JP2003099332A - Data processing system, data record reproducing device, recording device, method, and program providing medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication process between devices in consideration of the limitation on contents utilization, a device and a method capable of ensuring security for data saving. SOLUTION: On a recording device, a plurality of key blocks storing key data for an authentication process are constituted and the key data for the plurality of key blocks are different from each block, respectively. A record reproducing device, where key block specification information is set up, carries out the authentication process with the recording device by specifying the key block. The record reproducing device can set up key block for each product, model or the like, and the limitation of contents utilization is easily configured on the reproducing device. Also, a save data encryption key is generated based on the encryption key, which is specific for only program such as contents key or the contents key and the save data is encrypted for storing in the recording device.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing system, a data recording / reproducing device, a recording device and a method, and a program providing medium, and more specifically, data recording / reproducing capable of reproducing program contents such as a game program. In a storage device (data processing device), it is possible to prevent unauthorized use of tampered data by a third party, tampering, etc. in the process of storing the saved data of the execution program in the recording device or the process of playing it back from the recording device. It is possible to secure the security of
It enables authentication between two devices that perform data transfer, considering the usage restrictions of contents,
The present invention relates to a data processing system, a data recording / reproducing device, a recording device, a method, and a program providing medium that realize a configuration that enables use of content on condition that authentication processing is established.

The present invention is a storage medium such as a DVD or a CD, or a cable such as CATV, the Internet or satellite communication.
Various contents such as audio, images, games, programs, etc., which can be obtained through a wireless communication means are reproduced in a recording / reproducing device owned by the user, and a dedicated recording device such as a memory card, a hard disk, a CD-R, etc. A data recording / reproducing device and save data processing that enable save data such as game data being executed to be stored in a recording device with sufficient security and various usage restrictions Regarding the method.

[0003]

2. Description of the Related Art Recently, game programs, voice data,
Various software data such as image data and document creation programs (hereinafter referred to as content) are distributed via a network such as the Internet or a distributable storage medium such as a DVD or a CD. is doing. These distributed contents can be stored in a recording device attached to a recording / reproducing device such as a PC (Personal Computer) or a game device owned by the user, for example, a memory card, a hard disk, etc., and once stored, , It can be used by reproducing from the storage medium.

The main components of a memory card device used in conventional information equipment such as video game equipment and PCs are control means for operation control, and a slot connected to the control means and provided in the information equipment body. And a non-volatile memory connected to the control means for storing data. The non-volatile memory included in the memory card is composed of an EEPROM, a flash memory, or the like.

Various contents such as data or programs stored in such a memory card are stored in a game machine used as a reproduction machine, a user instruction from an information equipment body such as a PC, or a connected input means. Called from the non-volatile memory according to the user's instructions via the information device itself or the connected display,
It is played back through a speaker or the like.

Many software contents such as game programs, music data, image data, etc. are generally owned by their creators and sellers. Therefore, when distributing these contents, certain usage restrictions, that is, only authorized users are permitted to use the software and unauthorized copying is not performed, that is, security is considered It is common to adopt the above configuration.

[0007] One method of realizing usage restrictions on users is encryption processing of distributed contents. That is, various contents such as encrypted audio data, image data, game programs, etc. are distributed via the Internet or the like, and the distributed encrypted contents are distributed only to those who are confirmed to be authorized users. In this configuration, a decryption means, that is, a decryption key is added.

The encrypted data can be returned to usable decrypted data (plain text) by a decryption process according to a predetermined procedure. Data encryption and decryption methods that use an encryption key for such information encryption processing and a decryption key for decryption processing are well known in the art.

There are various types of data encryption / decryption methods using an encryption key and a decryption key, and one example thereof is a so-called common key encryption method. In the common key encryption method, the encryption key used for the data encryption process and the decryption key used for the data decryption are common, and the common key used for the encryption process and the decryption is given to the authorized user. Then, data access by an unauthorized user who does not have a key is excluded. A typical method of this method is DES (Data encryption standard: Deta encry
ption standard).

The above-mentioned encryption key and decryption key used for the encryption processing and decryption can be obtained by applying a one-way function such as a hash function based on a certain password or the like. A one-way function is a function that makes it very difficult to find an input from its output. For example, a one-way function is applied with a password determined by the user as an input, and an encryption key and a decryption key are generated based on the output. From the encryption key and the decryption key obtained in this way, it is virtually impossible to find the password that is the original data. By using such an encryption method, it becomes possible to provide a system in which the encrypted content can be decrypted only by the authorized user.

A method using a different algorithm for the process using the encryption key used for encryption and the process for the decryption key used for decryption is the so-called public key encryption system. The public key encryption method is
In this method, a public key that can be used by an unspecified user is used, and an encrypted document for a specific individual is encrypted using the public key issued by the specific individual. A document encrypted by the public key can be decrypted only by the secret key corresponding to the public key used for the encryption process. Since the private key is owned only by the individual who issued the public key, the document encrypted by the public key can be decrypted only by the individual who has the private key. RSA (Rivest-Shamir-Adlema) is a typical public key cryptosystem.
n) There is a code.

By using such an encryption method, it becomes possible to provide a system in which the encrypted content can be decrypted only by the authorized user. Further, the recording / reproducing device generally has a plurality of accessible recording devices. For example, it is a DVD, a CD, a memory card, a hard disk, or the like. When a user selects and executes, for example, a game program from these multiple devices, the user sequentially checks the contents of the content data in each recording device by checking each device, and identifies the device that stores the content to be played. However, after that, it becomes necessary to execute the program, and it will take time before the start of program activation. The configuration of a data processing device that uses contents will be briefly described with reference to FIG.

FIG. 1 shows a DVD, a playback device 10 such as a PC (personal computer) and a game machine.
A program, audio data, video data, etc. (content) acquired from a data providing means such as a CD 30 or the Internet 40 is reproduced, and a DVD, C
It shows a configuration example in which data acquired from the D30, the Internet 40, or the like can be stored in the storage unit 20 such as a flexible disk, a memory card, or a hard disk.

Contents such as programs, audio data, and video data are encrypted and provided to the user having the reproducing means 10. The authorized user acquires key data that is an encryption / decryption key together with the encrypted data.

The reproduction means 10 has a CPU 12, and the reproduction processing section 14 executes the reproduction processing of the input data. The reproduction processing unit 14 executes the decryption process of the encrypted data to reproduce the provided program and the contents such as audio data and image data.

[0016] An authorized user can change the provided program to
The storage means 20 stores the contents such as programs / data in order to reuse the contents. The reproduction means 10 has a storage processing unit 13 for executing this content storage processing. The save processing unit 13 performs an save process by performing an encryption process on the data in order to prevent unauthorized use of the data stored in the storage unit 20.

When encrypting the content, a content encryption key is used. The storage processing unit 13 encrypts the content using the content encryption key,
The data is stored in the storage unit 21 of the storage unit 20, such as a (flexible disk), a memory card, or a hard disk.

When the user takes out the stored content from the storage means 20 and reproduces it,
The encrypted data is taken out, and in the reproduction processing unit 14 of the reproduction means 10, the decryption process is executed using the content decryption key, that is, the decryption key, and the decrypted data is acquired from the encrypted data and reproduced.

When the content executed by the reproducing means 10 is a game program or the like, for example, when the game program is interrupted midway and is restarted after a predetermined time, the game state at the time of interruption Conventionally, a so-called save data recording / reproducing process has been conventionally performed, in which the above data is saved, that is, stored in a recording device, and is read when restarting to continue the game.

According to the conventional configuration example shown in FIG. 1, since the stored content is encrypted in the storage means 20 such as a flexible disk or a memory card, illegal reading from the outside can be prevented. However, if this flexible disk is played back by another playback means of an information device such as a PC or a game device and is to be used, a playback having the same content key, that is, the same decryption key for decrypting the encrypted content is performed. It cannot be regenerated unless it is a means. Therefore, in order to realize a form that can be used in a plurality of information devices, it is necessary to share the encryption key provided to the user.

However, making the content encryption key common increases the possibility that the encryption key will be randomly distributed to users who do not have a legitimate license. There is a drawback in that it is impossible to prevent illegal use of contents, and it becomes difficult to eliminate illegal use in PCs, game machines, etc. that do not have a formal license.

Further, in the environment in which the keys are shared as described above, for example, the encrypted content created on a certain PC and stored in the storage means such as a memory card, a flexible disk, or the like is different from the flexible disk. Can be easily duplicated, and a usage form using a duplication flexible disk instead of the original content data is possible, and a large amount of content data that can be used in an information device such as a game device or a PC is duplicated, or There was a possibility of being tampered with.

[0023]

The save data storage configuration in a conventional recording / reproducing device such as a game machine or a personal computer is, for example, a memory card, a floppy disk, a game cartridge, or a memory card which can be incorporated in or external to the recording / reproducing device. Although it has a configuration for saving save data in a storage medium such as a hard disk, in particular, it does not have a security ensuring configuration for the save data, and for example, a configuration in which data save processing is performed according to the specifications common to game application programs. Has become.

Therefore, for example, the save data saved by using one recording / reproducing device A may be used, rewritten, or overwritten by another game program, and the security of the save data may be increased. Was hardly considered.

The data recording / reproducing device of the present invention provides a structure capable of realizing such security of save data. For example, save data of a game program is encrypted based on information unique to the game program and stored in the recording device. Alternatively, it is encrypted based on the information unique to the recording / reproducing device and stored in the recording device. By these methods, the use of save data can be restricted to a specific device and a specific program. The present invention provides a data recording / reproducing device and a save data processing method capable of ensuring the security of save data by applying such a method.

Further, there is an authentication process as a method of limiting the use of content data to authorized users.
The authentication process performed between devices is the key used for mutual authentication,
That is, it is common to use a common authentication key. Therefore, for example, if you try to change the authentication key for each product destination (country) or for each product,
It is necessary to change the key data required for the authentication processing on the recording / reproducing device side and the recording device side on both devices.

Therefore, for example, the key data required for the authentication processing stored in the newly released recording / reproducing device does not correspond to the key data required for the authentication processing stored in the previously sold recording device. The new recording / reproducing device may lose access to the old version of the recording device. Conversely, a similar situation occurs in the relationship between the new version recording device and the old version recording / reproducing device.

The present invention solves the above-mentioned problems of the prior art, and in the configuration of the present invention, a plurality of key blocks as different key sets are stored in the recording device in advance. The recording / reproducing device is a two device that executes data transfer by setting a key block to be applied to the authentication process, that is, a designated key block, for each product destination (country) or for each product, model, version, and application. In between, it is possible to perform an authentication process between devices and a storage process of content in consideration of usage restrictions of content.

Further, it is clear how to relate the authentication processing and the content usage processing, that is, how to execute the authentication processing procedure as a procedure inseparable from the content decryption processing or the storage processing. Has not been realized. As for the authentication process, user authentication using a password is possible, but a configuration has been realized in which the unauthorized use of the content is eliminated by associating the authentication process for the device such as the recording / reproducing device or the recording device with the content use process. Absent.

Therefore, for example, if authentication processing is executed by inputting a password in different recording and reproducing devices,
The content is also used in a plurality of different devices, and in order to prevent such diversion of the content, a process of associating the authentication process with the device itself and the content use process is required.

The present invention solves such a problem as well, and in the configuration of the present invention, it is prescribed that the authentication process in the recording device, the encryption process of the stored data, etc. be executed in accordance with a predetermined sequence. By doing so, a data processing system, a recording device, and a data processing method are provided that prevent the use of content, such as the reading of content whose device authentication has not been performed from an external device.

[0032]

The first aspect of the present invention is as follows.
In a data recording / reproducing device capable of reproducing and executing program content, a recording device for recording save data relating to the program content, encryption processing of stored save data for the recording device, and decryption of reproduction save data reproduced from the recording device. An encryption processing unit that executes a process, an input unit that inputs the use restriction information of save data, and a control unit that determines an encryption processing method or a decryption processing method of save data, and the control unit is the According to the input use restriction information from the input means,
The encryption processing method of save data to be stored in the recording device is determined, and the save data use restriction information set in the data management file stored in the storage unit or the recording device accessible by the control unit The encryption processing unit has a configuration for determining a decryption processing method for save data to be reproduced from a recording device,
A data recording / reproducing device having a configuration for executing encryption processing or decryption processing of save data using different encryption keys according to the encryption processing method or the decryption processing method determined by the control unit. is there.

Furthermore, in one embodiment of the data recording / reproducing device of the present invention, the use restriction information of the save data is
The data management file is a program restriction that enables use of save data on the condition that the content programs are the same. The data management file is configured as a table storing program restriction information in association with an identifier of the content program. When the input use restriction information from the input means or the setting use restriction information of the data management file is an input or setting with a program restriction, an encryption key unique to the content program or an encryption key unique to the content program. A program-specific save data encryption key generated based on at least one of a key and unique information is used to execute save data encryption processing or decryption processing, and input use restriction information from the input means, or the data management. File settings Usage restriction information When the input or setting is without program restrictions, save data encryption processing is performed by the system common encryption key stored in the data recording / reproducing device or the common save data encryption key generated based on the system common encryption key. Alternatively, it is characterized in that the decryption processing is executed.

Further, in an embodiment of the data recording / reproducing apparatus of the present invention, the encryption key unique to the content program is the content key Kcon stored in the header part of the content data including the content program, The common encryption key is the system signature key Ksys stored in common in a plurality of different data recording / reproducing devices.
Is characterized in that.

Further, in one embodiment of the data recording / reproducing device of the present invention, the use restriction information of the save data is
This is a recording / reproducing device restriction that enables use of save data on condition that the data recording / reproducing device is the same, and the data management file is configured as a table storing recording / reproducing device restriction information corresponding to the identifier of the content program. If the input use restriction information from the input unit or the setting use restriction information of the data management file is an input or setting with a recording / reproducing device restriction, the encryption processing unit is unique to the data recording / reproducing device. The save data encryption process or decryption process is executed by the recording / reproducing device-specific save data encryption key generated based on at least one of the encryption key, the encryption key unique to the data recording / reproducing device, and the unique information. Input use restriction information from the input means or setting use restriction information of the data management file is a program. In the case of unlimited input or setting, save data encryption processing by a system common encryption key stored in the data recording / reproducing device or a common save data encryption key generated based on the system common encryption key or It is characterized in that the decryption processing is executed.

Further, in one embodiment of the data recording / reproducing device of the present invention, the encryption key unique to the data recording / reproducing device is a signature key Kdev unique to the data recording / reproducing device stored in the data recording / reproducing device. The system common encryption key is a system signature key Ksys commonly stored in a plurality of data recording / reproducing devices.

Further, in one embodiment of the data recording / reproducing device of the present invention, the use restriction information of the save data is
The data management file is a user restriction that enables the use of save data on the condition that the users are the same.
The encryption processing unit is configured as a table in which user restriction information is stored in association with the identifier of the content program, and the encryption processing unit determines whether the input usage restriction information from the input unit or the setting usage restriction information of the data management file is user restricted. In the case of input or setting, encryption processing or decryption processing of save data is executed by the password input from the input means or the user-specific save data encryption key generated based on the password, and the input data is input from the input means. If the input use restriction information of the above, or the setting use restriction information of the data management file is an input or setting without user restrictions, it is based on the system common encryption key stored in the recording / reproducing device or the system common encryption key. The save data encryption process is performed using the common save data encryption key generated by Or characterized in that it is configured to perform a decoding process.

Furthermore, in one embodiment of the data recording / reproducing device of the present invention, the system common encryption key is a system signature key Ksys stored in common in a plurality of recording / reproducing devices.
Is characterized in that.

Further, a second aspect of the present invention is, in a save data processing method in a data recording / reproducing device capable of reproducing and executing program contents, save data stored in a recording device according to input use restriction information from an input means. An encryption processing mode determination step for determining a data encryption processing mode, and an encryption key selection for selecting an encryption key to be applied to the encryption process according to the encryption processing mode determined in the encryption processing mode determination step. And a save data encryption method using the encryption key selected in the encryption key selection step.

Further, a third aspect of the present invention is, in a save data processing method in a data recording / reproducing device capable of reproducing and executing a program content, a setting use set in a data management file stored in a storage means or a recording device. According to the restriction information, a decryption processing mode determining step of determining a decryption processing mode of the reproduction save data from the recording device, and a decryption key is selected according to the decryption processing mode determined in the decryption processing mode determining step. The save data processing method is characterized in that the decryption key selecting step and the save data decrypting process are executed using the decryption key selected in the decryption key selecting step.

Further, a fourth aspect of the present invention is a data processing system comprising a recording / reproducing device and a recording device for mutually performing encrypted data transfer, wherein the recording device is provided between the recording / reproducing device and the recording device. In addition to having a data storage unit for storing transferable content data, it also has a plurality of key blocks storing at least key data applicable to the authentication process between the recording / reproducing device and the recording device, and stored in the plurality of key blocks. The key data has a configuration in which different key data is stored in each block, and the recording / reproducing device is configured to perform one key block from a plurality of key blocks of the recording device in an authentication process between the recording / reproducing device and the recording device. And executing the authentication process with the recording device based on the key data stored in the specified key block. In the data processing system, comprising.

Furthermore, in one embodiment of the data processing system of the present invention, each of the plurality of key blocks of the recording device includes at least an authentication key applicable to the authentication process, and the authentication keys of each key block are mutually It is characterized by being configured as different key data.

Further, in an embodiment of the data processing system of the present invention, the recording / reproducing device holds setting information in which a key block to be applied to the authentication processing is set as a designated key block in a memory in the recording / reproducing device, The recording / reproducing device specifies one key block from a plurality of key blocks included in the recording device based on the setting information held in the memory in the recording / reproducing device in the authentication process between the recording / reproducing device and the recording device, and performs authentication. It is characterized in that it is configured to execute processing.

Further, in one embodiment of the data processing system of the present invention, the designated key block setting information of the recording / reproducing device is set so as to be different for each predetermined product unit such as a model / version of the recording / reproducing device or a shipping destination. It is characterized by being configured.

Further, in one embodiment of the data processing system of the present invention, the recording / reproducing device has a structure in which key data for authentication processing necessary for authentication processing with the recording device is stored in a memory in the recording / reproducing device. The authentication processing key data stored in the recording / reproducing device memory is authenticated only in the authentication processing using the in-block key data stored in only some of the plurality of key blocks of the recording device. It is characterized in that the key data is established and authentication is not established in the authentication process using the other key block key data.

Further, in one embodiment of the data processing system of the present invention, the recording / reproducing device stores a master key MKake for recording device authentication key in a memory in the recording / reproducing device, and the master key MKake for recording device authentication key is stored.
The authentication key Kake generated based on is authenticated only in the authentication process using the key data in the designated key block set in the recording and reproducing device, and the authentication process using the key data in another key block. Is characterized in that it is an authentication key that cannot be authenticated.

Further, in one embodiment of the data processing system of the present invention, the recording device has recording device identification information IDmem in the memory in the recording device, and each of the plurality of key blocks is different for each key block. The recording / reproducing device stores the authentication key Kake, and the recording / reproducing device obtains the authentication key Kake by performing an encryption process on the recording device identification information IDmem based on the recording device authentication key master key MKake stored in the recording / reproducing device memory. It is characterized in that it is configured to generate and perform authentication processing with the designated key block of the recording device using the generated authentication key Kake.

Further, in one embodiment of the data processing system of the present invention, each of the key blocks of the recording device is used in the recording device identifier information which is the unique information of the recording device and the authentication process between the recording and reproducing devices. The authentication key and the random number generation key, and a storage key used for encryption processing of data stored in the data storage unit are included.

Further, in an embodiment of the data processing system of the present invention, the storage key stored in each of the plurality of key blocks of the recording device is key data different for each key block and the data storage. This is a key used for encryption processing of data stored in a unit, and when the recording device requests to use data encrypted with the storage key from outside the recording device, a key exchange process of the storage key in the recording device is performed. Is executed and the encrypted data with a key different from the storage key is output to the outside of the recording device.

Further, in one embodiment of the data processing system of the present invention, the recording device has an encryption processing section, and the encryption processing section of the recording device is in accordance with the key block designation information received from the recording and reproducing device. One of the plurality of key blocks is selected, and the key data in the selected key block is used to execute the authentication process with the recording and reproducing device.

Furthermore, in one embodiment of the data processing system of the present invention, the encryption processing unit in the recording device stores data in a data storage unit that stores content data that can be transferred between the recording and reproducing device and the recording device. It is characterized in that the encryption process executed in the data transfer process from the data storage unit is executed using the key data in one key block selected according to the key block designation information received from the recording / reproducing device.

Further, in one embodiment of the data processing system of the present invention, a plurality of key blocks of the recording device that can be designated by the recording and reproducing device are provided, and at least one key in the plurality of designated key blocks is provided. The block is configured as a commonly specifiable key block that can be designated in other recording and reproducing devices.

Furthermore, a fifth aspect of the present invention is a recording device having a data storage unit for storing content data that can be transferred to and from an external device, and is used for at least authentication processing between the recording device and the external device. A recording device having a plurality of key blocks storing applicable key data, and the key data stored in the plurality of key blocks has different key data stored in each block.

Furthermore, in one embodiment of the recording device of the present invention, each of the plurality of key blocks of the recording device includes at least an authentication key applicable to an authentication process,
The authentication key of each key block is configured as mutually different key data.

Further, in one embodiment of the recording device of the present invention, the recording device has recording device identification information IDmem in the memory in the recording device, and the authentication is different for each key block in each of the plurality of key blocks. It is characterized by having a configuration in which a key Kake is stored.

Furthermore, in one embodiment of the recording device of the present invention, each of the key blocks of the recording device is used in the recording device identifier information which is the unique information of the recording device and in the authentication process with the external device. An authentication key, a random number generation key, and a storage key used for encryption processing of data stored in the data storage unit are included.

Further, in one embodiment of the recording device of the present invention, the storage key stored in each of the plurality of key blocks of the recording device is key data different for each key block, and the data storage unit. Is a key used for encryption processing of stored data, and the recording device performs a key exchange process of a storage key in the recording device when there is a request to use the data encrypted with the storage key from outside the recording device. It is characterized in that it is configured to execute and output encrypted data with a key different from the storage key to the outside of the recording device.

Further, in one embodiment of the recording device of the present invention, the recording device has an encryption processing section,
The cryptographic processing unit determines whether one of the plurality of key blocks of the recording device is in accordance with the key block designation information received from the external device.
One of the key blocks is selected, and the key data in the selected key block is used to execute an authentication process with the recording and reproducing device.

Furthermore, in one embodiment of the recording device of the present invention, the encryption processing unit in the recording device is
A cryptographic process executed in a data storage process for a data storage unit storing content data that can be transferred between the external device and the recording device and a data transfer process from the data storage unit is selected according to key block designation information received from the external device. It is characterized in that it is configured to be executed by using the key data in one key block.

Further, a sixth aspect of the present invention is a data processing method in a data processing system comprising a recording / reproducing device and a recording device for mutually executing encrypted data transfer, wherein the recording / reproducing device has the recording device. A data processing method is characterized in that one key block is designated from a plurality of key blocks, and an authentication process with the recording device is executed based on the key data stored in the designated key block.

Furthermore, a seventh aspect of the present invention is a data processing system comprising a first device and a second device for mutually executing encrypted data transfer, wherein the second device is the first device. A cryptographic processing unit that executes cryptographic processing relating to transfer data with the device,
A command identifier transferred from the device according to a predetermined setting sequence, and having a control unit that fetches a command corresponding to the received command identifier from a register and executes the command, and the control unit includes the first In the data processing system, when the command identifier transferred from the device is a command identifier different from the setting sequence, processing of the command corresponding to the command identifier is stopped.

Further, in one embodiment of the data processing system of the present invention, the setting sequence relating to the command identifier received from the first device of the control unit is a command number setting sequence in which the numbers are sequentially incremented. , The control unit stores a received value of a received command number from the first device in a memory, and a new received command number from the first device,
Based on the received command number stored in the memory, it is determined whether the sequence matches the setting sequence. If it is determined that the sequence does not match, the command processing corresponding to the new received command number is not performed, and the memory It is characterized by having a configuration for executing the reset of the command number stored in.

Further, in an embodiment of the data processing system of the present invention, the second device has a command register storing a command according to the setting sequence, and the command register has the first register. An authentication process command sequence for executing an authentication process between a device and the second device, and an encryption process command sequence for executing an encryption process regarding transfer data between the first device and the second device are stored. The command identifier corresponding to the authentication processing command sequence is set to be executed in a step prior to the command identifier corresponding to the encryption processing command sequence.

Further, in an embodiment of the data processing system of the present invention, the cipher processing command sequence is transferred from the first device to the second device, and a storage means in the second device is provided. A command sequence including an encryption key exchange process for encrypted data stored in, or stored in a storage unit in the second device,
A command sequence including an encryption key exchange process for encrypted data transferred from the second device to the first device, or at least one of the above command sequences is included.

Further, in one embodiment of the data processing system of the present invention, the control unit has been authenticated when the authentication is established by the authentication processing of the first device and the second device. Is set, and while the authentication flag is set, command management control that enables execution of the encryption processing command sequence is executed, and the control unit newly adds the authentication processing command sequence. It is characterized in that the authentication flag is reset at the time of execution.

Further, in an embodiment of the data processing system of the present invention, the control section manages a command execution order based on the setting sequence and the command identifier in the encryption key exchange processing, and the control section is During execution of a series of commands related to the key exchange process,
The configuration is such that a command process different from the setting sequence from an external device including the device of 1 is not accepted.

Further, in one embodiment of the data processing system of the present invention, the second device is a storage device having a data storage unit for storing encrypted data, and the first device is the storage device. Is a recording / reproducing device for storing data in the storage device and for extracting, reproducing, and executing the data stored in the storage device, the recording / reproducing device performing an encryption process for performing an encryption process of transfer data with the recording device. It is characterized by having a part.

Further, in an embodiment of the data processing system of the present invention, the recording device stores an authentication key applied to an authentication process between the recording / reproducing device and the recording device, and a data storage unit in the recording device. A key block storing a storage key as an encryption key for data to be recorded, and the control unit in the encryption processing unit of the recording device receives a command identifier from the recording / reproducing device in accordance with the setting sequence and receives the key. The configuration is such that an authentication process using an authentication key stored in a block is executed, and after the authentication process is completed, a data encryption process involving a key exchange process using the storage key is executed.

Further, in an embodiment of the data processing system of the present invention, the key block is composed of a plurality of key blocks respectively storing different authentication keys and storage keys, and the recording / reproducing device is constituted by the plurality of keys. The block notifies one of the key blocks used for the authentication process and the data encryption process to the recording device as a designated key block, and the recording device uses the authentication key stored in the designated key block, It is characterized in that it is configured to execute data encryption processing using a storage key.

Furthermore, an eighth aspect of the present invention is a recording device having a data storage unit for storing content data that can be transferred to and from an external device, wherein the recording device relates to transfer data to and from the external device. The cryptographic processing unit has a cryptographic processing unit that executes cryptographic processing. The cryptographic processing unit receives a command identifier transferred from an external device according to a predetermined setting sequence, and extracts a command corresponding to the received command identifier from a register. And a control unit for executing the command, the control unit cancels processing of a command corresponding to the command identifier when the command identifier transferred from the external device is a command identifier different from the setting sequence. A recording device characterized by having.

Further, in an embodiment of the recording device of the present invention, the control section has a command number setting sequence in which numbers are sequentially incremented as the setting sequence, and the control section is controlled by the external device. Of the received command number of the received command number is stored in the memory, the new received command number from the external device is determined to match the setting sequence based on the received command number stored in the memory, and If it is determined that they are different, the command processing corresponding to the new received command number is not performed, and the command number stored in the memory is reset.

Further, in an embodiment of the recording device of the present invention, the recording device has a command register storing a command according to the setting sequence,
The command register includes an authentication processing command sequence for executing authentication processing between the external device and the recording device, and an encryption processing command sequence for executing encryption processing regarding transfer data between the external device and the recording device. Is stored, and the command identifier corresponding to the authentication processing command sequence is set to be executed in a step prior to the command identifier corresponding to the encryption processing command sequence.

Further, in an embodiment of the recording device of the present invention, the encryption processing command sequence is encrypted data transferred from the external device to the recording device and stored in a storage means in the recording device. At least, or a command sequence including encryption key exchange processing for encrypted data stored in the storage means in the recording device and transferred from the recording device to the external device, It is characterized by including any of the above command sequences.

Further, in an embodiment of the recording device of the present invention, the control unit, when the authentication is established by the authentication processing of the external device and the recording device, sets an authentication flag indicating that the authentication is completed. While the authentication flag is set, command management control that enables execution of the encryption processing command sequence is executed, and the control unit executes the authentication processing command sequence when the authentication processing command sequence is newly executed. It is characterized in that the authentication flag is reset.

Further, in an embodiment of the recording device of the present invention, the control unit manages a command execution order based on the setting sequence and the command identifier in the encryption key exchange process, and the control unit It is characterized in that during execution of a series of commands relating to the key exchange processing, command processing different from the setting sequence from the external device including the external device is not accepted.

Further, in one embodiment of the recording device of the present invention, the recording device is an authentication key applied to an authentication process between the external device and the recording device, and data stored in a data storage section in the recording device. A key block storing a storage key as an encryption key, and the control unit in the encryption processing unit of the recording device receives a command identifier from the external device according to the setting sequence and stores the command identifier in the key block. The authentication process using the authentication key is performed, and after the authentication process is completed, the data encryption process is performed along with the key exchange process using the storage key.

Further, in an embodiment of the recording device of the present invention, the key block is composed of a plurality of key blocks respectively storing different authentication keys and storage keys, and the external device is composed of the plurality of key blocks. , Notifying the recording device of one key block used for authentication processing and data encryption processing as a designated key block,
The recording device is configured to execute an authentication process using an authentication key stored in a designated key block and a data encryption process using a storage key.

Furthermore, a ninth aspect of the present invention is a data processing method in a data processing system comprising a first device and a second device for mutually executing the transfer of encrypted data. Receives a command identifier transferred from the first device according to a predetermined setting sequence, executes a command processing control step of fetching a command corresponding to the received command identifier from a register and executing the command, and executing the command processing control step. In the processing control, when the command identifier transferred from the first device is a command identifier different from the setting sequence, the data processing method is characterized in that the processing of the command corresponding to the command identifier is stopped. is there.

Further, a tenth aspect of the present invention is a program providing medium for providing a computer program for causing a computer system to execute save data processing in a data recording / reproducing device capable of reproducing and executing program content, The computer program is determined in an encryption processing mode determining step for determining an encryption processing mode of save data to be stored in a recording device according to input use restriction information from an input means, and in the encryption processing mode determining step. An encryption key selection step of selecting an encryption key to be applied to the encryption processing according to the encryption processing mode, and an encryption processing of save data using the encryption key selected in the encryption key selection step. And a step of executing the program. A.

Further, an eleventh aspect of the present invention is a program providing medium for providing a computer program for causing a computer system to execute save data processing in a data recording / reproducing device capable of reproducing and executing program content, And a decoding processing mode determining step of determining a decoding processing mode of save data to be reproduced from the recording device according to setting use restriction information set in a data management file stored in the storage means or the recording device. A decryption key selection step of selecting a decryption key to be applied to the decryption processing according to the decryption processing aspect determined in the decryption processing aspect determination step, and a decryption key selected in the decryption key selection step To execute the decryption processing of the save data using In program providing medium characterized by having a flop, a.

Further, a twelfth aspect of the present invention is a computer program for causing a computer system to execute a data processing method in a data processing system comprising a recording / reproducing device and a recording device for mutually transmitting encrypted data. A computer program, wherein the recording / reproducing device comprises:
A program providing a step of designating one key block from a plurality of key blocks of a recording device and executing an authentication process with the recording device based on key data stored in the designated key block. In the medium.

Further, a thirteenth aspect of the present invention is a computer for causing a computer system to execute data processing in a data processing system comprising a first device and a second device which mutually transfer encrypted data. A program providing medium that provides a program, receives a command identifier transferred from the first device to the second device according to a predetermined setting sequence, and receives a command corresponding to the received command identifier. When the command identifier transferred from the first device in the command processing control step is a command identifier different from the setting sequence in the command processing control step, the command processing control step is executed. Characterized by including the step of stopping the processing of the corresponding command. It is in the program providing medium.

The program providing medium according to the present invention is a medium for providing a computer program in a computer-readable format to a general-purpose computer system capable of executing various program codes, for example. The medium is not particularly limited in its form such as a storage medium such as a CD, FD, MO or a transmission medium such as a network.

Such a program providing medium defines a structural or functional cooperative relationship between the computer program and the providing medium for realizing the functions of a predetermined computer program on a computer system. It is a thing. In other words, by installing the computer program in the computer system via the providing medium, the cooperative action is exerted on the computer system, and the same action and effect as other aspects of the present invention can be obtained. Can be done.

Further objects, features and advantages of the present invention are as follows.
It will be clarified by a more detailed description based on embodiments of the present invention described below and the accompanying drawings.

[0086]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below. The description procedure is performed according to the following items. (1) Data processing device configuration (2) Content data format (3) Outline of encryption processing applicable to the data processing device (4) Storage data configuration of recording / playback device (5) Storage data configuration of recording device (6) Recording / playback Authentication process between recording device and recording device (6-1) Outline of mutual authentication process (6-2) Key block switching during mutual authentication (7) Download process from recording / playback device to recording device (8) Recording device Reproduction processing of stored information in recording / reproducing device (9) Key exchange processing after mutual authentication (10) Multiple content data formats and download and reproduction processing corresponding to each format (11) Check value (I) in content provider
CV) Generation processing mode (12) Encryption processing key generation configuration based on master key (13) Control of encryption strength in encryption processing (14) Program activation processing based on activation priority in handling policy of content data (15) Content configuration And reproduction (decompression) processing (16) generation of save data and storage in a recording device, reproduction processing (17) configuration (revocation) configuration of unauthorized equipment (18) secure chip configuration and manufacturing method

(1) Data Processing Device Configuration FIG. 2 shows an overall configuration block diagram of an embodiment of the data processing device of the present invention. The data processing device of the present invention includes a recording / reproducing device 300 and a recording device 400 as main components.

The recording / reproducing device 300 is, for example, a personal
It is configured by a computer (PC: Personal Computer), a game machine, or the like. Recording / reproducing device 300
As shown in FIG. 2, a control unit 301 that executes overall control including communication control with the recording device 400 at the time of encryption processing in the recording / reproducing device 300, a recording / reproducing device cryptographic processing unit 302 that controls overall encryption processing, A recording device 400 connected to a recording / reproducing device, a recording device controller 303 that performs authentication processing to read / write data, a reading unit 304 that reads at least data from a medium 500 such as a DVD, and communication that transmits / receives data to / from the outside. Part 3
Have 05.

The recording / reproducing device 300 downloads content data to the recording device 400 and reproduces content data from the recording device 400 under the control of the control unit 301. The recording device 400 is a storage medium that is preferably removable from the recording / reproducing device 300, for example, a memory card or the like.
It has an external memory 402 composed of M and the like.

The recording / reproducing device 300 is distributed from a reading unit 304 as an interface capable of inputting content data stored in the storage medium shown at the left end of FIG. 2, DVD, CD, FD, and HDD, and a network such as the Internet. It has a communication unit 305 as an interface capable of inputting content data, and inputs content from outside.

The recording / reproducing device 300 has an encryption processing unit 302, and when downloading the content data input from the outside via the reading unit 304 or the communication unit 305 to the recording device 400, or recording the content data in the recording device. Authentication processing when playing and executing from 400,
The encryption process, the decryption process, and the data verification process are executed. The cryptographic processing unit 302 holds a control unit 306 that controls the entire cryptographic processing unit 302, information such as a key for cryptographic processing, and an internal memory 307 that has been processed so that data cannot be easily read from the outside. The encryption / decryption unit 308 performs encryption processing, decryption processing, generation / verification of authentication data, generation of random numbers, and the like.

The control unit 301 is, for example, the recording / reproducing device 30.
0 when the recording device 400 is attached to the recording device 400, an initialization command is transmitted to the recording device 400 via the recording device controller 303, or the encryption / decryption unit 308 and the recording device encryption of the recording / reproducing device encryption processing unit 302. Mutual authentication processing, check value matching processing, encryption, decryption processing, etc. performed between the encryption / decryption unit 406 of the processing unit 401,
Intermediary processing in various processing is performed. Each of these processes will be described in detail later.

The encryption processing unit 302 is a processing unit for executing the authentication process, the encryption process, the decryption process, the data verification process, and the like as described above, and the encryption process control unit 306, the internal memory 307, the encryption / decryption process. It has a decoding unit 308.

The encryption processing control unit 306 is used by the recording / reproducing device 30.
Is a control unit that executes control related to overall cryptographic processing such as authentication processing, encryption / decryption processing, etc.
For example, setting of an authentication completion flag when the authentication process executed between the recording / reproducing device 300 and the recording device 400 is completed, various processes executed in the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302, For example, control for overall cryptographic processing such as an instruction to execute a check value generation process for download or reproduction content data and an instruction to execute a process for generating various key data is performed.

The internal memory 307, which will be described in detail later, has key data necessary for various processes such as mutual authentication process, check value collation process, encryption and decryption process executed in the recording / reproducing device 300. Alternatively, the identification data or the like is stored.

The encryption / decryption unit 308 uses the internal memory 30.
When the content data input from the outside is downloaded to the recording device 400 by using the key data or the like stored in 7, or the content data stored in the recording device 400 is reproduced from the recording device 400,
The authentication process, the encryption process, the decryption process, the generation / verification of a predetermined check value and a digital signature, the data verification, the generation of a random number, and the like are executed.

Here, since the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 holds important information such as an encryption key, it is necessary to have a structure that is difficult to be illegally read from the outside. Therefore, the cryptographic processing unit 302 is composed of a semiconductor chip having a structure that is difficult to access from the outside and has a multi-layered structure, and the memory inside thereof is sandwiched between dummy layers such as an aluminum layer or the lowest layer. Further, it is configured as a tamper resistant memory having characteristics that it is difficult to illegally read data from the outside, such as a narrow operating voltage and / or frequency width. For this configuration,
The details will be described later.

The recording / reproducing device 300 has a central processing unit (main CPU: Central CPU) in addition to these cryptographic processing functions.
Processing Unit 106, RAM (Random Access Mem)
ory) 107, ROM (Read Only Memory) 108, AV
A processing unit 109, an input interface 110, a PIO (parallel I / O interface) 111, and an SIO (serial I / O interface) 112 are provided.

Central processing unit (Main CPU: Centra
l Processing Unit) 106, RAM (Random Access M)
emory) 107, ROM (Read Only Memory) 108,
It is a component functioning as a control system of the main body of the recording / reproducing device 300, and mainly functions as a reproducing processing part for reproducing the data decrypted by the recording / reproducing device cryptographic processing part 302.
For example, a central processing unit (main CPU: Central Proc
The essing unit) 106 controls the reproduction and execution of the content, such as outputting the content data read from the recording device and decoded under the control of the control unit 301 to the AV processing unit 109.

The RAM 107 is used as a main memory for various processes in the CPU 106, and is used as a main CPU.
Used as a work area for processing by 106.
The ROM 108 is an OS started by the main CPU 106.
A basic program for starting up etc. is stored.

The AV processing unit 109 specifically has a data compression / decompression processing mechanism such as an MPEG2 decoder, an ATRAC decoder, an MP3 decoder, etc., and a display or speaker (not shown) attached to or connected to the recording / reproducing device main body. The process for outputting data to the data output device is executed.

The input interface 110 outputs input data from various input means such as a connected controller, keyboard and mouse to the main CPU 106. The main CPU 106 executes processing according to an instruction from the controller from the user based on, for example, a game program being executed.

PIO (parallel I / O interface)
111, SIO (serial I / O interface) 11
Reference numeral 2 is used as a connection interface with a memory card, a storage device such as a game cartridge, a portable electronic device, or the like.

The main CPU 106 also controls, for example, setting data and the like relating to the game being executed and the like to be stored in the recording device 400 as save data. At the time of this processing, the stored data is transferred to the control unit 301,
The control unit 301 causes the encryption processing unit 302 to execute encryption processing regarding save data as necessary, and stores the encrypted data in the recording device 400. These cryptographic processes will be described in detail later.

As described above, the recording device 400 is preferably a storage medium that can be attached to and detached from the recording / reproducing device 300, and is composed of, for example, a memory card. The recording device 400 includes an encryption processing unit 401 and an external memory 402.
Have.

The recording device encryption processing section 401 downloads the content data from the recording / reproducing device 300 or reproduces the content data from the recording device 400 to the recording / reproducing device 300.
Mutual authentication processing between the storage device 400 and the recording device 400, encryption processing,
A processing unit that executes a decryption process, a data verification process, and the like, and has a control unit, an internal memory, an encryption / decryption unit, and the like, similar to the encryption processing unit of the recording and reproducing device 300. These details are shown in FIG. As described above, the external memory 402 is composed of, for example, a nonvolatile memory including a flash memory such as an EEPROM, a hard disk, a RAM with a battery, and the like, and stores encrypted content data and the like.

FIG. 3 shows a medium 50, which is a content providing means to which the data processing apparatus of the present invention receives data.
0, the outline of the data structure input from the communication means 600 is shown, and these content providing means 500, 60
FIG. 3 is a diagram showing the configuration of a recording / reproducing device 300 for inputting content from 0 and a configuration regarding encryption processing in a recording device 400.

The medium 500 is, for example, an optical disc medium, a magnetic disc medium, a magnetic tape medium, a semiconductor medium or the like. The communication unit 600 is a unit capable of data communication such as Internet communication, cable communication, satellite communication and the like.

In FIG. 3, a recording / reproducing device 300 includes a medium 500 as a content providing means and a communication means 600.
The data input from, that is, the content according to the predetermined format as shown in FIG. 3 is verified, and the content is stored in the recording device 400 after the verification.

As shown in the medium 500 and the communication means 600 of FIG. 3, the content data has the following components. Identification information: Identification information as an identifier of the content data. Handling policy: Configuration information of content data, for example, header size of content data, content part size, format version, content type indicating whether the content is a program or data, and the content can be used only by the downloaded device. Handling policy including usage restriction information such as whether it can be used with other devices. Block information: Block information composed of the number of content blocks, the block size, an encryption flag indicating the presence / absence of encryption, and the like. Key data: an encryption key for encrypting the above block information,
Alternatively, key data including a content key for encrypting the content block. Content block: A content block made up of program data, music, image data, etc. that are the actual playback targets. Have. Details of the content data will be described later in detail with reference to FIG.

The content data includes a content key (here, the content key (Content Key (hereinafter, Kc
It is encrypted by ()) and is provided from the medium 500 and the communication means 600 to the recording / reproducing device 300. The content can be stored in the external memory of the recording device 400 via the recording / reproducing device 300.

For example, the recording device 400 uses a key peculiar to the recording device stored in the internal memory 405 in the recording device (herein, this is called a storage key (hereinafter, referred to as Kstr)). The content included in the content data, block information included as header information of the content data, various key information,
For example, the content key Kcon or the like is encrypted and stored in the external memory 402. Content data recorder / player 3
00 to the recording device 400, or in the reproduction process of the content data stored in the recording device 400 by the recording / reproducing device 300, mutual authentication process between devices, encryption / decryption process of content data, etc. Predetermined procedures are required. These processes will be described in detail later.

The recording device 400 has an encryption processing unit 401 and an external memory 402 as shown in FIG. 3, and the encryption processing unit 401 includes a control unit 403, a communication unit 404, an internal memory 405, and an encryption / decryption unit 406. , External memory control unit 40
Have 7.

The recording device 400 is in charge of overall cryptographic processing, controls the external memory 402, holds a recording device cryptographic processing unit 401 that interprets commands from the recording / reproducing device 300 and executes processing, and contents. It is composed of an external memory 402.

The recording device encryption processing unit 401 is a control unit 403 for controlling the entire recording device encryption processing unit 401,
Communication unit 40 for transmitting / receiving data to / from the recording / reproducing device 300
4. Internal memory 405 that holds information such as key data for encryption processing and is processed so as not to be easily read from the outside, encryption processing, decryption processing, generation / verification of authentication data, Encryption / decryption unit 40 for generating random numbers
6. It has an external memory control unit 407 that reads and writes data in the external memory 402.

The control unit 403 is a control unit that executes control relating to overall cryptographic processing such as authentication processing and encryption / decryption processing executed in the recording device 400.
Setting of an authentication completion flag at the time of completion of the authentication process executed between the recording / reproducing device 300 and the recording device 400,
Various processes executed in the encryption / decryption unit 406 of the encryption processing unit 401, for example, an instruction to execute a check value generation process regarding download or reproduction content data, an instruction to execute a generation process for various key data, and the like, and control related to the overall encryption process Do.

As will be described in detail later, the internal memory 405 is composed of a memory having a plurality of blocks, and the mutual authentication processing, check value collation processing, encryption and decryption processing executed in the recording device 400. Etc., a plurality of sets of key data or identification data necessary for various processes are stored.

The internal memory 405 of the recording device encryption processing unit 401 is the same as the recording / reproducing device encryption processing unit 302 described above.
Like the internal memory 307 of the above, since it stores important information such as an encryption key, it is necessary to make it a structure that is difficult to be illegally read from the outside. Therefore, the cryptographic processing unit 401 of the recording device 400 is composed of a semiconductor chip having a structure that is difficult to access from the outside and has a multi-layered structure, and the internal memory is sandwiched between dummy layers such as an aluminum layer or the like. The voltage or /
In addition, the configuration is such that it is difficult to illegally read data from the outside, such as a narrow frequency range. Note that the recording / reproducing device cryptographic processing unit 302 may be software configured so as not to easily leak secret information such as a key to the outside.

The encryption / decryption unit 406 is used by the recording / reproducing device 30.
0 when downloading content data, playing back content data stored in the external memory 402 of the recording device 400, or performing mutual authentication processing between the recording / playback device 300 and the recording device 400.
By using the key data and the like stored in 05, data verification processing, encryption processing, decryption processing, generation / verification of a predetermined check value and electronic signature, generation of random numbers, and the like are executed.

The communication section 404 is connected to the recording device controller 303 of the recording / reproducing device 300, and is connected to the recording / reproducing device 3
Communication of the transfer data between the recording / reproducing device 300 and the recording device 400 at the time of the content data download process, the reproduction process, or the mutual authentication process under the control of the control unit 301 of 00 or the control unit 403 of the recording device 403. Do.

(2) Content Data Format Next, referring to FIG. 4 to FIG. 6, the content is stored in the medium 500 in the system of the present invention, or the data communication means 6 is used.
The data format of the data distributed over 00 will be described.

The structure shown in FIG. 4 is a diagram showing the format of the entire content data, and the structure shown in FIG. 5 is a diagram showing the details of the "handling policy" forming a part of the header portion of the content data. 6 is a diagram showing details of "block information" in which the configuration shown in FIG. 6 constitutes a part of a header portion of content data.

Here, a typical example of a data format applied in the system of the present invention will be described. In the system of the present invention, for example, a format corresponding to a game program, suitable for real-time processing of music data, etc. Multiple different data formats such as different formats can be used, and aspects of these formats will be described in more detail later in "(10) Multiple content data formats and download and reproduction processing corresponding to each format". .

In the data format shown in FIG. 4,
The gray portion is encrypted data, the double-framed portion is tampering check data, and the other white portions are plain text data that are not encrypted. The encryption key of the encryption unit is the key shown on the left of each frame. In the example shown in FIG. 4, each block (content block data) in the content part includes both encrypted and unencrypted blocks. These forms differ depending on the content data, and all content block data included in the data may be encrypted.

As shown in FIG. 4, the data format is divided into a header section and a content section. The header section has identification information (Content ID) and handling policy (Usage).
Policy), Check Value A (Integrity Check Value A)
(Hereinafter referred to as ICVa)), block information key (Block
Information Table Key (hereinafter referred to as Kbit)),
Content key Kcon, block information (Block Informat
ion table (hereinafter referred to as BIT)), check value B
(ICVb) and the total check value (ICVt), and the content section is composed of a plurality of content blocks (for example, encrypted content and non-encrypted content).

Here, the identification information indicates an individual identifier (Content ID) for identifying the content. The handling policy, as shown in detail in Fig. 5, is the header size (Header Len
gth), the content size (Content Length) indicating the size of the content portion, the format version (Format Version) indicating the format version information, and the format type (Format T indicating the format type).
ype), a content type (Content Type) that indicates the type of content such as whether the content stored in the content section is a program or data, and startup priority information that indicates the startup priority when the content type is a program ( Operation Priority), usage restriction information (Localizati) that indicates whether the content downloaded according to this format can be used only by the downloaded device or by other similar devices.
onField), copy restriction information (Copy) indicating whether the content downloaded according to this format can be copied from the downloaded device to other similar devices.
Permission), move restriction information (Move Permission) indicating whether the content downloaded according to this format can be moved from the downloaded device to another similar device, and the algorithm used to encrypt the content block in the content section. , Encryption Algorithm, which shows how to use the algorithm used to encrypt the content in the content section,
Verification method showing how to generate check value (Integrity Chec
k Method).

The data items recorded in the above-mentioned handling policy are merely examples, and various handling policy information can be recorded according to the mode of the corresponding content data. For example, as will be described in detail later in "(17) Revocation configuration of unauthorized device", the identifier of an unauthorized recording / reproducing device is recorded as data, and content use by an unauthorized device is excluded by collation at the start of use. It can also be configured as follows.

The check values A and ICVa are check values for verifying the falsification of the identification information and handling policy. It functions as a check value for partial data rather than the entire content data, that is, a partial check value. The data block information key Kbit is used to encrypt the block information, and the content key Kcon is used to encrypt the content block. The block information key Kb
The it and the content key Kcon are the distribution key (Distributi) described later on the medium 500 and the communication unit 600.
It is encrypted with on Key (hereinafter referred to as Kdis).

Details of the block information are shown in FIG. In addition,
As understood from FIG. 4, the block information of FIG. 6 is data encrypted by the block information key Kbit. As shown in FIG. 6, the block information includes the number of content blocks (Bloc
k Number) and N pieces of content block information. The content block information includes a block size (Block Length), an encryption flag (Encryption Flag) indicating whether or not encrypted, and a verification target flag (ICV Fla) indicating whether or not a check value needs to be calculated.
g), content check value (ICVi).

The content check value is a check value used to verify the tampering of each content block. For a specific example of the method of generating the content check value, see “(10) Multiple data formats,
The download processing to the recording device corresponding to each format and the reproduction processing from the recording device ”will be described. The block information key Kbit that encrypts the block information is further encrypted with the delivery key Kdis.

The description of the data format of FIG. 4 will be continued. The check values B and ICVb are the block information key Kbi
t, a content key Kcon, and a check value for verifying falsification of block information. It functions as a check value for partial data rather than the entire content data, that is, a partial check value. The total check value ICVt is ICV
a, ICVb, check value IC of each content block
Vi (when set), these partial check values, or check values for verifying tampering of all the data to be checked.

In FIG. 6, the block size,
Although the encryption flag and the verification target flag can be freely set, the rule may be set to some extent. For example, the ciphertext area and the plaintext area may be repeated with a fixed size, all content data may be encrypted, and the block information BIT may be compressed. Further, in order to make the content key Kcon different for each content block, the content key Kcon is not in the header part,
It may be included in the content block. For an example of the content data format, see “(10)
A plurality of content data formats and the download and reproduction processing corresponding to each format "will be described in more detail.

(3) Outline of Cryptographic Processing Applicable to Data Processing Apparatus of the Present Invention Next, various cryptographic processing modes applicable to the data processing apparatus of the present invention will be described. Note that the description regarding the cryptographic processing described in this item “(3) Outline of cryptographic processing applicable to the data processing apparatus of the present invention” is performed by various processes in the data processing apparatus of the present invention, which will be specifically described later. ． Authentication processing between the recording / playback device and the recording device. b. Download processing of content to the recording device. c. The outline of an aspect of cryptographic processing, which is a basis of processing executed in processing such as reproduction processing of content stored in a recording device, will be described. Specific processing in the recording / reproducing device 300 and the recording device 400 will be described in detail for each processing in item (4) and thereafter of this specification.

The outline of the cryptographic processing applicable to the data processing apparatus will be described below. (3-1) Message authentication by common key cryptosystem (3-2) Electronic signature by public key cryptosystem (3-3) Public key cryptosystem Verification of electronic signature by method (3-4) Mutual authentication by common key cryptography (3-5) Public key certificate (3-6) Mutual authentication by public key cryptography (3-7) Elliptic curve cryptography was used The encryption process (3-8), the decryption process using the elliptic curve encryption (3-9), and the random number generation process will be described in this order.

(3-1) Message Authentication by Common Key Cryptography First, the process of generating tampering detection data using the common key cryptography will be described. The tampering detection data is data for adding tampering to the data for which tampering detection is desired and for checking tampering and authenticating the creator.

For example, the check values A and B of the double frame portion in the data structure described in FIG. 4, the total check value, and the content check value stored in each block in the block information shown in FIG. , As the alteration detection data.

Here, an example using DES in the common key cryptosystem will be described as one example of a method of generating digital signature data. Note that in the present invention, in addition to DES, as processing in a similar common key cryptosystem, for example, FEAL (Fast Encipherment ALgorithm: NTT), AE
It is also possible to use S (Advanced Encryption Standard: US standard encryption) or the like.

A general digital signature generation method using DES will be described with reference to FIG. First, before generating an electronic signature, a message to be an electronic signature is divided into 8-byte units (hereinafter, the divided message will be referred to as M1,
M2, ..., MN). And the initial value (Initia
l Value (hereinafter, IV)) and M1 are exclusive-ORed (the result is I1). Next, I1 is put in the DES encryption unit and encrypted using a key (hereinafter, K1) (output is E1). Subsequently, the exclusive OR of E1 and M2 is performed, the output I2 is input to the DES encryption unit, and encrypted using the key K1 (output E2). After that, this process is repeated to perform encryption processing on all messages. The EN that appears at the end becomes the electronic signature. This value is generally a message authentication code (MAC (Message Authen
tication Code)) and is used to check the message for tampering. A method of chaining ciphertexts in this way is called a CBC (Cipher Block Chaining) mode.

The MAC value output in the generation example as shown in FIG. 7 is the check values A and B of the double frame portion in the data structure shown in FIG. 4, the total check value, and the block shown in FIG. It can be used as the content check values ICV1 to ICVN stored in each block in the information.
At the time of verifying the MAC value, the verifier generates the MAC value by the same method as at the time of generation, and if the same value is obtained, the verification is successful.

In the example shown in FIG. 7, the initial value IV is exclusive ORed with the first 8-byte message M1. However, the initial value IV = 0 may be set so that the initial value IV is not exclusive ORed. It is possible.

FIG. 8 shows a processing configuration diagram showing a MAC value generating method with further improved security as compared with the MAC value generating method shown in FIG. FIG. 8 shows the single DE of FIG.
It shows an example in which a MAC value is generated by using a triple DES instead of S.

Each triple DES (Triple D) shown in FIG.
FIG. 9 shows a detailed configuration example of the ES) configuration unit. FIG. 9 (a),
Triple DES as shown in (b)
There are two different modes. FIG. 9 (a)
Shows an example in which two encryption keys are used, and the encryption process with the key 1, the decryption process with the key 2, and the encryption process with the key 1 are performed in this order. The keys are K1, K2,
Two types are used in the order of K1. FIG. 9B shows an example in which three encryption keys are used. The encryption process by the key 1, the encryption process by the key 2, and the encryption process by the key 3 are performed in this order, and encryption is performed three times. Process. The key is K1,
Three types of keys are used in the order of K2 and K3. By thus configuring a plurality of processes to be continuous, a single DES
The security strength is improved compared to. However, this Triple DES configuration has the drawback that the processing time is approximately three times that of a single DES.

Triple DES described in FIGS. 8 and 9
FIG. 10 shows an example of a MAC value generation configuration with an improved configuration. In FIG. 10, the encryption process for each message from the beginning to the middle of the message string to be signed is performed by the single DES, and only the encryption process for the last message is performed by the triple DES shown in FIG. 9A.
(Triple DES) configuration.

With such a configuration as shown in FIG. 10, the processing time for generating the MAC value of the message is shortened to about the same as the time required for the MAC value generation processing by the single DES, and the security by the single DES is used. It becomes possible to raise it higher than the MAC value. The triple DES structure for the final message is shown in FIG.
It is also possible to adopt a configuration of.

(3-2) Digital Signature by Public Key Cryptography The above is the method of generating digital signature data when the common key cryptography is applied as the encryption scheme. A method of generating an electronic signature using the key cryptosystem will be described with reference to FIG. The process shown in FIG.
C-DSA ((Elliptic Curve Digital Signature Alg
orithm), IEEE P1363 / D3) is used to generate digital signature data. Here, an example using Elliptic Curve Cryptography (hereinafter referred to as ECC) as the public key cryptography will be described. In the data processing device of the present invention, in addition to the elliptic curve cryptography, for example, RSA cryptography ((Rivest, Shamir, Adleman), etc. (ANSI X9.31)) in a similar public key cryptosystem.
It is also possible to use.

Each step of FIG. 11 will be described. In step S1, p is a characteristic, a and b are coefficients of an elliptic curve (elliptic curve: y ² = x ³ + ax + b), G is a base point on the elliptic curve, r is the order of G, and Ks is a secret key ( 0 <Ks <
r). In step S2, the hash value of the message M is calculated to be f = Hash (M).

Here, a method of obtaining a hash value using a hash function will be described. The hash function is a function that receives a message, compresses the message into data having a predetermined bit length, and outputs the data as a hash value. It is difficult for the hash function to predict the input from the hash value (output). When one bit of the data input to the hash function changes, many bits of the hash value change and the same hash value is changed. It has a feature that it is difficult to find out different input data. MD4, MD5, SHA-1, etc. may be used as the hash function, and DES-CBC similar to that described in FIG. 7 and others may be used. In this case, the final output value MAC (check value: corresponding to ICV) becomes the hash value.

Succeedingly, in a step S3, a random number u (0 <u
<R) is generated, and the coordinate V (Xv, Yv) obtained by multiplying the base point by u is calculated in step S4. Note that addition and doubling on the elliptic curve are defined as follows.

[0149]

## EQU1 ## P = (Xa, Ya), Q = (Xb, Yb), R = (Xc, Y
c) = P + Q, when P ≠ Q (addition), Xc = λ ² −Xa−Xb Yc = λ × (Xa−Xc) −Ya λ = (Yb−Ya) / (Xb−Xa) When P = Q (doubled), Xc = λ ² −2Xa Yc = λ × (Xa−Xc) −Ya λ = (3 (Xa) ² + a) / (2Ya)

These are used to calculate u times point G (the speed is slow, but the easiest way to calculate is as follows: G, 2 × G, 4 × G ... 2 ⁱ × G (where G is i
2 times the value) is added (i is the bit position when counting from the LSB of u)).

In step S5, c = Xvmod r is calculated, and in step S6 it is determined whether or not this value becomes 0. If it is not 0, d = [(f + cKs) in step S7.
/ U] mod r is calculated, and it is determined in step S8 whether or not d is 0. If d is not 0, c and d are output as electronic signature data in step S9. If r
Is 160 bits long, the electronic signature data has a length of 320 bits.

If c is 0 in step S6, the process returns to step S3 to regenerate a new random number. Similarly, if d is 0 in step S8, the process returns to step S3 to regenerate a random number.

(3-3) Verification of Digital Signature by Public Key Cryptography Next, a method of verifying a digital signature by public key cryptography will be described.
This will be described with reference to FIG. In step S11, M is a message, p is a characteristic, a and b are coefficients of an elliptic curve (elliptic curve:
y ² = x ³ + ax + b), G is the base point on the elliptic curve, r is the order of G, and G and Ks × G are public keys (0 <Ks
<R). In step S12, it is verified whether the electronic signature data c and d satisfy 0 <c <r and 0 <d <r. If this is satisfied, the hash value of the message M is calculated in step S13, and f = Hash (M) is set.
Next, in step S14, h = 1 / d mod r is calculated, and in step S15, h1 = fh mod r and h2 = ch mo.
Calculate dr.

In step S16, h already calculated
1 and h2, the point P = (Xp, Yp) = h1 × G
Calculate + h2 · Ks × G. Since the electronic signature verifier knows the public key G and Ks × G, the scalar multiplication of the point on the elliptic curve can be calculated as in step S4 of FIG. Then, in step S17, it is determined whether or not the point P is the point at infinity, and if it is not the point at infinity, the process proceeds to step S18 (in practice, the point at infinity can be determined in step S16. That is, P = (X , Y) and Q = (X, −Y) are added, λ cannot be calculated, and it is known that P + Q is the point at infinity). Xp mo in step S18
Calculate d r and compare with digital signature data c. Finally, when the values match, the process proceeds to step S19, and it is determined that the electronic signature is correct.

When it is determined that the electronic signature is correct, it is understood that the data has not been tampered with and the person who holds the private key corresponding to the public key has generated the electronic signature.

In step S12, if the electronic signature data c or d does not satisfy 0 <c <r and 0 <d <r, the process proceeds to step S20. In addition, step S17
If the point P is the point at infinity in step S2, step S2
Go to 0. Furthermore, in step S18, Xp
Even when the value of mod r does not match the electronic signature data c, the process proceeds to step S20.

If it is determined in step S20 that the digital signature is not correct, is the data falsified?
It can be seen that the person holding the private key corresponding to the public key did not generate the digital signature.

(3-4) Mutual Authentication Using Common Key Cryptography Next, a mutual authentication method using the common key cryptography will be described with reference to FIG.
Will be explained. Although DES is used as the common key cryptosystem in FIG. 13, any similar common key cryptosystem may be used as described above. In FIG. 13, first, B generates a 64-bit random number Rb, and transmits Rb and its own ID, ID (b), to A. Upon receiving this, A newly generates a 64-bit random number Ra, and Ra, R
b, ID (b) in this order, key Ka in DES CBC mode
Encrypt the data using b and send it back to B. According to the DES CBC mode processing configuration shown in FIG. 7, Ra is M
1, Rb corresponds to M2, ID (b) corresponds to M3, initial value:
Outputs E1, E2, and E3 when IV = 0 are ciphertexts.

Upon receiving this, B receives the received data with the key Ka.
Decrypt with b. In the method of decrypting the received data, first, the ciphertext E1 is decrypted with the key Kab to obtain the random number Ra. Next, the ciphertext E2 is decrypted with the key Kab, and the result and E1
Is exclusive ORed to obtain Rb. Finally, the ciphertext E3 is decrypted with the key Kab, and the result and E2 are exclusive-ORed to obtain ID (b). Ra, Rb, I thus obtained
Of D (b), verify that Rb and ID (b) match those sent by B. If this verification is successful, B is A
Authenticate as legitimate.

Next, B generates a session key (Session Key (hereinafter, referred to as Kses)) to be used after authentication (random number is used as a generation method). And Rb, Ra,
In the order of Kses, encryption is performed using the key Kab in the CBC mode of DES, and the encrypted data is returned to A.

Upon receiving this, A receives the received data with the key Ka.
Decrypt with b. The method of decoding the received data is the same as the decoding process of B, and thus the details are omitted here. Of the Rb, Ra, and Kses thus obtained, it is verified whether Rb and Ra match those transmitted by A. If this verification is successful, A authenticates B as valid. After authenticating each other, the session key Kse
s is used as a common key for secret communication after authentication.

It should be noted that, if any invalidity or inconsistency is found in the verification of the received data, it is considered that mutual authentication has failed, and the processing is interrupted.

(3-5) Public Key Certificate Next, the public key certificate will be described with reference to FIG.
The public key certificate is a certificate authority (C
A: A certificate issued by a Certificate Authority). When the user submits his / her own ID, public key, etc. to the certificate authority, the certificate authority side adds information such as the certificate authority ID and expiration date, and further authenticates. This is a certificate created by adding a signature from the authority.

The public key certificate shown in FIG. 14 is the version number of the certificate, the serial number of the certificate assigned by the certificate authority to the certificate user, the algorithm and parameters used for the digital signature, the name of the certificate authority, and the certificate. Expiration date, the name of the certificate user (user ID), the public key of the certificate user, and the electronic signature.

The electronic signature is the version number of the certificate, the serial number of the certificate assigned by the certificate authority to the certificate user, the algorithm and parameters used for the electronic signature,
Generates a hash value by applying a hash function to the name of the certificate authority, the expiration date of the certificate, the name of the certificate user, and the entire public key of the certificate user, and the secret of the certificate authority for the hash value. This is the data generated using the key. The process flow described in FIG. 11, for example, is applied to the generation of this electronic signature.

The certificate authority issues the public key certificate shown in FIG. 14, updates the expired public key certificate, and creates a fraudulent person list for rejecting the user who has committed fraud. , Management, distribution (revoke this: Revoca
call). It also generates public and private keys as needed.

On the other hand, when using this public key certificate, the user verifies the electronic signature of the public key certificate using the public key of the certificate authority held by the user and succeeds in verifying the electronic signature. After that, the public key is extracted from the public key certificate and the public key is used. Therefore, all users who use the public key certificate must hold the public key of the common certificate authority. Regarding the method of verifying the electronic signature, refer to FIG.
Since it has been described in Section 2, its details are omitted.

(3-6) Mutual Authentication Using Public Key Cryptography Next, a mutual authentication method using a 160-bit length elliptic curve cryptography, which is a public key cryptography, will be described with reference to FIG. In FIG. 15, ECC is used as the public key cryptosystem, but any public key cryptosystem similar to that described above may be used. Also, the key size does not have to be 160 bits. In FIG. 15, B first generates a 64-bit random number Rb and sends it to A. A who received this
Generates a new 64-bit random number Ra and a random number Ak smaller than the characteristic p. And the base point G is A
The point Av = Ak × G multiplied by k is obtained, and Ra, Rb, Av
Electronic signature for (X coordinate and Y coordinate) Sig is generated and sent back to B along with A's public key certificate. here,
Ra and Rb each have 64 bits, and the X and Y coordinates of Av each have 160 bits, so a total of 448.
Generate a digital signature for a bit. Since the method of generating the electronic signature has been described with reference to FIG. 11, its details are omitted. Since the public key certificate has also been described with reference to FIG. 14, its details are omitted.

Public key certificate of A, Ra, Rb, Av, electronic signature A. B receiving Sig is R transmitted by A
Verify that b matches what B generated. As a result, if they match, the electronic signature in A's public key certificate is verified with the public key of the certificate authority, and A's public key is extracted. Since the verification of the public key certificate has been described with reference to FIG. 14, its details are omitted. Then, the digital signature A. Verify Sig. Since the method of verifying the electronic signature has been described with reference to FIG. 12, its details are omitted. After successfully verifying the electronic signature, B authenticates A as valid.

Next, B generates a random number Bk smaller than the characteristic p. Then, a point B obtained by multiplying the base point G by Bk
v = Bk × G is calculated, and the electronic signature B.B.R.A. for Rb, Ra, and Bv (X coordinate and Y coordinate) is obtained. Sig is generated and sent back to A along with B's public key certificate.

Public key certificate of B, Rb, Ra, Av, electronic signature B. A receiving Sig is R transmitted by B
Verify that a matches what A generated. As a result, if they match, the electronic signature in B's public key certificate is verified with the public key of the certificate authority, and B's public key is extracted. Then, the digital signature B.
Verify Sig. After successfully verifying the electronic signature, A authenticates B as valid.

If both parties succeed in authentication, B is Bk.
XAv (Bk is a random number, but Av is a point on the elliptic curve, so scalar multiplication of points on the elliptic curve is required), and A calculates Ak × Bv, and X of these points is calculated. The lower 64 bits are used for the subsequent communication as the session key (when the common key encryption is the common key encryption with the 64-bit key length). Of course, the session key may be generated from the Y coordinate, or may not be the lower 64 bits. In the secret communication after mutual authentication, the transmission data may not only be encrypted with the session key, but may also be attached with an electronic signature.

If an illegality or inconsistency is found during the verification of the electronic signature or the received data, it is considered that the mutual authentication has failed and the processing is interrupted.

(3-7) Encryption Processing Using Elliptic Curve Cryptography Next, encryption using elliptic curve cryptography will be described with reference to FIG. In step S21, Mx, My
Is the message, p is the characteristic, a and b are the coefficients of the elliptic curve (elliptic curve: y ² = x ³ + ax + b), G is the base point on the elliptic curve, r is the order of G, and G and Ks × G are The public key (0 <Ks <r). The random number u is set to 0 in step S22.
It is generated so that <u <r, and in step S23, the coordinate V obtained by multiplying the public key Ks × G by u is calculated. The scalar multiplication on the elliptic curve has been described in step S4 of FIG. In step S24, the X coordinate of V is multiplied by Mx to obtain the remainder by p and set to X0. In step S25, the Y coordinate of V is multiplied by My to obtain the remainder in p and set to Y0. If the length of the message is less than the number of bits of p,
My uses a random number, and the decoding unit discards My. In step S26, u × G is calculated, and in step S27 the ciphertext u × G, (X0, Y0) is obtained.

(3-8) Decryption Processing Using Elliptic Curve Cryptography Next, decryption using elliptic curve cryptography will be described with reference to FIG. In step S31, u × G,
(X0, Y0) is ciphertext data, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y ² = x ³ + ax + b), G is a base point on the elliptic curve, and r is the order of G. , Ks are secret keys (0 <Ks <r). In step S32, the encrypted data u × G is multiplied by the secret key Ks to obtain the coordinate V (Xv, Y
v) is calculated. In step S33, among the encrypted data,
The X coordinate of (X0, Y0) is taken out and X1 = X0 / Xv
mod p is calculated, and in step S34, the Y coordinate is extracted and Y1 = Y0 / Yv mod p is calculated. Then, in step S35, X1 is set as Mx and Y1 is set as My, and the message is extracted. At this time, if My is not a message, Y1 is discarded.

As described above, the secret key is Ks, the public key is G,
By setting Ks × G, the key used for encryption and the key used for decryption can be different keys.

RSA is another example of public key cryptography.
The cipher is known, but detailed explanation is omitted (PKCS #
Details are described in 1 Version 2).

(3-9) Random Number Generating Process Next, a random number generating method will be described. Known random number generation methods include a true random number generation method in which thermal noise is amplified and generated from its A / D output, and a pseudo random number generation method in which a plurality of linear circuits such as M series are generated in combination. Further, a method of generating using a common key encryption such as DES is also known. In this example, a pseudo random number generation method using DES will be described (ANSI X9.17 base).

First, the value of 64 bits (when the number of bits is less than this, the upper bit is 0) obtained from the data such as time is D, the key information used in Triple-DES is Kr, and the random number generator is for random number generation. Seed is S. At this time, the random number R is calculated as follows.

[0180]

[Equation 2] I = Triple-DES (Kr, D) ... (2-1) R = Triple-DES (Kr, S ^ I) ………… (2-2) S = Triple-DES (Kr, R ^ I) ………… (2-3)

Here, Triple-DES () uses the first argument as encryption key information and the value of the second argument as Tripl.
It is assumed that the function is encrypted by the e-DES, the operation ^ is an exclusive OR of 64-bit units, and the finally obtained value S is updated as a new Seed (seed).

Hereinafter, in the case of continuously generating random numbers,
The expressions (2-2) and (2-3) are repeated.

The various processing modes relating to the cryptographic processing applicable to the data processing apparatus of the present invention have been described above. Next, specific processing executed in the data processing device of the present invention will be described in detail.

(4) Storage Data Structure of Recording / Reproducing Device FIG. 18 is a diagram for explaining the data holding contents of the internal memory 307 configured in the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 shown in FIG. is there.

As shown in FIG. 18, the following keys and data are stored in the internal memory 307. MKake:
The authentication key (Authen) required for the mutual authentication process executed between the recording / reproducing device 300 and the recording device 400 (see FIG. 3).
Master key for recording device authentication key for generating tication and Key Exchange Key (hereinafter referred to as Kake). IVake: Initial value for recording device authentication key. MKdis: a delivery key master key for generating a delivery key Kdis. IVdis: initial value for delivery key generation. Kicva: A check value A generation key which is a key for generating the check value ICVa. Kicvb: Check value B generation key which is a key for generating the check value ICVb. Kicvc: Check value ICV of each content block
A content check value generation key that is a key for generating i (i = 1 to N). Kicvt: A total check value generation key that is a key for generating the total check value ICVt. Ksys: A system signature key used to attach a common signature or ICV to the distribution system. Kdev: a recording / playback device signature key unique to the recording / playback device, which is different for each recording / playback device and is used by the recording / playback device to attach a signature or ICV. IVmem: Initial value, initial value used for encryption processing such as mutual authentication processing. Common with recording device. These keys and data are stored in the internal memory 307 configured in the recording / playback device cryptographic processing unit 302.

(5) Storage Data Structure of Recording Device FIG. 19 is a diagram showing a data holding state on the recording device. In FIG. 19, the internal memory 405 is divided into a plurality of blocks (N blocks in this example), and the following keys and data are stored in each block. IDmem: recording device identification information, identification information unique to the recording device. Kake: an authentication key, an authentication key used at the time of mutual authentication with the recording and reproducing device 300. IVmem: Initial value, initial value used for encryption processing such as mutual authentication processing. Kstr: Storage key, block information key, and other content data encryption keys. Kr: random number generation key, S: seed These data are held in individual blocks.
The external memory 402 holds a plurality of (M in this example) content data, and each holds the data described in FIG. 4 as shown in FIG. 26 or 27, for example. The difference between the configurations of FIGS. 26 and 27 will be described later.

(6) Mutual Authentication Process between Recording / Reproducing Device and Recording Device (6-1) Outline of Mutual Authentication Process FIG. 20 is a flowchart showing the authentication procedure of the recording / reproducing device 300 and the recording device 400. In step S41, the user inserts the recording device 400 into the recording / reproducing device 300. However, when using a recording device capable of contactless communication, it is not necessary to insert it.

When the recording device 400 is set in the recording / reproducing device 300, the recording device detecting means (not shown) in the recording / reproducing device 300 shown in FIG. 3 notifies the control unit 301 of the mounting of the recording device 400. Next, step S42.
In the above, the control unit 301 of the recording / reproducing device 300 controls the recording device 400 via the recording device controller 303.
Send an initialization command to. The recording device 400 that received this receives the control unit 40 of the recording device encryption processing unit 401.
In 3, the command is received via the communication unit 404, and if the authentication completion flag is set, it is cleared. That is, the unauthenticated state is set.

Next, in step S43, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 30.
2. Send an initialization command to 2. At this time, the recording device insertion port number is also transmitted. By transmitting the recording device insertion port number, even when a plurality of recording devices are connected to the recording / reproducing device 300, it is possible to simultaneously perform authentication processing with the plurality of recording devices 400 and data transmission / reception.

Upon receiving the initialization command, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 sets the authentication completion flag corresponding to the recording device insertion port number in the control unit 306 of the recording / reproducing device cryptographic processing unit 302. If yes, clear it. That is, the unauthenticated state is set.

Next, in step S44, the control unit 301 of the recording / reproducing device 300 specifies the key block number used by the recording device encryption processing unit 401 of the recording device 400. The details of the key block number will be described later. In step S45, the control unit 301 of the recording / reproducing device 300 reads the recording device identification information IDmem stored in the designated key block of the internal memory 405 of the recording device 400. In step S46, the control unit 301 of the recording / reproducing device 300 transmits the recording device identification information IDmem to the recording / reproducing device cryptographic processing unit 302,
Authentication key Kak based on the recording device identification information IDmem
e is generated. As a method of generating the authentication key Kake,
For example, it is generated as follows.

[0192]

[Equation 3] Kake = DES (MKake, IDmem ^ IVake)

Here, MKake is the recording / reproducing device 300.
Is a master key for a recording device authentication key for generating an authentication key Kake necessary for mutual authentication processing executed between the recording device 400 (see FIG. 3) and the recording / reproducing device. The key is stored in the internal memory 307 of 300. The IDmem is recording device identification information unique to the recording device 400. Furthermore I
Vake is an initial value for the recording device authentication key. Further, in the above formula, DES () is a function that encrypts the value of the second argument with DES using the first argument as the encryption key, and the operation ^ represents an exclusive OR in 64-bit units.

For example, when the DES structure shown in FIGS. 7 and 8 is applied, the message M shown in FIGS. 7 and 8 is the recording device identification information: IDmem, and the key K1 is the device authentication key master key: MKake. , Initial value IV:
The output obtained as IVake is the authentication key Kake.

Next, in step S47, mutual authentication and session key Kses generation processing is performed. Mutual authentication is performed between the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 and the encryption / decryption unit 406 of the recording device encryption processing unit 401, and mediation thereof is performed by the control unit 30 of the recording / reproducing device 300.
1 is going.

The mutual authentication process can be executed in accordance with the process described with reference to FIG. FIG.
In the configuration shown in FIG.
0 corresponds to the recording device 400. First, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 generates a random number Rb, and transmits the random number Rb and the recording / reproducing device identification information IDdev which is its own ID to the recording device encryption processing unit 401 of the recording device 400. The recording / reproducing device identification information I
Ddev is an identifier unique to the reproducing device, which is stored in the storage unit included in the recording / reproducing device 300. The recording / reproducing device identification information ID is stored in the internal memory of the recording / reproducing device encryption processing unit 302.
It may be configured to record the dev.

Random number Rb and recording / reproducing device identification information IDd
The recording device encryption processing unit 401 of the recording device 400 that has received ev newly generates a 64-bit random number Ra, and sets the authentication key Kake in the CBC mode of DES in the order of Ra, Rb, and the recording and reproducing device identification information IDdev. The data is encrypted using the data and returned to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300. For example, C of DES shown in FIG.
According to the BC mode processing configuration, Ra is M1, Rb is M1.
2, IDdev corresponds to M3, initial value: IV = IVm
Outputs E1, E2, and E3 when em is set are ciphertexts.

Upon receiving the ciphertexts E1, E2, and E3, the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 decrypts the received data with the authentication key Kake. To decrypt the received data, first, the ciphertext E1 is decrypted with the authentication key Kake, the result and IVmem are subjected to exclusive OR, and the random number R
get a. Next, the ciphertext E2 is decrypted with the authentication key Kake, and the result and E1 are exclusive-ORed to obtain Rb. Finally, the ciphertext E3 is decrypted with the authentication key Kake, the result and E2 are exclusive-ORed, and the recording / reproducing device identification information IDd
get ev. Of the Ra, Rb, and recording / reproducing device identification information IDdev thus obtained, it is verified whether Rb and the recording / reproducing device identification information IDdev match those transmitted by the recording / reproducing device 300. If this verification is successful, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 determines the recording device 4
Authenticate 00 as valid.

Next, the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 uses the session key (Sess) used after the authentication.
ion key (hereinafter referred to as Kses)) (a random number is used as a generation method). And Rb, Ra, Kse
In the order of s, encryption is performed using the key Kake and the initial value IVmem in the CBC mode of DES, and the encrypted data is returned to the recording device encryption processing unit 401 of the recording device 400.

The recording device encryption processing unit 401 of the recording device 400 that receives this receives the received data as the key Kake.
Decrypt with. The method of decrypting the received data is the same as the decryption processing in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and therefore the details are omitted here. Of Rb, Ra, and Kses thus obtained, Rb and Ra
, But verify that it matches what is sent by the recording device 400. When this verification is passed, the recording device encryption processing unit 401 of the recording device 400 authenticates the recording / reproducing device 300 as a valid one. After authenticating each other, the session key Kses is used as a common key for secret communication after authentication.

It should be noted that, when an invalidity or non-coincidence is found during the verification of the received data, the processing is interrupted assuming that the mutual authentication has failed.

If mutual authentication is successful, step S
From 48, the process proceeds to step S49, where the session key Kses
Is stored in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and an authentication completion flag indicating that mutual authentication is completed is set. If the mutual authentication fails, the process proceeds to step S50, the session key Kses generated in the authentication process is discarded, and the authentication completion flag is cleared. It should be noted that the clearing process is not always necessary if it has already been cleared.

When the recording device 400 is removed from the recording device insertion port, the recording device detecting means in the recording / reproducing device 300 indicates that the recording device 400 has been removed by the control unit 301 of the recording / reproducing device 300. The control unit 301 of the recording and reproducing device 300 which has received the notification
The recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 is instructed to clear the authentication completion flag corresponding to the recording device insertion port number, and the recording / reproducing device 300 receiving this command is instructed.
The recording / playback device cryptographic processing unit 302 clears the authentication completion flag corresponding to the recording device insertion port number.

Although an example of executing the mutual authentication processing according to the procedure shown in FIG. 13 has been described here,
Not limited to the authentication processing example described above, for example, the previously described FIG.
Processing according to the mutual authentication procedure of 5 may be executed. Further, in the procedure shown in FIG. 13, A in FIG. 13 is the recording / reproducing device 300, B is the recording device 400, and B: the recording device 400 first sends the ID to the A: recording / reproducing device 300 in the recording device. Mutual authentication processing may be performed as the recording device identification information in the key block. Various processes can be applied to the authentication processing procedure executed in the present invention, and the authentication processing procedure is not limited to the above-described authentication processing.

(6-2) Switching of Key Blocks at Mutual Authentication One feature of the mutual authentication processing in the data processing apparatus of the present invention is that a plurality of key blocks (ex.N key blocks) are provided on the recording device 400 side. That is, the recording and reproducing device 300 specifies one key block (step S44 in the process flow of FIG. 20) and executes the authentication process. As described above with reference to FIG. 19, the internal memory 4 configured in the encryption processing unit 401 of the recording device 400
Reference numeral 05 denotes a plurality of key blocks, each of which stores different data such as different key data and ID information. The mutual authentication process executed between the recording / reproducing device 300 and the recording device 400 described in FIG. 20 is executed for one key block of the plurality of key blocks of the recording device 400 in FIG.

Conventionally, in a configuration in which mutual authentication processing is executed between a storage medium and its reproducing device, a common key: authentication key is used for mutual authentication. Therefore, for example, if you try to change the authentication key for each product destination (country) or for each product, you must change the key data required for the authentication process on the recording and reproducing device side and the recording device side on both devices. Is required. Therefore, for example, the key data required for the authentication processing stored in the newly released recording / reproducing device does not correspond to the key data required for the authentication processing stored in the previously sold recording device, and a new The recording and reproducing device may lose access to the old version of the recording device. Conversely, a similar situation occurs in the relationship between the new version recording device and the old version recording / reproducing device.

In the data processing device of the present invention, as shown in FIG.
As shown in FIG. 9, a plurality of key blocks as different key sets are stored in the recording device 400 in advance. In the recording / reproducing device, for example, a key block to be applied to the authentication process, that is, a designated key block is set for each product destination (country) or for each product, model, version, and application. This setting information is stored in the memory unit of the recording / reproducing device, for example, the internal memory 307 in FIG. 3 or another storage element of the recording / reproducing device 300, and is accessed by the control unit 301 in FIG. 3 during the authentication process. The key block is designated according to the setting information.

The recording device authentication key master key MKake of the internal memory 307 of the recording / reproducing device 300 is an authentication key master key set in accordance with the setting of each designated key block, and can only correspond to the designated key block. Therefore, mutual authentication with key blocks other than the designated key block is not established.

As can be seen from FIG. 19, N key blocks 1 to N are set in the internal memory 405 of the recording device 400, and the recording device identification information, the authentication key, the initial value, A storage key, a random number generation key, and a seed are stored, and at least key data for authentication is stored as different data for each block.

As described above, the key data structure of the key block of the recording device 400 is different for each block. Therefore, for example, the key block N that can be authenticated by the recording / reproducing device A using the master key MKake for recording device authentication key stored in the internal memory is the key block N.
o. 1, and the key block that can be authenticated by the recording / reproducing device B of another specification is another key block, for example, the key block N.
o. 2 can be set.

As will be described in more detail later, when the content is stored in the external memory 402 of the recording device 400, the storage key Kstr stored in each key block is used for encryption processing and storage. Become. More specifically, the content key that encrypts the content block is encrypted with the storage key.

As shown in FIG. 19, the storage key is configured as a different key for each block. Therefore, it is possible to prevent the content stored in the memory of one recording device from being commonly used by the two recording / reproducing devices having different settings which are set to specify different key blocks. That is, the recording / reproducing device with different settings can use only the content stored in the recording device matching the respective settings.

Note that data that can be made common to each key block can be made common, and for example, only authentication key data and stored key data may be different.

As a concrete example of configuring a key block composed of a plurality of different key data in such a recording device,
For example, there is an example in which the key block number to be designated is set differently depending on the type of recording / reproducing device 300 (stationary type, portable type, etc.), or the designated key block is set differently for each application. Furthermore, for example, for a recording / playback device sold in Japan, the designated key block is N
o. 1, and the recording / reproducing device sold in the United States uses the designated key block as No. 1. It is also possible to adopt a configuration in which key blocks are set differently for each region, such as 2. With such a configuration, the contents used in different sales regions and stored in the recording device with different storage keys can be transferred from the United States to Japan or from Japan to the United States by a recording device such as a memory card. Even if
Since it is impossible to use it with a recording / playback device with different key settings, illegal contents stored in the memory,
It can prevent disorderly distribution. Specifically, the content key Kcon encrypted with a different storage key Kstr is 2
It is possible to exclude the condition that it becomes mutually available between countries.

Furthermore, the recording device 400 shown in FIG.
Of the internal memory 405 of at least one key block 1 to N, for example, No. The N key blocks may be configured to be commonly used in any of the recording / reproducing devices 300.

For example, the key block No. N
Master key for recording device authentication key that can be authenticated with MKa
By storing ke, the content can be handled as distributable content regardless of the type of the recording / reproducing device 300, each application, each destination country, and the like. For example, the key block No. The encrypted content stored in the memory card with the storage key stored in N becomes content that can be used in all devices. For example, for example, a portable voice in which music data and the like are encrypted with a commonly-used key block storage key and stored in a memory card, and this memory card also stores a common recording device authentication key master key MKake. By setting it in a reproducing device or the like, it is possible to enable the decoding and reproducing process of the data from the memory card.

FIG. 21 shows an example of using the recording device having a plurality of key blocks in the data processing device of the present invention. The recording / reproducing device 2101 is a recording / reproducing device for products for Japan, and has a key block No. of the recording device. It has a master key that establishes the authentication process with 1 and 4. The recording / reproducing device 2102 is a recording / reproducing device for US products, and has a key block No. of the recording device. It has a master key that establishes the authentication process between 2 and 4. Recorder 2
Reference numeral 103 denotes a recording / reproducing device for EU products, which is the key block No. of the recording device. It has a master key that establishes the authentication process between 3 and 4.

For example, the recording / reproducing device 2101 is authenticated with the key block 1 or the key block 4 of the recording devices A and 2104, and performs an encryption process via the storage key stored in each key block. Content is stored in external memory. In the recording / reproducing device 2102, authentication is established with the key block 2 or the key block 4 of the recording devices B and 2105, and the content subjected to the encryption processing via the storage key stored in each key block is stored in the external memory. Stored in. In the recording / reproducing device 2103, authentication is established with the key block 3 or the key block 4 of the recording device C, 2106, and the content subjected to the encryption processing via the storage key stored in each key block is stored in the external memory. Stored in. Here, when the recording device A, 2104 is attached to the recording / reproducing device 2102 or the recording / reproducing device 2103, the content encrypted by the storage key of the key block 1 is recorded / reproducing device 2102, recording / reproducing device 2103.
Since authentication is not established between the key block 1 and the key block 1, it cannot be used. On the other hand, the content encrypted by the storage key of the key block 4 can be used because the authentication is established between the recording / reproducing device 2102, the recording / reproducing device 2103 and the key block 4.

As described above, in the data processing device of the present invention, the recording device is configured with a key block made up of a plurality of different key sets, while the recording / reproducing device is provided with an authenticable master for the specific key block. Since the configuration is such that the key is stored, it becomes possible to set usage restrictions on the content according to various usage modes.

It is also possible to have a plurality of key blocks that can be specified in one recording / reproducing device, for example, 1 to k, and have a plurality of key blocks that can be specified in another recording and reproducing device, such as p to q. There may be provided a plurality of commonly available key blocks.

(7) Download Processing from Recording / Reproducing Device to Recording Device Next, in the data processing device of the present invention, the recording / reproducing device 3 is used.
A process of downloading content from 00 to the external memory of the recording device 400 will be described.

FIG. 22 is a flow chart for explaining the procedure for downloading the content from the recording / reproducing device 300 to the recording device 400. Note that, in FIG. 22, it is assumed that the above-described mutual authentication processing has already been completed between the recording / reproducing device 300 and the recording device 400.

In step S51, the recording / reproducing device 30
The control unit 301 of 0 uses the reading unit 304 to read data according to a predetermined format from the medium 500 storing the content, or uses the communication unit 305 to receive data from the communication unit 600 according to a predetermined format. Then, the control unit 301 of the recording / reproducing device 300.
Sends the header portion (see FIG. 4) of the data to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300.

Next, in step S52, the control unit 306 of the recording / reproducing device cryptographic processing unit 302, which has received the header in step S51, causes the recording / reproducing device cryptographic processing unit 3 to operate.
The encryption / decryption unit 308 of 02 calculates the check value A. As shown in FIG. 23, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / playback device cryptographic processing unit 302 as a key, and the identification information (Co
The ntent ID) and the handling policy (Usage Policy) are used as messages and are calculated according to the ICV calculation method described in FIG. Even if the initial value is IV = 0, the check value A generating initial value IVa may be stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 and used. Finally, the check value A is compared with the check value ICVa stored in the header (Header), and if they match, the process proceeds to step S53.

As described above with reference to FIG. 4, the check values A and ICVa are check values for verifying the falsification of the identification information and the handling policy. Recording / reproducing device cryptographic processing unit 30
The check value A generated key Kicva stored in the internal memory 307 of No. 2 is used as a key, and the check value calculated according to the ICV calculation method described in FIG. 7 using the identification information (Content ID) and the handling policy (Usage Policy) as a message. A
Is the check value stored in the header: IC
When it matches Va, it is determined that the identification information and the handling policy are not falsified.

Next, in step S53, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the delivery key Kdis.
Is generated by the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302. The delivery key Kdis is generated as follows, for example.

[0227]

[Equation 4] Kdis = DES (MKdis, Content ID ^ IVdis)

Here, MKdis is a delivery key master key for generating the delivery key Kdis, which is a key stored in the internal memory of the recording / reproducing device 300 as described above. The Content ID is identification information of the header of the content data, and IVdi
s is an initial value for the delivery key. Also, in the above equation,
DES () is a function that encrypts the value of the second argument with the first argument as the encryption key, and the operation ^ indicates an exclusive OR in 64-bit units.

In step S54, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 uses the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to execute Step S5.
Using the delivery key Kdis generated in 3, the reading unit 30
Media 500 received via 4 or communication unit 3
The block information key Kbit and the content key Kcon (see FIG. 4) stored in the header part of the data received from the communication means 600 via 05 are decrypted. As shown in FIG. 4, the block information key Kbit and the content key Kcon are encrypted in advance by the delivery key Kdis on a medium such as a DVD or a CD or on a communication path such as the Internet.

Further, in step S55, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 uses the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to decrypt the block information key Kbit in step S54. The block information (BIT) is decrypted with. As shown in FIG. 4, the block information (BIT) is pre-encrypted with the block information key Kbit on a medium such as a DVD or a CD or on a communication path such as the Internet.

Further, in step S56, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 divides the block information key Kbit, the content key Kcon, and the block information (BIT) into 8-byte units, and all of them are subjected to exclusive logic. Addition (any operation such as addition, subtraction, etc. may be performed). Next, the control unit 30 of the recording / playback device cryptographic processing unit 302
Reference numeral 6 denotes the encryption / decryption unit 3 of the recording / reproducing device encryption processing unit 302.
08 is made to calculate the check value B (ICVb). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the exclusive OR value calculated earlier is encrypted by DES. Generate and generate. Finally, the check value B is compared with the ICVb in the Header, and if they match, the process proceeds to step S57.

As described above with reference to FIG. 4, the check values B and ICVb are check values for verifying the falsification of the block information key Kbit, the content key Kcon, and the block information (BIT). Recording / playback device cryptographic processing unit 3
Check value B stored in the internal memory 307 of No. 02.
With the generated key Kicvb as a key, the block information key Kbit,
The value obtained by dividing the content key Kcon and the block information (BIT) in units of 8 bytes and performing an exclusive OR is D
The check value B generated by encrypting with ES is the header (He
ader) check value stored in ader): ICVb, block information key Kbit, content key Kc
On, it is determined that the block information has not been tampered with.

In step S57, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the intermediate check value. As shown in FIG. 25, the intermediate check value uses the total check value generation key Kicvt stored in the internal memory 307 of the recording / playback device cryptographic processing unit 302 as a key, and the check value A in the verified header (Header), The check value B and all the held content check values are used as messages and calculated according to the ICV calculation method described with reference to FIG. Even if the initial value IV = 0, the initial value IVt for total check value generation may be stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 and used.
In addition, the generated intermediate check value is held in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 as needed.

This intermediate check value is generated by using the check value A, the check value B, and all the content check values as a message, and the verification of the data to be verified by each of these check values is performed as an intermediate check. It may be performed by a check value matching process. However, in the present embodiment, the non-falsification verification process as shared data of the entire system and the verification process for identifying as exclusive data occupied by each recording / reproducing device 300 after the download process can be separately executed. Therefore, a plurality of different check values from the intermediate check value, that is, the total check value ICVt, and the check value I peculiar to the recording and reproducing device
CVdev can be generated separately based on the intermediate check value. These check values will be described later.

Controller 30 of recording / playback device cryptographic processor 302
Reference numeral 6 denotes the encryption / decryption unit 3 of the recording / reproducing device encryption processing unit 302.
Let 08 calculate the total check value ICVt. As shown in FIG. 25, the total check value ICVt uses the system signature key Ksys stored in the internal memory 307 of the recording and reproducing device cryptographic processing unit 302 as a key, and the intermediate check value is DES.
Generate by encrypting with. Finally, the generated total check value ICVt is compared with the ICVt in the Header saved in step S51, and if they match, step S
Proceed to 58. The system signature key Ksys is a signature key common to a plurality of recording / reproducing devices, that is, the entire system set that executes recording / reproducing processing of certain data.

As described above with reference to FIG. 4, the total check value ICVt is a check value for verifying the tampering of all the check values of ICVa, ICVb and each content block. Therefore, if the total check value generated by the above process matches the check value: ICVt stored in the header, ICVa, ICV
b, it is determined that all check values of each content block have not been tampered with.

Next, in step S58, the control unit 301 of the recording / reproducing device 300 takes out the content block information in the block information (BIT) and checks whether or not the content block is a verification target. When the content block is the verification target, the content check value is stored in the block information in the header.

If the content block is to be verified, the corresponding content block is read from the medium 500 using the reading unit 304 of the recording / reproducing device 300, or the communication unit 305 of the recording / reproducing device 300 is used. It is received from the communication means 600 and transmitted to the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300. Upon receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the content intermediate value.

The content intermediate value is the content key Kcon decrypted in step S54, the input content block is decrypted in the CBC mode of DES, the result is divided into 8 bytes, and all exclusive ORs (addition, addition,
Any calculation such as subtraction may be performed).

Next, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the content check value. The content check value uses the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the content intermediate value is DE.
Generated by encrypting with S. Then, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 and the control unit 301 of the recording / reproducing device 300 in step S51 with the content check value.
Compare the ICV in the content block received from
The result is passed to the control unit 301 of the recording / reproducing device 300. When the verification is successful, the control unit 301 of the recording / reproducing device 300, which has received this, extracts the next verification target content block and causes the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 to verify the content block. The same verification process is repeated until the block is verified. In addition, Header
In combination with the generation side, even if IV = 0, the content check value generation initial value IVc may be stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 and used. Further, all the checked content check values are held in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300. Furthermore, the recording / reproducing device 300
The recording / playback device cryptographic processing unit 302 monitors the verification order of the content blocks to be verified, and if the order is incorrect or the same content block is verified more than once, the authentication fails. And Then, if all the verifications are successful, the process proceeds to step S59.

Next, at step S59, the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 makes the step S59.
The block information key Kbit and the content key Kcon decrypted in 54 are encrypted by the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 using the session key Kses shared during mutual authentication. . Recording and reproducing device 30
The control unit 301 of 0 reads the block information key Kbit and the content key Kcon encrypted with the session key Kses from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and records these data in the recording device of the recording / reproducing device 300. It is transmitted to the recording device 400 via the controller 303.

Next, in step S60, the recording device 400 that has received the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300.
Causes the encryption / decryption unit 406 of the recording device encryption processing unit 401 to decrypt the received data with the session key Kses shared during mutual authentication, and stores the data in the internal memory 405 of the recording device encryption processing unit 401. Re-encrypt with the stored storage device-specific storage key Kstr. Finally, the control unit 301 of the recording / reproducing device 300 is
The block information key Kbit and the content key Kcon re-encrypted with the storage key Kstr are read from the recording device 400 via the recording device controller 303 of 00. Then, these keys are replaced with the block information key Kbit and the content key Kcon encrypted with the delivery key Kdis.

In step S61, the recording / reproducing device 30
The control unit 301 of 0 sets the handling policy (Us
age usage policy), and the downloaded content can be used only by the recording / playback device 300 (in this case, the usage constraint information is set to 1) or by another similar recording / playback device 300 (this In this case, it is determined whether the usage restriction information is set to 0). As a result of the determination, if the usage restriction information is 1, the process proceeds to step S62.

In step S62, the recording / reproducing device 30
The control unit 301 of 0 causes the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 to calculate a check value unique to the recording / reproducing device. The check value peculiar to the recording / reproducing device uses the recording / reproducing device signature key Kdev stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as a key, as shown in FIG. Check value DES
Generate by encrypting with. The calculated check value ICVdev peculiar to the recording / reproducing device is overwritten instead of the total check value ICVt.

As described above, the system signature key Ks
ys is a system signature key used to attach a common signature or ICV to the distribution system, and the recording / playback device signature key Kdev is different for each recording / playback device, so that the recording / playback device attaches the signature or ICV. This is the recording / playback device signature key used for. That is, the system signature key Ksys
The data signed by is successfully checked by the system (recorder / reproducer) having the same system signature key,
That is, since the total check values ICVt match, they can be commonly used, but the recording / playback device signature key Kde
When the signature is applied using v, the recording / reproducing device signature key is a key unique to the recording / reproducing device. Therefore, the data signed using the recording / reproducing device signature key Kdev, that is, after being signed, is recorded on the recording device. When the recording device is mounted on another recording / reproducing device to reproduce the data, the check value ICVdev peculiar to the recording / reproducing device does not match and an error occurs, so that the data cannot be reproduced.

Therefore, in the data processing apparatus of the present invention, by setting the use restriction information, it becomes possible to freely set the contents that can be commonly used in the system and the contents that can be uniquely used by the recording and reproducing device.

In step S63, the recording / reproducing device 30
The control unit 301 of 0 stores the content in the recording device 400.
Stored in the external memory 402.

FIG. 26 is a diagram showing a content situation in the recording device when the use restriction information is 0. FIG. 27 is a diagram showing a content situation in the recording device when the use restriction information is 1. 26 differs from FIG. 4 only in that the content block information key Kbit and the content key Kcon are encrypted with the delivery key Kdis or the storage key Kstr.
27 is different from FIG. 26 in that the check value calculated from the intermediate check value is encrypted with the system signature key Ksys in FIG. 26, whereas in FIG. It is encrypted with the device signature key Kdev.

In the processing flow of FIG. 22, if the check value A fails in step S52, the check value B fails in step S56, the total check value ICVt fails in step S57. In this case, if the verification of the content check value of each content block fails in step S58, step S6
Proceeding to step 4, a predetermined error is displayed.

In step S61, the usage restriction information is 0.
If it is, step S62 is skipped and the process proceeds to step S63.

(8) Reproduction Process of Recording Device Storage Information in Recording / Reproducing Device Next, a reproduction process of the content information stored in the external memory 402 of the recording device 400 in the recording / reproducing device 300 will be described.

FIG. 28 is a flow chart for explaining the procedure in which the recording / reproducing device 300 reads the content from the recording device 400 and uses the content. 28, it is assumed that mutual authentication has already been completed between the recording / reproducing device 300 and the recording device 400.

In step S71, the recording / reproducing device 30
The control unit 301 of 0 is the recording device controller 303
Is used to read the content from the external memory 402 of the recording device 400. Then, the control unit 301 of the recording / reproducing device 300 transmits the header portion of the data to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300. Step S72 is the same process as step S52 described in “(7) Downloading process from recording / playback device to recording device”, and the control unit 306 of the recording / playback device cryptographic processing unit 302 that has received the header (Header). This is a process for causing the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the check value A. Check value A is
The check value stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as shown in FIG. 23 described above.
A Identification key (Content ID) using the generated key Kicva as a key
And the usage policy (Usage Policy) are used as messages and are calculated according to the same ICV calculation method as described in FIG.

As described above, the check values A, ICV
a is a check value for verifying the falsification of the identification information and the handling policy. Check value A generation key Kicv stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302
Using a as a key, identification information (Content ID) and handling policy (Usag
e Policy) as a message, the check value A calculated according to the ICV calculation method described in FIG.
er), the check value: ICVa stored therein is judged to be the same as that of the identification information and the handling policy stored in the recording device 400.

Next, in step S73, the control section 301 of the recording / reproducing device 300 reads the header (Heade
From the r) part, the block information key Kbit and the content key K
con is taken out and transmitted to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300. Upon receiving the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300, the recording device 400 transfers the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401 and the recording device encryption processing unit 401. The decryption processing is performed by using the storage device-specific storage key Kstr stored in the internal memory 405 of the above, and re-encryption is performed by the session key Kses shared during the mutual authentication. Then, the control unit 301 of the recording / reproducing device 300.
Is the recording device controller 30 of the recording / reproducing device 300.
3 from the recording device 400 to the session key Kse
The block information key Kbit and the content key Kcon re-encrypted in s are read.

Next, in step S74, the controller 301 of the recording / reproducing device 300 receives the received session key Ks.
The block information key Kbit and the content key Kcon re-encrypted in es are transmitted to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.

The recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 which has received the block information key Kbit and the content key Kcon re-encrypted with the session key Kses,
Encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302
Then, the block information key Kbit and the content key Kcon encrypted with the session key Kses are decrypted with the session key Kses shared during the mutual authentication.
Then, the block information received in step S71 is decrypted with the decrypted block information key Kbit.

The recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300 uses the decrypted block information key Kbit,
The content key Kcon and the block information BIT are the block information key Kbi received in step S71.
It is replaced with t, the content key Kcon, and the block information BIT and held. Further, the control unit 301 of the recording / reproducing device 300 reads the decrypted block information BIT from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.

Step S75 is similar to step S56 described in "(7) Download processing from recording / reproducing device to recording device". The block information key Kbit and the content key K read from the recording device 400 by the control unit 306 of the recording / reproducing device encryption processing unit 302.
The con and the block information (BIT) are divided into 8-byte units, and they are all exclusive-ORed. Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to check the value B.
(ICVb) is calculated. The check value B is, as shown in FIG. 24 described above, the recording / playback device cryptographic processing unit 302.
The check value B generation key Kicvb stored in the internal memory 307 of FIG. 2 is used as a key, and the exclusive OR value calculated above is encrypted by DES and generated. Finally, check value B
And ICVb in the Header are compared, and if they match, the process proceeds to step S76.

As described above, the check values B, IC
Vb is a block information key Kbit and a content key Kco
n is a check value for verifying falsification of block information. Internal memory 307 of recording / playback device cryptographic processing unit 302
It is obtained by dividing the block information key Kbit, the content key Kcon, and the block information (BIT) read from the recording device 400 into 8-byte units and exclusive-ORing the check value B generation key Kicvb stored in Check value B generated by encrypting the value with DES
, If it matches the check value ICVb stored in the header (Header) in the data read from the recording device 400, the block information key Kbit and the content key Kcon of the data stored in the recording device 400,
It is determined that the block information has not been tampered with.

In step S76, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the intermediate check value. The intermediate check value is stored in the internal memory 30 of the recording / playback device cryptographic processing unit 302 as shown in FIG.
The total check value generation key Kicvt stored in 7 is used as a key, and the check value A, the check value B in the verified header (Header), and all the content check values held are used as messages, which will be described with reference to FIG. 7 and the like. Calculation is performed according to the ICV calculation method. Even if the initial value is IV = 0,
IVt may be stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as the initial value for generating the total check value and used. In addition, the generated intermediate check value is used in the recording / reproducing device cryptographic processing unit 3 of the recording / reproducing device 300 as needed.
It is held at 02.

Next, in step S77, the control section 301 of the recording / reproducing device 300 extracts the usage restriction information from the handling policy included in the header section of the data read from the external memory 402 of the recording device 400, The downloaded content is the recording / reproducing device 30.
It is determined whether it can be used only with 0 (use restriction information is 1) or can be used with another similar recording / reproducing device 300 (use restriction information is 0). As a result of the determination, the usage restriction information is 1, that is, the downloaded content is the recording / reproducing device 30.
If the usage constraint that can be used only with 0 is set, the process proceeds to step S80, and if the usage constraint information is 0, that is, the setting that can be used with another similar recording / reproducing device 300, proceeds to step S78. move on. The encryption processing unit 302 may perform the process of step S77.

In step S78, the same calculation of the total check value ICVt as in step S58 described in (7) Download processing from recording / reproducing device to recording device is executed. That is, the recording / reproducing device encryption processing unit 3
The control unit 306 of 02 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the total check value ICVt. The total check value ICVt is the same as that shown in FIG.
As shown in FIG. 3, the system check key Ksys stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 is used as a key, and the intermediate check value is encrypted by DES to generate it.

Next, in step S79, in step S79.
The total check value ICVt generated in 78 and the ICVt in the header (Header) saved in step S71
Are compared, and if they match, the process proceeds to step S82.

As described above, the total check value ICV
t is a check value for verifying tampering with all the check values of ICVa, ICVb, and each content block. Therefore, the total check value generated by the above-described processing is the check value stored in the header (Header): IC
If it matches Vt, it is determined that all the check values of ICVa, ICVb, and each content block in the data stored in the recording device 400 have not been tampered with.

If it is determined in step S77 that the downloaded content can be used only by the recording / reproducing device 300, that is, if the setting information is 1, the process proceeds to step S80.

At step S80, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the check value ICVdev unique to the recording / reproducing device. The check value ICVdev peculiar to the recording / reproducing device is the internal memory 30 of the recording / reproducing device cryptographic processing unit 302 as shown in FIG.
The recording / playback device signature key Kdev peculiar to the recording / playback device stored in 7 is used as a key, and the intermediate check value is encrypted by DES to generate. In step S81, step S80
Check value ICVdev peculiar to the recording / playback device calculated in step S1 and ICVde in the header saved in step S71
v is compared, and if they match, the process proceeds to step S82.

As described above, the data signed by the system signature key Ksys is commonly used because the system (recorder / reproducer) having the same system signature key successfully checks, that is, the total check value ICVt matches. When it becomes possible and the signature is made using the recording / reproducing device signature key Kdev, the recording / reproducing device signature key Kdev is a key unique to the recording / reproducing device.
The data signed by using the recording device, that is, the data stored in the recording device after the signature is recorded in another recording / reproducing device by mounting the recording device on the recording / reproducing device. Will result in an error, and playback will not be possible. Therefore, by setting the usage restriction information, it is possible to freely set the content that can be commonly used in the system and the content that can be used uniquely to the recording and reproducing device.

In step S82, the recording / reproducing device 30
The control unit 301 of 0 takes out the content block information in the block information BIT read in step S74 and checks whether or not the content block is an encryption target. If it was encrypted,
The corresponding content block is recorded by the recording device 4 via the recording device controller 303 of the recording / reproducing device 300.
00 from the external memory 402, and the recording / reproducing device 30
0 to the recording / reproducing device encryption processing unit 302. Upon receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302
When the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 decrypts the content and the content block is the verification target, the next step S83.
Check the content check value in.

Step S83 is similar to step S58 described in "(7) Download processing from recording / reproducing device to recording device". Recording and reproducing device 30
The control unit 301 of 0 extracts the content block information in the block information (BIT), determines whether or not the content block is a verification target from the storage state of the content check value, and the content block is a verification target. In this case, the corresponding content block is received from the external memory 402 of the recording device 400 and transmitted to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300. Recording / playback device cryptographic processing unit 302 that received this
The control unit 306 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the intermediate content value.

The content intermediate value is generated by decrypting the input content block in the DES CBC mode with the content key Kcon decrypted in step S74, dividing the result into 8 bytes, and performing an exclusive OR.

Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the content check value. The content check value uses the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the content intermediate value is DE.
Generated by encrypting with S. Then, the control unit 306 of the recording / reproducing device encryption processing unit 302 and the control unit 301 of the recording / reproducing device 300 in step S71 with the content check value.
Compare the ICV in the content block received from
The result is passed to the control unit 301 of the recording / reproducing device 300. When the verification is successful, the control unit 301 of the recording / reproducing device 300, which has received this, extracts the next verification target content block and causes the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 to verify the content block. The same verification process is repeated until the block is verified. The initial value is IV
Even if = 0, the content check value generation initial value IVc may be stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 and used. In addition, all the content check values checked are recorded in the recording / reproducing device 300.
It is held in the recording / playback device cryptographic processing unit 302. Furthermore, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300.
Monitors the verification order of the content blocks to be verified, and if the order is incorrect or the same content block is verified more than once, it is assumed that the authentication has failed.

The control unit 301 of the recording / reproducing device 300 receives the comparison result of the content check values (if the verification target is not a verification target, all comparison results are successful), and if the verification is successful, The decrypted content is retrieved from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300. Then, the next decryption target content block is taken out, and the recording / reproducing device cryptographic processing unit 30 of the recording / reproducing device 300.
2, and repeat until all content blocks are decrypted.

[0274] In step S83, the recording / reproducing device cryptographic processing section 302 of the recording / reproducing device 300, if there is a mismatch in the verification processing of the content check value, aborts the processing as a verification failure and remains. It does not decrypt the content. Also, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 monitors the decoding order of the content blocks to be decrypted, and the order is wrong, or the same content block is decrypted more than once. In this case, it is assumed that the decryption has failed.

If the verification of the check value A fails in step S72, or the verification of the check value B fails in step S75, the total check value IC is found in step S79.
If the verification of Vt fails, if the verification of the check value ICVdev peculiar to the recording / reproducing device fails in step S81, or if the verification of the content check value of each content block fails in step S83, step S84.
Then, a predetermined error is displayed.

As described above, when downloading or using contents, important data and contents can be encrypted and concealed, tampering verified, and block information BIT can be decrypted. Since the block information key Kbit for decrypting and the content key Kcon for decrypting the content are stored by the storage key Kstr unique to the recording device, it is assumed that the data on the recording medium is simply copied to another recording medium. Even, the content cannot be properly decrypted. More specifically, for example, in step S74 of FIG. 28, a storage key Ks that differs for each recording device
This is because the data encrypted by tr is decrypted, so that the data cannot be properly decrypted by another recording device.

(9) Key exchange process after mutual authentication One of the features of the data processing apparatus of the present invention is only after the above mutual authentication process executed between the recording / reproducing device 300 and the recording device 400. There is a point that the recording device can be used and the usage mode is limited.

For example, in order to prevent a recording device such as a memory card in which contents are stored by illegal duplication or the like from being generated and set in a recording / reproducing device for use, a recording / reproducing device 300 and a recording device are used. Mutual authentication processing is performed between the devices 400, and content (encrypted) can be transferred between the recording / reproducing device 300 and the recording device 400 on condition that the authentication is OK.

In order to realize the above-mentioned restrictive processing, in the data processing apparatus of the present invention, all processing in the encryption processing section 401 of the recording device 400 is executed based on a preset command sequence. It is composed. That is, the recording device has a command processing configuration in which commands based on command numbers are sequentially taken out from the register and executed. FIG. 29 is a diagram for explaining the command processing configuration in this recording device.

As shown in FIG. 29, between the recording / reproducing device 300 having the recording / reproducing device cryptographic processing unit 302 and the recording device 400 having the recording device cryptographic processing unit 401,
A command number (No.) is output from the recording device controller 303 to the communication unit (including the reception register) 404 of the recording device 400 under the control of the control unit 301 of the recording / reproducing device 300.

The recording device 400 includes a cryptographic processing unit 401.
The control unit 403 therein has a command number management unit 2201. The command number management unit 2901 holds a command register 2902, and stores a command string corresponding to the command number output from the recording / reproducing device 300. As shown in the right side of FIG. 29, the command sequence sequentially associates command numbers 0 to y with execution commands. Command number management unit 2901
Monitors the command number output from the recording / reproducing device 300, fetches the corresponding command from the command register 2902, and executes it.

As shown on the right side of FIG. 29, the command sequence stored in the command register 2902 is associated with the command numbers 0 to k preceded by the command sequence relating to the authentication processing sequence. Furthermore, the command numbers p to s after the command sequence relating to the authentication processing sequence correspond to the decryption, key exchange, and encryption processing command sequence 1, and the subsequent command numbers u to y correspond to the decryption, key exchange, and encryption processing command sequence 2. It is attached.

As described earlier in the authentication processing flow of FIG. 20, when the recording device 400 is attached to the recording / reproducing device 300, the control unit 301 of the recording / reproducing device 300 causes the recording device 400 to execute recording via the recording device controller 303. Four
The initialization command is transmitted to 00. Upon receiving this, the recording device 400 receives the command via the communication unit 404 in the control unit 403 of the recording device encryption processing unit 401,
The authentication flag 2903 is cleared. That is, the unauthenticated state is set. Alternatively, when power is supplied from the recording / reproducing device 300 to the recording device 400, the system may be set in an unapproved state at power-on.

Next, the control section 301 of the recording / reproducing device 300.
Sends an initialization command to the recording / playback device cryptographic processing unit 302. At this time, the recording device insertion port number is also transmitted. By transmitting the recording device insertion port number, even when a plurality of recording devices are connected to the recording / reproducing device 300, it is possible to simultaneously perform authentication processing with the plurality of recording devices 400 and data transmission / reception.

Upon receiving the initialization command, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 clears the authentication flag 2904 corresponding to the recording device insertion port number in the control unit of the recording / reproducing device cryptographic processing unit 302. That is, the unauthenticated state is set.

When these initialization processes are completed, the control unit 301 of the recording / reproducing device 300 outputs the command numbers sequentially from the command number 0 through the recording device controller 303 in ascending order. The command number management unit 2901 of the recording device 400 monitors the command numbers input from the recording / reproducing device 300, confirms that the command numbers are sequentially input from 0, extracts the corresponding commands from the command register 2902, and performs the authentication process and the like. Executes various processes. If the command numbers input are not in the prescribed order, an error is generated and the command number acceptance value is reset to the initial state, that is, the executable command number = 0.

As shown in FIG. 29, the command register 29
The command sequence stored in 02 is given a command number so that the authentication process is processed in advance,
The processing sequence of decryption, key exchange, and encryption processing is stored in the subsequent processing.

A specific example of the decryption, key exchange, and encryption processing sequence will be described with reference to FIGS.

FIG. 30 constitutes a part of the process executed in the process of downloading the content from the recording / reproducing device 300 to the recording device 400 described above with reference to FIG. Specifically, it is executed between steps S59 and S60 in FIG.

In FIG. 30, step S3001 is executed.
Data encrypted with the session key Kses from the recording / reproducing device (ex. Block information key Kbit, content key K
con) is received by the recording device, and then the command sequences p to s shown in FIG. 29 are started. The command sequence p to s is started after the authentication processing commands 0 to k are completed and the authenticated flags are set in the authentication flags 2903 and 2904 shown in FIG. This is ensured by the command number management unit 2901 only accepting command numbers from 0 in ascending order.

In step S3002, the recording device stores in the register the data (ex. Block information key Kbit, content key Kcon) encrypted with the session key Kses received from the recording / reproducing device.

In step S3003, the session key Ks
Data encrypted by es (ex. block information key Kb
It, content key Kcon) is extracted from the register and decrypted with the session key Kses.

The step S3004 is the session key Ks.
Data decrypted by es (ex. block information key Kb
It, content key Kcon) is a step of executing a process of encrypting the storage key Kstr.

The above processing steps 3002 to 3004
Is a process included in the command numbers p to s in the command register described in FIG. These processes are
Command numbers p to s received from the recording / reproducing device 300 in the command number management unit 2901 of the recording device 400.
Then, the recording device cryptographic processing unit 401 sequentially executes the processing.

The next step S3005 is to store the storage key Kst.
data encrypted by r (ex. block information key Kbi
t, content key Kcon) in the external memory of the recording device. In this step, from the recording device encryption processing unit 401 to the recording / reproducing device 30.
0 reads the data encrypted with the storage key Kstr,
After that, it may be stored in the external memory 402 of the recording device 400.

[0296] Steps S3002 to S3004 described above.
Is a non-interruptible execution sequence that is continuously executed. For example, even if there is a data read command from the recording / reproducing device 300 at the end of the decoding process of step S3003, the read command is Since the command numbers in the ascending order set in the command numbers p to s of 2902 are different, the command number management unit 2
901 does not accept the execution of reading. Therefore, it becomes impossible to read the decrypted data generated at the time of key exchange in the recording device 400 from the outside, for example, the recording / reproducing device 300, and it is possible to prevent the unauthorized reading of the key data and the content.

FIG. 31 constitutes a part of the processing executed in the content reproduction processing for reading the content from the recording device 400 described above with reference to FIG. 28 and reproducing it in the recording / reproducing device 300. Specifically, it is the process executed in step S73 in FIG.

In FIG. 31, in step S3101,
The storage key Ks from the external memory 402 of the recording device 400
data encrypted with tr (ex. block information key Kb
It, the content key Kcon) is read.

In step S3102, data encrypted with the storage key Kstr read from the memory of the recording device (ex. Block information key Kbit, content key Kc
on) in the register. In this step, the external memory 40 of the recording device 400 is
The recording / reproducing device 300 may read the data encrypted with the storage key Kstr from No. 2 and then store the data in the register of the recording device 400.

In step S3103, the data (ex. Block information key Kbit, encrypted with the storage key Kstr,
In this step, the content key Kcon) is taken out from the register and decrypted with the storage key Kstr.

In step S3104, the data (ex. Block information key Kbit, decrypted with the storage key Kstr,
In this step, the content key Kcon) is encrypted with the session key Kses.

The above processing steps 3102 to 3104
Is a process included in the command numbers u to y in the command register described in FIG. These processes are
In the command number management unit 2901 of the recording device, the recording device encryption processing unit 406 sequentially executes the command numbers u to y received from the recording and reproducing device 300.

In the next step S3105, the data encrypted with the session key Kses (ex. Block information key K
Bit, content key Kcon) is transmitted from the recording device to the recording / reproducing device.

Steps S3102-S3104 described above
Is a non-interruptible execution sequence that is continuously executed. For example, even if there is a data read command from the recording / reproducing device 300 at the end of the decoding process of step S3103, the read command is Since the command numbers u to y of 2902 are different from the ascending command numbers, the command number management unit 2
901 does not accept the execution of reading. Therefore, it becomes impossible to read the decrypted data generated at the time of key exchange in the recording device 400 from the outside, for example, the recording and reproducing device 300, and it is possible to prevent the unauthorized reading of the key data or the content.

In the processing shown in FIGS. 30 and 31, the target to be decrypted and encrypted by the key exchange is the block information key Kbit and the content key Kcon.
The command sequence stored in the command register 2902 shown in FIG. 29 may include decryption / encryption processing involving key exchange of the content itself, and the objects to be decrypted / encrypted by key exchange are as described above. It is not limited to the example of.

The key exchange processing after mutual authentication in the data processing apparatus of the present invention has been described above. in this way,
The key exchange process in the data processing device of the present invention can be executed only after the authentication process between the recording and reproducing device and the recording device is completed, and further, it is possible to prevent the decrypted data in the key exchange process from being accessed from the outside. Since it is configured, a high level of security of content and key data is secured.

(10) Multiple Content Data Formats and Download and Playback Processing Corresponding to Each Format In the above-described embodiment, for example, the media 500 shown in FIG.
Alternatively, the case where the data format in the communication unit 600 is one type shown in FIG. 4 has been described. However, the data format in the medium 500 or the communication means 600 is not limited to the format shown in FIG. 4 described above, and depending on the content, such as when the content is music, image data, a program such as a game, etc. It is desirable to adopt a different data format. Hereinafter, a plurality of different data data formats and the download processing to the recording device corresponding to each format and the reproduction processing from the recording device will be described.

32-35 show four different data formats. On the left side of each figure, the media 5 shown in FIG.
00 or the data format on the communication means 600, and the right side of each figure shows the data format when stored in the external memory 402 of the recording device 400. First, the outline of the data formats shown in FIGS. 32 to 35 will be described, and then the content of each data in each format and the difference between the data in each format will be described.

FIG. 32 shows the format type 0,
It is the same as the type shown as an example in the above description. The characteristic of this format type 0 is that the entire data is divided into N data blocks of arbitrary size, that is, block 1 to block N, each block is arbitrarily encrypted, and encrypted block and non-encrypted block, that is, The point is that plaintext blocks can be mixed to form data. The block encryption is executed by the content key Kcon, and the content key Kcon is encrypted on the medium by the delivery key Kdis, and when stored in the recording device, by the storage key Kstr stored in the internal memory of the recording device. Encrypted. The block information key Kbit is also the delivery key Kd on the medium.
A storage key K encrypted by is and stored in the internal memory of the recording device when stored in the recording device.
encrypted by str. These key exchanges are executed according to the process described in the above-mentioned “(9) Key exchange process after mutual authentication”.

FIG. 33 shows the format type 1,
Like the format type 0, the format type 1 divides the entire data into N data blocks, that is, the blocks 1 to N. However, the size of each of the N blocks is the same as described above. Format type 0. The block encryption processing mode using the content key Kcon is the same as that of the format type 0 described above. The content key Kcon and the block information key Kbit, which are encrypted by the delivery key Kdis on the medium and encrypted by the storage key Kstr stored in the internal memory of the recording device when stored in the recording device, also have the above-mentioned format type 0. Is the same as. Unlike the format type 0, the format type 1 has a fixed block configuration, which simplifies the configuration data such as the data length of each block.
It is possible to reduce the memory size of the block information as compared with the format type 0.

In the configuration example of FIG. 33, each block is composed of one set of an encrypted part and a non-encrypted (plaintext) part. If the block length and configuration are regular in this way, it is not necessary to check each block length and block configuration during decryption processing, so efficient decryption and encryption processing is possible. In the format 1, the parts that make up each block, that is, the encrypted part and the non-encrypted (plaintext) part, can be defined as a check target for each part, and a block including a check required part. , The content check value ICVi is defined for that block.

FIG. 34 shows the format type 2,
The characteristic of this format type 2 is that it is divided into N data blocks of the same size, that is, blocks 1 to N, and each block is encrypted with an individual block key Kblc. The encryption of each block key Kblc is executed by the content key Kcon, and the content key Kcon is encrypted by the delivery key Kdis on the medium, and when the data is stored in the recording device, it is stored in the internal memory of the recording device. It is encrypted with the key Kstr. The block information key Kbit is also the delivery key Kd on the medium.
A storage key K encrypted by is and stored in the internal memory of the recording device when stored in the recording device.
encrypted by str.

FIG. 35 shows format type 3,
The characteristic of this format type 3 is that, like the format type 2, it is divided into N data blocks of the same size, that is, block 1 to block N, and each block is encrypted with an individual block key Kblc. In addition, the encryption of each block key Kblc without using the content key is performed by the delivery key K on the media.
It is encrypted by dis and encrypted by the storage key Kstr on the recording device. The content key Kcon does not exist on the medium or the device. The block information key Kbit is encrypted on the medium by the delivery key Kdis, and when stored in the recording device, it is encrypted by the storage key Kstr stored in the internal memory of the recording device.

Next, the contents of the data of the format types 0 to 3 will be described. As described above, the data is roughly classified into a header part and a content part, and the header part has a content identifier, a handling policy, check values A and B, a total check value, a block information key, a content key, and a block. Information is included.

The handling policy includes the content data length, header length, format type (format 0 to 3 described below), for example, content type such as program or data, and the above-mentioned content recording device. As described in the section for downloading and playing, the localization flag, which is a flag that determines whether or not the content is unique to the recording / playback device, the permission flag for copying the content, the move process, and the content encryption. It stores various kinds of usage restriction information and processing information related to the content such as the encryption algorithm and the mode.

Check value A: ICVa is a check value for the identification information and the handling policy, for example, as shown in FIG.
It is generated by the method described in Section 3.

The block information key Kbit is a key for encrypting block information. As described above, the block information key Kbit is encrypted by the delivery key Kdis on the medium, and when stored in the recording device, it is stored in the internal memory of the recording device. Encrypted with the storage key Kstr stored in.

The content key Kcon is a key used for content encryption. In the format types 0 and 1, the content key Kcon is encrypted by the delivery key Kdis on the medium like the block information key Kbit, and is recorded when stored in the recording device. It is encrypted by the storage key Kstr stored in the internal memory of the device. In the format type 2, the content key Kcon is also used to encrypt the block key Kblc configured in each content block. Further, in the format type 3, the content key Kcon does not exist.

The block information is a table for describing information of each block, and the size of the block and a flag indicating whether or not the block is encrypted, that is, whether each block is a check target (ICV) or not. Information indicating whether or not it is stored. When the block is a check target, the check value ICVi (check value of the block i) of the block is defined and stored in the table. This block information is the block information encryption key Kbit.
Encrypted by.

When the block is encrypted, the check value of the block, that is, the content check value ICVi, is a value obtained by exclusive ORing the entire plaintext (decrypted text) in 8-byte units in the internal memory of the recording / reproducing device 300. It is generated as a value encrypted with the content check value generation key Kicvc stored in 307. If the block is not encrypted, the entire block data (plain text) is used in units of 8 bytes with the tampering check value generation function (DES-CBC-MAC, content check value generation key Kicvc shown in FIG. 36 as a key. ) Is generated as a value obtained by inputting to. FIG. 36 shows the check value IC of the content block
The structural example which produces | generates Vi is shown. Each of the messages M constitutes 8 bytes of decrypted text data or plain text data.

In the format type 1, if at least one of the parts in the block is the target data of the check value ICVi, that is, the check required part, the content check value ICVi is defined for the block. When the part j is encrypted, the check value P-ICVij of the part j in the block i is a content check value generation key Kicv which is a value obtained by exclusive ORing the entire plaintext (decrypted text) in units of 8 bytes.
It is generated as a value encrypted with c. If the part j is not encrypted, the entire data (plaintext) of the block of the part is changed in units of 8 bytes to a falsification check value generation function (DES-CBC-MAC, content check value generation key Kicvc). Is used as the key) and is generated as the value obtained by inputting.

Furthermore, it is shown that one block i is a check target. [ICV flag = subject
ICV], that is, if there is only one check-needed part, the check value P-ICVij generated by the above method is used as it is as the check value ICVi of the block, and the check target is checked in one block i. [ICV flag = subject
If there are multiple parts that are of ICV],
A tampering check value generation function (DES-CBC-MA) shown in FIG. 37 in units of 8 bytes for data obtained by concatenating a plurality of part check values P-ICVij in order of part numbers.
C, using the content check value generation key Kicvc as a key). FIG. 37 shows a configuration example of generating the content check value ICVi of the content block.

In the format types 2 and 3, the block check value ICVi is not defined.

Check value B: ICVb is a check value for the block information key, the content key, and the entire block information, and is generated, for example, by the method described with reference to FIG.

The total check value ICVt is a check value for the above-mentioned check value A: ICVa, check value B: ICVb, and the entire check value ICVi included in each block that is a content check target.
As described with reference to FIG. 25, the check value A: ICVa
It is generated by applying the system signature key Ksys to an intermediate check value generated from each check value such as ???

In the format types 2 and 3, the total check value ICVt is the check value A:
ICVa, check value B: The system signature key Ksys is applied to the intermediate check value generated from the content data, that is, the data obtained by concatenating the entire content data from the block key of block 1 to the final block to ICVb, and the encryption processing is executed. Is generated by FIG. 38 shows a configuration example for generating the total check value ICVt in the format types 2 and 3.

The unique check value ICVdev is the same as the above-mentioned localization flag when the localization flag is set to 1.
That is, it is a check value that is replaced with the total check value ICVt when it indicates that the content can be used uniquely to the recording / playback device, and in the case of format types 0 and 1, the above-mentioned check value A: ICVa , A check value B: ICVb, and a check value ICVi included in each block that is a content check target.
It is generated as a check value for the whole. Specifically, as described with reference to FIG. 25 or FIG. 38, the recording / reproducing device signature key Kdev is applied to the intermediate check value generated from each check value such as the check value A: ICVa to perform the encryption process. It is generated by executing.

Next, the process of downloading the content from the recording / reproducing device 300 to the recording device 400 in each of the format types 0 to 3 and the recording / reproducing device 300.
The reproduction process from the recording device 400 in FIG. 39 will be described with reference to the flows of FIGS.

First, the content download processing in the format types 0 and 1 will be described with reference to FIG.

The process shown in FIG. 39 is started by mounting the recording device 400 on the recording / reproducing device 300 shown in FIG. 3, for example. Step S101 is an authentication processing step between the recording / reproducing device and the recording device, and is executed according to the authentication processing flow of FIG. 20 described above.

When the authentication processing in step S101 is completed and the authentication flag is set, the recording / reproducing device 300 converts the content data stored in the medium 500 into a predetermined format via the reading unit 304 in step S102. The control unit 3 of the recording / reproducing device 300 reads out the data which follows, or receives the data according to a predetermined format from the communication means 600 using the communication unit 305.
01 transmits the header portion of the data to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300.

Next, in step S103, the control unit 306 of the encryption processing unit 302 causes the recording / reproducing device encryption processing unit 30 to operate.
The second encryption / decryption unit 308 is caused to calculate the check value A. As shown in FIG. 23, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / playback device cryptographic processing unit 302 as a key, and the identification information (Co
The ntent ID) and the handling policy (Usage Policy) are used as messages and calculated according to the ICV calculation method described with reference to FIG. 7. Next, in step S104, the check value A and the check value stored in the header: IC
Va is compared, and if they match, step S105.
Go to.

As described above, check values A, ICV
a is a check value for verifying the falsification of the identification information and the handling policy. Check value A generation key Kicv stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302
Using a as a key, identification information (Content ID) and handling policy (Usag
e Policy) as a message, for example, the check value A calculated according to the ICV calculation method is a header (Header)
If it matches with the check value: ICVa stored inside, it is determined that the identification information and the handling policy are not falsified.

Next, in step S105, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the delivery key Kdi.
Recording / reproducing device cryptographic processing unit 302
The encryption / decryption unit 308 of FIG. The delivery key Kdis is generated using, for example, the delivery key master key MKdis, as in step S53 of FIG. 22 described above.

Next, in step S106, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 uses the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to read using the generated delivery key Kdis. The block information key Kbit and the content key Kcon stored in the header section of the medium 500 received via the unit 304 or the data received from the communication unit 600 via the communication unit 305.
Decryption process is performed.

Further, in step S107, the control unit 306 of the recording / reproducing device encryption processing unit 302 decrypts the block information with the decrypted block information key Kbit in the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302. Turn into.

Further, in step S108, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 generates a check value B (ICVb ') from the block information key Kbit, the content key Kcon and the block information (BIT). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the block information key Kbit, the content key Kcon, and the block information ( It is generated by encrypting an exclusive OR value composed of BIT) with DES. Next, in step S109, the check value B is compared with the ICVb in the header (Header), and if they match, the process proceeds to step S110.

As described above, the check value B, IC
Vb is a block information key Kbit and a content key Kco
n is a check value for verifying falsification of block information. Internal memory 307 of recording / playback device cryptographic processing unit 302
Using the check value B generation key Kicvb stored in the key as a key, the block information key Kbit, the content key Kcon, and the block information (BIT) are divided into 8-byte units, and the value obtained by exclusive OR is encrypted with DES. If the check value B generated as a result matches the check value ICVb stored in the header (Header), it is determined that the block information key Kbit, the content key Kcon, and the block information are not tampered with.

In step S110, the control unit 306 of the recording / playback device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / playback device cryptographic processing unit 302 to calculate an intermediate check value. The intermediate check value is, as shown in FIG.
By using the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as a key, the check value A, the check value B in the verified Header, and all the stored content check values are stored. The message is calculated according to the ICV calculation method described in FIG.
The generated intermediate check value is stored in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 as needed.

Next, in step S111, the control unit 306 of the recording / playback device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / playback device cryptographic processing unit 302 to calculate the total check value ICVt '. Total check value ICVt '
25, as shown in FIG.
System signature key K stored in the internal memory 307 of the
It is generated by encrypting the intermediate check value with DES using sys as a key. Next, in step S112, the generated total check value ICVt 'and the ICV in the header (Header)
t is compared, and if they match, step S113
Go to.

As described above with reference to FIG. 4, the total check value ICVt is a check value for verifying the tampering of all the check values of ICVa, ICVb and each content block. Therefore, if the total check value generated by the above process matches the check value: ICVt stored in the header, ICVa, ICV
b, it is determined that all check values of each content block have not been tampered with.

Next, in step S113, the control unit 301 of the recording / reproducing device 300 has the block information (BIT).
Take out the content block information in and check if the content block is a verification target. When the content block is the verification target, the content check value is stored in the block information in the header.

If the content block is to be verified, the corresponding content block is read by the reading unit 30 of the recording / reproducing device 300 in step S114.
4 is used to read from the medium 500, or is received from the communication means 600 using the communication unit 305 of the recording / reproducing device 300 and is transmitted to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Recording / playback device cryptographic processing unit 302 that received this
The control unit 306 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the content check value ICVi ′.

If the block is encrypted as described above, the content check value ICVi 'is decrypted with the content key Kcon in the input content block in the DES CBC mode, and the result is all 8 bytes. The content intermediate value generated by exclusive OR of the units is encrypted and generated by the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device 300. If the block is not encrypted, the entire data (plain text) is changed in units of 8 bytes to the tampering check value generation function (DES-CBC-MAC, which uses the content check value generation key Kicvc as a key) shown in FIG. It is generated as the value obtained by inputting.

Next, in step S115, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 and the IC in the content block received from the control unit 301 of the recording / reproducing device 300 in step S102.
V is compared, and the result is compared with the control unit 30 of the recording / reproducing device 300.
Pass to 1. The control unit 3 of the recording / reproducing device 300 which receives this
When the verification is successful, 01 takes out the next content block to be verified and causes the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 to verify it, and repeats the same verification process until all the content blocks are verified. (Step S116).

Note that steps S104 and S10 are performed.
In any of 9, step S112, or step S115, if the check values do not match, the download process ends as an error.

Next, in step S117, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 encrypts / blocks the block information key Kbit and the content key Kcon decrypted in step S106. The decryption unit 308 is caused to encrypt with the session key Kses shared during the mutual authentication. Recording / reproducing device 300
The control unit 301 reads the block information key Kbit and the content key Kcon encrypted with the session key Kses from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and records these data in the recording device controller of the recording / reproducing device 300. It transmits to the recording device 400 via 303.

Next, in step S118, the block information key Kbit transmitted from the recording / reproducing device 300.
Device 400 that has received the content key Kcon
Causes the encryption / decryption unit 406 of the recording device encryption processing unit 401 to decrypt the received data with the session key Kses shared during mutual authentication, and stores the data in the internal memory 405 of the recording device encryption processing unit 401. The control unit 301 of the recording / reproducing device 300 re-encrypts with the stored storage device-specific storage key Kstr, and the recording device 4 via the recording device controller 303 of the recording / reproducing device 300.
The block information key Kbit and the content key Kcon re-encrypted with the storage key Kstr from 00 are read out. That is, the block information key Kb encrypted with the delivery key Kdis
The it and the content key Kcon are switched.

Next, in step S119, the control unit 301 of the recording / reproducing device 300 extracts the usage restriction information from the handling policy of the header part of the data, and the downloaded content is used only by the recording / reproducing device 300. It is determined whether or not it is possible. In this determination, if the localization flag (usage restriction information) is set to 1, the downloaded content can be used only by the recording and reproducing device 300, and the localization flag (usage restriction information) is set to 0. Is a similar recording / playback device 300 with different downloaded content.
But it shows that it can be used. As a result of the determination, if the localization flag (use restriction information) = 1,
It proceeds to step S120.

In step S120, the recording / reproducing device 3
The control unit 301 of 00 causes the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 to calculate a check value unique to the recording / reproducing device. The check value peculiar to the recording / reproducing device is stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as shown in FIG.
Using the recording / playback device signature key Kdev unique to the recording / playback device stored in step S10 as a key, the intermediate check value generated in step S110 is encrypted by DES to generate the intermediate check value. The calculated check value ICVdev peculiar to the recording / reproducing device is overwritten instead of the total check value ICVt.

As described above, the system signature key Ks
ys is a system signature key used to attach a common signature or ICV to the distribution system, and the recording / playback device signature key Kdev is different for each recording / playback device, and the recording / playback device attaches the signature or ICV. This is the recording / playback device signature key used for. That is, the data signed by the system signature key Ksys is successfully checked by the system (recorder / reproducer) having the same system signature key, that is, the total check value ICVt matches, so that the data can be commonly used. , Recording / playback device signature key Kde
When the signature is applied using v, the recording / reproducing device signature key is a key unique to the recording / reproducing device. Therefore, the data signed using the recording / reproducing device signature key Kdev, that is, after being signed, is recorded on the recording device. If the data stored in the recording / reproducing device is to be reproduced by another recording / reproducing device by using the recording device, the check value ICVdev peculiar to the recording / reproducing device does not match and an error occurs, so that the data cannot be reproduced. In the data processing apparatus of the present invention, the content that can be commonly used in the system and the content that can be used uniquely to the recording / reproducing device can be freely set by setting the usage restriction information.

Next, in step S121, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 3 to operate.
02 to form the stored data format. As described above, there are format types 0 to 3 and they are set in the handling policy (see FIG. 5) in the header. According to this setting type, the right side of FIGS. Data is formed according to the storage format of. Since the flow shown in FIG. 39 is one of formats 0 and 1, it is formed in one of the formats of FIGS.

When formation of the storage data format is completed in step S121, the control unit 301 of the recording / reproducing device 300 stores the content in the external memory 402 of the recording device 400 in step 122.

The above is the mode of the download processing of the content data in the format types 0 and 1.

Next, the process of downloading the content data in the format type 2 will be described with reference to FIG. The difference from the above-mentioned download processing of format types 0 and 1 will be mainly described.

Since steps S101 to S109 are the same as the above-mentioned format type 0, 1 download processing, a description thereof will be omitted.

In the format type 2, since the content check value ICVi is not defined as described above, the content check value IC is included in the block information.
Do not have Vi. As shown in FIG. 38, the intermediate check value in the format type 2 is a check value A, a check value B, and data obtained by concatenating the entire content data from the first block of the first block (block key of block 1) to the last block. It is generated by applying the system signature key Ksys to the intermediate check value generated based on the intermediate check value and executing the encryption process.

Therefore, in the format type 2 download process, the content data is read in step S151, and in step S152, an intermediate check value is generated based on the check value A and the check value B and the read content data. In addition,
Even if the content data is encrypted, it is not decrypted.

Since the format type 2 does not perform the block data decoding and the content check value inquiry processing like the processing in the format types 0 and 1 described above, the quick processing is possible.

The processes in and after step S111 are the same as the processes in the format types 0 and 1, and the description thereof will be omitted.

The above is the aspect of the download processing of the content data in the format type 2. As described above, the download process of the format type 2 does not perform the block data decoding and the content check value inquiry process like the process of the format types 0 and 1, so that the process can be performed quickly, and the music data and the like can be processed in real time. It is a format suitable for data processing that requires processing.

Next, the download processing of the content data in the format type 3 will be described with reference to FIG. The difference from the above-mentioned download processing of format types 0, 1, and 2 will be mainly described.

Since steps S101 to S105 are the same as the above-mentioned download processing of the format types 0, 1 and 2, description thereof will be omitted.

Format type 3 basically has a lot in common with the processing in format type 2, but
Format type 3 does not have a content key,
Further, the block type Kblc is different from the format type 2 in that the block key Kblc is encrypted and stored in the recording device with the storage key Kstr.

Description will be made centering on differences from the format type 2 in the download processing of the format type 3. For format type 3, step S1
In step S161, which is the step following 05, the block information key is decrypted. Recording / playback device cryptographic processing unit 3
The control unit 306 of 02 uses the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 and the delivery key Kdis generated in step S105 to receive the medium 500 via the reading unit 304, or The block information key Kbit stored in the header portion of the data received from the communication unit 600 via the communication unit 305 is decrypted. In the format type 3, since the content key Kcon does not exist in the data, the decryption process of the content key Kcon is not executed.

In the next step S107, step S1
The block information is decrypted using the block information key Kbit decrypted in 61, and further, in step S162, the controller 306 of the recording / reproducing device cryptographic processor 302 is executed.
Is the block information key Kbit and the block information (B
A check value B (ICVb ') is generated from (IT).
The check value B is the check value B generation key Kic stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302.
Using vb as a key, an exclusive OR value consisting of the block information key Kbit and the block information (BIT) is encrypted by DES and generated. Next, in step S109,
The check value B is compared with the ICVb in the header, and if they match, the process proceeds to step S151.

In format type 3, the check values B and ICVb function as check values for verifying the tampering of the block information key Kbit and block information.
When the generated check value B matches the check value: ICVb stored in the header (Header), it is determined that the block information key Kbit and the block information are not tampered with.

Since steps S151 to S112 are the same as the format type 2 processing, description thereof will be omitted.

In step S163, step S151
Block key K included in the content data read in
The blc is decrypted by the delivery key Kdis generated in step S105.

Next, in step S164, the recording / reproducing device 3
The recording / reproducing device cryptographic processing unit 302 of 00 performs step S16.
Block information key Kbit decrypted in step 1 and step S
The block key Kblc decrypted in 163 is encrypted by the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 with the session key Kses shared during the mutual authentication. The control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the block key Kblc encrypted with the session key Kses from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and records these data. To the recording device 400 via the recording device controller 303.

Next, in step S165, the block information key Kbit transmitted from the recording / reproducing device 300.
Device 400 that has received the block key Kblc
Causes the encryption / decryption unit 406 of the recording device encryption processing unit 401 to decrypt the received data with the session key Kses shared during mutual authentication, and stores the data in the internal memory 405 of the recording device encryption processing unit 401. The control unit 301 of the recording / reproducing device 300 causes the recording device 40 of the recording / reproducing device 300 to re-encrypt with the stored storage device-specific storage key Kstr.
The block information key Kbit and the block key Kblc re-encrypted with the storage key Kstr from 0 are read. That is,
Initially, the block information key K encrypted with the delivery key Kdis
The block information key Kbit and the block key Kblc in which the bit and the block key Kblc are re-encrypted with the storage key Kstr.
Replace with.

The following steps S119 to S122 are the same as those of the above-mentioned format types 0, 1 and 2, and therefore their explanations are omitted.

The above is the aspect of the download processing of the content data in the format type 3. As described above, the format type 3 download process does not perform the block data decoding and the content check value inquiry process as in the case of the format type 2, so that a quick process is possible and real-time processing such as music data is required. It is a format suitable for data processing. Further, since the range for protecting the encrypted content is localized by the block key Kblc, the security becomes higher than that of the format type 2.

Next, the reproducing process from the recording device 400 in the recording / reproducing device 300 in each of the format types 0 to 3 will be described with reference to the flows of FIGS.

First, description will be made regarding the content reproduction processing in the format type 0 with reference to FIG.

Step S201 is an authentication processing step between the recording / reproducing device and the recording device, and is executed according to the above-described authentication processing flow of FIG.

When the authentication processing in step S201 is completed and the authentication flag is set, the recording / reproducing device 300 reads the header of the data according to the predetermined format from the recording device 400 in step S202, and the recording / reproducing device 300. To the recording / reproducing device encryption processing unit 302.

Next, in step S203, the control unit 306 of the encryption processing unit 302 causes the recording / reproducing device encryption processing unit 30 to operate.
The second encryption / decryption unit 308 is caused to calculate the check value A. As shown in FIG. 23 described above, the check value A is handled as identification information (Content ID) using the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as a key. Usage Polic
y) is calculated as a message. Next, step S
In 204, the calculated check value A and the header (He
check value stored in ader): ICVa is compared,
If they match, the process proceeds to step S205.

The check values A and ICVa are check values for verifying the falsification of the identification information and the handling policy. When the calculated check value A matches the check value: ICVa stored in the header, it is determined that the identification information and the handling policy stored in the recording device 400 have not been tampered with.

[0380] Next, in step S205, the control unit 301 of the recording / reproducing device 300 extracts the block information key Kbit and the content key Kcon encrypted with the storage device-specific storage key Kstr from the read header,
It is transmitted to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.

Upon receiving the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300, the recording device 400 transfers the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401. The session key Kse shared at the time of mutual authentication is decrypted with the storage device-specific storage key Kstr stored in the internal memory 405 of the processing unit 401.
Re-encrypt with s. This processing is as described in detail in the section of (9) Key exchange processing after mutual authentication described above.

In step S206, the recording / reproducing device 300
The control unit 301 of the block information key Kb re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording and reproducing device 300.
It and the content key Kcon are received.

Next, in step S207, the control section 301 of the recording / reproducing device 300 receives the received session key K.
The block information key Kbit and content key Kcon re-encrypted by ses are transmitted to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and the block information key Kbit and content key Kco re-encrypted by the session key Kses.
The recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 that has received n instructs the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to perform the block information key Kbit and the content key Kcon encrypted with the session key Kses. Is decrypted with the session key Kses shared at the time of mutual authentication.

Further, in step S208, the block information read in step S202 is decrypted with the decrypted block information key Kbit. The recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 uses the decrypted block information key Kbit and content key Kcon.
The block information BIT and the block information BIT are replaced with the block information key Kbit, the content key Kcon, and the block information BIT included in the header read in step S202 and held. Further, the control unit 30 of the recording / reproducing device 300
1 is a recording / reproducing device 3 for the decrypted block information BIT.
00 from the recording / reproducing device encryption processing unit 302.

Further, in step S209, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 generates a check value B (ICVb ') from the block information key Kbit, the content key Kcon and the block information (BIT). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the block information key Kbit, the content key Kcon, and the block information ( It is generated by encrypting an exclusive OR value composed of BIT) with DES. Next, in step S210, the check value B is compared with the ICVb in the header (Header), and if they match, the process proceeds to step S211.

The check value B and ICVb are check values for verifying the tampering of the block information key Kbit, the content key Kcon, and the block information, and the generated check value B is the check value stored in the header (Header). Value: If it matches ICVb, the recording device 400
It is determined that the block information key Kbit, the content key Kcon, and the block information in the data stored in No.

In step S211, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the intermediate check value. The intermediate check value is, as shown in FIG.
Using the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as a key, the check value A, the check value B in the verified Header, and all content check values in the block information are sent as a message. Is calculated according to the ICV calculation method described with reference to FIG. The generated intermediate check value is stored in the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 as needed.

Next, in step S212, the control unit 301 of the recording / reproducing device 300 extracts the usage restriction information from the handling policy included in the header part of the data read from the external memory 402 of the recording device 400, It is determined whether the content to be reproduced can be used only by the recording / reproducing device 300 (use restriction information is 1) or can be used by another similar recording / reproducing device 300 (use restriction information is 0). As a result of the determination, if the usage constraint information is 1, that is, if the usage constraint that the playback content can be used only by the recording / playback device 300 is set, step S213.
If the usage restriction information is 0, that is, the setting can be used in another similar recording / reproducing device 300, the process proceeds to step S215. The encryption processing unit 302 may perform the process of step S212.

At step S213, the recording / reproducing device 300.
The control unit 301 controls the check value ICV unique to the recording and reproducing device.
The recording / reproducing device encryption processing unit 3 of the recording / reproducing device 300
Let 02 calculate. Check value ICV unique to recording / playback device
25, the recording / playback device signature key Kdev stored in the internal memory 307 of the recording / playback device cryptographic processing unit 302 is used as a key, and the intermediate check value stored in step S211 is DES. Generate by encrypting.

Next, in step S214, the check value IC peculiar to the recording / reproducing device calculated in step S213.
Vdev 'is compared with ICVdev in the header read in step S202, and if they match, the process proceeds to step S217.

On the other hand, in step S215, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to perform the total check value ICV.
Let t be calculated. The total check value ICVt 'is shown in FIG.
As shown in, the system check key Ksys stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 is used as a key, and the intermediate check value is encrypted by DES and generated.
Next, in step S216, the generated total check value ICVt 'is compared with the ICVt in the header (Header), and if they match, the process proceeds to step S217.

The total check value ICVt and the check value ICVdev peculiar to the recording / reproducing device are ICVa and ICV.
b, check value of each content block This is a check value for verifying tampering. Therefore, when the check value generated by the above process matches the check value: ICVt or ICVdev stored in the header, the IC stored in the recording device 400.
It is determined that all the check values of Va, ICVb, and each content block have not been tampered with.

Next, in step S217, the control section 301 of the recording / reproducing device 300 reads the block data from the recording device 400. Further, step S218
It is determined whether or not the block data has been encrypted, and if it is encrypted, the encryption processing unit 302 of the recording / reproducing device 300 decrypts the block data. If not encrypted, step S219 is skipped and the process proceeds to step S220.

Next, in step S220, the control unit 301 of the recording / reproducing device 300 has the block information (BIT).
Based on the content block information in, check whether the content block is a verification target. When the content block is the verification target, the content check value is stored in the block information in the header. If the content block is the verification target, the content check value ICVi ′ of the corresponding content block is calculated in step S221. If the content block is not the verification target, steps S221 and S222 are skipped and the process proceeds to step S223.

If the block is encrypted as described above with reference to FIG. 36, the content check value ICVi ′ is decrypted with the content key Kcon in the input content block in the DES CBC mode, and the result is All content intermediate values generated by exclusive OR in units of 8 bytes are encrypted with the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device 300 to generate. If the block is not encrypted, the entire data (plaintext) is changed in units of 8 bytes to the falsification check value generation function (DES-CBC-MAC,
It is generated as a value obtained by inputting the content check value generation key Kicvc as a key.

In step S222, the control section 306 of the recording / reproducing device encryption processing section 302 determines the generated content check value ICVi 'and the content check value ICVi stored in the header section received from the recording device 400 in step S202. Are compared and the result is passed to the control unit 301 of the recording / reproducing device 300. When the verification has succeeded, the control unit 301 of the recording / reproducing device 300 which has received this receives the recording / reproducing system R in step S223.
The content plaintext data for execution (reproduction) is stored on the AM. The control unit 301 of the recording / reproducing device 300 further extracts the next content block to be verified and records / reproducing device 30.
The recording / reproducing device encryption processing unit 302 of 0 performs the same verification process until all the content blocks are verified, RA
The M storage process is repeated (step S224).

Note that step S204 and step S21
0, step S214, step S216, step S
In any of 222, if the check values do not match, the reproduction process ends as an error.

If it is determined in step S224 that all blocks have been read out, the flow advances to step S225 to start execution and reproduction of the content (program, data).

The above is the aspect of the reproduction processing of the content data in the format type 0.

Next, the reproducing process of the content data in the format type 1 will be described with reference to FIG. The difference from the above-described format type 0 reproduction processing will be mainly described.

Since the processing from step S201 to step S217 is the same as the above-mentioned format type 0 reproduction processing, description thereof will be omitted.

For format type 1, step S2
At 31, decryption of the encrypted part is performed to generate the part ICV. Further, in step S232, the block ICVi ′ is generated. As described above, in the format type 1, if at least one of the parts in the block is the target data of the check value ICVi, the content check value ICVi is defined for the block. The check value P-ICVij of the part j in the block i is the part j.
Is encrypted, a value obtained by exclusive ORing the entire plaintext (decrypted text) in units of 8 bytes is generated as a value encrypted with the content check value generation key Kicvc. Also,
Data (plaintext) if part j is not encrypted
It is generated as a value obtained by inputting the whole in 8-byte units to the falsification check value generation function (DES-CBC-MAC, which uses the content check value generation key Kicvc as a key) shown in FIG.

[0403] Further, it is shown that one block i is a check target. [ICV flag = subject
If there is only one part that is of ICV], the check value P-ICVij generated by the above-mentioned method is directly used as the check value ICVi of the block, and 1
It shows that it is a check target in one block i [I
CV flag = subject of ICV], when there are a plurality of parts, a plurality of parts check values P
-A falsification check value generation function (DES-CBC-MAC, shown in FIG. 36 for the entire data (plaintext) in units of 8 bytes for the data obtained by concatenating ICVi, j in the order of part numbers.
It is generated as a value obtained by inputting the content check value generation key Kicvc as a key. This is shown in FIG.
It is as explained in.

In the format type 1, the content check value comparison processing generated by the above procedure is executed in step S222. Step S2 below
Since the processing of 23 and subsequent steps is the same as that of the format type 0, its explanation is omitted.

Next, the reproduction process of the content data in the format type 2 will be described with reference to FIG. The differences from the above-mentioned format type 0, 1 reproduction processing will be mainly described.

Since steps S201 to S210 are the same as the above-described format type 0, 1 reproduction processing, description thereof will be omitted.

For format type 2, step S21 executed for format types 0, 1
The processes of 1 to S216 are not executed. Further, since the format type 2 does not have the content check value, the verification of the content check value in step S222 executed in the format types 0 and 1 is not executed.

In the format type 2 data reproducing process, after the step of verifying the check value B in step S210, the process proceeds to step S217, and the recording / reproducing device 300 is operated.
The block data is read out under the control of the control unit 301. Further, in step S241, the encryption processing unit 306 of the recording / reproducing device 300 executes the decryption process of the block key Kblc included in the block data.
Block key Kblc stored in the recording device 400
Is encrypted with the content key Kcon as shown in FIG. 34, and the block key Kblc is decrypted using the content key Kcon decrypted in the previous step S207.

[0409] Next, in step S242, the block data decryption process is executed using the block key Kblc decrypted in step S241. Further, in step S243, content (program, data) execution and reproduction processing are executed. Step S217
~ The process of step S243 is repeatedly executed for all blocks. If it is determined in step S244 that all blocks have been read, the reproduction process ends.

As described above, the format type 2 processing omits the check value verification processing such as the total check value, and is suitable for high-speed decoding processing, and real-time processing such as music data is required. This format is suitable for data processing.

Next, the reproduction processing of the content data in the format type 3 will be described with reference to FIG. The difference from the above-described format type 0, 1, and 2 reproduction processing will be mainly described.

Format type 3 basically has a lot in common with the processing in format type 2, but
The format type 3 does not have the content key as described in FIG. 35, and the block key Kblc
Is different from the format type 2 in that the data is stored in the recording device after being encrypted by the storage key Kstr.

In steps S201 to S210, step S251, step S252, step S25.
3, the processing in step S254 is configured as processing that does not include a content key, unlike the corresponding processing in the format types 0, 1 and 2 described above.

In step S251, the recording / reproducing device 3
The control unit 301 of 00 retrieves the block information key Kbit encrypted with the storage device-specific storage key Kstr from the read header, and transmits it to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.

The recording device 400 that has received the block information key Kbit transmitted from the recording / reproducing device 300,
The received data is decrypted by the encryption / decryption unit 406 of the recording device encryption processing unit 401 with the storage device unique storage key Kstr stored in the internal memory 405 of the recording device encryption processing unit 401, and the mutual authentication is performed. It is re-encrypted with the session key Kses shared at that time. This processing is as described in detail in the section of (9) Key exchange processing after mutual authentication described above.

In step S252, the recording / reproducing device 300
The control unit 301 of the block information key Kb re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording and reproducing device 300.
Receive it.

Next, in step S253, the control unit 301 of the recording / reproducing device 300 receives the received session key K.
The block information key Kbit re-encrypted in ses is transmitted to the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300,
Upon receiving the block information key Kbit re-encrypted with the session key Kses, the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 performs the encryption / decryption of the recording / reproducing device cryptographic processing unit 302.
The decryption unit 308 causes the block information key Kbit encrypted with the session key Kses to be decrypted with the session key Kses shared during mutual authentication.

Further, in step S208, the block information read in step S202 is decrypted with the decrypted block information key Kbit. The recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300 uses the decrypted block information key Kbit and block information BI.
The T is replaced with the block information key Kbit and the block information BIT included in the header read in step S202 and held. Further, the control unit 301 of the recording / reproducing device 300 reads the decrypted block information BIT from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.

Further, in step S254, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 generates a check value B (ICVb ') from the block information key Kbit and the block information (BIT). Check value B is
As shown in FIG. 24, the check value B generation key K stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302.
Using icvb as a key, an exclusive OR value consisting of the block information key Kbit and the block information (BIT) is encrypted by DES and generated. Next, in step S210, the check value B is compared with the ICVb in the header (Header), and if they match, the process proceeds to step S211.

In format type 3, since the block key is encrypted by the save key when it is stored in the recording device, the decryption process using the save key in the recording device 400, the encryption process using the session key, and the The decryption process with the session key in the recording / reproducing device 300 is required. These series of processes are performed in step S255,
This is the processing step shown in step S256.

In step S255, the recording / reproducing device 300
The control unit 301 of the recording / reproducing device 300 extracts the block key Kblc encrypted with the storage device-specific storage key Kstr from the block read in step S217.
To the recording device 400 via the recording device controller 303.

Upon receiving the block key Kblc transmitted from the recording / reproducing device 300, the recording device 400 transfers the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401, and the inside of the recording device encryption processing unit 401. The storage key Kstr unique to the recording device stored in the memory 405 is used for decryption processing, and the session key Kses shared during mutual authentication is used for re-encryption. This process is as described in detail in the above-mentioned section "(9) Key exchange process after mutual authentication".

In step S256, the recording / reproducing device 300
The control unit 301 of the block key Kblc re-encrypted from the recording device 400 with the session key Kses via the recording device controller 303 of the recording and reproducing device 300.
To receive.

Next, in step S257, the block key Kbl by the encryption processing unit 306 of the recording / reproducing device 300.
The decryption process using the session key Kses of c is executed.

Next, in step S242, block data decryption processing is executed using the block key Kblc decrypted in step S257. Further, in step S243, content (program, data) execution and reproduction processing are executed. Step S217
~ The process of step S243 is repeatedly executed for all blocks. If it is determined in step S244 that all blocks have been read, the reproduction process ends.

The above processing is the processing for reproducing the content in format type 3. Although it is similar to the format type 2 in that the verification process of the total check value is omitted, it has a processing configuration with a higher security level than the format type 2 in that it includes the key exchange process of the block key. .

(11) Check value (ICV) generation processing mode in content provider In the above-described embodiment, the verification processing for various check values ICV is executed at the stage of content download or reproduction processing. I have explained. Here, aspects of these check value (ICV) generation processing and verification processing will be described.

First, the check values ICV used in the data processing apparatus of the present invention are as follows, when the check values described in the embodiments are briefly summarized.

Check value A, ICVa: Check value for verifying tampering of identification information and handling policy in content data. Check value B, ICVb: block information key Kbit, content key Kcon, check value for verifying tampering of block information. Content check value ICVi: A check value for verifying tampering of each content block of the content. Total check value ICVt: Check value ICVa, check value ICVb, and a check value for verifying tampering of all check values of each content block. Reproducer-specific check value ICVdev: a check value that is replaced with the total check value ICVt when the localization flag is set to 1, that is, when it indicates that the content is unique to the recording / reproducing device. , The above-mentioned check value A: ICVa, check value B: ICVb, and the check value ICVi included in each block that is the content check target.
It is generated as a check value for the whole. Depending on the format, the target to be checked by ICVt and ICVdev may be the content itself instead of the check value of each content block.

Each of the above check values is used in the data processing device of the present invention. Among the above check values, the check value A, the check value B, the total check value, and the content check value are, for example, a content provider that provides content data as shown in FIGS. An ICV value is generated by a person based on each verification target data, stored in the data together with the content, and provided to the user of the recording / reproducing device 300. A user of the recording / reproducing device, that is, a content user, generates a verification ICV based on each verification target data when downloading or reproducing the content to a recording device, and stores the ICV as a stored ICV. Make a comparison of. The playback device unique check value ICVdev is replaced with the total check value ICVt and stored in the recording device when the content indicates that the content is uniquely available to the recording and playback device.

Regarding the check value generation processing, in the above-mentioned embodiments, the generation processing structure by DES-CBC has been mainly described. However, the ICV generation processing mode is not limited to the above-described method, and various generation processing modes and further various verification processing modes are possible. In particular, regarding the relationship between the content provider or administrator and the content user, various ICV generation and verification processing configurations described below are possible.

46 to 48 are diagrams for explaining the generation process of the check value ICV by the generator and the verification process by the verifier.

FIG. 46 shows the DE described in the above embodiment.
The ICV generation process by S-CBC is performed by an ICV generator, which is a content provider or a manager, and the generated ICV is provided to a recording / reproducing device user, that is, a verifier together with the content. In this case, the key required by the recording / reproducing device user, that is, the verifier in the verification process is each check value generation key stored in the internal memory 307 shown in FIG. 18, for example. The verifier (recorder / reproducer user) who is the content user uses the check value generation key stored in the internal memory 307 to apply the DES-CBC to the data to be verified to generate the check value. Executes comparison processing with the stored check value. In this case, each check value generation key is configured as a key secretly shared by the ICV generator and the verifier.

In FIG. 47, the creator of the ICV, who is the content provider or the administrator, creates the ICV by the digital signature of the public key cryptosystem and provides the created ICV with the content to the content user, that is, the verifier. . The content user, that is, the verifier stores the public key of the ICV generator and executes the ICV verification process using the public key. In this case, it is not necessary to keep the public key of the content user (recorder / reproducer user), that is, the ICV generator of the verifier secret, and management is easy. This is a mode suitable when the generation and management of the ICV are performed at a high security management level, such as when the generation and management of the ICV are executed in one entity.

In FIG. 48, the creator of the ICV, which is the content provider or the administrator, creates the ICV by the digital signature of the public key cryptosystem and provides the created ICV with the content to the content user, that is, the verifier. Further, the public key used for verification by the verifier is stored in a public key certificate (for example, see FIG. 14) and provided to the recording / reproducing device user, that is, the verifier together with the content data. When there are a plurality of ICV generators, each generator asks the key management center to create data (public key certificate) certifying the validity of the public key.

The contents user who is the ICV verifier has the public key of the key management center, and the verifier executes the verification of the public key certificate with the public key of the key management center, and if the validity is confirmed, IC stored in the public key certificate
Retrieve the public key of the creator of V. Furthermore, I took out
ICV verification is performed using the public key of the CV creator.

This method has a plurality of ICV generators,
This is an effective mode when a management execution system by a center that executes those management is established.

(12) Configuration of Cryptographic Processing Key Generation Based on Master Key Next, the configuration of generating various cryptographic processing keys based on the master key, which is one of the characteristic configurations of the data processing system of the present invention, will be described. .

As described above with reference to FIG. 18, various master keys are stored in the internal memory of the recording / reproducing device 300 in the data processing device of the present invention. The configuration is such that an authentication key Kake is generated (see Formula 3) or a delivery key Kdis is generated (see Formula 4).

Conventionally, encrypted communication is performed between one-to-one entities, that is, between content providers and content users, or between the recording / reproducing device 300 and the recording medium 400 in the above-described data processing device of the present invention.
When performing mutual authentication, MAC generation, verification, etc., secret information common to each entity, such as key information, was held. Also, there is a one-to-many relationship, for example, many content users for one content provider, or one
In relation to a large number of recording media for one recording / reproducing device, all entities, that is, a large number of content users, or a configuration in which secret information shared by a large number of recording media, for example, key information is stored and held, Alternatively, one content provider individually manages the secret information (ex. Key) of each of a number of content users, and uses this secret information properly according to each content user.

However, when there is a one-to-many usage relationship as described above, secret information (ex. Key) shared by all
In the configuration of owning, there is a drawback that if a secret leak occurs at one location, it affects all those who use the same secret information (ex. Key). In addition, if one administrator, for example, a content provider, manages secret information (ex. Key) of each of a number of content users individually and uses this secretly according to each content user, all users can be protected. There is a drawback in that a list in which identification information is identified and unique secret information (ex. Key) is associated with the identification data is required, and the burden of maintenance of the list increases as the number of users increases.

In the data processing apparatus of the present invention, the conventional problems in sharing secret information between entities are solved by the possession of the master key and the configuration of generating various individual keys from the master key. Less than,
This configuration will be described.

In the data processing device of the present invention, when different individual keys are required for various encryption processes, authentication processes, etc. between the recording device, the medium storing the contents, or the recording / playback devices, the individual keys are required. A key is generated by using individual information such as identifier data (ID) unique to each device or medium and a predetermined individual key generation method within the recording / reproducing device 300. With this configuration, even if the generated individual key is identified, it is possible to prevent damage to the entire system by preventing the master key from leaking. Moreover, the management of the correspondence list is not required due to the configuration of generating the key by the master key.

A specific structural example will be described with reference to the drawings. First, FIG. 49 shows a diagram for explaining a configuration for generating various keys using various master keys of the recording and reproducing device 300. Content is input from the medium 500 and the communication unit 600 in FIG. 49, as in the above-described embodiment. The content is encrypted with the content key Kcon, and the content key Kcon is the delivery key Kdis.
It is encrypted by.

For example, the recording / reproducing device 300 is the medium 50.
0, when the content is taken out from the communication means 600 and is to be downloaded to the recording device 400, the recording / reproducing device 300 encrypts the content key as described above with reference to FIGS. 22 and 39 to 41. Key K
It is necessary to obtain dis. This Kdis is directly acquired from the medium 500 or the communication means 600, or is acquired by the recording / reproducing device 300 in advance and is recorded / reproducing device 30.
It is possible to store it in the memory inside 0, but the distribution configuration of such a key to a large number of users may cause leakage affecting the entire system as described above.

In the data processing system of the present invention, the delivery key Kdis is stored in the memory of the recording / reproducing device 300 as shown in the lower part of FIG.
processing based on is and the content ID, that is, Kdi
s = DES (MKdis, content ID) is applied to generate the delivery key Kdis. According to this configuration, in the content distribution configuration between the content provider that supplies the content from the medium 500 and the communication unit 600 and the recording / reproducing device 300 that is the content user, even when a large number of content providers exist, It is not necessary to distribute the delivery key Kdis of No. 1 through a medium, a communication medium, or the like, and it is not necessary to store it in each recording / reproducing device 300, and it is possible to maintain high security.

Next, generation of the authentication key Kake will be described. The download process from the recording / reproducing device 300 of FIGS. 22 and 39 to 41 described above to the recording medium 400, or the content stored in the recording medium 400 described in FIGS. 28 and 42 to 45 is recorded / reproducing device 300.
Mutual authentication processing between the recording / reproducing device 300 and the recording medium 400, when executing and reproducing in (2) (see FIG. 20).
Is required.

As described with reference to FIG. 20, the recording / reproducing device 300 requires the authentication key Kake in this authentication processing. The recording / reproducing device 300 acquires the authentication key directly from the recording medium 400, or the recording / reproducing device 3 in advance.
00 can be acquired and stored in the memory in the recording / reproducing device 300. However, like the configuration of the delivery key described above,
The distribution configuration of such a key to a large number of users has the possibility of leakage affecting the entire system.

In the data processing system of the present invention, the authentication key Kake is stored in the memory of the recording / reproducing device 300 as shown in the lower part of FIG.
and a process based on the recording device identification ID: IDmem, that is, Kake = DES (MKake, IDme
The authentication key Kake is obtained by m).

Further, the download processing from the recording / reproducing device 300 shown in FIGS. 22 and 39 to 41 to the recording medium 400, or the content stored in the recording medium 400 described with reference to FIGS. 28 and 42 to 45, the recording / reproducing device 30.
In the case of executing and reproducing at 0, the recording / reproducing device signature key Kdev necessary for the generation process of the recording / reproducing device unique check value ICVdev when the content is unique to the recording / reproducing device is also the above-mentioned delivery key and authentication key. The same configuration can be used. In the above-described embodiment, the recording / reproducing device signature key Kdev is stored in the internal memory. However, the recording / reproducing device signature key master key MKdev is stored in the memory, and the recording / reproducing device signature key Kdev is stored in the internal memory. However, if necessary, as shown in the lower part of FIG. 49, based on the recording / reproducing device identifier: IDdev and the recording / reproducing device signature key master key MKdev, Kdev = DES (MKd
ev, IDdev) recording / playback device signature key Kdev
By configuring so as to obtain the recording / playback device signature key Kdev
The advantage is that it is not necessary to have each device individually.

As described above, in the data processing device of the present invention, the information such as the key necessary for the procedure concerning the cryptographic information processing between the two entities such as the provider and the recording / reproducing device or the recording / reproducing device and the recording device. Since the key is sequentially generated from the master key and each ID, even if the key information is leaked from each entity, the range of damage caused by the individual key is further limited. There is no need to manage the key list.

A plurality of processing examples relating to this configuration will be described by showing a flow. FIG. 50 shows an example of an encryption process of contents or the like using a master key by a content producer or an administrator and a decryption process of encrypted data using a master key in a user device, for example, the recording / reproducing device 300 in the above-described embodiment. is there.

Step S501 in the content production or administrator is a step of giving an identifier (content ID) to the content. Step S502
Is a step of generating a key for encrypting the content or the like based on the master key and the content ID possessed by the content creator or administrator. This is, for example, the delivery key K
Assuming that the process for generating dis is Kdis = DE described above.
Delivery key Kd by S (MKdis, content ID)
Generate is. Next, step S503 is a step of encrypting a part or all of the content with a key (for example, the delivery key Kdis). The content creator distributes the content, which has been subjected to the encryption processing through such steps, through a medium such as a DVD or a communication means.

On the other hand, on the user device side such as the recording / reproducing device 300, in step S504, the content ID is read from the content data received via the medium, the communication means or the like. Next, step S505.
At, a key to be applied to decrypt the encrypted content is generated based on the read content ID and the master key possessed by the user. In this generation process, when the delivery key Kdis is obtained, for example, the delivery key Kdis = DES (MKd
is, content ID). In step S506,
The content is decrypted using this key, and step S507
Use the decrypted content, that is, play or execute the program.

In this example, as shown in the lower part of FIG. 50, both the content creator or administrator and the user device have master keys (for example, delivery key generation master key MK).
a master key and each ID that possesses the delivery key necessary for encryption and decryption of the content
It is generated based on (content ID).

In this system, if the delivery key is leaked to a third party, the content can be decrypted by the third party, but it is possible to prevent the decryption of other content having a different content ID. Therefore, the effect that the leakage of one content key has on the entire system can be minimized. There is also an effect that it is not necessary for the user device side, that is, the recording and reproducing device, to hold the key correspondence list for each content.

Next, with reference to FIG. 51, an example will be described in which the content producer or administrator possesses a plurality of master keys and executes processing according to the content distribution target.

Step S511 in the content production or administrator is a step of giving an identifier (content ID) to the content. Step S512
Is a plurality of master keys possessed by the content creator or the administrator (for example, a plurality of delivery key generation master keys MKdi
This is the step of selecting one master key from s).
This selection process will be further described with reference to FIG. 52. A master key to be applied is set in advance in association with each country of the content user, each model, or each model version, and is executed according to the setting. To do.

Next, in step S513, step S
An encryption key is generated based on the master key selected in 512 and the content ID determined in step S511. For example, if it is a step of generating the delivery key Kdisi, it is generated by Kdisi = DES (MKdisi, content ID). Next, step S514.
Is a key for some or all of the content (for example, the delivery key K
This is the step of encryption by disi). In step S515, the content creator distributes the content ID, the master key identification information used, and the content that has been encrypted by using the encrypted content as one distribution unit via a medium such as a DVD or a communication unit. To do.

On the other hand, on the user device side such as the recording / reproducing device 300, on the other hand, in step S516, the master key corresponding to the master key identification information in the content data distributed via the medium such as the DVD or the communication means is self-generated. Determines whether or not If the master key corresponding to the master key identification information in the content data is not included, the distributed content cannot be used by the user device, and the process ends.

When the master key corresponding to the master key identification information in the distributed content data is owned by itself, in step S517, the content I is selected from the content data received via the medium, the communication means or the like.
Read D. Next, in step S518, a key applied to decrypt the encrypted content is generated based on the read content ID and the master key possessed by the key. In this generation process, when the delivery key Kdisi is obtained, for example, the delivery key Kdisi = DES (MKdisi,
Content ID). In step S519, the content is decrypted using this key, and in step S520, the decrypted content is used, that is, played back or executed.

In this example, as shown in the lower part of FIG. 51, the content producer or administrator has a plurality of master keys, for example, a plurality of delivery key generating master keys MKdis1.
Have a master key set consisting of n. On the other hand, the user device has one master key, for example, one delivery key generation master key KKdisi, and only when the content creator or administrator uses MKdisi to perform the encryption process, the user device only stores the content. It can be decrypted and used.

As a specific example of the mode shown in the flow of FIG. 51, FIG. 52 shows an example in which a different master key is applied for each country. The content provider has master keys MK1 to n
The MK1 is used to generate a key for executing the encryption process of the content distributed to the user device for Japan. For example, the encryption key K1 is generated from the content ID and MK1, and the content is encrypted by K1. Also, MK
2 is set to be used for key generation for performing encryption processing of contents to be delivered to user devices for US, and MK3 is set to be used for key generation for encryption processing of contents to be delivered to user devices for EU (Europe) is doing.

On the other hand, a master device MK1 is stored in the internal memory of a user device for Japan, specifically, a recording / reproducing device such as a PC or a game machine sold in Japan. The key MK2 is stored in its internal memory, and in the EU user device, the master key MK3 is stored in its internal memory.

In such a configuration, the content provider encrypts the content to be distributed to the user device by selectively using the master key from the master keys MK1 to n according to the user device that can use the content. To execute. For example, in order to make contents available only to user devices for Japan, the master key M
The content is encrypted with the key K1 generated using K1. This encrypted content can be decrypted by using the master key MK1 stored in the user device for Japan, that is, a decryption key can be generated, but the master key MK2 stored in another US or EU user device. , MK3, the key K1 cannot be obtained, so that the encrypted content cannot be decrypted.

As described above, by selectively using the plurality of master keys by the content provider, it is possible to set various usage restrictions on the content. In FIG. 52, an example is shown in which the master key is distinguished for each country of the user device, but as described above, various usage modes are possible, such as switching the master key according to the model of the user device or according to the version. Is.

Next, FIG. 53 shows a processing example in which a media unique identifier, that is, a media ID and a master key are combined. here. The medium is a medium that stores contents such as a DVD and a CD. Media ID
May be unique for each medium, for example, for each title of content such as a movie, or for each production lot of media. As described above, various methods can be used as the method of assigning the media ID.

[0468] The step S521 in the media production or manager is the identifier for the media (Media I
This is the step of determining D). Step S522 is
This is a step of generating a key for encrypting the stored content in the medium based on the master key possessed by the media production or administrator and the media ID. This is for example
If the process of generating the delivery key Kdis is performed, the above-mentioned Kdi
The delivery key Kdis is generated by s = DES (MKdis, media ID). Next, step S523 is a step of encrypting a part or all of the media storage content with a key (for example, the delivery key Kdis).
The media producer supplies the encrypted content storage medium through these steps.

On the other hand, on the user device side such as the recording / reproducing device 300, in step S524, the media ID is read from the supplied media. Next, in step S525, a key to be applied to decrypt the encrypted content is generated based on the read media ID and the master key possessed by the key. In this generation process, when the delivery key Kdis is obtained, for example, the delivery key Kdis = DES
(MKdis, media ID). Step S52
In step 6, the content is decrypted using this key, and step S
At 527, the decrypted content is used, that is, played back or the program is executed.

In this example, as shown in the lower part of FIG. 53, both the media producer or administrator and the user device have master keys (for example, delivery key generating master key MKd).
is), and the delivery key required for encryption and decryption of the contents is sequentially possessed by each master key and each ID
It is generated based on (media ID).

In this system, in the unlikely event that the media key is leaked to a third party, the content in the medium can be decrypted by the third party, but the content stored in another medium having a different media ID can be decrypted. Since it can be prevented, it is possible to minimize the influence of the leakage of one media key on the entire system. There is also an effect that it is not necessary for the user device side, that is, the recording / reproducing device to hold the key correspondence list for each medium. In addition, the content size encrypted with one media key is limited to the capacity that can be stored in the media, so it is unlikely to reach the amount of information required for a ciphertext attack, and decryption is possible. Can be reduced.

[0472] Next, Fig. 54 shows an identifier unique to the recording / reproducing device.
That is, a processing example in which the recording / reproducing device ID and the master key are combined is shown.

[0473] Step S53 in recording / reproducing device user
A step 1 is a step of generating a key for encrypting content or the like based on a master key and a recording / reproducing device ID stored in, for example, an internal memory of the recording / reproducing device. This is for example
If the process of generating the content key Kcon is Kco
The content key Kcon is generated by n = DES (MKcon, recording / playback device ID). Next, step S53.
Step 2 is a step of encrypting a part or all of the stored content with a key (for example, a delivery key Kcon). A step S533 stores the encrypted content in a recording device such as a hard disk.

On the other hand, when the recording / playback device user who has stored the content requests the system administrator who manages the recording / playback device to restore the stored data, the recording / playback device sends the recording / playback device ID in step S534. Read out.
Next, in step S535, a key to be applied to the decryption of the encrypted content is generated based on the read recording / reproducing device ID and the master key owned. In the case where the content key Kcon is obtained, this generation processing is, for example, content key Kcon = DES (MKcon, recording / reproducing device ID). In step S536, the content is decrypted using this key.

In this example, as shown in the lower part of FIG. 54, both the recording / reproducing device user and the system administrator use a master key (for example, a content key generating master key MKco).
n), a delivery key required for content encryption and decryption is sequentially generated based on each master key and each ID (recording / reproducing device ID).

In this system, if the content key is leaked to a third party, the content can be decrypted by the third party, but the content encrypted for another recording / reproducing device with a different recording / reproducing device ID. Since it is possible to prevent the decryption of, the effect of leaking one content key on the entire system can be minimized. Further, there is also an effect that it is not necessary for both the system management side and the user device side to hold the key correspondence list for each content.

FIG. 55 shows a configuration in which an authentication key used for mutual authentication processing between a slave device, for example, a recording device such as a memory card, and a host device, for example, a recording / reproducing device is generated based on the master key. In the authentication process described above (see FIG. 20), the authentication key is stored in advance in the internal memory of the slave device. However, as shown in FIG. 55, the authentication key is generated based on the master key during the authentication process. can do.

For example, the slave device, which is a recording device, executes the step S as the initialization process before the start of the authentication process.
In 541, an authentication key Kake used for mutual authentication processing based on the master key and the slave device ID stored in the internal memory of the slave device which is the recording device.
To generate. For example, Kake = DES (MKa
ke, slave device ID). Next, in step S542, the generated authentication key is stored in the memory.

On the other hand, on the side of the host device such as the recording / reproducing device, in step S543, the slave device ID is read from the mounted recording device, that is, the slave device via the communication means. Next, in step S544, the read slave device ID
The authentication key to be applied to the mutual authentication process is generated based on the authentication key generation master key possessed by This generation processing is, for example, authentication key Kake = DES (MKake, slave device ID). In step S545, an authentication process is executed using this authentication key.

In this example, as shown in the lower part of FIG. 55, both the slave device and the master device are master keys, that is, the authentication key generating master key MKake.
And sequentially generates an authentication key required for the mutual authentication process based on the master key and the slave device ID owned by each.

In this system, in the unlikely event that the authentication key is leaked to a third party, the authentication key is valid only for the slave device, so that the authentication cannot be established in the relationship with other slave devices. Therefore, there is an effect that the influence caused by the leakage of the key can be minimized.

As described above, in the data processing device of the present invention, the key and the like necessary for the procedure relating to the cryptographic information processing between the two providers such as the content provider and the recording / reproducing device or between the recording / reproducing device and the recording device are stored. Information is sequentially generated from the master key and each ID. Therefore, even if the key information is leaked from each entity, the range of damage caused by individual keys is more limited,
Further, it is not necessary to manage the key list for each individual entity as described above.

(13) Control of Encryption Strength in Cryptographic Processing In the above-described embodiment, the cryptographic processing between the recording / reproducing device 300 and the recording device 400 is mainly described with reference to FIG. 7 in order to facilitate understanding of the description. Explained single D
The example using the cryptographic processing with the ES configuration has been described. However, the encryption processing method applied in the data processing device of the present invention is not limited to the above-mentioned single DES method, and an encryption method according to a required security state can be adopted.

For example, the triple DES method as shown in FIGS. 8 to 10 described above may be applied. For example, the cryptographic processing unit 302 of the recording / reproducing device 300 and the cryptographic processing unit 401 of the recording device 400 illustrated in FIG.
It is possible to have a configuration in which a process corresponding to the cryptographic process by the triple DES method described in 1. is executed.

However, the content provider gives priority to the processing speed according to the content, and the content key Kc
In some cases, on has a 64-bit key structure based on the single DES method, and in some cases, the content key Kcon has a 128-bit or 192 bit key structure based on the triple DES method, giving priority to security. Therefore, the configurations of the encryption processing unit 302 of the recording / reproducing device 300 and the encryption processing unit 401 of the recording device 400 are triple DES.
It is not preferable to adopt a configuration that can support only one of the system and the single DES system. Therefore, the encryption processing unit 302 of the recording / reproducing device 300 and the recording device 40
0 encryption processing unit 401 is a single DES, triple D
It is desirable that the configuration be compatible with any of the ES methods.

However, the encryption processing section 302 of the recording / reproducing device 300 and the encryption processing section 401 of the recording device 400.
Cryptographic processing configuration of single DES, triple DES
In order to implement both methods, it is necessary to configure different circuits and logics. For example, in order to execute the processing corresponding to the triple DES in the recording device 400, it is necessary to newly store the triple DES instruction set in the command register shown in FIG. This causes the processing unit included in the recording device 400 to be complicated.

Therefore, the data processing apparatus of the present invention is capable of executing the processing corresponding to the triple DES encryption processing with the logic of the encryption processing unit 401 on the recording device 400 side having the single DES configuration, and by the triple DES method. We propose a configuration that allows encrypted data (keys, contents, etc.) to be stored in the external memory 402 of the recording device.

For example, in the example of the data format type 0 shown in FIG. 32, when the content data is downloaded from the recording / reproducing device 300 to the recording device 400, the flow of the download of the format type 0 described above is shown. In step S101 of 39, the authentication process is executed, and the session key Kses is generated here. Further, in step S117, the recording / reproducing device 3
In the encryption processing unit 302 on the 00 side, the session key Kse
The encryption processing of the content key Kcon by s is executed, this encryption key is transferred to the recording device 400 via the communication means, and in step S118, the encryption processing unit 403 of the recording device 400 that received this encryption key The content key Kcon is decrypted by the session key Kses, the content key Kcon is encrypted by the storage key Kstr, and this is transmitted to the encryption processing unit 302 of the recording / reproducing device 300, and then recorded. The regenerator 300 forms a data format (step S
121) and the formatted data is transmitted to the recording device 400, and the data received by the recording device 400 is stored in the external memory 402.

In the above processing, steps S117 and S1
If the cryptographic processing in the cryptographic processing unit 401 of the recording device 400 that is executed between 18 is configured so that either the single DES or the triple DES can be selectively executed, the content provider follows the triple DES. In either case, it is possible to provide the content data using the content key Kcon or the content data using the content key Kcon according to the single DES.

FIG. 56 shows a triple D using both the encryption processing unit 302 of the recording / reproducing device 300 and the encryption processing unit 401 of the recording device 400 in the data processing device of the present invention.
The flow explaining the structure which performs the encryption processing method according to the ES system is shown. In FIG. 56, the recording / reproducing device 3 is used as an example.
10 is an example of an encryption process of the content key Kcon using the storage key Kstr executed when the content data is downloaded from the storage device 400 to the recording device 400. An example in the case where the content key Kcon is a triple DES key is shown. There is. Note that here, the content key Kco
An example of the processing is shown on behalf of n, but the same processing can be applied to other data such as other keys or contents.

In the triple DES method, the above FIG.
As explained in -10, 6 in single DES
128 in case of 4-bit key, Triple DES method
This is a process in which two or three keys are used as a bit or 192-bit key structure. These three content keys are designated as Kcon1, Kcon2, (Kco
n3). Kcon3 is shown in parentheses because it may not be used.

The processing of FIG. 56 will be described. Step S301 is a mutual authentication processing step between the recording / reproducing device 300 and the recording device 400. This mutual authentication processing step is executed by the processing of FIG. 20 described above. A session key Kses is generated during this authentication process.

When the authentication processing in step S301 is completed, in step S302, the check processing of each check value, check value A, check value B, content check value, total check value, and each ICV is executed.

If these check value (ICV) collation processes are completed and it is determined that there is no data tampering, step S
Proceeding to step 303, in the recording / reproducing device 300, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 uses the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to obtain the delivery key previously extracted or generated. Using Kdis, the content key Kcon stored in the received medium 500 or the header portion of the data received from the communication unit 600 via the communication unit 305 is decrypted. In this case, the content key is a triple DES key,
Content key Kcon1, Kcon2, (Kcon3)
Is.

Next, in step S304, the control unit 306 of the recording / playback device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / playback device cryptographic processing unit 302 to decrypt the content keys Kcon1 and Kconk in step S303.
The content key Kcon in con2, (Kcon3)
Session key K that shared only 1 when mutual authentication
Encrypt with ses.

[0496] The control unit 301 of the recording / reproducing device 300 controls the content key Kcon encrypted with the session key Kses.
The data including 1 is read from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and these data are transmitted to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.

[0497] Next, in step S305, the content key Kcon1 transmitted from the recording / reproducing device 300.
The recording device 400 that receives the encrypted content key Kcon1 receives the received content key Kcon1 from the recording device encryption processing unit 401.
The decryption unit 406 decrypts the session key Kses shared during the mutual authentication. Further, step S3
In 06, the storage device-specific storage key K stored in the internal memory 405 of the recording device encryption processing unit 401.
It is re-encrypted by str and transmitted to the recording / reproducing device 300 via the communication unit 404.

Next, in step S307, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to decrypt the content keys Kcon1 and Kcon in step S303.
The content key Kcon in con2, (Kcon3)
Session key K that was shared with only 2 in mutual authentication
Encrypt with ses.

The control unit 301 of the recording / reproducing device 300 controls the content key Kcon encrypted with the session key Kses.
Data including 2 is read from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and these data are transmitted to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.

Next, in step S308, the content key Kcon2 transmitted from the recording / reproducing device 300.
The recording device 400 that has received the encrypted content key Kcon2 from the recording device encryption processing unit 401.
The decryption unit 406 decrypts the session key Kses shared during the mutual authentication. Further, step S3
In 09, the storage device-specific storage key K stored in the internal memory 405 of the recording device encryption processing unit 401.
It is re-encrypted by str and transmitted to the recording / reproducing device 300 via the communication unit 404.

Next, in step S310, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to decrypt the content keys Kcon1 and Kconk in step S303.
The content key Kcon in con2, (Kcon3)
Session key K that shared only 3 at the time of mutual authentication
Encrypt with ses.

The control unit 301 of the recording / reproducing device 300 controls the content key Kcon encrypted with the session key Kses.
The data including 3 is read from the recording / reproducing device cryptographic processing unit 302 of the recording / reproducing device 300, and these data are transmitted to the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.

Next, in step S311, the content key Kcon3 transmitted from the recording / reproducing device 300.
The recording device 400 that has received the encrypted content key Kcon3 from the recording device encryption processing unit 401.
The decryption unit 406 decrypts the session key Kses shared during the mutual authentication. Further, step S3
12, the storage device-specific storage key K stored in the internal memory 405 of the recording device encryption processing unit 401.
It is re-encrypted by str and transmitted to the recording / reproducing device 300 via the communication unit 404.

Next, in step S313, the encryption processing section of the recording / reproducing device forms the various data formats described with reference to FIGS. 32 to 35, and transmits them to the recording device 400.

Finally, in step S314, the recording device 400 stores the received data whose format has been completed in the external memory 402. This format data includes content keys Kcon1, Kcon2, (Kcon3) encrypted with the storage key Kstr.

By executing such processing, the content key to be stored in the recording device 400 is triple D
It becomes possible to store it as a key based on the ES encryption method. Note that the content keys are Kcon1 and Kcon2
If there are two keys, the steps S310 to S312
Is omitted.

As described above, the recording device 400 repeatedly executes the processing of the same aspect, that is, the processing steps of steps S305 and S306 a plurality of times, only by changing the target, and thereby the key to which the triple DES is applied is changed. Can be stored in memory. If the content key Kcon is a single DES application key, step S30
5, S306 may be executed, the formatting process of step S313 may be executed and stored in the memory. In such a configuration, the command for executing the processing of steps S305 and S306 is stored in the command register of FIG. 29 described above, and this processing is performed depending on the content key mode, that is, the triple DES method or the single DES method.
The configuration may be appropriately performed once to three times. Therefore, both the triple DES method and the single DES method can be performed without including the triple DES processing method in the processing logic of the recording device 400. In addition,
The encryption method can be determined by recording it in the handling policy in the header part of the content data and referring to it.

(14) Program start processing based on start priority in handling policy for content data As will be understood from the content data configurations of FIGS. 4 to 6 described above, the program is used in the data processing apparatus of the present invention. The handling policy stored in the header portion of the content data includes content type and activation priority order information. Recording / reproducing device 300 in the data processing apparatus of the present invention
When there are a plurality of accessible content data recorded in the recording device 400 or various recording media such as a DVD, a CD, a hard disk, and a game cartridge, the start order of these contents is determined according to the start priority information. To do.

[0509] The recording / reproducing device 300 uses each recording device DV
After performing the authentication process with various recording devices such as the D device, the CD drive device, and the hard disk drive device, the program in the content data with the highest priority is preferentially executed according to the priority information in the content data. Hereinafter, this "program activation process based on the activation priority in the handling policy for content data" will be described.

In the above description of the embodiment of the data processing apparatus of the present invention, the processing when the recording / reproducing device 300 reproduces and executes the content data from one recording device 400 has been mainly described. However, in general, the recording / reproducing device 300 includes, in addition to the recording device 400 as shown in FIG. 2, a DVD, a CD, a hard disk via the reading unit 304, a memory card and a game cartridge connected via the PIO 111 and SIO 112. Etc., and has a configuration capable of accessing various recording media. Although only one reading unit 304 is shown in FIG. 2 in order to avoid complication of the drawing, the recording / reproducing device 300 can be loaded with different storage media such as a DVD, a CD, a flexible disk, and a hard disk in parallel. Is.

The recording / reproducing device 300 can access a plurality of storage media, and each storage medium stores content data. For example, content data supplied by an external content provider such as a CD is
The data structure shown in FIG. 4 is stored in the media, and when downloaded via these media or communication means, the contents data structure shown in FIGS. 26 and 27 is stored in each storage medium such as a memory card. There is. further,
Specifically, as shown in FIGS. 32 to 35, the data is stored in different formats on the medium and the recording device according to the format type of the content data. However, in any case, the handling policy in the header of the content data includes the content type and the activation priority information.

[0512] The content activation processing of the recording / reproducing device when the plurality of content data can be accessed will be described according to the flow.

FIG. 57 is a processing flow showing a processing example (1) when there are a plurality of startable contents. Step S611 is a step of executing the authentication processing of the recording device accessible by the recording / reproducing device 300. The accessible recording devices are a memory card, a DVD device,
CD drive, hard disk drive, and, for example, P
The game cartridge etc. which are connected via IO111 and SIO112 are included. The authentication process is executed for each recording device under the control of the control unit 301 shown in FIG. 2, for example, according to the procedure described above with reference to FIG.

[0514] Next, in step S612, a startable program is detected from the content data stored in the memory of the successfully authenticated recording device. this is,
Specifically, it is executed as a process of extracting a program whose content type included in the content data handling policy is a program.

[0515] Next, in step S613, the start priority order in the startable programs extracted in step S612 is determined. Specifically, this is a process of comparing the priority information included in the handling information in the headers of the plurality of bootable content data selected in step S612 and selecting the highest priority.

Next, the program selected in step S614 is activated. If the set priority is the same in a plurality of bootable programs, a default priority is set among the recording devices, and the content program stored in the highest priority device is executed.

In FIG. 58, an identifier is set to a plurality of recording devices, and a processing mode in which the authentication process and the content program search are sequentially performed on the recording devices with the respective identifiers, that is, when there are a plurality of startable contents. The processing example (2) is shown.

[0518] In step S621, the recording / reproducing device 300 is operated.
This is a step of executing the authentication process (see FIG. 20) of the recording device (i) attached to the. Identifiers 1 to n are sequentially assigned to a plurality (n) of recording devices.

[0519] In step S622, step S621.
It is determined whether or not the authentication is successful, and if the authentication is successful, the process proceeds to step S623, and the bootable program is searched for in the recording medium of the recording device (i). If the authentication is not successful, the process proceeds to step S627, it is determined whether or not there is a recording device that can search for a new content, and if there is no recording device, the process ends. If there is a recording device, the process proceeds to step S628. i is updated, and the authentication processing steps after step S621 are repeated.

The process in step S623 is a process for detecting a startable program from the content data stored in the recording device (i). Specifically, this is executed as a process for extracting a program whose content type included in the content data handling policy is a program.

[0521] In step S624, it is determined whether a content type of program has been extracted,
If it has been extracted, in step S625, the one with the highest priority is selected from the extraction programs, and the selection program is executed in step S626.

[0522] If it is determined in step S624 that the content type is program is not extracted, the process proceeds to step S627, it is determined whether or not there is a recording device for new content search, and if not, the process is terminated. If there is a recording device, the process advances to step S628 to update the recording device identifier i, and the authentication processing steps after step S621 are repeated.

FIG. 59 is a processing flow showing a processing example (3) when there are a plurality of startable contents. Step S651 is a step of executing the authentication process of the recording device accessible by the recording and reproducing device 300. Authentication processing is performed on accessible DVD devices, CD drives, hard disk devices, memory cards, game cartridges, and the like. The authentication process is executed for each recording device under the control of the control unit 301 shown in FIG. 2, for example, according to the procedure described above with reference to FIG.

[0524] Next, in step S652, a startable program is detected from the content data stored in the memory of the successfully authenticated recording device. this is,
Specifically, it is executed as a process of extracting a program whose content type included in the content data handling policy is a program.

[0525] Next, in step S653, information such as the name of the program that can be started and is extracted in step S652 is displayed on the display means. Although the display means is not shown in FIG. 2, the data output as AV output data is output to the display means (not shown). The user-provided information such as the program name of each content data is stored in the identification information of the content data, and each content authenticated through the control unit 301 under the control of the main CPU 106 shown in FIG. The program information such as the program name of the data is output to the output means.

Next, in step S654, the main CPU 106 receives the program selection input by the user from the input means such as the input interface, controller, mouse and keyboard shown in FIG.
In response to the selection input, the user selection program is executed in step S655.

As described above, in the data processing device of the present invention,
The program activation priority information is stored in the handling information in the header of the content data, and the recording / reproducing device 300 activates the program according to this priority, or the activation program information is displayed on the display means and selected by the user. Therefore, the user does not need to search for the program, and it is possible to save the time required for activation and the labor of the user. In addition, since all the programs that can be started are started after the authentication processing of the recording device, or that the programs are startable is displayed, the complexity of the process such as selecting the program and confirming its validity is eliminated. Will be resolved.

(15) Content Structure and Reproduction (Expansion) Processing In the data processing apparatus of the present invention, as described above, the recording / reproducing device 300 downloads the content from the medium 500 or the communication means 600, or the recording device 40.
Playback processing is performed from 0. The above description has been focused on the processing of encrypted data that accompanies the downloading or reproduction of content.

[0529] The control unit 3 in the recording / reproducing device 300 of FIG.
Reference numeral 01 controls overall authentication processing, encryption, and decryption processing that accompany device 500 such as a DVD that provides content data, communication means 600, content data download processing from a recording device, or playback processing.

The reproducible contents obtained as a result of these processes are, for example, audio data, image data and the like. The decrypted data is from the control unit 301 to the main C shown in FIG.
It is placed under the control of the PU and is output to the AV output unit according to audio data, image data and the like. However, if the content is, for example, audio data and is MP3 compressed,
The MP3 decoder of the AV output unit shown in FIG. 2 decodes the audio data and outputs it. Also, if the content data is image data and is an MPEG2 compressed image, the MPEG2 decoder of the AV processing unit executes the decompression process and outputs it. As described above, the data included in the content data may be compressed (encoded) in some cases, or may be uncompressed in some cases. Therefore, the data included in the content data is processed and output.

[0531] However, there are various types of compression processing and decompression processing programs, and even if compressed data is provided from the content provider, if there is no corresponding decompression processing execution program, it cannot be reproduced. Occurs.

Therefore, the data processing apparatus of the present invention stores the compressed data and its decoding (expansion) processing program together in the data content, or the link information between the compressed data and the decoding (expansion) processing program. A configuration for storing the content data as header information is disclosed.

FIG. 60 is a diagram briefly summarizing the elements related to this configuration and related elements from the overall data processing diagram shown in FIG. The recording / reproducing device 300 is, for example, a DVD or a CD.
Device 500 or the like, communication means 600, or recording device 4 such as a memory card storing contents.
Received various contents from 00. These contents are audio data, still images, moving image data, program data, etc., and those that have been encrypted, those that have not been encrypted, and those that have been compressed. It includes various data such as those that do not exist.

If the received content is encrypted, the decryption process is executed by the control of the control unit 301 and the encryption process of the encryption processing unit 302 by the method already described in the above item. The decrypted data is sent to the AV processing unit 109 under the control of the main CPU 106.
And is stored in the memory 3090 of the AV processing unit 109, the content analysis unit 3091 analyzes the content structure. For example, if a data decompression program is stored in the content, the program is stored in the program storage unit 3093, and if data such as audio data and image data is included, these are stored in the data storage unit 3092. The decompression processing unit 3094 uses the decompression processing program stored in the program storage unit, such as MP3, to decompress the compressed data stored in the data storage unit 3092, and outputs it to the speaker 3001 and the monitor 3002. .

Next, some examples of the structure and processing of data received by the AV processing unit 109 via the control unit 301 will be described. Although audio data is shown as an example of the content and MP3 is applied as an example of the compression program, the present configuration will be described not only for audio data but also for image data. Further, not only MP3 but also various programs such as MPEG2 and 4 can be applied to the compression / decompression processing program.

FIG. 61 shows an example of the content structure. FIG. 61
Is music data 6102, MP compressed by MP3
This is an example in which the three-decryption (decompression) processing program 6101 is configured as one content. These contents are stored in the medium 500 or the recording device 400 as one content, or distributed from the communication means 600. If these contents are encrypted as described above, the recording and reproducing device 300 performs the decryption process by the encryption processing unit 303,
It is transferred to the AV processing unit 109.

[0537] Content analysis unit 30 of AV processing unit 109
At 91, the received content is analyzed, the audio data decompression program (MP3 decoder) unit is extracted from the content including the audio data decompression program (MP3 decoder) unit and the compressed audio data unit, and the program is stored in the program storage unit 3093. Then, the compressed audio data is stored in the data storage unit 3092. The content analysis unit 3091 receives information such as a content name and content configuration information received separately from the content, or identification data such as a data name included in the content, data indicating a data length, data configuration, and the like. Content analysis may be performed based on Next, the compression / decompression processing unit 309
4 executes the expansion processing of the MP3 compressed audio data stored in the data storage unit 3092 according to the audio data expansion program (MP3 decoder) stored in the program storage unit 3093, and the AV processing unit 109 outputs the expanded audio data. It is output to the speaker 3001.

FIG. 62 is a flow chart showing an example of a reproduction process of data having the content structure shown in FIG. Step S
Reference numeral 671 is a data name stored in the memory 3090 of the AV processing unit 109, for example, in the case of music data content, information such as a song name is retrieved from information received separately from the content or data in the content, and the monitor 300
Display on 2. A step S672 receives the user's selection from various input means such as a switch and a keyboard via the input interface 110, and outputs a reproduction processing command based on the user input data to the AV processing unit 109 under the control of the CPU 106. The AV processing unit 109 performs step S
At 673, data extraction and decompression processing by user selection are executed.

[0539] Next, in Fig. 63, a configuration example in which one content includes either compressed audio data or a decompression processing program, and further includes content information indicating the content of the content as header information of each content. Show.

As shown in FIG. 63, when the content is the program 6202, it is a program as the header information 6201, and the program type is MP3.
Content identification information indicating that the program is a decompression program is included. On the other hand, when the audio data 6204 is included as content, M is included in the content information of the header 6203.
Information that the data is P3 compressed data is included. This header information is added to the content to be transferred to the AV processing unit 109 by selecting only the information necessary for reproduction from the data included in the handling policy of the content data structure shown in FIG. 4 described above (see FIG. 5). Can be configured as follows. Specifically, the identification values of the handling policy data required in the encryption processing unit 302 and the data required in the reproduction processing in the AV processing unit 109 are added to each component data in the “handling policy” shown in FIG. However, it is possible to extract only those identification values indicating that they are necessary in the AV processing unit 109 and use them as header information.

AV that has received each content shown in FIG. 63
According to the header information, the content analysis unit 3091 of the processing unit 109 stores the program content in the program storage unit 3093 in the case of a program, and stores the data content in the data storage unit 3092 in the case of data. After that, the compression / decompression processing unit 3094 extracts the data from the data storage unit and stores it in the program storage unit 30.
Decompression processing is executed and output according to the MP3 program stored in 93. If the same program is already stored in the program storage unit 3093, the program storing process may be omitted.

FIG. 64 is a flow chart showing an example of a reproduction process of data having the content structure shown in FIG. Step S
Reference numeral 675 denotes a data name stored in the memory 3090 of the AV processing unit 109, for example, in the case of music data content, information such as a song name is received separately from the content or is extracted from the header in the content, and the monitor 300 is displayed.
Display on 2. A step S676 receives the user's selection from various input means such as a switch and a keyboard via the input interface 110.

Next, in step S677, a data reproduction program (for example, MP3) corresponding to the user selection.
To search. The program search target preferably has the maximum search range within the accessible range of the recording / reproducing device 300. For example, each medium 500 shown in FIG.
The communication means 600, the recording device 400, and the like are also included in the search range.

The contents passed to the AV processing unit 109 are only the data part, and the program contents may be stored in another recording medium in the recording / reproducing device 300.
It may be provided by a content provider via a medium such as VD or CD. Therefore, the search target is the search storage range that is accessible by the recording / reproducing device 300. When the reproduction program is found as a result of the search, the CPU 1
Under the control of 06, the reproduction processing command based on the user input data is output to the AV processing unit 109. AV processing unit 109
Executes the data extraction / expansion process by user selection in step S679. Further, as another example, the program may be searched before step S675, and in step S675, only the data in which the program is detected may be displayed.

Next, FIG. 65 shows a configuration example in which one content includes compressed audio data 6303 and a decompression processing program 6302, and further includes content reproduction priority order information as content header information 6301. This is an example in which the reproduction priority information is added as header information to the content structure of FIG. This is similar to the above-mentioned “(14) Program activation process based on activation priority in handling policy in content data”, and the reproduction order is set based on the reproduction priority set between the contents received by the AV processing unit 109. To decide.

FIG. 66 is a flow chart showing an example of a reproduction process of data having the content structure shown in FIG. Step S
Reference numeral 681 sets the data stored in the memory 3090 of the AV processing unit 109, that is, the data information of the reproduction target data, in the search list. The search list is set using a partial area of the memory in the AV processing unit 109. Next, in step S682, the content analysis unit 3091 of the AV processing unit 109 selects data with a high priority from the search list, and in step S683, a reproduction process of the selected data is executed.

Next, referring to FIG. 67, in an example in which one content includes header information and program data 6402 or a combination of header information 6403 and compressed data 6404, the header 6403 of the data content.
A configuration example in which the reproduction priority information is added only to FIG.

FIG. 68 shows a flow chart showing an example of a reproduction process of data having the content structure of FIG. Step S
Reference numeral 691 sets the data stored in the memory 3090 of the AV processing unit 109, that is, the data information of the reproduction target data, in the search list. The search list is set using a partial area of the memory in the AV processing unit 109. Next, in step S692, the content analysis unit 3091 of the AV processing unit 109 selects high priority data from the search list.

Next, in step S693, a data reproducing program (for example, MP
Search 3). This program search target is shown in FIG.
Similar to the processing in the flow of FIG. 4, it is preferable to set the access storage range of the recording / reproducing device 300 as the maximum search range. For example, each medium 500 and communication unit 6 shown in FIG.
00, the recording device 400, and the like are also included in the search range.

When a reproduction program is found as a result of the search (Yes in step S694), step S695.
In, the decompression reproduction process is executed using the program obtained as a result of searching the selected data.

On the other hand, when the program is not detected as the search result (Yes in step S694), the process proceeds to step S696, and the same program is used in the other data included in the search list set in step S691. Delete the ones that need replay processing. This is because it is clear that the data will not be detected even if a reproduction program search is newly executed for the data.
Further, in step S697, it is determined whether or not the search list is empty. If not, the process returns to step S692 to extract the next higher priority data and execute the program search process.

As described above, according to this configuration, when the compressed content is configured with its decoding (decompression) program, or the content is only compressed data or only the decompression processing program. Since each content has header information indicating what kind of compressed data the content is, or what kind of processing is executed, the processing unit (for example, the AV processing unit) that has received the content , Perform decompression playback processing using the decompression processing program attached to the compressed data, or search the decompression processing program based on the header information of the compressed data, and perform decompression playback processing according to the program obtained as a result of the search. Since it is executed, there is no need for the user to select a data decompression program, search, etc. There is reduced, thereby enabling efficient data reproduction. Further, according to the configuration having the reproduction priority information in the header, it is possible to automatically set the reproduction order, and the operation of setting the reproduction order by the user can be omitted.

[0553] In the above embodiment, the MP3 as the compressed audio data content and the audio compression data decompression processing program has been described as an example. However, the content including the compressed data and the content having the compressed image data decompression processing program are described. However, the present configuration can be similarly applied and has the same effect.

(16) Generation of Saved Data, Storage in Recording Device, and Reproduction Processing The data processing device of the present invention is used to execute a game program in the middle, for example, when the content executed in the recording / reproducing device 300 is a game program or the like. If you want to restart the game after a certain period of time, you can save the game state at the time of the interruption, that is, store it in a recording device and read it when restarting to continue the game. To have.

[0555] The save data storage configuration in a conventional recording / reproducing device such as a game machine or a personal computer is stored in a recording medium such as a memory card, a flexible disk, a game cartridge, or a hard disk that can be built in the recording / reproducing device or externally attached. Although it has a configuration for saving data, in particular, it does not have a security ensuring configuration for the save data, and for example, the data saving process is performed according to the specifications common to the game application programs.

Therefore, for example, save data saved by using one recording / reproducing device A may be used or rewritten by another game program, and security of save data has heretofore been mostly considered. The reality is that they did not.

The data processing apparatus of the present invention provides a structure that can realize security of such save data. For example, save data of a certain game program is encrypted based on information that can be used only by that game program and stored in the recording device. Alternatively, it is encrypted based on the information unique to the recording / reproducing device and stored in the recording device. By these methods, the use of the save data can be limited to only a specific device and a specific program, and the security of the save data is ensured. The "generation of save data, storage in the recording device, and reproduction processing" in the data processing apparatus of the present invention will be described below.

FIG. 69 shows a block diagram for explaining the save data storage processing in the data processing apparatus of the present invention. Content is provided to the recording / reproducing device 300 from a medium 500 such as a DVD or a CD, or the communication means 600. As described above, the provided content is encrypted by the content key Kcon, which is a key unique to the content, and the recording / reproducing device 300 uses the above-mentioned “(7) Downloading process from recording / reproducing device to recording device”. After acquiring the content key and decrypting the encrypted content according to the processing described in the section (see FIG. 22),
It is stored in the recording device 400. Here, the recording / reproducing device 300 decodes the content program from the medium or the communication means, reproduces and executes it, and after the execution, save data obtained is externally attached or various recording devices such as a built-in memory card and a hard disk. 400A, 400
A process of storing and reproducing the content in either B or 400C, or reproducing the content from the recording device 400A after downloading the content to the recording device 400A.
A process of executing and storing the saved data in the recording device 400 which is externally attached or is stored in any of various recording devices 400A, 400B, 400C such as a built-in memory card or hard disk will be described.

As described above, the recording / reproducing device 300 includes a recording / reproducing device identifier IDdev, a system signature key Ksys which is a signature key common to the systems, and a recording / reproducing device which is a signature key unique to each recording / reproducing device. It has a signature key Kdev and a master key for generating various individual keys. The master key is a key for generating, for example, the delivery key Kdis, the authentication key Kake, or the like, as described in detail in “(12) Master key-based encryption processing key generation configuration”. Here, MKx is shown as a representative of all master keys of the recording and reproducing device 300 without particularly limiting the type of master key. An example of the save data encryption key Ksav is shown in the lower part of FIG. 69. The save data encryption key Ksav stores the save data in various recording devices 400.
It is an encryption key used for encryption processing when stored in A to C, and decryption processing when reproduced from various recording devices 400A to 400C. An example of the save data storage processing and the reproduction processing will be described with reference to FIG.

In FIG. 70, save data is recorded in the recording device 4 using either the content unique key or the system common key.
It is a flowchart of the process stored in any of 00A ~ C.
The process in each flow is a process executed by the recording / reproducing device 300, and the recording device for storing the save data in each flow may be any one of the built-in and external recording devices 400A to 400C, and is limited to either one. Not a trifle.

[0561] In step S701, a content identifier,
For example, this is a process in which the recording / reproducing device 300 reads the game ID. This corresponds to the previously described FIGS. 4, 26, 27, 32 ...
35 is the data included in the identification information in the content data shown in FIG. 35, and the main CP that received the save data storage processing instruction via the input interface 110 shown in FIG.
U106 controls the reading of the content identifier by the control unit 301
Instruct.

In the control unit 301, the execution program is DV
In the case of content such as D, CD-ROM, etc. being executed via the reading unit 304, the identification information included in the header in the content data is extracted via the reading unit 304,
When the execution program is the content stored in the recording device 400, the recording device controller 30
The identification information is retrieved via 3. The recording / reproducing device 30
If 0 is executing the content program and the content identifier has already been stored in the RAM in the recording / reproducing device or another accessible recording medium, it is included in the read data without executing a new reading process. The identification information provided may be used.

Next, step S702 is a step of changing the processing depending on whether or not the use of the program is restricted. The program usage restriction is restriction information that sets whether or not a restriction that save data to be saved can be uniquely used only for that program. If there is a usage restriction, and if the save data is not restricted by the use of the program, then there is no program usage restriction. This may be set arbitrarily by the user, or may be set by the content creator and stored in the content program. The set restriction information is recorded in FIG. It is stored in the devices 400A to 400C as a data management file.

FIG. 71 shows an example of the data management file.
The data management file is created as a table containing data numbers, content identifiers, recording / playback device identifiers, and program use restrictions as items. The content identifier is identification data of the content program that is the target of storing the save data. The recording / reproducing device identifier is an identifier of the recording / reproducing device storing the save data, for example, [IDdev] shown in FIG. As described above, the program usage restriction is set to "Yes" if the save data to be saved can be used uniquely for that program, and "No" if it can be used without being restricted by the corresponding program. Become. The program use restriction may be set arbitrarily by the user who uses the content program, or may be set by the content creator and this information may be stored in the content program.

Returning to FIG. 70, the description of the flow is continued. If it is set to "Yes" for the program use restriction in step S702, step S703.
Proceed to. In step S703, a content-specific key such as the content key Kcon described above is read from the content data and the content-specific key is used as the save-data encryption key Ksav, or a save-data encryption key Ksav is generated based on the content-specific key. To do.

On the other hand, in step S702, if the program use restriction is set to "not", the process proceeds to step S707. In step S707, the system common key stored in the recording / reproducing device 300,
For example, the system signature key Ksys is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is read.
Either s is the save data encryption key Ksav, or the save data encryption key Ksav is generated based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

Next, in step S704, save data encryption processing is executed using the save data encryption key Ksav selected or generated in step S703 or step S707. This encryption processing is executed by the encryption processing unit 302 in FIG. 2 by applying the above-mentioned DES algorithm, for example.

The save data encrypted in step S704 is stored in the recording device in step S705. When there are a plurality of recording devices capable of storing save data as shown in FIG. 69, the user preselects one of the recording devices 400A to 400C as the save data storage destination. Further, in step S706, the program usage restriction information previously set in step S702, that is, the program usage restriction “Yes” or “No” is written in the data management file described above with reference to FIG.

This completes the save data storage processing. In step S702, Yes, that is, “restrict program use” is selected, and step S70
The save data encrypted by the save data encryption key Ksav generated based on the content unique key in No. 3 cannot be decrypted by the content program without the content unique key information, and the save data has the same content key. Only content programs that carry information will be available. However, here, the save data encryption key Ksav is not generated based on the information unique to the recording / reproducing device, so that the save data stored in a removable recording device such as a memory card is different from the recording / reproducing device. In the case of, it can be reproduced as long as it is used with the corresponding content program.

[0570] In step S702, No, that is, "no program use restriction" is selected,
The save data encrypted by the save data encryption key Ksav based on the system common key in step S707 is reproduced and used even when a program having a different content identifier is used or when the recording and reproducing device is different. It becomes possible to do.

FIG. 72 is a flow chart showing a process of reproducing the save data stored by the save data storing process of FIG.

[0572] In step S711, a content identifier,
For example, this is a process in which the recording / reproducing device 300 reads the game ID. This is a process similar to step S701 of the save data storage process of FIG. 70 described above, and is a process of reading the data included in the identification information in the content data.

Next, in step S712, the data management file described with reference to FIG. 71 is read from the recording devices 400A to 400C shown in FIG. 69, and in step S711.
The content identifier read in and the use program restriction information set correspondingly are extracted. If the program use restriction set in the data management file is "Yes", the process proceeds to step S714, and if it is "No", the process proceeds to step S717.

In step S714, a content-specific key such as the content key Kcon described above is read from the content data and the content-specific key is used as the save-data decryption key Ksav, or the save-data decryption is performed based on the content-specific key. The activation key Ksav is generated. In this decryption key generation process, the processing algorithm corresponding to the encryption key generation process is applied, and the data encrypted based on a certain content unique key is decrypted by the decryption key generated based on the same content unique key. A decryption key generation algorithm that enables decryption is applied.

On the other hand, in step S712, when the setting of the data management file is the setting of “not” for the program use restriction, in step S717, the system common key stored in the recording and reproducing device 300,
For example, the system signature key Ksys is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is read.
Let s be the save data decryption key Ksav, or save data decryption key Ksa based on the system signature key.
generate v. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

Next, in step S715, save data decryption processing is executed using the save data decryption key Ksav selected or generated in step S714 or step S717, and in step S716 the decrypted save data is decrypted. Is reproduced and executed in the recording / reproducing device 300.

[0577] This completes the save data reproduction process. If the program management restriction is set in the data management file as described above, a save data decryption key is generated based on the content unique key,
When there is a setting of "no program use restriction", a save data decryption key is generated based on the system common key. When "Restrict program use" is set, unless the content identifiers of the contents being used are the same, it is not possible to obtain a decryption key that can perform save data decryption processing. It becomes possible to raise.

73 and 74 are a save data storing process flow (FIG. 73) and a save data reproducing process flow (FIG. 74) for generating an encryption key and a decryption key of save data using the content identifier.

In FIG. 73, steps S721 to S7.
22 is the same processing as steps S701 to S702 in FIG. 70, and a description thereof will be omitted.

The save data storage processing flow of FIG.
In step S722, "restrict program use"
If the setting is made, in step S723, the content identifier, that is, the content ID is read from the content data and the content ID is used as the save data encryption key Ksav, or the save data encryption key Ksav is generated based on the content ID. . For example, the encryption processing unit 307 of the recording / reproducing device 300 adds the content ID read from the content data to the recording / reproducing device 3
By applying the master key MKx stored in the internal memory of 00, the save data encryption key Ksav can be obtained by, for example, DES (MKx, content ID).
Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

On the other hand, in step S722, when the program use restriction is set to "not",
In step S727, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys.
Is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is set to the save data encryption key K.
Sav, or the save data encryption key Ksav is generated based on the system signature key. Alternatively, a save data encryption key K that is separately stored in the internal memory 307 of the recording / reproducing device 300 and is different from the other keys.
It may be used as sav.

The processing from step S724 onward is the same as the processing from step S704 onward in the processing flow of FIG. 70 described above, and a description thereof will be omitted.

Further, FIG. 74 is a process flow for reproducing and executing the save data stored in the recording device in the save data storing process flow of FIG. 73, and step S73
1 to S733 are the same as the corresponding processing in FIG.
Only step S734 is different. In step S734, the content identifier, that is, the content ID is read from the content data and the content ID is used as the save data decryption key Ksav, or the save data decryption key Ksav is generated based on the content ID. In this decryption key generation processing, the processing algorithm corresponding to the encryption key generation processing is applied, and the data encrypted based on a certain content identifier can be decrypted by the decryption key generated based on the same content identifier. Decryption key generation algorithm is applied.

The following processing, steps S735 and S73
Since S6 and S737 are the same as the corresponding processing in FIG. 72, description thereof will be omitted. According to the save data storing and reproducing process of FIGS. 73 and 74, when the program use restriction is set, the save data encryption key and the decryption key are generated using the content ID. Similar to the save data storage and playback process that uses the content unique key, save data cannot be used unless the corresponding content programs match, and save data with enhanced security becomes possible. .

75 and 77, a save data storing process flow (FIG. 75) and a save data reproducing process flow (FIG. 77) for generating an encryption key and a decryption key for save data using the recording / playback device unique key. Is.

In FIG. 75, step S741 is the same processing as step S701 of FIG. 70, and description thereof will be omitted. Step S742 is a step of setting whether or not to limit the recording / reproducing device. The recording / playback device restriction is set to "Yes" when the recording / playback device that can use the save data is limited, that is, only when the save data is generated and stored, and the other recording / playback device is set. It is set to "No" when it can be used even in a container. When the setting of "restrict recording / reproducing device" is set in step S742, the process proceeds to step S743, and when the setting of "not" is performed, the process proceeds to step S747.

FIG. 76 shows an example of the data management file.
The data management file is generated as a table containing data numbers, content identifiers, recording / playback device identifiers, and recording / playback device restrictions as items. The content identifier is identification data of the content program that is the target of storing the save data. The recording / reproducing device identifier is an identifier of the recording / reproducing device storing the save data, for example, [IDdev] shown in FIG. The recording / playback device restriction is set to "Yes" when the recording / playback device that can use the save data is limited, that is, only when the save data is generated and stored, and the other recording / playback device is set. It is set to "No" when it can be used even in a container. The recording / reproducing device restriction information may be arbitrarily set by the user who uses the content program,
This information may be set by the content creator and stored in the content program.

In the save data storage processing flow of FIG. 75, when "restrict recording / reproducing device" is set in step S742, in step S743 the recording / reproducing device 300 records / reproducing device unique key, for example, recording / reproducing device signature. The internal memory 3 of the recording / reproducing device 300 for the key Kdev
07, and uses the recording / playback device signature key Kdev as the save data encryption key Ksav, or based on the recording / playback device signature key Kdev, the save data encryption key Ksa.
generate v. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

On the other hand, in step S742, if the recording / reproducing device restriction is set to “not”, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is recorded / reproducing device in step S747. The system signature key Ksys is read from the internal memory 307 of the 300 and the save data encryption key Ksav is read.
Alternatively, the save data encryption key Ksav is generated based on the system signature key. Alternatively, separately stored in the internal memory 307 of the recording and reproducing device 300,
An encryption key different from other keys may be used as the save data encryption key Ksav.

The processing of steps S744 and S745 is the same as the corresponding processing in the processing flow of FIG. 70 described above, and a description thereof will be omitted.

[0591] In step S746, the content identifier, the recording / reproducing device identifier, and the recording / reproducing device restriction information set by the user in step 742 are written to the data management file (see Fig. 76).

Further, FIG. 77 is a processing flow for reproducing and executing the save data stored in the recording device in the save data storage processing flow of FIG. 75, and step S75
1 reads out the content identifier as in the corresponding processing of FIG. Next, in step S752, the recording / reproducing device identifier (IDdev) stored in the memory in the recording / reproducing device 300 is read.

[0593] In step S753, the content identifier, the recording / reproducing device identifier, and the set recording / reproducing device restriction information "Yes / No" from the data management file (see Fig. 76).
Read each information of. When the recording / reproducing device restriction information is set to “Yes” in the entry having the same content identifier in the data management file, and the recording / reproducing device identifier of the table entry is different from the recording / reproducing device identifier read in step S752. Ends the process.

Next, in step S754, if the setting of the data management file is "restrict recording / reproducing device", the process proceeds to step S755, and if "no", the process proceeds to step S758.

[0595] In step S755, the recording / reproducing device unique key, for example, the recording / reproducing device signature key Kdev, is read from the internal memory 307 of the recording / reproducing device 300 from the recording / reproducing device 300, and the recording / reproducing device signature key Kdev is used as the save data decryption key. Ksav or recording / playback device signature key Kd
The save data decryption key Ksav is generated based on ev. In this decryption key generation processing, the processing algorithm corresponding to the encryption key generation processing is applied, and the data encrypted based on a certain recording / reproducing device unique key is generated based on the same recording / reproducing device unique key. A decryption key generation algorithm that enables decryption with the decryption key is applied. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

On the other hand, in step S758, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys, is stored in the internal memory 3 of the recording / reproducing device 300.
It is read from 07 and the system signature key Ksys is used as the save data decryption key Ksav, or the save data decryption key Ksav is generated based on the system signature key. Alternatively, the internal memory 30 of the recording / reproducing device 300 is separately provided.
An encryption key different from the other keys stored in 7 may be used as the save data encryption key Ksav. The following steps S756 and S757 are the same as the corresponding steps of the above-mentioned save data reproduction processing flow.

Save data storage shown in FIGS. 75 and 77,
According to the reproduction processing flow, the save data for which “record / reproducer restriction” is selected is encrypted / decrypted by the record / reproducer unique key. It is possible to decode and use only by the recording / reproducing device that it has, that is, the same recording / reproducing device.

Next, FIG. 78 and FIG. 79 show a processing flow for generating, storing, and reproducing the save data encryption / decryption key using the recording / reproducing device identifier.

In FIG. 78, save data is encrypted using the recording / reproducing device identifier and stored in the recording device. Steps S761 to S763 are the same processing as that shown in FIG. In step S764, the encryption key Ksav of the save data is generated using the recording / reproducing device identifier (IDdev) read from the recording / reproducing device. IDdev is applied as the save data encryption key Ksav, or the master key M stored in the internal memory of the recording / reproducing device 300.
Applying Kx to obtain the save data encryption key Ksav by DES (MKx, IDdev), etc. IDdev
The save data encryption key ksav is generated based on
Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

Following process steps S765 to S768
Is the same as the corresponding processing of FIG. 75 described above, and the description thereof will be omitted.

FIG. 79 is a processing flow for reproducing and executing the save data stored in the recording device by the processing of FIG. 78. Steps S771 to S774 are the same as the corresponding processing of FIG. 77 described above.

At step S775, the decryption key Ksav of the save data is generated using the recording / reproducing device identifier (IDdev) read from the recording / reproducing device. IDdev is applied as the save data decryption key Ksav, or the master key MKx stored in the internal memory of the recording / reproducing device 300 is applied, and DES (MKx, IDdev)
ID to get save data decryption key Ksav by
The save data decryption key Ksav is generated based on dev. In this decryption key generation processing, a processing algorithm corresponding to the encryption key generation processing is applied, and data encrypted based on a certain recording / reproducing device identifier is decrypted based on the same recording / reproducing device identifier. A decryption key generation algorithm is applied that makes the key decryptable.
Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

The following processing steps S776 to S778 are the same as the processing of the corresponding steps in FIG.

According to the save data storage / reproduction processing flow shown in FIGS. 78 and 79, "record / reproduce device is restricted".
The save data selected for is encrypted and decrypted by the recording / playback device identifier, so it is used only by the recording / playback device with the same recording / playback device identifier, that is, the same recording / playback device. It becomes possible to do.

[0605] Next, the save data storing and reproducing process for executing the above-mentioned program use restriction and recording / reproducing device use restriction together will be described with reference to Figs.

FIG. 80 is a save data storage processing flow. In step S781, the content identifier is read from the content data, and in step S782, the program use restriction determination is performed, and step S7
At 83, a recording / reproducing device restriction determination is performed.

[0607] In the case of "restricted program use" and "restricted recording / reproducing device", in step S785, save based on both the content unique key (ex.Kcon) and the recording / reproducing device unique key (Kdev). The data encryption key Ksav is generated. This is, for example, Ksav
= (Kcon XOR Kdev) or by applying the master key MKx stored in the internal memory of the recording / reproducing device 300, Ksav = DES (MKx, Kcon XOR
Kdev) and the like. Alternatively, a save data encryption key K that is separately stored in the internal memory 307 of the recording / reproducing device 300 and is different from the other keys.
It may be used as sav.

[0608] If "program use restriction is present" and "recording / reproducing device restriction is not present", in step S786, the content unique key (ex.Kcon) is set as the save data encryption key Ksav, or the content unique key ( ex.Kcon) to generate a save data encryption key Ksav.

In the case of "no program use restriction" and "recorder / reproducer restriction", in step S787, the record / reproducer unique key (Kdev) is set as the save data encryption key Ksav, or the record / reproducer unique Key (K
The save data encryption key Ksav is generated based on (dev). Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

Further, in the case of "no program use restriction" and "no recording / reproducing device restriction", step S787 is performed.
In, the system common key, for example, the system signature key Ks
Either ys is used as the save data encryption key Ksav, or the save data encryption key Ksav is generated based on the system signature key Ksys. Or, separately, the recording / reproducing device 3
The encryption key stored in the internal memory 307 of 00 other than the other keys may be used as the save data encryption key Ksav.

In step S789, step S785 is performed.
The save data is encrypted by the save data encryption key Ksav generated in any one of steps to S788 and stored in the recording device.

Further, in step S790, the restriction information set in steps S782 and S783 is stored in the data management file. The data management file has, for example, the structure shown in FIG.
It includes a content identifier, a recording / playback device identifier, a program use limit, and a recording / playback device limit.

FIG. 82 is a processing flow for reproducing and executing the save data stored in the recording device by the processing of FIG. In step S791, the content identifier and recording / reproducing device identifier of the execution program are read out, and in step S792, the content identifier, recording / reproducing device identifier, program use restriction, and recording / reproducing device restriction information are read from the data management file shown in FIG. In this case, if the program usage restriction is "Yes" and the content identifiers are not matched, or if the recording / playback device restriction information is "Yes" and the recording / playback device identifiers are not matched, the process ends.

Then, steps S793, S794 and S7 are performed.
In 95, the decryption key generation processing is set to any one of the four modes of steps S796 to S799 according to the recorded data of the data management file.

In the case of "restriction of program use" and "restriction of recording / reproducing device", in step S796, save based on both the content unique key (ex.Kcon) and the recording / reproducing device unique key (Kdev). The data decryption key Ksav is generated. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav. In the case of "with program use restriction" and "without recording / reproducing device restriction", in step S797, the content unique key (ex.Kcon) is set as the save data decryption key Ksav, or the content unique key (ex.Kcon). ), The save data decryption key Ksav is generated. Or, separately, the recording / reproducing device 3
The encryption key stored in the internal memory 307 of 00 other than the other keys may be used as the save data encryption key Ksav.

In the case of "no program use restriction" and "recorder / reproducer restriction", in step S798, the record / reproducer unique key (Kdev) is set as the save data decryption key Ksav, or the record / reproducer unique Key (K
The save data decryption key Ksav is generated based on (dev). Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav. Furthermore, in the case of "no program use restriction" and "no recording / reproducing device restriction", in step S799, the system common key, for example, the system signature key Ksys is used as the save data decryption key Ksav, or the system signature key Ksys. The save data decryption key Ksav is generated based on Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from the other keys may be used as the save data encryption key Ksav.

A processing algorithm corresponding to the encryption key generation processing is applied to these decryption key generation processing, and the data encrypted based on the same content unique key and recording / reproducing device unique key are the same content. A decryption key generation algorithm that can be decrypted by the decryption key generated based on the unique key and the recording / reproducing device unique key is applied.

In step S800, the above-mentioned step S
Decryption processing is executed using the save data decryption key generated in any of 796 to S799, and the decrypted save data is reproduced and executed in the recording / reproducing device 300.

According to the save data storage / playback processing flow shown in FIGS. 80 and 82, the save data for which "program use restriction" is selected is encrypted and decrypted by the content unique key. For,
It can be decrypted and used only when the content data having the same content unique key is used. Also, since the save data for which "Record / reproducer restriction" is selected is encrypted and decrypted by the record / reproducer identifier, the record / reproducer having the same record / reproducer identifier, that is, the same It can be decoded and used only by the recording and reproducing device. Therefore, the usage restriction can be set by both the content and the recording / reproducing device, and the security of save data can be further enhanced.

80 and 82 show the generation structure of the save data encryption key and the decryption key using the content unique key and the recording / reproducing device individual key, the content individual key is used instead of the content individual key. An identifier or a recording / reproducing device identifier may be used instead of the recording / reproducing device unique key, and the save data encryption key and the decryption key may be generated based on these identifiers.

Next, the structure for generating the encryption key and the decryption key of the save data based on the password input by the user will be described with reference to FIGS.

FIG. 83 is a processing flow for generating an encryption key for save data based on the password input by the user and storing it in the recording device.

[0623] Step S821 is a process for reading the content identifier from the content data, and is similar to the above-mentioned processes. Step S822 is a step of deciding whether or not to set the program use restriction by the user. The data management file set in this configuration has, for example, the configuration shown in FIG.

As shown in FIG. 84, the data includes a data number, a content identifier, a recording / reproducing device identifier, and program use restriction information by the user. The “user program use restriction information” is an item for setting whether or not to restrict the users who use the program.

[0625] When the use restriction setting is made in step S822 in the processing flow shown in Fig. 83,
In step S823, the user password is input. This input is input from input means such as a keyboard shown in FIG.

The entered password is stored in the main CPU1.
06, output to the encryption processing unit 302 under the control of the control unit 301, and the processing in step S824, that is, the save data encryption key Ks based on the input user password.
av is generated. In the save data encryption key Ksav generation processing, for example, the password itself is used as the encryption key Ksa.
v, or the master key MK of the recording / reproducing device
Using x, save data encryption key Ksav = DES
It may be generated by (MKx, password). Also, applying the one-way function with the password as input,
The encryption key may be generated based on the output.

[0627] The user restriction in step S822 is N.
When it is set to o, in step S828, the save data encryption key is generated based on the system common key of the recording / reproducing device 300.

[0628] Further, in step S825, step S8
24, or the save data encryption key Ksav generated in step S828 is used to encrypt the save data, and the encrypted save data is stored in the recording device in step S826.

Furthermore, in step S827, as shown in FIG.
The program use restriction information set by the user in step S822 is written in the data management file No. 4 in association with the content identifier and the recording / reproducing device identifier.

FIG. 85 is a diagram showing a reproduction processing flow of the save data stored by the processing of FIG. 83. In step S831, the content identifier is read from the content data, and in step S832, the content identifier is read.
From the data management file shown in 4, the content identifier,
Read the program usage restriction information by the user.

[0631] In step S833, if the judgment based on the data in the data management file is executed and "Restrict program use by user" is set,
In step S834, a password input is requested, and in step S835, a decryption key based on the input password is generated. In this decryption key generation process, the processing algorithm corresponding to the encryption key generation process is applied, and the data encrypted based on a certain password can be decrypted by the decryption key generated based on the same password. Is set to the decryption key generation algorithm.

If it is determined in step S833 that there is no program use restriction by the user, in step S837 the save data decryption key Ksav is stored using the system common key stored in the internal memory of the recording / reproducing device 300, for example, the system signature key Ksys. Is generated. Or separately
An encryption key different from the other keys, which is stored in the internal memory 307 of the recording / reproducing device 300, is used as the save data encryption key Ksa.
You may use as v.

[0633] In Step S836, Step S83
5, the save data stored in the recording device is decrypted using the decryption key Ksav generated in any one of step S837, and the save data is reproduced and executed in the recording / reproducing device in step S836.

According to the save data storage / playback processing flow shown in FIGS. 83 and 85, the save data for which "user's program use restriction" is selected is encrypted and decrypted by the key based on the user input password. Since the processing is executed, it is possible to decrypt and use the same password only when the same password is input, and it is possible to improve the security of save data.

[0635] The save data storage processing and reproduction processing modes have been described above. However, processing in which the above-described processing is integrated, for example, a password, a recording / reproducing device identifier, a content identifier, and the like are used in an arbitrary combination. A mode is also possible in which the save data encryption key and the decryption key are generated by the above.

(17) Revocation Configuration of Unauthorized Equipment As described above, in the data processing device of the present invention, the medium 500 (see FIG. 3) and the communication means 60 are used.
The various contents data provided from 0 are authenticated and encrypted in the recording / reproducing device 300 and stored in the recording device to enhance the security of the contents provided, and also to be used only by authorized users. It has a configuration that enables it.

As can be understood from the above description, the input contents are various signature keys stored in the internal memory 307 configured in the encryption processing unit 302 of the recording / reproducing device 300,
Authentication processing, encryption processing, and decryption processing are performed using the master key and the check value generation key (see FIG. 18). As described above, the internal memory 307 for storing this key information is basically composed of a semiconductor chip having a structure that is difficult to access from the outside, and has a multi-layer structure. The internal memory is an aluminum layer or the like. It is desirable to have a characteristic that it is difficult to read data from the outside illegally, such as being sandwiched between the dummy layers of, or being formed in the lowermost layer, and having a narrow operating voltage and / or frequency range. In the unlikely event that unauthorized reading of the internal memory is performed and the key data, etc. leaks out and is copied to a recording / playback unit that is not licensed for legitimate purposes, the copied key information can be used for unauthorized content usage. There is a nature.

Here, a configuration for preventing illegal use of contents by duplicating keys by these illegal copies will be described.

FIG. 86 is a block diagram for explaining this configuration “(17) Unauthorized device exclusion configuration”. Recording and reproducing device 30
0 is the same as the recording / reproducing device shown in FIGS.
It has an internal memory, and has various key data described above (FIG. 18) and further has a recording / reproducing device identifier. In addition,
Here, the recording / reproducing device identifier, the key data, etc. copied by a third party are not always stored in the internal memory 307 shown in FIG. 3, and the key data etc. of the recording / reproducing device 300 shown in FIG. It is assumed that the cryptographic processing unit 302 (see FIGS. 2 and 3) is configured to be stored collectively or in a distributed manner in a memory unit accessible.

In order to realize the configuration for excluding unauthorized devices, the configuration is such that an unauthorized recording / reproducing device identifier list in the header portion of content data is stored. As shown in FIG. 86, the content data includes an illegal recording / reproducing device identifier (IDde).
v) It holds a revocation list as a list. Further, a list check value ICVrev for tampering check of the revocation list is provided. The illegal recording / reproducing device identifier (IDdev) list is
An identifier I of an illegal recording / reproducing device which the content provider or the administrator has found from the distribution state of the illegal copy, for example.
It is a list of Ddev. This revocation list may be encrypted by the delivery key Kdis and stored. The decoding process by the recording / playback device is the same as that of the content download process in FIG. 22, for example.

Here, in order to facilitate understanding,
Although the revocation list is shown in the content data of FIG. 86 as a single piece of data, for example, the revocation list is included in the handling policy (see FIGS. 32 to 35, for example) that is a component of the header part of the content data described above. May be included. In this case, the handling policy data including the revocation list is checked for tampering with the check value ICVa described above. If the revocation list is included in the handling policy, check value A: I
The check value A generation key Kicva in the recording / reproducing device is used instead of the CVa check, and it is not necessary to store the check value generation key Kicv-rev.

When the revocation list is included as independent data in the content data, a list check value ICVr for falsification check of the revocation list
The revocation list is checked by ev, an intermediate check value is generated from the list check value ICVrev and another partial check value in the content data, and the intermediate check value is verified.

The revocation list check method using the list check value ICVrev for falsification check of the revocation list is executed by the same method as the check value generation processing for ICVa, ICVb, etc. described with reference to FIGS. It is possible. That is, the check value generation key Kicv-rev stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 is used as a key, and the revocation list included in the content data is used as a message.
3, calculated according to the ICV calculation method described with reference to FIG. The calculated check value ICV-rev 'and the check value stored in the header: ICV-rev
Are compared, and if they match, it is determined that there is no tampering.

The intermediate check value including the list check value ICVrev is verified by using the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device cryptographic processing unit 302 as a key, as shown in FIG. He
It is generated by applying the ICV calculation method described with reference to FIG. 7 and the like to the message string in which the check value A, the check value B, the list check value ICVrev in the ader, and the content check value according to the format are added.

These revocation list and list check value are provided to the recording / reproducing device 300 via the media 500 such as DVD and CD, the communication means 600, or via the recording device 400 such as a memory card. Here, the recording / reproducing device 300 may be a recording / reproducing device that holds valid key data or may have an illegally duplicated identifier ID.

87 and 88 show the processing flow of the removal processing of the unauthorized recording / reproducing device in such a configuration.
FIG. 87 is an unauthorized recording / reproducing device elimination (revocation) processing flow when the content is provided from the medium 500 such as a DVD or a CD or the communication means 600.
FIG. 88 is an unauthorized recording / reproducing device elimination (revocation) processing flow when the content is provided from the recording device 400 such as a memory card.

First, the processing flow of FIG. 87 will be described. Step 901 is a step of mounting a medium and requesting content provision, that is, reproduction processing or download. The processing shown in FIG.
For example, it is executed as a step before mounting a medium such as a DVD on the recording and reproducing device and executing download processing. The download process is as described above with reference to FIG. 22, and is the process of FIG. 87 as a step before the execution of the process flow of FIG. 22 or a process inserted in the process flow of FIG. Is executed.

[0648] When the recording / reproducing device 300 receives the content provision through the communication means such as the network, the communication session with the content distribution service side is established in step S911, and then the process proceeds to step S902.

[0649] In step S902, the revocation list (see Fig. 86) is acquired from the header of the content data. In the list acquisition process, when the content is in the medium, the control unit 301 illustrated in FIG.
When the content is read from the media via the communication unit 4 and the content is from the communication unit, the control unit 301 illustrated in FIG. 3 receives the content from the content distribution side via the communication unit 305.

Next, in step S903, the control unit 3
01 passes the revocation list acquired from the medium 500 or the communication means 600 to the encryption processing unit 302, and causes the encryption processing unit 302 to execute the check value generation processing.
The recording / reproducing device 300 has a revocation check value generation key Kicv-rev inside, and applies the revocation check value generation key Kicv-rev with the received revocation list as a message, for example, FIG. 23, FIG. Check value I according to the ICV calculation method described in
CV-rev 'is calculated, and the check value stored in the calculation result and content data header (Header): ICV
-Rev is compared, and if they match, it is determined that there is no tampering (Yes in step S904). If they do not match, it is determined that they have been tampered with, and step S909 is performed.
And the process ends as a processing error.

Next, in step S905, the control unit 306 of the recording / reproducing device cryptographic processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device cryptographic processing unit 302 to calculate the total check value ICVt ′. Total check value ICVt '
25, as shown in FIG.
System signature key K stored in the internal memory 307 of the
It is generated by encrypting the intermediate check value with DES using sys as a key. Each partial check value, for example, ICVa,
The verification processing of ICVb and the like is omitted in the processing flow shown in FIG. 87, but the partial check value verification is performed according to each data format similar to the processing flow of FIGS. 39 to 45 described above. Be done.

[0652] Next, in step S906, the generated total check value ICVt 'and the IC in the header (Header).
Vt is compared, and if they match (Yes in step S906), the process proceeds to step S907. If they do not match, it is determined that they have been tampered with, the process advances to step S909, and the process ends as a process error.

As described above, the total check value ICV
t is for checking all the partial check values included in the content data, such as ICVa, ICVb, and the check value of each content block according to the data format. Here, in addition to these partial check values, The list check value ICVrev for falsification check of the revocation list is added as a partial check value to verify all these falsifications. If the total check value generated by the above process matches the check value ICVt stored in the header (IC), IC
Va, ICVb, check value of each content block,
And it is determined that the list check value ICVrev has not been tampered with.

Further, in step S907, the revocation list determined not to be tampered with is compared with the recording / reproducing device identifier (IDdev) stored in its own recording / reproducing device 300.

[0655] If the list of the illegal recording / reproducing device identifier IDdev read from the content data includes the identifier IDdev of the recording / reproducing device of its own, the recording / reproducing device 300 determines that the illegally copied key data. Is determined, the process proceeds to step S909, and the subsequent procedure is stopped. For example, it is impossible to execute the procedure of the content download process of FIG.

If it is determined in step S907 that the recording / reproducing device identifier IDdev does not include the own recording / reproducing device identifier IDdev, the recording / reproducing device 300 determines that the valid key data is valid. If it is determined to have it, the process proceeds to step S908, and the subsequent procedure, for example, the program execution process or the content download process shown in FIG.

[0657] Fig. 88 shows the processing for reproducing the content data stored in the recording device 400 such as a memory card. As described above, the recording device 400 such as a memory card and the recording / reproducing device 300 execute the mutual authentication process (step S921) described in FIG. In step S922, only when mutual authentication is OK, the process proceeds to step S923 and subsequent steps. When mutual authentication fails, an error occurs in step S930 and the subsequent processes are not executed.

At step S923, the revocation list (see FIG. 86) is acquired from the header part of the content data. The subsequent processing of steps S924 to S930 is
This is the same process as the corresponding process in FIG. That is, verification of the list by the list check value (S92
4, S925), verification by total check value (S926,
(S927), the list entry and its own recording / reproducing device identifier IDdev are compared (S928), and the illegal recording / reproducing device ID ID read from the content data is executed.
In the list of dev, the identifier IDdev of the recording / reproducing device of its own
, The recording and reproducing device 300 is determined to have illegally duplicated key data, the process proceeds to step S930, and the subsequent procedure is stopped. For example, the content reproduction process shown in FIG. 28 is disabled. On the other hand, if it is determined that the recording / playback device identifier IDdev does not include the own recording / playback device identifier IDdev, then the recording / playback device 300 has valid key data. It is determined, step S92
Then, the procedure thereafter can be executed.

As described above, in the data processing device of the present invention, the data for identifying the illegal recording / reproducing device in accordance with the content provided by the content provider or the administrator,
That is, a revocation list in which illegal recording / reproducing device identifiers IDdev are listed is included as the constituent data of the header part of the content data and provided to the recording / reproducing device user, and the recording / reproducing user user Prior to use, when the recording / playback device identifier IDdev stored in the memory of its own recording / playback device and the identifier in the list are collated and there is matching data,
Since the configuration is such that the subsequent processing is not executed, it is possible to eliminate the use of the content by an unauthorized recording / reproducing device that duplicates the key data and stores it in the memory.

(18) Secure Chip Structure and Manufacturing Method As described above, the internal memory 307 of the recording / reproducing device cryptographic processing section 302 or the internal memory 405 of the recording device 400 holds important information such as an encryption key. Therefore, it is necessary to have a structure that makes it difficult for unauthorized reading from the outside. Therefore, the recording / reproducing device cryptographic processing unit 302 and the recording device cryptographic processing unit 401 are composed of, for example, a semiconductor chip having a structure that is difficult to access from the outside, and have a multilayer structure, and the internal memory is a dummy such as an aluminum layer. It is sandwiched between layers or formed in the lowermost layer, and is configured as a tamper resistant memory having characteristics that it is difficult to illegally read data from the outside, such as a narrow range of operating voltage and / or frequency.

However, as understood from the above description, it is necessary to write different data such as the recording / playback device signature key Kdev to the internal memory 307 of the recording / playback device cryptographic processing section 302 for each recording / playback device. Become. In addition, after writing individual information for each chip, such as identification information (ID) and encryption key information, to a non-volatile storage area in the chip, such as flash memory and FeRAM, for example, rewriting and reading of data after product shipment. It is necessary to make it difficult.

As a conventional method for making it difficult to read and rewrite write data, for example, the data write command protocol is kept secret. Alternatively,
The signal line that receives the data write command on the chip and the signal line for communication that is used after the product is commercialized are configured separately so that the data write command is not effective unless the signal is sent directly to the chip on the board. There is a method such as.

However, even if such a conventional method is adopted, for those having specialized knowledge of the memory element,
With the equipment and technology for driving the circuit, it is possible to output a signal to the data writing area of the chip, and even if the command protocol for writing data is secret, there is always the possibility of analyzing the protocol.

Distributing such a storage element for the cryptographically processed data that holds the possibility of tampering with the secret data is as follows.
This results in threatening the entire cryptographic processing system. In addition, in order to prevent data reading, the data read command itself may not be mounted, but in that case, even if the normal data writing is executed, the data writing to the memory is actually performed. It is impossible to check whether the data has been written to or not and to determine whether the written data has been written correctly, and it is possible that a chip with bad data written is supplied. To do.

In view of these prior arts, here, a secure chip structure and a secure chip manufacturing method which enable accurate data writing to a non-volatile memory such as a flash memory or FeRAM and make it difficult to read out data. I will provide a.

FIG. 89 shows, for example, the above-mentioned recording / reproducing device cryptographic processing unit 302 or the cryptographic processing unit 4 of the recording device 400.
01 shows the applicable security chip configuration. Figure 8
FIG. 89A shows a security chip configuration in a chip manufacturing process, that is, a data writing process.
(B) shows an example of the configuration of a product having a security chip in which data is written, for example, a recording / reproducing device 300 and a recording device 400.

In the security chip in the manufacturing process, the mode designating signal line 8003 and various command signal lines 8004 are connected to the processing unit 8001.
Is the mode set by the mode designation signal line 8003,
For example, a data writing process to the storage unit 8002 which is a nonvolatile memory or a data reading process from the storage unit 8002 is executed according to the data writing mode or the data reading mode.

On the other hand, in the security chip mounted product of FIG. 89B, the security chip is connected to the external connection interface, peripheral devices, other elements, etc. by a general-purpose signal line, but the mode signal line 8003 is not The connection is established. The specific process is, for example, the mode signal line 8003.
Is grounded, raised to Vcc, the signal line is cut, or sealed with an insulating resin. By such processing, after the product is shipped, it becomes difficult to access the mode signal line of the security chip, and it is possible to increase the difficulty of externally reading or writing the data of the chip.

Furthermore, the security chip 80 of this configuration
00 has a configuration that makes it difficult to write data in the storage unit 8002 and read data written in the storage unit 8002, even when a third party succeeds in accessing the mode signal line 8003. Can prevent illegal data writing and reading. FIG. 90 shows a data write or read processing flow in the security chip having this configuration.

[0670] The step S951 is a mode signal line 800.
3 is a step of setting 3 to the data write mode or the data read mode.

[0675] Step S952 is a step of taking out the authentication information from the chip. The security chip of this configuration stores in advance information necessary for the authentication process, such as a password and key information for the authentication process in the encryption technique, for example, by a wire or mask ROM configuration. A step S952 reads out the authentication information and executes the authentication process. For example, when a regular data writing jig and a data reading device are connected to the general-purpose signal line and the authentication processing is executed, the authentication is OK (Yes in step S953).
Although the result of s) is obtained, an illegal data writing jig,
When the data reading device is connected to the general-purpose signal line to perform the authentication process, the authentication fails (No in step S953), and the process is stopped at that point. The authentication process can be executed according to the mutual authentication process procedure of FIG. 13 described above, for example. A processing unit 8001 shown in FIG. 89
Has a configuration capable of executing these authentication processes. This is, for example, the recording device 40 shown in FIG.
It can be realized by a configuration similar to the command register incorporated in the control unit 403 of the 0 cryptographic processing unit 401. For example, the processing unit of the chip of FIG. 89 has the same configuration as the command register incorporated in the control unit 403 of the encryption processing unit 401 of the recording device 400 shown in FIG. 29, and is connected to various command signal lines 8004 from devices. When a predetermined command No is input, it is possible to execute the corresponding process and execute the authentication process sequence.

The processing unit 8001 accepts the data write command or the data read command and executes the data write process (step S955) or the data read process (step S956) only when the authentication is performed in the authentication process. Run.

As described above, in the security chip of this configuration, since the authentication process is executed at the time of writing and reading of data, the data is read from the storage unit of the security chip by a third party who does not have the right. Alternatively, it is possible to prevent data writing to the storage unit.

Next, FIG. 91 shows an example in which an element structure having higher security is provided. In this example, the storage unit 8200 of the security chip is divided into two areas,
One is a read / write combined area (RW: ReadWrite area) 8201 capable of reading and writing data,
The other is a write-only area (WO: Write Only area) 8202 in which only data can be written.

In this structure, the write-only area (W
O: Write Only area) 8202 is used for writing data such as encryption key data and identifier data, which has a high security requirement, and on the other hand, which is not so high in security, for example, for reading and writing check data area.
Write to (RW: ReadWrite area) 8201.

The processing unit 8001 executes the data reading process accompanied by the authentication process described with reference to FIG. 90 as the data reading process from the read / write combined area (RW: ReadWrite area) 8201. However, the data writing process is executed according to the flow of FIG.

In step S961 of FIG. 92, the mode signal line 8003 is set to the write mode, and in step 962, the same authentication processing as described with reference to FIG. 90 is executed. When authentication is done in the authentication process,
Proceeding to step S963, the degree of security is not so high in the write-only (WO) area 8202 for writing information such as highly secure key data and the read / write combined area (RW: ReadWrite area) 8201 via the command signal line 8004. For example, the check data write command is output to the processing unit 8001.

[0678] In step S964, the processing unit 8001 that has received the command executes the data write processing according to the command, respectively in the write-only (WO) area 8202 and the read / write combined area (RW: ReadWrite area).
8201 is executed.

[0679] Also, the write only (WO) area 8202
FIG. 93 shows a verification processing flow of the data written in.

[0680] Step S971 in Fig. 93 is a processing unit 80.
At 01, encryption processing based on the data written in the write-only (WO) area 8202 is executed. These execution configurations are realized by a configuration that sequentially executes the cryptographic processing sequences stored in the command register, similar to the authentication processing execution configuration described above. The cryptographic processing algorithm executed by the processing unit 8001 is not particularly limited, and may be configured to execute the DES algorithm described above, for example.

Next, in step S972, the verification device connected to the security chip receives the encryption processing result from the processing unit 8001. Next, in step S973, the result obtained by applying the same encryption processing as the algorithm executed in the processing unit 8001 to the regular write data that was previously written in the storage unit, and
The encrypted result from the processing unit 8001 is compared.

If the compared results are the same, it is verified that the data written in the write-only (WO) area 8202 is correct.

In this structure, even if the authentication process is broken and the read command can be executed, the data readable area is the read / write combined area (RW: R).
The data written in the write-only (WO) area 8202, which is limited to the eadWrite area) 8201, cannot be read, and the configuration has higher security. Also, unlike a chip that cannot read at all, a read / write combined area (RW: ReadWr
Since the (ite area) 8201 is configured, it is possible to check the correctness of the memory access.

The present invention has been described in detail above with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiments without departing from the scope of the present invention. That is, the present invention has been disclosed in the form of exemplification, and should not be limitedly interpreted. Further, in the above-mentioned embodiment, the recording / reproducing device capable of recording and reproducing the content has been described as an example, but the configuration of the present invention can be applied to an apparatus capable of only data recording and data reproduction. The present invention can be implemented in personal computers, game machines, and other various data processing devices in general. In order to determine the gist of the present invention, the section of the claims described at the beginning should be taken into consideration.

[0685]

As described above, the data recording / reproducing device and the save data processing method of the present invention use the save data encryption generated by using the encryption key unique to only the program, for example, the content key or based on the content key. The save data is encrypted by using the key so that it can be stored in the recording device. Furthermore, the save data encryption key is generated by using the key unique to the recording and reproducing device, for example, the signature key of the recording and reproducing device to encrypt the save data. Since it is configured to be stored in the recording device, the save data can be used only when the program identity, the record / playback device identity, etc. are secured. It is possible to prevent use and falsification.

Further, according to the data recording / reproducing device and the save data processing method of the present invention, the save data encryption key is generated based on the unique information of the user, for example, the input password, and the save data encryption key saves the user. Data can be stored. In addition, such various usage restrictions, that is, the sameness of programs, the sameness of the recording / reproducing device, and the sameness of the user can be appropriately combined and can be stored in the recording device with the usage restriction of the save data.
It becomes possible to store and play save data with high security.

Further, according to the data processing system, the recording device, and the data processing method of the present invention, a plurality of key blocks storing key data applicable to the authentication processing are formed in the recording device and stored in the plurality of key blocks. The key data is set as different key data for each block, and the authentication process between the recording / reproducing device and the recording device is configured to be executed by designating a specific key block. Therefore, for each product destination (country), Alternatively, by setting a key block to be applied to the authentication process for each product, model, version, and application, it becomes possible to easily set content usage restrictions for each product, model, version, and application.

Further, according to the data processing system, the recording device and the data processing method of the present invention, since the storage key stored in each key block is composed of different keys, the storage of the recording device by different key blocks is performed. Content data, key data, etc. stored in
Since the decryption process using the recording / reproducing device to which the other key block is set becomes impossible, it becomes possible to prevent the illegal distribution of the content data or the key data.

Further, in the data processing system, the recording device and the data processing method of the present invention, various processes such as the authentication process in the recording device and the encryption process of the stored data are executed according to a setting sequence in which the command order is predetermined. Configured to run. That is,
The recording / playback device transmits a command number to the recording device, and the control unit of the recording device is configured to accept and execute only the command number according to a predetermined sequence, and the authentication processing command of the setting sequence is encrypted. Since it is set to be executed before the command, only the recording / playback device that has been authenticated can store or play back the content in the recording device.
It is possible to exclude content use by an unauthorized device that has not been authenticated.

Furthermore, according to the data processing system, recording device, and data processing method of the present invention, an authentication flag indicating that the authentication processing has been completed is set, and the device to which the authentication flag has been set is encrypted. Data storage processing,
Since the reproduction process can be executed, when the storage process and the reproduction process are repeatedly executed, and when the authentication flag is set, it is not necessary to repeatedly execute the authentication process, and efficient data processing can be performed.

[Brief description of drawings]

FIG. 1 is a diagram showing a configuration of a conventional data processing system.

FIG. 2 is a diagram showing a configuration of a data processing device to which the present invention is applied.

FIG. 3 is a diagram showing a configuration of a data processing device to which the present invention is applied.

FIG. 4 is a diagram showing a data format of content data on a medium and a communication path.

FIG. 5 is a diagram showing a handling policy included in a header in content data.

FIG. 6 is a diagram showing block information included in a header in content data.

FIG. 7 is a diagram showing a digital signature generation method using DES.

FIG. 8 is a diagram showing a digital signature generation method using triple DES.

FIG. 9 is a diagram illustrating an aspect of triple DES.

FIG. 10 is a diagram showing a digital signature generation method using a part of triple DES.

FIG. 11 is a diagram showing a processing flow in digital signature generation.

FIG. 12 is a diagram showing a processing flow in electronic signature verification.

FIG. 13 is a diagram illustrating a processing sequence of mutual authentication processing using symmetric key cryptography.

FIG. 14 is a diagram illustrating a public key certificate.

FIG. 15 is a diagram illustrating a processing sequence of mutual authentication processing using asymmetric key cryptography.

FIG. 16 is a diagram showing a processing flow of encryption processing using elliptic curve cryptography.

FIG. 17 is a diagram showing a processing flow of decryption processing using elliptic curve cryptography.

FIG. 18 is a diagram showing a data holding state on a recording / reproducing device.

FIG. 19 is a diagram showing a data holding state on a recording device.

FIG. 20 is a diagram showing a mutual authentication processing flow between a recording / reproducing device and a recording device.

FIG. 21 is a diagram showing a relationship between a master key of a recording / reproducing device and a corresponding key block of a recording device.

FIG. 22 is a diagram illustrating a processing flow in content download processing.

FIG. 23 is a diagram illustrating a method of generating a check value A: ICVa.

FIG. 24 is a diagram illustrating a method of generating a check value B: ICVb.

FIG. 25 is a diagram illustrating a method of generating a total check value and a recording / playback device-specific check value.

FIG. 26 is a diagram showing a format of content data (usage restriction information = 0) stored in a recording device.

FIG. 27 is a diagram showing a format (usage restriction information = 1) of content data stored in a recording device.

FIG. 28 is a diagram showing a processing flow of content reproduction processing.

FIG. 29 is a diagram illustrating a command execution method in a recording device.

FIG. 30 is a diagram illustrating a command execution method in content storage processing in a recording device.

FIG. 31 is a diagram illustrating a command execution method in content reproduction processing in a recording device.

[Fig. 32] Fig. 32 is a diagram for describing the configuration of format type 0 of the content data format.

[Fig. 33] Fig. 33 is a diagram for describing the configuration of format type 1 of the content data format.

[Fig. 34] Fig. 34 is a diagram for describing the configuration of format type 2 of the content data format.

[Fig. 35] Fig. 35 is a diagram for describing the configuration of format type 3 of the content data format.

FIG. 36 is a diagram illustrating a method of generating a content check value ICVi in format type 0.

FIG. 37 is a diagram illustrating a method of generating a content check value ICVi in format type 1.

[Fig. 38] Fig. 38 is a diagram for describing a method of generating a total check value and a recording / playback device-specific check value in format types 2 and 3.

FIG. 39 is a diagram illustrating a processing flow of content download processing in format types 0 and 1.

FIG. 40 is a diagram showing a processing flow of content download processing in format type 2;

FIG. 41 is a diagram showing a processing flow of content download processing in format type 3;

[Fig. 42] Fig. 42 is a diagram illustrating a processing flow of content reproduction processing in format type 0.

FIG. 43 is a diagram showing a processing flow of content reproduction processing in format type 1;

FIG. 44 is a diagram showing a processing flow of content reproduction processing in format type 2;

45 is a diagram showing a processing flow of content reproduction processing in format type 3; FIG.

FIG. 46 is a diagram (part 1) explaining a method of generating and verifying a check value by a content creator and a content verifier.
Is.

[Fig. 47] Fig. 47 is a diagram (No. 2) explaining a method of generating and verifying a check value by a content creator and a content verifier.

[Fig. 48] Fig. 48 is a diagram (No. 3) explaining a method of generating and verifying a check value by a content creator and a content verifier.

FIG. 49 is a diagram illustrating a method of individually generating various keys using a master key.

[Fig. 50] Fig. 50 is a diagram (example 1) showing an example of processing by a content provider and a user regarding a method of individually generating various keys using a master key.

FIG. 51 is a diagram (example 2) showing a processing example in the content provider and the user regarding a method of individually generating various keys using a master key.

[Fig. 52] Fig. 52 is a diagram for describing a configuration for performing usage restriction by properly using a master key.

[Fig. 53] Fig. 53 is a diagram (example 3) showing a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.

FIG. 54 is a diagram (example 4) showing a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.

[Fig. 55] Fig. 55 is a diagram (example 5) showing a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.

FIG. 56 is a diagram showing a processing flow of storing an encryption key to which triple DES is applied by using a single DES algorithm.

FIG. 57 is a diagram showing a content reproduction processing flow (example 1) based on a priority order.

FIG. 58 is a diagram showing a content reproduction processing flow (example 2) based on priority.

FIG. 59 is a diagram showing a content reproduction processing flow (example 3) based on a priority order.

[Fig. 60] Fig. 60 is a diagram for describing a configuration for performing compression (decompression) processing of compressed data in content reproduction processing.

[Fig. 61] Fig. 61 is a diagram illustrating a configuration example (example 1) of content.

[Fig. 62] Fig. 62 is a diagram illustrating a reproduction processing flow in Content Configuration Example 1.

[Fig. 63] Fig. 63 is a diagram illustrating a configuration example (example 2) of content.

[Fig. 64] Fig. 64 is a diagram illustrating a reproduction processing flow in Content Configuration Example 2.

[Fig. 65] Fig. 65 is a diagram illustrating a configuration example (example 3) of content.

[Fig. 66] Fig. 66 is a diagram illustrating a reproduction processing flow in Content Configuration Example 3.

[Fig. 67] Fig. 67 is a diagram illustrating a configuration example (example 4) of content.

[Fig. 68] Fig. 68 is a diagram illustrating a reproduction processing flow in Content Configuration Example 4.

[Fig. 69] Fig. 69 is a diagram for describing generation and storage processing of save data.

FIG. 70 is a diagram showing a processing flow relating to an example of save data storage processing (example 1);

71 is a diagram showing a data management file configuration (example 1) used in a save data storage / playback process. FIG.

[Fig. 72] Fig. 72 is a diagram illustrating a process flow relating to an example of a save data reproduction process (example 1).

[Fig. 73] Fig. 73 is a diagram illustrating a processing flow relating to a save data storage processing example (Example 2).

[Fig. 74] Fig. 74 is a diagram illustrating a processing flow of an example (example 2) of reproduction processing of save data.

[Fig. 75] Fig. 75 is a diagram showing a processing flow relating to an example of storage processing of save data (example 3).

FIG. 76 is a diagram showing a data management file structure (example 2) used in save data storage and reproduction processing.

[Fig. 77] Fig. 77 is a diagram showing a processing flow relating to an example (example 3) of reproduction processing of save data.

[Fig. 78] Fig. 78 is a diagram illustrating a processing flow relating to a save data storage processing example (Example 4).

[Fig. 79] Fig. 79 is a diagram illustrating a processing flow relating to an example (example 4) of reproduction processing of save data.

[Fig. 80] Fig. 80 is a diagram illustrating a processing flow relating to a save data storage processing example (Example 5).

[Fig. 81] Fig. 81 is a diagram illustrating a data management file configuration (example 3) used in save data storage and reproduction processing.

[Fig. 82] Fig. 82 is a diagram illustrating a processing flow relating to an example (example 5) of save data reproduction processing.

[Fig. 83] Fig. 83 is a diagram illustrating a processing flow relating to a save data storage processing example (Example 6).

FIG. 84 is a diagram showing a data management file configuration (example 4) used in save data storage and reproduction processing.

[Fig. 85] Fig. 85 is a diagram illustrating a processing flow relating to an example (example 6) of reproduction processing of save data.

[Fig. 86] Fig. 86 is a diagram for describing a configuration for revoking unauthorized users of content.

[Fig. 87] Fig. 87 is a diagram illustrating a processing flow (example 1) of eliminating (revoking) unauthorized users of the content.

[Fig. 88] Fig. 88 is a diagram illustrating a processing flow (example 2) of excluding unauthorized users (revocation).

FIG. 89 is a diagram illustrating a configuration (example 1) of a security chip.

FIG. 90 is a diagram showing a processing flow in a method of manufacturing a security chip.

FIG. 91 is a diagram illustrating a configuration (example 2) of the security chip.

FIG. 92 is a diagram showing a processing flow of data writing processing in the security chip (example 2).

FIG. 93 is a diagram showing a processing flow of write data check processing in the security chip (Example 2).

[Explanation of symbols]

106 Main CPU 107 RAM 108 ROM 109 AV processing unit 110 Input processing unit 111 PIO 112 SIO 300 recording and reproducing device 301 control unit 302 Cryptographic processing unit 303 recording device controller 304 Reader 305 Communication unit 306 control unit 307 internal memory 308 encryption / decryption unit 400 recording device 401 Cryptographic processing unit 402 external memory 403 Control unit 404 Communication unit 405 internal memory 406 encryption / decryption unit 407 External memory control unit 500 media 600 communication means 2101, 1022, 2103 recording / reproducing device 2104, 2105, 2106 recording devices 2901 Command number management unit 2902 Command register 2903, 2904 Authentication flag 3001 speaker 3002 monitor 3090 memory 3091 Content analysis unit 3092 Data storage unit 3093 Program storage unit 3094 Compression / decompression processing unit 7701 Content data 7702 Revocation list 7703 List check value 8000 security chip 8001 Processing unit 8002 storage unit 8003 Mode signal line 8004 Command signal line 8201 Read / write combined area 8202 write-only area

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Taizo Shirai             6-735 Kita-Shinagawa, Shinagawa-ku, Tokyo Soni             -Inside the corporation (72) Inventor Toru Akishita             6-735 Kita-Shinagawa, Shinagawa-ku, Tokyo Soni             -Inside the corporation (72) Inventor Shoji Yoshimori             7-1, Akasaka, Minato-ku, Tokyo Co., Ltd.             Sony Computer Entertainment             Within (72) Inventor Makoto Tanaka             7-1, Akasaka, Minato-ku, Tokyo Co., Ltd.             Sony Computer Entertainment             Within F-term (reference) 5B017 AA03 AA06 BA05 BA07 BB09                       BB10 CA07 CA08 CA14 CA16                 5J104 AA12 AA16

Claims (51)

[Claims] 1. A data recording / reproducing device capable of reproducing and executing program content, a recording device for recording save data related to the program content, encryption processing of stored save data for the recording device, and reproduction for reproduction from the recording device. An encryption processing unit that executes a decryption process of save data; an input unit that inputs use restriction information of save data; and a control unit that determines an encryption processing method or a decryption processing method of save data, The control unit determines an encryption processing method of save data to be stored in the recording device according to the input use restriction information from the input unit, and stores the encryption process in a storage unit or a recording device accessible by the control unit. Follow the save data usage restriction information set in the data management file. The encryption processing unit determines a decryption processing method for save data to be reproduced from the recording device, wherein the encryption processing unit has a different encryption key depending on the encryption processing method or the decryption processing method determined by the control unit. A data recording / reproducing device having a configuration for executing encryption processing or decryption processing of save data by using. 2. The save data use restriction information is a program restriction that enables the use of save data on the condition that the content programs are the same, and the data management file is a program corresponding to an identifier of the content program. The encryption processing unit is configured as a table storing restriction information, and the encryption processing unit is configured to input the usage restriction information from the input unit, or the setting usage restriction information of the data management file is an input or setting with a program restriction, Executes save data encryption processing or decryption processing with a program-specific save data encryption key generated based on at least one of a program-specific encryption key, or a content program-specific encryption key or unique information, Input use restriction information from the input means Or, when the setting use restriction information of the data management file is an input or setting without program restriction, it is generated based on the system common encryption key stored in the data recording / reproducing device or the system common encryption key. 2. The data recording / reproducing device according to claim 1, wherein the common save data encryption key is configured to execute save data encryption processing or decryption processing. 3. An encryption key unique to the content program is a content key Kcon stored in a header portion of content data including the content program, and the system-common encryption key is a plurality of different data recording / reproducing devices. 3. The data recording / reproducing device according to claim 2, wherein the data recording / reproducing device is a system signature key Ksys commonly stored in. 4. The save data use restriction information is a record / reproducer restriction that enables use of the save data on condition that the data record / reproducer is the same, and the data management file is a content program identifier. The encryption processing unit is configured as a table storing the recording / reproducing device restriction information in association with each other. Or, in the case of setting, by the encryption key unique to the data recording / reproducing device, or the recording / playing device unique save data encryption key generated based on at least one of the encryption key unique to the data recording / reproducing device and the unique information Executes save data encryption processing or decryption processing, and uses the input use restriction information from the input means, or When the setting use restriction information of the data management file is an input or setting without program restrictions, the system common encryption key stored in the data recording / reproducing device or the common save data generated based on the system common encryption key The data recording / reproducing device according to claim 1, wherein the data recording / reproducing device is configured to execute an encryption process or a decryption process of save data with an encryption key. 5. An encryption key unique to the data recording / reproducing device is:
It is a signature key Kdev unique to the data recording / reproducing device stored in the data recording / reproducing device, and the encryption key common to the system is a system signature key Ksys commonly stored in a plurality of data recording / reproducing devices. The data recording / reproducing device according to claim 4, which is characterized in that. 6. The use restriction information of the save data is a user restriction that enables the use of the save data on the condition that the user's identity is the same, and the data management file corresponds to the identifier of the content program. If the input processing restriction information from the input unit or the setting usage restriction information of the data management file is an input or setting with user restriction, the input unit is configured as a table storing information. Encryption processing or decryption processing of save data is performed by a password input from the user or a user-specific save data encryption key generated based on the password, and input use restriction information from the input means or the data management When the file setting usage restriction information is input or settings without user restrictions , A configuration that executes save data encryption processing or decryption processing by a system common encryption key stored in the recording / reproducing device or a common save data encryption key generated based on the system common encryption key The data recording / reproducing device according to claim 1, wherein 7. The data recording / reproducing device according to claim 6, wherein the encryption key common to the system is a system signature key Ksys commonly stored in a plurality of recording / reproducing devices. 8. A save data processing method in a data recording / reproducing device capable of reproducing and executing program contents, wherein an encryption processing mode of save data to be stored in a recording device is determined according to input use restriction information from an input means. An encryption processing mode determining step; an encryption key selecting step of selecting an encryption key to be applied to an encryption process according to the encryption processing mode determined in the encryption processing mode determining step; and the encryption key selecting step. A save data processing method, characterized in that the save data encryption process is executed using the encryption key selected in. 9. A save data processing method in a data recording / reproducing device capable of reproducing and executing program content, wherein reproduction is performed from a recording device according to set use restriction information set in a data management file stored in a storage means or a recording device. A decryption processing mode determining step of determining a decryption processing mode of the save data; a decryption key selecting step of selecting a decryption key according to the decryption processing mode determined in the decryption processing mode determining step; A save data processing method, characterized in that decryption processing of save data is executed using the decryption key selected in the activation key selection step. 10. A data processing system comprising a recording / reproducing device and a recording device that mutually transfer encrypted data, wherein the recording device stores data that stores content data that can be transferred between the recording / reproducing device and the recording device. In addition to having a storage unit, it has a plurality of key blocks storing at least key data applicable to the authentication process between the recording / reproducing device and the recording device, and the key data stored in the plurality of key blocks is different for each block. In the authentication process between the recording / reproducing device and the recording device, the recording / reproducing device designates one key block from a plurality of key blocks of the recording device, and sets it as a designated key block. It is characterized by having a configuration for executing an authentication process with the recording device based on the stored key data. Over data processing system. 11. A plurality of key blocks of the recording device each include at least an authentication key applicable to an authentication process, and the authentication keys of each key block are configured as mutually different key data. The data processing system according to claim 10. 12. The recording / reproducing device retains, in a memory in the recording / reproducing device, setting information in which a key block to be applied to an authentication process is set as a designated key block, and the recording / reproducing device comprises a recording / reproducing device and a recording device. In the authentication process between the two, the configuration is such that one key block is designated from the plurality of key blocks of the recording device based on the setting information held in the memory in the recording / reproducing device, and the authentication process is executed. The data processing system according to claim 10. 13. The specified key block setting information of the recording / reproducing device is set so as to be different for each predetermined product unit such as a model / version of the recording / reproducing device or a shipping destination. 12. The data processing system according to item 12. 14. The recording / reproducing device has a configuration in which key data for authentication processing required for an authentication process with the recording device is stored in a memory in the recording / reproducing device, and the authentication stored in the memory in the recording / reproducing device. The processing key data is authenticated only in the authentication process using the in-block key data stored only in a part of the plurality of key blocks of the recording device, and the other key block in-use key data is used. 11. The data processing system according to claim 10, wherein the key data is a key data for which authentication is not established in the existing authentication process. 15. The recording / reproducing device stores a master key MKake for recording device authentication key in a memory in the recording / reproducing device, and the authentication key Kake generated based on the master key MKake for recording device authentication key is The authentication key is established only in the authentication process using the key data in the specified key block set in the recorder / player, and is not established in the authentication process using the key data in other key blocks. The data processing system according to claim 10, wherein the data processing system is a data processing system. 16. The recording device has a structure in which the recording device identification information IDmem is stored in the memory in the recording device, and a different authentication key Kake is stored in each of the plurality of key blocks, The recording / reproducing device generates an authentication key Kake by the encryption processing of the recording device identification information IDmem based on the recording device authentication key master key MKake stored in the recording / reproducing device memory, and uses the generated authentication key Kake. The data processing system according to claim 15, wherein the data processing system is configured to perform an authentication process with a designated key block of the recording device. 17. Each of the key blocks of the recording device includes recording device identifier information which is unique information of the recording device, an authentication key and a random number generation key used in an authentication process with a recording / reproducing device, and the data. The data processing system according to claim 10, further comprising a storage key used for encryption processing of data stored in the storage unit. 18. The storage key stored in each of a plurality of key blocks of the recording device is key data that is different for each key block and is a key used for encryption processing of data stored in the data storage unit. If there is a request from the outside of the recording device to use the data encrypted with the storage key, the recording device executes key exchange processing of the storage key in the recording device and performs encryption with a key different from the storage key. The data processing system according to claim 17, wherein the data processing system has a configuration for outputting data to the outside of the recording device. 19. The recording device has an encryption processing unit, and the encryption processing unit selects one key block of a plurality of key blocks of the recording device according to key block designation information received from the recording and reproducing device. The data processing system according to claim 10, wherein the data processing system has a configuration for performing authentication processing with the recording / reproducing device using the key data in the selected key block. 20. An encryption processing unit in the recording device executes encryption in a data storage process for a data storage unit storing content data that can be transferred between a recording / reproducing device and the recording device and a data transfer process from the data storage unit. 20. The data processing system according to claim 19, characterized in that the processing is executed by using the key data in one key block selected according to the key block designation information received from the recording and reproducing device. 21. A plurality of key blocks of the recording device that can be designated by the recording and reproducing device are provided, and at least one key block among the plurality of key blocks that can be designated can be designated by another recording and reproducing device. The data processing system according to claim 10, wherein the data processing system is configured as a key block that can be commonly designated. 22. A recording device having a data storage unit for storing content data that can be transferred to and from an external device, the key storing key data applicable to at least authentication processing between the recording device and the external device. Has multiple blocks,
A recording device characterized in that the key data stored in the plurality of key blocks has a configuration in which different key data is stored for each block. 23. Each of the plurality of key blocks of the recording device includes at least an authentication key applicable to an authentication process, and the authentication keys of each key block are configured as mutually different key data. The recording device according to claim 22. 24. The recording device comprises a recording device identification information ID in the memory in the recording device.
23. The recording device according to claim 22, wherein the recording device has mem and has a configuration in which an authentication key Kake different for each key block is stored in each of the plurality of key blocks. 25. Each of the key blocks of the recording device includes recording device identifier information that is unique information of the recording device, an authentication key and a random number generation key used in an authentication process with the external device, and the data storage. 23. The recording device according to claim 22, further comprising a storage key used for encryption processing of data stored in the unit. 26. The storage key stored in each of a plurality of key blocks of the recording device is key data that is different for each key block, and is a key used for encryption processing of data stored in the data storage unit. If there is a request from the outside of the recording device to use the data encrypted with the storage key, the recording device executes key exchange processing of the storage key in the recording device and performs encryption with a key different from the storage key. The recording device according to claim 25, having a configuration for outputting data to the outside of the recording device. 27. The recording device has an encryption processing unit, and the encryption processing unit selects one key block of a plurality of key blocks of the recording device according to key block designation information received from the external device, 23. The recording device according to claim 22, wherein the recording device has a configuration for performing authentication processing with the recording / reproducing device using the key data in the selected key block. 28. The encryption processing unit in the recording device executes encryption in a data storage process for a data storage unit storing content data transferable between the external device and the recording device and a data transfer process from the data storage unit. 28. The recording device according to claim 27, wherein the recording device is configured to execute the process using the key data in one key block selected according to the key block designation information received from the external device. 29. A data processing method in a data processing system comprising a recording / reproducing device and a recording device for mutually executing encrypted data transfer, wherein the recording / reproducing device has one key block from a plurality of key blocks included in the recording device. Is specified and the authentication processing with the recording device is executed based on the key data stored in the specified key block. 30. A first method for mutually transmitting encrypted data
In the data processing system including the device and the second device, the second device has an encryption processing unit that executes encryption processing related to transfer data with the first device, and the encryption processing unit includes: The control unit includes a control unit that receives a command identifier transferred from the first device according to a predetermined setting sequence, retrieves a command corresponding to the received command identifier from a register, and executes the command. A data processing system characterized in that, when a command identifier transferred from the first device is a command identifier different from the setting sequence, processing of a command corresponding to the command identifier is stopped. 31. A setting sequence relating to a command identifier received from the first device included in the control unit is a command number setting sequence in which numbers are sequentially incremented, and the control unit includes a command number setting sequence from the first device. The received value of the received command number is stored in the memory, and the new received command number from the first device is determined to match the setting sequence based on the received command number stored in the memory and set. 4. When it is determined that the sequence number is different, the command processing corresponding to the new received command number is not performed, and the command number stored in the memory is reset.
The data processing system according to 0. 32. The second device has a command register storing a command according to the setting sequence, and the command register stores an authentication process for the first device and the second device. An authentication processing command sequence to be executed and an encryption processing command sequence for executing encryption processing relating to transfer data between the first device and the second device are stored, and correspond to the authentication processing command sequence. 31. The data processing system according to claim 30, wherein the command identifier is sequenced so as to be executed in a step prior to the command identifier corresponding to the cryptographic processing command sequence. 33. An encryption key exchange process for encrypted data transferred from the first device to the second device and stored in a storage unit in the second device. Or a command sequence including an encryption key exchange process for encrypted data stored in the storage means in the second device and transferred from the second device to the first device, 33. The data processing system according to claim 32, comprising at least one of the command sequences. 34. The control unit sets an authentication flag indicating that the authentication has been completed when the authentication is established by the authentication processing of the first device and the second device, and the authentication flag is set. While being set, the command management control that enables execution of the encryption processing command sequence is executed, and the control unit resets the authentication flag when newly executing the authentication processing command sequence. 33. The data processing system of claim 32, characterized in that 35. The control unit manages a command execution order based on the setting sequence and the command identifier in the encryption key exchange process, and the control unit is executing a series of commands related to the key exchange process. 34. The data processing system according to claim 33, wherein the data processing system is configured not to accept command processing different from the setting sequence from an external device including the first device. 36. The second device is a storage device having a data storage unit for storing encrypted data, and the first device is a process of storing data in the storage device and storing the data in the storage device. 31. A recording / reproducing device for extracting, reproducing, and executing the extracted data, wherein the recording / reproducing device has an encryption processing unit for executing encryption processing of transfer data with the recording device. The described data processing system. 37. The recording device stores an authentication key applied to an authentication process between the recording / reproducing device and the recording device, and a storage key as an encryption key of data stored in a data storage unit in the recording device. The control unit in the encryption processing unit of the recording device receives a command identifier from the recording / reproducing device according to the setting sequence, and performs an authentication process using the authentication key stored in the key block. 37. The data processing system according to claim 36, wherein the data processing system is configured to be executed, and after the authentication processing is completed, a data encryption processing involving a key exchange processing using the storage key is executed. 38. The key block is composed of a plurality of key blocks respectively storing different authentication keys and storage keys, and the recording / reproducing device is used for the authentication processing and the data encryption processing from the plurality of key blocks. One of the key blocks to be designated is notified to the recording device as a designated key block, and the recording device executes the authentication process using the authentication key stored in the designated key block and the data encryption process using the storage key. 38. The structure according to claim 37.
The data processing system described in. 39. A recording device having a data storage unit that stores content data that can be transferred to and from an external device, wherein the recording device includes an encryption processing unit that executes encryption processing related to transfer data with the external device. The cryptographic processing unit has a control unit that receives a command identifier transferred from an external device in accordance with a predetermined setting sequence, retrieves a command corresponding to the received command identifier from a register, and executes the command. The control unit is configured to stop processing of a command corresponding to the command identifier when the command identifier transferred from the external device is a command identifier different from the setting sequence. . 40. The control unit has a command number setting sequence in which numbers are sequentially incremented as the setting sequence, and the control unit stores a reception value of a reception command number from the external device in a memory. At the same time, the new received command number from the external device is determined to match the setting sequence based on the received command number stored in the memory, and if it is determined to be different from the setting sequence, the new The command number stored in the memory is reset without performing command processing corresponding to the received command number.
Recording device described in. 41. The recording device has a command register storing commands according to the setting sequence, and the command register has an authentication processing command sequence for executing authentication processing between the external device and the recording device. And a cryptographic processing command sequence for performing cryptographic processing relating to transfer data between the external device and the recording device, and a command identifier corresponding to the authentication processing command sequence is stored in the cryptographic processing command sequence. 40. The recording device of claim 39, wherein the recording device is sequenced to be executed in a step prior to the corresponding command identifier. 42. The encryption processing command sequence is transferred from the external device to the recording device,
A command sequence including encryption key exchange processing for encrypted data stored in the storage means in the recording device,
Alternatively, a command sequence including an encryption key exchange process for encrypted data stored in the storage means in the recording device and transferred from the recording device to the external device, including at least one of the above command sequences The recording device of claim 41, wherein the recording device is a storage device. 43. The control unit sets an authentication flag indicating that the authentication has been completed when the authentication is established by the authentication process between the external device and the recording device, and the authentication flag is set. During the period, command management control that enables execution of the encryption processing command sequence is executed, and the control unit resets the authentication flag when newly executing the authentication processing command sequence. Item 41. The recording device according to item 41. 44. In the encryption key exchange process, the control unit manages a command execution order based on the setting sequence and the command identifier, and the control unit, while executing a series of commands related to the key exchange process, The recording device according to claim 42, wherein the recording device is configured not to accept a command process different from the setting sequence from an external device including the external device. 45. The recording device stores an authentication key applied to an authentication process between the external device and the recording device, and a storage key as an encryption key of data stored in a data storage unit in the recording device. The control unit in the encryption processing unit of the recording device receives a command identifier from the external device according to the setting sequence and executes an authentication process using the authentication key stored in the key block. 40. The recording device according to claim 39, wherein the recording device is configured to execute a data encryption process involving a key exchange process using the storage key after the authentication process is completed. 46. The key block comprises a plurality of key blocks storing different authentication keys and storage keys, respectively, and the external device uses the plurality of key blocks for an authentication process and a data encryption process. A configuration in which one key block is notified to the recording device as a designated key block, and the recording device executes an authentication process using an authentication key stored in the designated key block and a data encryption process using a storage key. The recording device according to claim 45, wherein: 47. A first method for mutually executing encrypted data transfer
Is a data processing method in a data processing system comprising a device and a second device, wherein the second device receives a command identifier transferred from the first device according to a predetermined setting sequence, A command processing control step is executed in which a command corresponding to the received command identifier is fetched from a register and executed, and in the command processing control, the command identifier transferred from the first device is a command identifier different from the setting sequence. In this case, the data processing method is characterized in that the processing of the command corresponding to the command identifier is stopped. 48. A program providing medium for providing a computer program for causing a data recording and reproducing device capable of reproducing and executing program contents to execute save data processing on a computer system, wherein the computer program is from an input means. Encryption processing mode determining step for determining the encryption processing mode of the save data to be stored in the recording device according to the input use restriction information of 1., and encryption according to the encryption processing mode determined in the encryption processing mode determining step. An encryption key selecting step for selecting an encryption key to be applied to the encryption processing, and a step of executing save data encryption processing using the encryption key selected in the encryption key selecting step. Characteristic program providing medium. 49. A program providing medium for providing a computer program for causing a data recording / reproducing device capable of reproducing and executing program contents to execute save data processing on a computer system, wherein the computer program is storage means or A decoding process mode determining step of determining a decoding process mode of save data to be played back from the recording device according to setting use restriction information set in a data management file stored in the recording device; and the decoding process mode determining step, Decryption key selection step of selecting a decryption key to be applied to the decryption processing according to the determined decryption processing mode, and decryption processing of save data using the decryption key selected in the decryption key selection step And a step of performing Program providing medium. 50. A program providing medium for providing a computer program for causing a computer system to execute a data processing method in a data processing system comprising a recording / reproducing device and a recording device for mutually transmitting encrypted data. In the computer program, the recording / reproducing device specifies one key block from a plurality of key blocks included in the recording device, and performs an authentication process with the recording device based on the key data stored in the specified key block. A program providing medium including a step of executing. 51. A first method for mutually transmitting encrypted data
Is a program providing medium that provides a computer program for causing a computer system to execute data processing in a data processing system including the first device and the second device, the transfer being performed from the first device to the second device. A command processing control step of receiving a command identifier to be executed according to a predetermined setting sequence, fetching a command corresponding to the received command identifier from a register and executing the command, in the command processing control step, the first A program providing medium characterized by including a step of stopping processing of a command corresponding to the command identifier when the command identifier transferred from the device is a command identifier different from the setting sequence.