIG. 13 is a top view and a cross-sectional view of an optical disc on which a product barcode is printed on a BCA according to an embodiment of the present invention.

FIG. 14 is a block diagram of a POS payment system using a ROM disk with BCA and a POS terminal according to an embodiment of the present invention.

FIG. 15 is a flowchart of decryption of a press factory, a software company, and a store according to an embodiment of the present invention.

FIG. 16 is a flowchart of an encryption / decryption step of encrypting / decrypting encrypted data using a disk ID or the like according to the embodiment of the present invention;

FIG. 17 is a flowchart of an encryption / decryption step of encrypting / decrypting encrypted data using a disk ID or the like according to the embodiment of this invention;

FIG. 18 is a flowchart of distribution and encryption communication of a communication encryption key using BCA according to the embodiment of the present invention.

FIG. 19 is a flowchart of distribution and encryption communication of a communication encryption key using BCA according to the embodiment of the present invention.

FIG. 20 is a flowchart of distribution of a communication encryption key using BCA and encryption communication according to an embodiment of the present invention.

FIG. 21 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 22 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 23 is a flowchart of an electronic payment system using BCA according to an embodiment of the present invention.

FIG. 24 shows one RA using BCA according to the embodiment of the present invention.
Block diagram of a recording / reproducing method for restricting recording on an M disk

[Explanation of symbols]

 801 Disk with BCA 802 Fixed key 803 Encryption encoder 804 Recording means 805 Content 806 ID 807 Trimming device 808a Molding machine 808b Reflective film maker 808c Laminating machine 809 Complete disk 809a Single-sided disk 809b Single-sided disk 811 Press field 813 Press field 813 815 Disk ID 816 First encryption key (secret key) 817 Second encryption key (secret key) 818 Connection address 819 Playback device 820 BCA playback unit 821 Password issuing center 822 Communication unit 823 Network 824 Encryption key DB 825 First decryption key 826 Content number 827 First encryption decoder 828 Charging center 829 Second decryption key 830 Charging information 831 Second encryption encoder 832 Second encryption decoder 833 Inter-information 834 password generation unit 835 password 835 personal computer 837 third decryption key 838 common key 839 third encryption key 840 third encryption encoder 841 third encryption decoder 842 main encryption encoder 843 main encryption decoder 844 main decryption key 845 first encryption decoder 846 Cryptographic encoder 847 Cryptographic decoder 849 BCA data 850 Writing layer 851 Character 852 General barcode 852 Decoder 860 Second cryptographic encoder 861 Second cryptographic decoder 862 Data reproduction unit 863 ROM area 864 Additional recording area 865 Decoding flowchart 890 Second cryptographic operation unit 894a First recording area 908 Internet 909 First computer 910 Second computer 911 Third computer 912 Second encryption 913 Decryption key identification information 9 4 Decryption key selection means 915 First slice level 916 Second slice level 917 PE-RZ modulator 918 Transparent substrate 919 First recording area 920 Second recording area 921 Disk ID 922 BCA flag 923 CPU 924 Control data 925 EFM demodulation 926 8 -15 modulation demodulation 927 8-16 modulation demodulation 928 first demodulation unit 930 second demodulation unit 931 connection address

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Shinichi Tanaka 1006 Kadoma Kadoma, Osaka Prefecture Matsushita Electric Industrial Co., Ltd. 72) Inventor Mitsuro Moriya 1006 Kadoma Kadoma, Kadoma City, Osaka Prefecture Inside Matsushita Electric Industrial Co., Ltd. (72) Yoshiya Takemura 1006 Kadoma Kadoma, Kadoma City, Osaka Pref. BA07 BB09 BB10 CA09 CA16 5D044 AB01 BC03 CC06 DE50 DE52 FG18 GK12 GK17 HH15 HL08 5D090 AA01 BB02 CC04 CC14 DD05 FF09 GG17 GG36 5J104 AA16 NA32 PA14

Claims (10)

[Claims] 1. An input unit for inputting content, an encryption unit for encrypting the input content, and a recording unit for recording the encrypted content, wherein the encryption unit A check using predetermined information is performed with the recording unit, and when the check is normal,
An encryption recording device, wherein the content encrypted by the encryption unit is sent to the recording unit. 2. A receiving means for receiving content, an encrypting means for encrypting the received content, and a recording means for recording the encrypted content, wherein the encrypting means and the recording A check using predetermined information is performed with the means, and if the check is normal,
An encryption recording device, wherein the content encrypted by the encryption unit is sent to the recording unit. 3. An input unit for inputting content, an encryption unit for encrypting the input content, a recording unit for recording the encrypted content, the encryption unit, and the recording unit And a check unit for performing a check using predetermined information, wherein, if the check is normal, the content encrypted by the encryption unit is sent to the recording unit. Encryption recording device. 4. A receiving unit for receiving a content, an encrypting unit for encrypting the received content, a recording unit for recording the encrypted content, and an encrypting unit for storing the encrypted content. And a check unit for performing a check using predetermined information, wherein when the check is normal, the content encrypted by the encryption unit is sent to the recording unit. Cryptographic recording device. 5. The cipher according to claim 1, wherein the predetermined information is information stored on a recording medium on which the encrypted content is recorded. Recording device. 6. The encryption recording apparatus according to claim 1, wherein the predetermined information is identification information for identifying a recording medium on which the encrypted content is recorded. . 7. An inputting step of inputting content, an encrypting step of encrypting the input content, and a step between an encrypting unit for performing the encryption and a recording unit for recording the encrypted content A check step of performing a check using predetermined information; and a recording step of recording the encrypted content when the check is normal. 8. A receiving step for receiving the content, an encrypting step for encrypting the received content, and a step between the encrypting means for performing the encryption and the recording means for recording the encrypted content. A check step of performing a check using predetermined information; and a recording step of recording the encrypted content when the check is normal. 9. A program for causing a computer to execute the encryption recording method according to claim 7. 10. A computer-readable recording medium on which the program according to claim 9 is recorded.