JP2003115838A - Encrypted data delivery system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide technology for suppressing the data amount of information (TRL) for specifying a plurality of terminals and a terminal to be invalidated in a system composed of a plurality of terminals, a distributor for delivering data only to terminals except for the terminal to be invalidated and a management device for generating the TRL. SOLUTION: A management device 110 generates the TRL composed of data expressing the terminal ID of all invalidated terminals having a common bit stream in one part of the terminal ID only with the position and value of the bit stream in one part and transmits the TRL to a contents key distributor 120. Each of terminals 130 holds the terminal ID containing a maker class and a serial number or the like and the distribution of the contents key is requested by sending the terminal ID to the contents key distributor 120. While referring to the TRL, the contents key distributor 120 decides whether the terminal ID sent from the terminal is the terminal ID of the invalidated terminal or not and when the sent terminal ID is not the terminal ID of the invalidated terminal, the contents key is enciphered and transmitted to that terminal.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a cryptographic communication system, and more particularly, it does not respond to a request from a part of a plurality of terminal devices, but accepts a request from another terminal device. The present invention relates to a cryptographic communication system including a cryptographic communication device that transmits encrypted data.

[0002]

2. Description of the Related Art In recent years, against the background of the development of Internet-related technologies, electronic commerce systems utilizing the Internet have been actively developed. Encryption technology is used in data communication in electronic commerce and the like. For example, a public key cryptosystem cryptographic communication system is often used for authentication of a communication partner, and a secret key cryptosystem cryptographic communication system is often used for safe distribution of data. Regarding public-key cryptography and secret-key cryptography, refer to "Modern Cryptography" (Shinichi Ikeno, Kenji Koyama, IEICE, 1986).
Year).

In the cryptographic communication system of the public key cryptosystem,
Generally, a public key certificate issued by an organization called a certificate authority in order to prove the correspondence between a public key and a person or thing holding the public key is added to the public key and transmitted. Public key certificates are basically public information that does not need to be kept secret. The private key paired with the public key must be managed secretly.

Generally, a public key certificate has a validity period,
If the private key paired with the public key is exposed or is suspected to have been exposed due to an accident or incident, the public key certificate must be revoked even within the valid period. As a method for invalidating public key certificates, refer to the document "Digital Signature and Cryptography" (Translated by Shinichiro Yamada, Pearson Co., Ltd.
Education, pp. 189-196, 1997), Certificate Revocation List (CRL)
t) is disclosed. In this CRL,
The serial numbers of all public key certificates to be revoked are listed, and there is a mechanism that uses the CRL to invalidate and disable the public key certificates with serial numbers listed in the CRL. Can be built.

By the way, a large number of terminal devices for receiving and reproducing digital contents, which are required to appropriately use digital contents such as movies which have been encrypted for copyright protection and other purposes, respond to the requests. When considering a distribution service in which a distribution device distributes a key for decrypting digital content (hereinafter referred to as “content key”), the distribution of the content key is appropriate in view of copyright protection and the like. It should only be done for terminal devices.

In this distribution service, the terminal device has a secret key unique to the device, and the distribution device on the key distribution side is
Upon receiving the content key distribution request and the notification of the terminal identifier (terminal ID) unique to the terminal device from the terminal device, the content key is encrypted so that it can be decrypted only with the private key unique to the terminal device It is conceivable that a delivery method or the like for transmitting will be used.

In this case, after it is found that there is a problem in the method of mounting the secret key in the terminal device manufactured by a certain manufacturer, the content key is distributed to the group of terminal devices of the manufacturer. Need to avoid doing. In addition, regarding the mechanism of preventing copying of digital contents in a terminal device, after a method of disabling that mechanism in a terminal device manufactured by a certain manufacturer was exposed, On the other hand, it is necessary not to distribute the content key.

That is, it is necessary to stop the distribution of the content key to the terminal device in the illegal state. As a method of responding to this need, in the distribution service, the distribution device receives the terminal ID together with the distribution request of the content key from the terminal device, and all the terminals to be revoked instead of the serial number of the public key certificate described above. A modified version of the CR that describes the terminal ID of the device
L (hereinafter, "TRL" (invalidation terminal list, Terminal R
evocation List). ) Is used, and if the received terminal ID is described in the TRL, the key may be distributed in response to the distribution request only if the distribution request is not described.

[0009]

However, in the above method, when the number of terminal devices to be invalidated is large, the terminal IDs of all the terminal devices are described, so that the data size of the TRL becomes enormous. If it is assumed that the number of terminal devices targeted for distribution service is about 4 billion, the terminal ID is fixed length data of 4 bytes or more, and 1% of the terminal devices needs to be invalidated. Has a TRL of 16
The data size is 0 megabytes or more.

Therefore, in the distribution service, in order to support a large number of terminal devices, a large number of distribution devices for distributing the content key are provided dispersedly in each region and the like, and one management device generates the TRL. Then, assuming that the TRL includes a digital signature or the like and transmits it to each distribution device through a public communication network, and each distribution device determines whether or not distribution to the terminal device is possible based on the TRL, Since the amount of communication data is large and the amount of data to be held by each distribution device is large, this distribution service may not be practical.

For example, if the TRL is transmitted each time the number of terminal devices to be invalidated increases, communication congestion will be caused due to the large amount of communication data. Further, if the distribution device requests the latest TRL from the management device at the time of receiving a distribution request accompanied by the terminal ID from the terminal device, and after receiving the TRL, the terminal ID is collated based on the TRL, Since the delivery device takes a lot of time to receive the TRL, the response to the request from the terminal device is delayed.

[0012] Therefore, the present invention has been made in view of such a problem, and encrypts the content key only to an appropriate terminal device excluding some terminal devices to be invalidated by using TRL. It is an object of the present invention to provide a cryptographic communication system that performs a service related to cryptographic communication such as distribution, and that improves the practicality by suppressing the data size of TRL.

Another object of the present invention is to provide various techniques that contribute to the construction of the above-mentioned encrypted communication system.

[0014]

In order to achieve the above object, in a cryptographic communication system according to the present invention, a cryptographic communication device and a terminal identifier, which is a bit string of a predetermined number of bits capable of identifying the self-terminal device, are provided. A cryptographic communication system comprising: a plurality of terminal devices having a function of transmitting to a communication device; and a management device that generates invalidation terminal identification information indicating one or more terminal identifiers for identifying a terminal device to be invalidated. The management device uses the data format that comprehensively represents all the terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string of the predetermined number of bits, The encryption communication device includes an invalidation terminal identification information generation unit that generates terminal identification information and an output unit that outputs the generated invalidation terminal identification information. Invalidation terminal identification information acquisition means for obtaining the invalidation terminal identification information output by the terminal device, terminal identifier reception means for receiving the terminal identifier when the terminal identifier is transmitted from the terminal device, and the terminal identifier reception means The terminal identifier received by the determining unit that determines whether or not the terminal identifier indicated by the invalidation terminal identification information as identifying the terminal device to be invalidated, and the received terminal When it is determined by the determination means that the identifier does not match any terminal identifier indicated by the invalidation terminal identification information,
A predetermined communication is performed by performing encryption unique to the terminal device with the terminal device that has transmitted the terminal identifier, while the received terminal identifier is indicated by the invalidation terminal identification information. When it is determined by the determining means that the terminal identifier matches with the other terminal identifier, the communication device has a communication means that does not perform the predetermined communication with the terminal device that has transmitted the terminal identifier.

Here, the encrypted communication device is, for example, a content key distribution device as shown in the first to third embodiments, and the predetermined communication is, for example, transmission of an encrypted content key,
The invalidation terminal identification information is, for example, the TRL shown in the first to third embodiments. According to the present invention, all terminal IDs including a certain bit string are comprehensively expressed by information that specifies the value and position of a common bit string included in the terminal ID.
As a result, it becomes possible to keep the amount of RL data relatively small, and as a result, encryption such as distributing the content key and distributing it only to appropriate terminal devices excluding some terminal devices to be invalidated. A practical cryptographic communication system that provides services related to communication is realized.

Further, the management device according to the present invention has an invalidation indicating each terminal identifier of one or more terminal devices to be invalidated among the terminal identifiers each having a predetermined number of bits capable of identifying each of the plurality of terminal devices. A management device that generates terminal identification information, and a data format that comprehensively represents all terminal identifiers whose part is the same as the value by information that specifies the value of a part of the bit string of the predetermined number of bits. It is characterized in that it is provided with an invalidation terminal identification information generating means for generating the invalidation terminal identification information and an output means for outputting the generated invalidation terminal identification information.

Further, the cryptographic communication device according to the present invention is a cryptographic communication for performing communication with each terminal device having a terminal identifier which is a bit string of a predetermined number of bits capable of identifying the own terminal device among a plurality of terminal devices. The device is configured by using a data format that comprehensively represents all terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string of the predetermined number of bits, and invalidates An invalidation terminal identification information acquisition unit that externally obtains invalidation terminal identification information indicating each terminal identifier of one or more terminal devices as a means for identifying a terminal device that should be
The terminal identifier receiving means for receiving the terminal identifier when the terminal identifier held by the terminal device is transmitted, and the terminal identifier received by the terminal identifier receiving means are for identifying the terminal device to be invalidated. Determination means for determining whether or not it matches any terminal identifier indicated by the invalidation terminal identification information, and the received terminal identifier does not match any terminal identifier indicated by the invalidation terminal identification information When determined by the determination means, predetermined communication is performed with the terminal device that transmitted the terminal identifier by performing encryption unique to the terminal device, and the received terminal identifier is the If it is determined by the determination means that the terminal identifier indicated by the invalidation terminal identification information matches, the terminal identifier is transmitted. Between the terminal device, comprising a communication unit that does not perform the predetermined communication.

The information generating method according to the present invention is an information generating method for generating invalidation terminal specifying information for specifying a terminal device to be invalidated among a plurality of terminal devices. A terminal identifier obtaining step of obtaining each terminal identifier of each terminal device to be invalidated, out of terminal identifiers having a bit string of a predetermined number of bits capable of identifying each, and information for specifying a partial value in the bit string of the predetermined number of bits By using a data format that comprehensively represents all terminal identifiers whose part is the same as the value,
A generation step of generating the invalidation terminal identification information indicating all the terminal identifiers acquired by the terminal identifier acquisition step.

[0019]

BEST MODE FOR CARRYING OUT THE INVENTION A content key distribution system, which is an embodiment in which the present invention is applied to a system considering copyright protection of contents, will be described below with reference to the drawings. <First Embodiment><SystemConfiguration> FIG. 1 is a configuration diagram of a content key distribution system according to a first embodiment of the present invention.

The content key distribution system 100 includes a plurality of content reproduction devices 130 for reproducing content,
A content key distribution device 120 that distributes an encrypted content key (hereinafter referred to as “encrypted content key”) in response to a request from each content reproduction device, and an encrypted content key for the content key distribution device 120. Invalidation terminal list (TR
L) is transmitted, the management device 110 is included. In the content key distribution system 100, one or more content key distribution devices 120 are provided.

Here, the content reproducing apparatuses 130a, 1a
Reference numeral 30b and the like are devices installed in, for example, each house, having a function of acquiring encrypted content via a communication path or a recording medium, and decrypting the content using a content key to reproduce the content. In a system that takes copyright protection into consideration, it is assumed that the content is encrypted and is subject to distribution. For this reason, the content reproduction apparatus uses the encrypted content key as the content key distribution apparatus 1
If you do not get the content key by receiving from 20 and decrypting, you can not decrypt the encrypted content,
Therefore, it cannot be reproduced.

Each of the content reproducing devices 130 (hereinafter also referred to as “terminals”) is provided with a CPU, a memory, a hard disk, a communication mechanism with the outside, etc., and contents such as movies are presented to the user through a display device, a speaker and the like. A device for performing a content reproduction process for reproducing in a viewable manner, functionally including a terminal ID storage unit 131, a decryption key storage unit 132, an encrypted content storage unit 133, a request transmission unit 134, and an encrypted content key reception. The unit 135, the decoding unit 136, and the reproducing unit 137 are included.

The terminal ID storage unit 131 stores a terminal ID for identifying each terminal in a ROM (read only me).
mory) and the like. For example, when 16 terminals can be used in the content key distribution system 100, the terminal ID is composed of a bit string of 4 bits or more that can identify 16 terminals. For example, when assuming 5 billion terminals. The terminal ID is a bit string exceeding 32 bits. In the first embodiment, for convenience of explanation,
Assuming 16 terminals, an example in which the terminal ID is 4 bits will be mainly described.

The decryption key storage unit 132 is a storage area such as a ROM that stores a decryption key used for decrypting the encrypted content key. This decryption key is a secret key having a unique value for each terminal, and is composed of 128 bits, for example. The encrypted content storage unit 133 is an area of a recording medium such as a hard disk that stores encrypted content. The terminal acquires the encrypted content from the outside by receiving the encrypted content, and the like, and acquires the encrypted content from the encrypted content storage unit 13
3 has the function of storing.

The request sending section 134 is a terminal ID storage section 13.
The transmission request information including the terminal ID stored in No. 1 is transmitted to the content key distribution device 12 through the communication path 101 such as a public network.
It has the function of sending to 0. The encrypted content key receiving unit 135 has a function of receiving the encrypted content key when the encrypted content key is transmitted from the content key distribution device 120.

When the decryption unit 136 receives the encrypted content key received by the encrypted content key receiving unit 135, it decrypts the encrypted content key using the decryption key stored in the decryption key storage unit 132, It has a function of transmitting the content key obtained as a result of the decryption to the reproducing unit 137. In addition, the reproducing unit 137 has a function of decrypting and reproducing the encrypted content stored in the encrypted content storage unit 133 using the content key transmitted from the decrypting unit 136. When the content is reproduced by the reproducing unit 137, the user can view the content.

Note that some of the functions performed by the request sending unit 134, the encrypted content key receiving unit 135, the decrypting unit 136, and the reproducing unit 137 are realized by the control program stored in the memory being executed by the CPU. It Management device 1
Reference numeral 10 denotes, for example, a computer or the like installed in an organization that performs business related to protection of copyright of contents, etc., and protects copyright etc. by exposing the decryption key stored in each terminal 130. Content key distribution device 120 by generating a TRL whose main content is information for identifying all terminals that are in a situation where the above-mentioned situation cannot be achieved, that is, all terminals that should not be the distribution destination of the encrypted content key.
It is a device that performs TRL generation and transmission processing for transmitting to Hereinafter, a terminal that should not be the distribution destination of the encrypted content key is referred to as a revocation terminal.

As shown in FIG. 1, the management device 110 includes an invalidation terminal ID group acquisition section 111 and a TRL generation section 11
2. The TRL transmitter 113 is provided. Here, the invalidation terminal ID group acquisition unit 111 has a function of acquiring information that identifies the terminal IDs of all the invalidation terminals and giving each acquired terminal ID to the TRL generation unit 112.

The TRL generation unit 112 generates a TRL whose main content is information for identifying the invalidation terminal based on each terminal ID given from the invalidation terminal ID group acquisition unit 111, and sends it to the TRL transmission unit 113. Have a function. In addition,
The generation of this TRL will be described in detail later. Further, the TRL transmitting unit 113 has a function of transmitting the TRL transmitted from the TRL generating unit 112 to the content key distribution device 120 via the communication path.

The procedure of the TRL generation / transmission process performed by the management device 110 will be described later. In addition, this management device 1
It is assumed that 10 is operated so as to transmit the TRL to the content key distribution device 120 periodically or when the information of the invalidation terminal to be included in the TRL changes.
The content key distribution device 120, when receiving the encrypted content key transmission request from each terminal, transmits the encrypted content key to the terminal only if the terminal is not a revocation terminal. Is a computer that performs the TRL storage unit 121, T functionally.
RL reception unit 122, content key storage unit 123, encryption key group storage unit 124, transmission request reception unit 125, collation unit 12
6, encryption unit 127 and encrypted content key transmission unit 12
Have eight.

Here, the TRL storage unit 121 is an area of a recording medium such as a hard disk for storing the TRL. The TRL receiving unit 122 has a function of receiving the TRL transmitted from the management device 110 and storing it in the TRL storage unit 121. The content key storage unit 123 is a storage area such as a memory that stores a content key.

The encryption key group storage unit 124 stores, for each terminal, the encryption key corresponding to the decryption key and the terminal I of that terminal.
It is an area of a hard disk or the like stored in advance in association with D. The transmission request accepting unit 125 has a function of accepting a transmission request sent from each terminal through a public network or the like and transmitting the terminal ID included in the transmission request to the matching unit 126.

The collation unit 126 invalidates the transmission request source terminal by collating whether or not the terminal ID transmitted from the transmission request reception unit 125 matches any of the invalidation terminals specified by the TRL. It is determined whether the terminal is a terminal, and when it is determined that the terminal is a revocation terminal, an instruction to return an error message to the transmission source is transmitted to the encrypted content key transmission unit 128, and it is determined that the terminal is not a revocation terminal. In this case, it has a function of transmitting the terminal ID transmitted from the transmission request receiving unit 125 to the encryption unit 127.

When the encryption unit 127 receives the terminal ID from the collation unit 126, the encryption unit 127 uses the encryption key associated with the terminal ID in the encryption key group storage unit 124 to store the content key. By encrypting the content key stored in the unit 123, the encrypted content key is generated and sent to the encrypted content key transmitting unit 128.

Further, the encrypted content key transmission unit 128
When the collating unit 126 is instructed to return the error message to the sender, the collating unit 126 transmits the error message to the terminal that issued the transmission request, and the encrypting unit 12
When the encrypted content key is transmitted from 7, it has a function of transmitting the encrypted content key to the terminal that issued the transmission request.

<Terminal ID / Decryption Key / Encryption Key> FIG.
It is a figure which shows the terminal ID and the decoding key which each terminal memorize | stores. In the case where the content key distribution system 100 includes 16 terminals and the terminal ID is 4 bits, for example, the terminal 0 holds the terminal ID “0000” and the decryption key DK0 as shown in FIG. 1 holds the terminal ID “0001” and the decryption key DK1, and the terminal 15 holds “1”.
It holds a terminal ID "111" and a decryption key DK15. The decryption keys DK0, DK1, ..., DK15 are all bit strings whose values do not match each other. In addition, each terminal protects the decryption key in a secret state by a tamper resistant technique or the like.

FIG. 3 is a conceptual diagram showing a method of determining the value of the terminal ID held by each terminal. For example, an organization that carries out work related to protection of copyrights, etc. determines allocation of a terminal ID to each terminal manufactured by each manufacturer, and at the manufacturing stage of the terminal, the manufacturer allocates the terminal ID to each terminal according to the allocation. Set the ROM etc. that store

The circle in FIG. 3 is called a node, and the straight line connecting the circles is expressed as a path. In FIG. 3, 16 terminals are associated with each node 12 in the lowest layer.
A tree structure of a branch tree is defined, and each of two paths from a certain node to a node in a lower layer is given a value of "0" or "1". The terminal ID of each terminal is the value of "0" or "1" attached to all paths connecting the node 11 of the highest layer to the node 12 of the lowest layer corresponding to the terminal, It is represented by a bit string obtained by connecting in the direction of the lower layer. Therefore, a terminal ID is determined for each terminal as shown in FIG.

FIG. 4 is a diagram showing an example of contents of data stored in the encryption key group storage unit 124 of the content key distribution device 120. In the encryption key group storage unit 124, as shown in the figure, terminal IDs and encryption keys for all terminals are stored in association with each other. For example, "0000"
The encryption key EK0 is associated with this terminal ID, and this encryption key EK0 is a key corresponding to the decryption key DK0 held in the terminal 0. Therefore, the encryption key EK0
It becomes possible to decrypt the data encrypted by using the decryption key DK0.

The encryption key EKi and the corresponding decryption key DKi are EKi if the secret key cryptosystem is used for the encryption algorithm for encrypting the content key.
And DKi match, and if a public key cryptosystem is used, EKi and DKi do not match but form a pair. <System Operation> Hereinafter, the content key distribution system 10
An outline of the system operation of 0 will be described.

<Operation of Management Device> FIG.
It is a flowchart which shows the TRL generation transmission process which 0 performs. The TRL generation unit 112 of the management device 110 causes the invalidation terminal ID group acquisition unit 111 to determine the terminal I for the invalidation terminal.
The D group is acquired (step S21), and the TRL data generation process for calculating the content of the information portion (hereinafter, referred to as "terminal ID related information") for specifying the invalidation terminal in the TRL is performed (step S22). Details of the TRL data generation process will be described later.

After the TRL data generation processing, the TRL generation unit 112 includes the TRL including the generated terminal ID related information.
(Step S23), the TRL is transmitted to the TRL transmitting unit 113, and in response, the TRL transmitting unit 113 transmits the TRL to the content key distribution device 120 via the communication path.
(Step S24). <Operation of Content Reproducing Device> FIG. 6 is a flowchart showing a content reproducing process performed by the content reproducing device 130.

The content reproducing apparatus 130 (terminal) performs a content reproducing process, for example, when receiving an operation for instructing the user to reproduce the content. First, the request transmission unit 134 of the terminal transmits a transmission request including data including the terminal ID unique to the terminal stored in the terminal ID storage unit 131 to the content key distribution device 120 through the communication path. , Request transmission of the encrypted content key (step S31). In response to the transmission request, the content key distribution device 120 sends an encrypted content key or an error message.

After the transmission request, the encrypted content key receiving unit 135 determines whether or not the encrypted content key has been successfully received (step S32), and only when the encrypted content key is normally received, The encrypted content key is transmitted to the decryption unit 136. In response to this, the decryption unit 136 decrypts the encrypted content key using the decryption key held in the decryption key storage unit 132, and transmits the content key obtained as a result of the decryption to the reproduction unit 137 (step S3).
3).

When the content key is transmitted, the reproducing section 137
Reproduces the encrypted content stored in the encrypted content storage unit 133 while decrypting it using the content key (step S34). With this playback,
For example, video, audio, etc. are output through a display device or a speaker, and the user can view the content.

<Operation of Content Key Distribution Device> FIG.
7 is a flowchart showing a content key distribution process performed by the content key distribution device 120. The content key distribution device 120 receives the TRL by the TRL reception unit 122 at least once before performing the content key distribution process, and then receives the TRL.
It is stored in the RL storage unit 121, and content key distribution processing is performed each time a transmission request is sent from the content reproduction device 130.

When a transmission request is sent from the content reproduction apparatus 130 (terminal), the transmission request accepting section 125 receives the transmission request and compares the terminal ID included in the transmission request with the collating section 12.
6 (step S41). When the terminal ID is transmitted, the collation unit 126 performs the TRL collation process of referring to the TRL and determining whether the terminal ID is the terminal ID of the invalidation terminal (step S42). The details of the TRL matching process will be described later.

As a result of the TRL collation processing, when it is determined that the terminal ID related to the transmission request is the terminal ID of the invalidation terminal (step S43), the collation unit 126 sends an error message to the transmission source of the transmission request. The encrypted content key transmitting unit 128 is instructed to return to the terminal, and in response, the encrypted content key transmitting unit 128 performs an error process such as transmitting an error message to the terminal (step S47). The key distribution process ends.

If it is determined in step S43 that the terminal ID relating to the transmission request is not the terminal ID of the invalidation terminal as a result of the TRL matching process, the matching unit 126 is used.
Transmits the terminal ID relating to the transmission request to the encryption unit 127,
In response to this, the encryption unit 127 extracts the encryption key corresponding to the terminal ID from the encryption key group storage unit 124 and uses the encryption key to store the content key stored in the content key storage unit 123. Is encrypted to generate an encrypted content key, and the encrypted content key is transmitted to the encrypted content key transmission unit 128 (step S45).

When the encrypted content key is transmitted, the encrypted content key transmitting unit 128 transmits the encrypted content key to the terminal which has issued the transmission request (step S46).
This completes the content key distribution process. <Structure of TRL> FIG. 8 shows the TRL in the first embodiment.
It is a figure which shows the data structure of.

In the bit size example in the figure, the terminal is 1
Although it is assumed that the number of terminals is 6, the number of bits corresponding to the case where the number of terminals is several hundred million or more is shown in parentheses as a practical example for reference. Below, the terminal is 1
Description will be made using an example of the bit size in the case of 6 units. As shown in the figure, the TRL is composed of 8-bit version information 210, terminal ID related information 220, and 64-bit signature information 230.

The version information 210 is information indicating the version number of the TRL, for example, the TRL having different contents.
Each time a new is created, its version number is changed. The terminal ID related information 220 is the group information 221.
And individual information 225.

The group information 221 includes one or a plurality of sets of the ID 223 and the mask data 224, and the number of entries 222 indicating the number. If the number of sets is M, the value indicated by the number of entries 222 is M. Here, the mask data 224 is data of a format in which the upper X bits of the 4-bit bit string constituting the mask data 224 are set to “1” and the remaining lower bits are all set to “0”. Represents X.

Further, the ID 223 forming a pair with the mask data 224 representing X is useful only for the contents of X bits from the higher order of the 4-bit bit string constituting this, and the other values are, for example, "0". The data will be in the specified format. With this set of the ID 223 and the mask data 224, all the terminal IDs whose upper X bits represented by the mask data 224 match the value of the ID 223, that is, the terminals of 2 (4-X) power invalidation terminals. Indicates an ID.

Therefore, the group information 221 is composed of one or a plurality of groups that comprehensively represent the terminal IDs of a plurality of invalidation terminals. The individual information 225 includes one or more IDs 22
7 is included, and the number of entries 226 indicating the number is included. I
If the number of D227 is N, the value indicated by the number of entries 226 is N.

This ID 227 is the terminal ID of the invalidation terminal.
Indicates. Therefore, the individual information 225 is composed of one or more pieces of information individually expressing the terminal ID of the invalidation terminal. The signature information 230 is a so-called digital signature created by reflecting the entire version information 210 and the terminal ID related information 220. FIG. 9 is a diagram showing an example of the contents of TRL.

In the figure, the ID 22 is used as group information.
3 is the bit string “1100” and the mask data 224
Is a bit string “1100” and an ID 223 is a bit string “0110” and the mask data 224 is a bit string “1110”.
TRL including information in which 227 is the bit string "0001"
Is illustrated.

The mask data "1100" and "1"
Depending on the combination with the ID of "100", "1100", "11"
The terminal IDs of the four invalidation terminals of "01", "1110", and "1111" are represented, and by the combination of the mask data of "1110" and the ID of "0110",
The terminal IDs of the two invalidation terminals “0110” and “0111” are represented.

Therefore, the TRL shown in FIG. 9 shows the terminal IDs of a total of seven invalidation terminals, six for group information and one for individual information. <TRL Data Generation Process> FIG. 10 is a flowchart showing a TRL data generation process which is a part of the TRL generation / transmission process performed by the management apparatus 110 according to the first embodiment. Although the terminal ID is generally expressed as N bits in the figure, it is assumed here that it is 4 bits.

The TRL generator 11 in the management device 110
2 acquires the terminal ID group of the invalidation terminal from the invalidation terminal ID group acquisition unit 111, and then performs the TRL data generation process (see FIG. 5). First, the TRL generation unit 112
Stores the acquired terminal ID group in a work ID area, which is an area of a storage medium such as a memory (step S201),
Two pieces of 1-bit bit data “0” and “1” are stored in a work bit area, which is one area of a storage medium such as a memory (step S202), and 1 is set in a variable X (step S203). .

Subsequently, the TRL generator 112 focuses on one of the unfocused X-bit bit data in the working bit area (step S204), and identifies the terminal ID stored in the working ID area. Of these, the number of those satisfying the condition that the upper X bits match the bit data of interest is counted (step S205). If the result of step S205 is that the number of counts is the power of 2 (4-X) (step S206), the TRL generation unit 112 deletes the terminal ID that satisfies the condition in step S205 from the work ID area. (Step S207), for the terminal ID satisfying the condition, a 4-bit bit string in which the upper X bits are “1” and the other bits are “0” is used as mask data, and the upper X bits are further focused on. A 4-bit bit string that is the same as the data and has the other bits set to “0” is set as an ID, and the mask data and the ID are associated with each other and stored as group information in one area of a storage medium such as a memory (step S208) , Step S209
Make a decision.

When the count number is 0 or 1 as a result of step S205 (step S206),
The TRL generation unit 112 skips steps S207 and S208 and makes a determination in step S209. In addition, as a result of step S205, when the count number is neither (4−X) th power of 2 nor 0 or 1 (step S206), the TRL generation unit 112 determines
If there are two or more terminal IDs that satisfy the condition in 205 and the X + 1th bit from the upper bit is “0”, a bit formed by adding 1 bit “0” to the lower bit of the bit data of interest. The data is stored in the work bit area (step S210), and the terminal ID that satisfies the condition is stored.
If there are two or more X + 1th bits of “1” from the higher order, the bit data formed by adding 1 bit “1” to the lower order of the bit data of interest is stored in the working bit area. (Step S211), step S20
Make a judgment of 9.

In step S209, the TRL generator 11
2 determines whether or not there is unfocused X-bit bit data, and if there is still unfocused X-bit bit data, returns to step S204 to focus on the next bit data and perform processing. , If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S21
2), it is determined whether the variable X is equal to 4 (step S213).

The TRL generating unit 112 has the step S213.
When it is determined that the variable X is not equal to 4,
Returning to step S204 again, the process is performed by paying attention to the next bit data, and when it is determined that the variable X is equal to 4, if all the terminal IDs remain in the work ID area, all the terminal IDs are individually set. The ID in the information is saved in an area of a storage medium such as a memory (step S214), and the TRL data generation process is completed.

The TRL shown in step S23 of FIG.
Is executed by adding the number of entries to the group information and individual information stored in one area of the storage medium by the above-described TRL data generation processing, and further adding version information and signature information. Therefore, for example, the TRL generation unit 112 causes the invalidation terminal ID group acquisition unit 111 to select “0001”, “0110”, and “011”.
When the seven terminal IDs “1”, “1100”, “1101”, “1110”, and “1111” are acquired, the TRL having the content illustrated in FIG. 9 is generated by the above procedure. Become. This TRL represents that the group of the terminals 6 and 7 adjacent to each other in FIG. 3, the group of the terminals 12 to 15, and the terminal 1 are the invalidation terminals.

When there is no invalidation terminal, the number of entries in the TRL group information is 0 and the number of entries in the individual information is 0. <TRL Collation Process> FIG. 11 is a flowchart showing a TRL collation process which is a part of the content key distribution process performed by the content key distribution device 120 according to the first embodiment.

Collating unit 12 of content key distribution device 120
6 is a transmission request reception unit 12 for the terminal ID transmitted from the terminal
This TRL collation processing is performed each time it is obtained from 5. Collator 12
6 is an ID 227 that matches the terminal ID sent from the terminal
Is present in the individual information 225 in the TRL stored in the TRL storage unit 121 (step S
221), if the matching ID 227 exists, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidation terminal (step S222), and the TRL matching process ends.

When it is determined in step S221 that the ID 227 that matches the terminal ID sent from the terminal is not included in the TRL individual information 225, the matching unit 126 determines that one group in the TRL group information is included. ID 223
And any terminal ID represented by the mask data 224
And whether the terminal ID sent from the terminal matches (steps S223 and S224).

That is, the collation unit 126 obtains a bitwise logical product of the terminal ID sent from the terminal and the mask data 224 (step S223), and the obtained logical product forms an ID 223 forming a pair with the mask data 224. Is determined (step S224), and if they match, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidation terminal (step S222), and the TRL matching process is ended.

If they do not match in step S224, the collation unit 126 determines whether the processes of steps S223 and S224 have been performed for all the sets of ID 223 and mask data 224 in the TRL group information ( (Step S225) If the processing has not been completed for all pairs, the processing of steps S223 and S224 is performed again.

If it is determined in step S225 that all the groups have been processed, the collating unit 126
Is the terminal ID of the invalidation terminal, which is the terminal ID acquired from the terminal
If not (step S226), the TRL collation process ends. Hereinafter, assuming that the TRL stored in the TRL storage unit 121 has the content illustrated in FIG. 9, the terminal ID is changed from the terminal 13 to the terminal ID using FIGS. 7 and 11.
A specific operation of the content key distribution device 120 will be described on the assumption that a transmission request including “1101” is sent to the content key distribution device 120.

The transmission request acceptance unit 125 of the content key distribution device 120 receives the terminal ID “110 sent from the terminal 13.
1 ”is acquired and transmitted to the matching unit 126 (step S4
1), the collation unit 126 is the terminal ID sent from the terminal 13.
It is determined whether or not "1101" is in the TRL individual information (step S221), but "000" is included in the individual information.
Since only the ID “1” is included, the terminal ID “1
101 ”and mask data“ 1100 ”in the group information
The logical product of and is obtained (step S223).

The logical product obtained in step S223 becomes "1100", and the collating unit 126 determines whether or not the obtained bit string "1100" and the ID "1100" match (step S224). Since they match, it is determined that the terminal ID acquired from the terminal is the ID of the invalidation terminal (step S222), and as a result (step S43), the encrypted content key transmission unit 128 is notified that an error message should be transmitted. In response to this, the encrypted content key transmission unit 128 sends an error message to the terminal 1
3 (step S47).

Next, under the same premise, assuming that the transmission request including the terminal ID “0010” is sent from the terminal 2 holding the decryption key DK2 to the content key distribution device 120, the content key distribution device. A specific operation of 120 will be described. The transmission request receiving unit 125 of the content key distribution device 120 receives the terminal ID “0010” sent from the terminal 2.
Is acquired and transmitted to the matching unit 126 (step S41), and the matching unit 126 sends the terminal ID “001” sent from the terminal 2.
It is determined whether or not "0" is included in the TRL individual information (step S221). However, since the individual information only includes the ID "0001", the terminal ID "001" is included.
The logical product of "0" and the mask data "1100" in the group information is obtained (step S223).

The logical product thus obtained is "0000".
Therefore, the matching unit 126 determines that the obtained bit string “0
000 ”and the ID“ 1100 ”match (step S224). Since they do not match, the terminal ID“ 0010 ”sent from the terminal and the mask data“ 1110 ”in the group information. The logical product of and is obtained (steps S225 and S223).

The logical product thus obtained is "0010".
Therefore, the matching unit 126 determines that the obtained bit string “0
It is determined whether or not “010” and the ID “0110” match (step S224), and the mask data in the unprocessed group information does not already match (step S22).
5), it is determined that the terminal ID “0010” acquired from the terminal is not the terminal ID of the invalidation terminal (steps S226, S).
43), and transmits the terminal ID “0010” to the encryption unit 127.

In response to this, the encryption unit 127 receives the encryption key E corresponding to "0010" from the encryption key group storage unit 124.
By extracting and using K2 (see FIG. 4), the content key stored in the content key storage unit 123 is encrypted (step S45), and the resulting encrypted content key is transmitted as the encrypted content key. Part 128
Tell.

When the encrypted content key is transmitted, the encrypted content key transmitting section 128 transmits the encrypted content key to the terminal 2 (step S46). Therefore, the terminal 2 which has obtained this encrypted content key can decrypt the content key by using the decryption key DK2 held inside. <Second Embodiment> A content key distribution system according to the second embodiment will be described below.

The content key distribution system according to the second embodiment has basically the same system configuration as the content key distribution system 100 shown in the first embodiment, and basically performs the same system operation. Therefore, each device is shown using the reference numerals given in FIG. 1 and the like, and the description of the same parts as those in the first embodiment is omitted. However,
In the second embodiment, the data structure of the terminal ID is defined as a special one, and the TRL data structure is different from that in the first embodiment. Therefore, the management device 110 performs a TRL data generation process different from the TRL data generation process described in the first embodiment, and the content key distribution device 120 differs from the TRL matching process described in the first embodiment. Perform matching processing.

<Terminal ID> FIG. 12 is a diagram showing the data structure of the terminal ID in the second embodiment. In the figure,
An example is shown in which the terminal ID is 128 bits so that the number of terminals in the content key distribution system can be several hundred million or more. The terminal ID is a 32-bit manufacturer ID field 301 and a 32-bit product ID
It comprises a field 302, a 32-bit product version ID field 303, and a 32-bit serial number field 304.

Here, the manufacturer ID field 301 stores a manufacturer ID for identifying each manufacturer that manufactures the content reproduction apparatus. The product ID field 302 stores a product ID for identifying each product in the manufacturer determined by the manufacturer ID. The product version ID field 303 stores a product version ID indicating a version number or the like that is changed each time the format of the product defined by the product ID is changed.

The serial number field 304 stores the serial number assigned to each product. <Structure of TRL> FIG. 13 shows the TR in the second embodiment.
It is a figure which shows the data structure of L. The figure shows an example of the data structure of the TRL corresponding to the case where the number of terminals is several hundred million or more.

As shown in the figure, the TRL includes 8-bit version information 310 and 128-bit issuer information 3.
20, 128-bit invalidation terminal number 330, and terminal I
It is composed of D related information 340 and 320-bit signature information 350. The version information 310 is information indicating the version number of the TRL.
Every time a new RL is created, its version number is changed.

The issuer information 320 is the TRL of the management device or the like.
Is information indicating the issuer of. The number of invalidation terminals 330 is the number of invalidation terminals. The terminal ID related information 340 is
One or a plurality of sets of a 128-bit ID 342 and an 8-bit mask bit 343 is included, and an entry number 341 indicating the number is included. If the number of sets is N, then
The value indicated by the number of entries 341 is N.

Here, the masking bits 343 are 1 to 1
It takes a value of 28. When the value of the masking bit 343 is X, mask data in a format in which the upper X bits of the 128-bit bit string are set to “1” and the remaining lower bits are set to “0”. Can be derived. Further, the ID 342 forming a pair with the masking bit 343 is useful only in the contents of the bit digit number of the value indicated by the masking bit 343 from the higher order in the 128-bit bit string constituting the ID 342, and other values are For example, the data has a format of “0”.

By the combination of the ID 342 and the mask bit 343, all the terminal IDs whose upper X bits represented by the value X of the mask bit 343 match the value of the ID 342.
, That is, terminal I of 2 (128−X) power invalidation terminals
D is shown. The signature information 350 is version information 310,
This is a so-called digital signature created by reflecting all of the issuer information 320, the invalidation terminal number 330, and the terminal ID related information 340.

<TRL Data Generation Process> FIG. 14 is a TR performed by the management device 110 according to the second embodiment.
It is a flowchart which shows the data generation process for TRL which is a part of L generation transmission process. Here, it is assumed that the terminal ID is N bits. N is 128 bits, for example.

The TRL generator 11 in the management device 110
2 acquires the terminal ID group of the invalidation terminal from the invalidation terminal ID group acquisition unit 111, and then performs the TRL data generation process (see FIG. 5). First, the TRL generation unit 112
Stores the acquired terminal ID group in a work ID area which is one area of a storage medium such as a memory (step S301),
Two pieces of 1-bit bit data “0” and “1” are stored in a work bit area, which is one area of a storage medium such as a memory (step S302), and a variable X is set to 1 (step S303). .

Then, the TRL generator 112 focuses on one of the unfocused X-bit bit data in the work bit area (step S304), and identifies the terminal ID stored in the work ID area. Of these, the number of those satisfying the condition that the upper X bits match the bit data of interest is counted (step S305). If the result of step S305 is that the count number is the power of 2 (N−X) (step S306), the TRL generation unit 112 deletes the terminal ID that satisfies the condition in step S305 from the work ID area. (Step S307) For the terminal ID satisfying the condition, the value of the variable X is used as a masking bit, the upper X bits are made the same as the bit data of interest, and the other bits are set to “0”. The bit string is used as an ID, and the masking bit and the ID are stored as a set in an area of a storage medium such as a memory (step S
308) and the determination in step S309 is performed.

When the count number is 0 or 1 as a result of step S305 (step S306),
The TRL generation unit 112 skips steps S307 and S308 and makes a determination in step S309. In addition, as a result of step S305, when the count number is neither the power of 2 (N−X) nor 0, 1 (step S306), the TRL generation unit 112 causes the TRL generation unit 112 to perform step S305.
If there are two or more terminal IDs that satisfy the condition in 305 and whose X + 1 bit from the upper bit is “0”, a bit formed by adding 1 bit “0” to the lower bit of the bit data of interest. The data is stored in the work bit area (step S310), and the terminal ID that satisfies the condition is stored.
If there are two or more X + 1th bits of “1” from the higher order, the bit data formed by adding 1 bit “1” to the lower order of the bit data of interest is stored in the working bit area. (Step S311), step S30
Make a judgment of 9.

In step S309, the TRL generator 11
2 determines whether or not there is unfocused X-bit bit data. If unfocused X-bit bit data still exists, the process returns to step S304 to focus on the next bit data and perform processing. , If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S31
2) It is determined whether the variable X is equal to N (step S313).

The TRL generation unit 112 determines in step S313.
When it is determined that the variable X is not equal to N in
Returning to step S304 again, the process is performed by paying attention to the next bit data, and when it is determined that the variable X is equal to N, if terminal IDs remain in the work ID area, all terminal IDs are N is used as a mask bit and its terminal ID is set as an ID, and the set is stored in an area of a storage medium such as a memory (step S314).
The data generation process for use ends.

In the second embodiment, the TRL construction shown in step S23 of FIG. 5 is the IRL saved in one area of the storage medium by the above-described TRL data generation processing.
It is executed by adding the number of entries to one or a plurality of sets of D and the mask bit, and further adding the version, the issuer information, the number of invalidation terminals, and the signature information. Figure 1
FIG. 5 is a diagram showing an example of the contents of TRL.

In the figure, the items have the data items shown in FIG. 13, and the terminal ID is a 4-bit bit string,
An example of the contents of TRL in which the masking bits are 2-bit data representing 1 to 4 is shown. The terminal IDs of all the revoked terminals represented by the terminal ID related information illustrated in FIG. 15 are the same as the terminal IDs of all the revoked terminals represented by the terminal ID related information illustrated in FIG. 9.

<TRL Collation Processing> FIG. 16 is a flowchart showing the TRL collation processing which is a part of the content key distribution processing performed by the content key distribution device 120 according to the second embodiment. Content key distribution device 120
The collation unit 126 performs the TRL collation process each time the terminal ID sent from the terminal is obtained from the transmission request reception unit 125.

The collating unit 126 determines the terminal I sent from the terminal.
It is checked whether D matches the terminal ID represented by any of the ID in the terminal ID related information of the TRL and the mask bit (steps S321 to S324). That is,
The matching unit 126 focuses on one unfocused mask bit in the TRL, and derives mask data according to the value of the mask bit as described above (step S32).
1) The bitwise logical product of the terminal ID sent from the terminal and the derived mask data is calculated (step S32).
2) It is determined whether or not the obtained logical product matches the ID 342 that forms a pair with the masking bit 343 of interest (step S323), and if they match, the terminal ID acquired from the terminal.
Is determined to be the terminal ID of the invalidation terminal (step S3
26), and ends the TRL matching process.

If it does not match in step S323, the collation unit 126 pays attention to all the mask bits 343 in the TRL, and steps S321 to S323.
It is determined whether or not the process has been performed (step S324), and if the process is not performed by paying attention to all the mask bits 343, the process returns to step S321 and the process is performed by paying attention to the unfocused mask bits.

If it is determined in step S324 that all mask bits have been processed,
The matching unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidation terminal (step S325), and T
The RL matching process ends. <Discussion> In the content key distribution system according to the second embodiment, since the terminal ID has the data structure as shown in FIG. 12, any content reproduction device mounted in a specific version of a product manufactured by a certain manufacturer. In the case where the data is to be invalidated, the management device generates a TRL that specifies with a small amount of data all of the group of content reproduction devices that differ only in the content of the serial number field of the terminal ID held in the device. Then, the content can be transmitted to the content key distribution device.

The TRL is, for example, mask bit 3
The value of 43 is set to 96, the ID 342 is specified as the version of the product of the manufacturer, and only one set of bit strings in which the serial number is 0 is included as the terminal ID related information. <Third Embodiment> A content key distribution system according to the third embodiment will be described below.

The content key distribution system according to the third embodiment has basically the same system configuration as the content key distribution system 100 shown in the first embodiment, and basically performs the same system operation. Therefore, each device is shown using the reference numerals given in FIG. 1 and the like, and the description of the same parts as those in the first embodiment is omitted. However,
In the third embodiment, the data structure of the terminal ID is the same as that shown in the second embodiment, and the data structure of the TRL is different from that in the first embodiment, and some data is stored in the TRL in the second embodiment. Items are added. Therefore, the management device 110 performs a TRL data generation process that is slightly different from the TRL data generation process described in the second embodiment, and the content key distribution device 120 is slightly different from the TRL matching process described in the second embodiment. Perform different TRL matching processing.

<Structure of TRL> FIG. 17 shows the third embodiment.
3 is a diagram showing a data structure of TRL in FIG. The figure shows an example of the data structure of the TRL corresponding to the case where the number of terminals is several hundred million or more. As shown in the figure, TRL
Is 8-bit version information 410, 128-bit issuer information 420, and 128-bit invalidation terminal count 4
30, terminal ID related information 440, and 320-bit signature information 450.

Version information 410, issuer information 420
The number of invalidation terminals 430 is the same as the version information 310, the issuer information 320, and the number of invalidation terminals 330 shown in the second embodiment. The terminal ID related information 440 is 12
8-bit ID 442 and 8-bit mask bit 44
The terminal ID related information 340 is the same as the terminal ID related information 340 shown in the second embodiment up to the point that it includes one or a plurality of sets of 3 and the number of entries 441 indicating the number, but further 128.
One or more bit exception IDs 445 are included, and an exception entry number 444 indicating the number is included. If the number of exception IDs is M, the value indicated by the number of exception entries 444 is M.

Here, the exception ID 445 is the terminal ID of a terminal that is not a nullification terminal. This terminal ID related information 44
At 0, the terminal IDs of a plurality of terminals are comprehensively expressed by a set of the ID 442 and the masking bit 443, but the terminal IDs which are not invalidated terminal IDs among the terminal IDs expressed by the set are indicated by the exception ID 445. .

Therefore, according to the terminal ID related information 440,
For example, if the terminal ID is 4 bits and the terminals 0 to 15 are assumed as the terminals, and other than the terminal 10 among the terminals 8 to 15 are invalidation terminals, “1000” is set. The set of the ID 442 and the masking bit 443 having a value of 1 and the exception ID “1010” are the contents of the terminal ID related information.

The signature information 450 is a so-called digital signature created by reflecting the entire version information 410, issuer information 420, invalidation terminal number 430 and terminal ID related information 440. <TRL Data Generation Process> FIG. 18 is a flowchart showing a TRL data generation process which is a part of the TRL generation / transmission process performed by the management apparatus 110 according to the third embodiment.

Here, it is assumed that the terminal ID has N bits. N is 128 bits, for example. In the management device 110, the TRL generation unit 112 uses the invalidation terminal I
After acquiring the terminal ID group for the invalidation terminal from the D group acquisition unit 111, the TRL data generation process is performed (see FIG. 5).

First, the TRL generator 112 uses the acquired terminal ID group as a work I which is an area of a storage medium such as a memory.
The terminal IDs are stored in the D area (step S401), and for terminal IDs having only the least significant bit among the respective terminal IDs not existing in the work ID area, terminal IDs having only the least significant bit are generated. The terminal ID is stored in the work ID area and the generated terminal ID is saved as an exception ID (step S402).

Then, the TRL generator 112 stores two 1-bit bit data "0" and "1" in the work bit area which is one area of the storage medium such as a memory (step S403). , Variable X is set to 1 (step S4
04). Following step S404, the TRL generation unit 11
2 focuses on one of the unfocused X-bit bit data in the working bit area (step S405), and the working I
Of the terminal IDs stored in the D area, the number of terminals that satisfy the condition that the upper X bits match the bit data of interest is counted (step S406).

As a result of step S406, the count number is 2
(N-X) th power of (step S40
7), the TRL generation unit 112 deletes the terminal ID that satisfies the condition in step S406 from the work ID area (step S408), and further sets the value of the variable X as a mask bit for the terminal ID that satisfies the condition. An N-bit bit string in which the upper X bits are the same as the bit data of interest and the other bits are “0” is set as the ID,
The masking bit and the ID are stored as a set in an area of a storage medium such as a memory (step S409), and the determination in step S410 is performed.

If the result of step S406 shows that the count number is not the power of 2 (N−X) (step S40).
7), if there are two or more terminal IDs whose uppermost X + 1 bit is “0” among the terminal IDs satisfying the condition in step S406, the TRL generating unit 112 stores one bit below the bit data of interest. The bit data formed by adding "0" is stored in the work bit area (step S411), and if there are two or more terminal IDs satisfying the condition, the X + 1th bit from the higher order is "1". ,
The bit data formed by adding "1" of 1 bit to the lower order of the bit data of interest is stored in the work bit area (step S412), and the determination of step S410 is performed.

In step S410, the TRL generator 11
2 determines whether or not there is unfocused X-bit bit data, and if unfocused X-bit bit data still exists, returns to step S405 to focus on the next bit data and perform processing. , If there is no unfocused X-bit bit data, the variable X is incremented by 1 (step S41).
3), it is determined whether the variable X is equal to N (step S414).

The TRL generator 112 determines in step S414.
When it is determined that the variable X is not equal to N in
Returning again to step S405, the processing is performed by paying attention to the next bit data, and when it is determined that the variable X is equal to N, the TRL data generation processing ends. In addition, in the third embodiment, the TRL shown in step S23 of FIG.
Of the ID and the mask bit stored in one area of the storage medium by the above-described TRL data generation processing.
One or more sets with the number of entries added, one with the number of entries added to the exception ID, and the version,
It is executed by adding the issuer information, the number of invalidation terminals, and the signature information.

<TRL Collation Process> FIG. 19 is a flowchart showing a TRL collation process which is a part of the content key distribution process performed by the content key distribution device 120 according to the third embodiment. Content key distribution device 120
The collation unit 126 performs the TRL collation process each time the terminal ID sent from the terminal is obtained from the transmission request reception unit 125.

The collating unit 126 determines the terminal I sent from the terminal.
It is checked whether or not D matches the terminal ID represented by one of the ID and the mask bit in the terminal ID related information of the TRL (steps S421 to S424). That is,
The matching unit 126 focuses on one unfocused masking bit in the TRL, and derives the mask data according to the value of the masking bit as described above (step S42).
1) The bitwise logical product of the terminal ID sent from the terminal and the derived mask data is calculated (step S42).
2) It is determined whether the obtained logical product matches the ID 442 which forms a pair with the masking bit 443 of interest (step S423).

If the result of determination in step S423 is that they match, the matching unit 126 determines the terminal ID sent from the terminal.
Is matched with any of the exception IDs in the TRL (step S426), and if none of the exception IDs is matched, it is determined that the terminal ID acquired from the terminal is the terminal ID of the invalidation terminal (step S426). S427), and ends the TRL matching process. If the result of the inspection in step S426 reveals that it matches any of the exception IDs, the matching unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidation terminal (step S425), and the TRL matching process is performed. To finish.

Further, in step S423, the logical product obtained is an ID that forms a pair with the mask bit 443 of interest.
If it does not match 442, the collation unit 126 focuses on all the masking bits 443 in the TRL and proceeds to step S4.
It is determined whether the processes of 21 to S423 have been performed (step S424), and if all the mask bits 443 are not processed, the process returns to step S421 and the unfocused mask bits are processed. I do.

If it is determined in step S424 that all mask bits have been processed,
The matching unit 126 determines that the terminal ID acquired from the terminal is not the terminal ID of the invalidation terminal (step S425), and T
The RL matching process ends. <Discussion> According to the content key distribution system described in the third embodiment, for example, among several tens of terminals having consecutive serial numbers where the bit strings of some upper digits of the terminal ID have the same value, , In the case where all but a few terminals are invalidated terminals, the ID including the bit string having the same value is used as the ID in the terminal ID related information of the TRL.
Then, a value indicating the number of digits of the portion having the same value is defined as a masking bit that forms a pair with the ID, and terminal IDs of the several terminals are invalidated by TRL defined as exception IDs in the terminal ID related information. Since it is possible to specify, the amount of TRL data can be reduced. <Fourth Embodiment> A content key distribution system according to a fourth embodiment will be described below.

FIG. 20 is a block diagram of a content key distribution system according to the fourth embodiment of the present invention. Embodiment 1
While the management device 110 in the content key distribution system 100 shown in FIG. 2 transmits the TRL to the content key distribution device 120 through the communication path,
Content key distribution system 50 according to the fourth embodiment
In 0, the management device 510 records the TRL on the recording medium 501 such as a magneto-optical disk, and the content key distribution device 5
20 reads the TRL from the recording medium 501.

In FIG. 20, elements that are basically equivalent to the constituent elements (see FIG. 1) shown in the first embodiment are designated by the same reference numerals, and the constituent elements will be described in detail here. do not do. The management device 510 is, for example, a computer or the like installed in an organization that performs business related to protection of copyrights of contents, etc., and the copyrights etc. of each terminal 130 are exposed when the decryption key stored therein is exposed. The main content of the information is to identify all terminals that are in a situation where protection of the encrypted content cannot be achieved, that is, all terminals that should not be the distribution destination of the encrypted content key.
A device that performs processing for generating an RL and recording it on a recording medium, and includes an invalidation terminal ID group acquisition unit 111 and a TRL generation unit 11
2 and the TRL recording unit 513, a recording medium 501 such as a magneto-optical disk can be mounted.

[0120] Here, the TRL generating section 112 has a TR whose main content is information for identifying the invalidation terminal based on each terminal ID given from the invalidation terminal ID group acquisition section 111.
It has a function of generating L and transmitting it to the TRL recording unit 513. In addition, the TRL recording unit 513 includes a TRL generating unit 112.
It has a function of recording the TRL transmitted from the recording medium 501 in the management device 510.

The management device 510 performs the TRL generation / transmission process having the contents obtained by replacing step S24 shown in FIG. 5 with the process of recording the TRL on the recording medium. The recording medium 501 in which the TRL is recorded by the management device 510 is delivered to the content key distribution device 520 manually. For example, each time a TRL having new content is generated, the TRL is recorded in the recording medium and delivered to the content key distribution device.

When the content key distribution device 520 receives an encrypted content key transmission request from each terminal, the content key distribution device 520 transmits the encrypted content key to the terminal only if the terminal is not a revocation terminal. A computer that performs a key distribution process, and functionally has a TRL storage unit 121, a TRL reading unit 522, and a content key storage unit 1.
23, encryption key group storage unit 124, transmission request reception unit 12
5, the collation unit 126, the encryption unit 127, and the encrypted content key transmission unit 128 are provided, and the recording medium 501 such as a magneto-optical disk can be mounted.

Here, the TRL reading unit 522 reads the T from the recording medium 501 mounted in the content key distribution device 520.
It has a function of reading the RL and storing it in the TRL storage unit 121. Therefore, this content key distribution system 500
, The management device 510 and the content key distribution device 5
Even if 20 is not connected by a communication path, TRL transmission is realized via the recording medium.

The TRL used in the fourth embodiment may be the one shown in any of the first to third embodiments, and the content key distribution device may perform the TRL matching processing according to the structure of the TRL. It should be done. <Supplement> Although the encrypted communication system according to the present invention has been described with reference to Embodiments 1 to 4 applied as a content key distribution system, the present invention is not limited to such an embodiment. Is. That is, (1) In the first to third embodiments, a communication path for distributing the TRL between the management device and the content key distribution device is shown, and in the fourth embodiment, a recording medium used for delivering the TRL is shown. However, the TRL may be transmitted between the management device and the content key distribution device by using the communication path and the recording medium together. For example,
TRL is a recording medium from the management device to another communication device
May be delivered, and TRL may be delivered from the communication device to the content key delivery device via a communication path. (2) The content reproduction device described in each embodiment does not necessarily have to send the transmission request to the content key distribution device after obtaining the encrypted content in advance, for example, after obtaining the content key. Alternatively, the encrypted content may be obtained and played back. (3) It is assumed that the content reproduction apparatus shown in each embodiment holds a terminal ID unique to the apparatus and a decryption key unique to the apparatus, and the content key distribution apparatus encrypts all decryption keys. Although the content reproduction device has a plurality of decryption keys, the decryption key ID for identifying each decryption key is included in the transmission request and sent to the content key distribution device. , The content key distribution device holds the encryption keys corresponding to all the decryption keys in association with the decryption key IDs, and reproduces the content keys using the encryption keys corresponding to the transmitted decryption key IDs. It may be transmitted to the device. In this case, the TRL terminal ID related information shown in each embodiment is used to specify the decryption key ID corresponding to the decryption key to be revoked instead of the terminal ID of the revoked terminal.
In the matching process or the like, the decryption key ID may be the matching target instead of the terminal ID.

It should be noted that I which is attachable to and detachable from the content reproducing apparatus
The decryption key and the decryption key ID may be recorded on the C card or the like. (4) In the first to third embodiments, the TRL generation unit 1 of the management device
12 decides to automatically generate the TRL by the TRL data generation process (FIGS. 10, 14, and 18).
The algorithm for generating the RL terminal ID related information is not limited to this. The TRL may be generated in response to an input operation by an operator,
Alternatively, the TRL generated in the external device may be acquired in the management device, and then the TRL transmitting unit 113 may deliver the TRL.

Further, there may be a plurality of management devices in the content key distribution system, and TRL may be transmitted from one management device to another management device. Further, when the content key distribution device issues a request to the management device, the management device may transmit the TRL, and the content key distribution device periodically or when there is a transmission request from the terminal. May be requested to the management device. (5) The data structure of the terminal ID shown in the second embodiment is
The contents shown in FIG. 12 are not necessarily required. However,
By including a bit string representing a manufacturer, a product, etc. in the terminal ID, it becomes possible to reduce the amount of TRL data when all terminals manufactured by a certain manufacturer are invalidation terminals.

In the second embodiment, an example in which the terminal ID is defined as a manufacturer ID represented by a high-order bit string is shown, but the lower-order bit string in the terminal ID is defined as a manufacturer ID. It may be defined, or the bit string between the upper and lower bits in the terminal ID may be defined as the manufacturer I
The terminal ID may be defined as representing D. (6) Although the masking bits in the terminal ID related information of the TRL shown in the second embodiment are fixed length data such as 8 bits, as variable length data, they are paired with the information indicating the data length. You may leave it. (7) Regarding the terminal ID related information obtained as a result of the TRL data generation processing shown in the third embodiment, the terminal I
When D is 128 bits, if there is a set in the terminal ID related information indicating an ID having the least significant bit as 0 and a masking bit of 127 from the exception ID, the set and the exception ID May be deleted, and a set in which the least significant bit of the exception ID is inverted is used as an ID and the masking bit is 128, and the set may be added to the terminal ID related information.

Also, in the third embodiment, each exception ID is
Although it is assumed that one terminal ID is shown, exception group information including one or more pairs of an exception ID and an exception mask bit is included in the TRL terminal ID related information instead of the exception ID shown in FIG. May be included in. That is, I
From the terminal ID group indicated by all the pairs of D442 and the mask bits, all the invalidated terminals are obtained by excluding the terminal ID group indicated by all the pairs of the exception ID and exception mask bits. The terminal ID related information may be configured to be the terminal ID of. (8) In Embodiments 1 to 4, an example in which the encrypted communication system according to the present invention is applied to a content key distribution system is shown. However, the terminal receives a terminal ID from the terminal and the terminal is an invalidation terminal. The content of the communication process is not particularly limited to the transmission of the encrypted content key as long as it is a communication system that determines whether or not to execute some communication process according to the determination result. For example, it is possible to determine whether or not to execute the process of receiving the important data transmitted from the terminal side with the terminal-specific encryption, depending on the result of the determination as to whether or not the terminal is invalidated. (9) Processing procedure of the content key distribution system described in the first to third embodiments (FIGS. 5 to 7, FIG. 11, FIG. 14, FIG.
A computer program for causing a computer or the like to execute the procedures shown in FIGS. 16, 18, and 19),
It can also be recorded on a recording medium or distributed and distributed via various communication channels. Such a recording medium includes an IC
There are cards, optical disks, flexible disks, ROMs, and the like. Computer programs distributed and distributed are
By being installed in a computer or the like, the computer or the like can be used, and the computer or the like can execute the computer program and perform the various processes described in the first to third embodiments.

[0129]

As is apparent from the above description, the cryptographic communication system according to the present invention transmits the cryptographic communication device and the terminal identifier, which is a bit string of a predetermined number of bits with which the self-terminal device can be identified, to the cryptographic communication device. A cryptographic communication system comprising: a plurality of terminal devices having a function to perform; and a management device that generates invalidation terminal identification information indicating one or more terminal identifiers for identifying a terminal device to be invalidated, the management device Is a data format that comprehensively expresses all terminal identifiers in which the part is the same as the value by information that specifies the value of a part of the bit string of the predetermined number of bits. It has an invalidated terminal specifying information generating means for generating and an output means for outputting the generated invalidated terminal specifying information, and the encrypted communication device outputs by the management device. Invalidated terminal specific information acquisition means for acquiring the invalidated terminal specific information, terminal identifier receiving means for receiving the terminal identifier when the terminal identifier is transmitted from the terminal device, and received by the terminal identifier receiving means The determined terminal identifier determines whether or not it matches any of the terminal identifiers indicated by the invalidation terminal identification information for identifying the terminal device to be invalidated, and the received terminal identifier is When it is determined by the determination means that it does not match any of the terminal identifiers indicated by the invalidation terminal identification information, encryption unique to the terminal device is performed with the terminal device that transmitted the terminal identifier. By performing the predetermined communication, on the other hand, the received terminal identifier matches any one of the terminal identifiers indicated by the invalidation terminal identification information. Wherein when it is determined by the determination means, between the terminal apparatus which has transmitted the terminal identifier; and a communication unit that does not perform the predetermined communication with.

Here, the encrypted communication device is, for example, a content key distribution device as shown in the first to third embodiments, and the predetermined communication is, for example, transmission of the encrypted content key,
The invalidation terminal identification information is, for example, the TRL shown in the first to third embodiments. According to the present invention, all terminal IDs including a certain bit string are comprehensively expressed by information that specifies the value and position of a common bit string included in the terminal ID.
As a result, it becomes possible to keep the amount of RL data relatively small, and as a result, encryption such as distributing the content key and distributing it only to appropriate terminal devices excluding some terminal devices to be invalidated. A practical cryptographic communication system that provides services related to communication is realized.

Further, the invalidation terminal identification information generated by the invalidation terminal identification information generating means is value information indicating a value of a portion of a bit string having a predetermined number of bits and a bit position of the portion in the bit string. The value of the partial bit string, which is included in one or more pairs in association with the position information for specifying, is a partial bit string in the terminal identifier and located at the bit position specified by each position information,
The determination means is information that identifies all of the terminal devices identified by each of the terminal identifiers that are the same as the value indicated by the value information corresponding to the position information, as the terminal devices to be invalidated. The value of the partial bit string located at the bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means, for each position information included in the terminal identification information,
Inspecting whether or not the value indicated by the value information corresponding to the position information matches, and if it matches even once in the inspection, the received terminal identifier specifies the terminal device to be invalidated. May be determined to match any of the terminal identifiers indicated by the invalidation terminal identification information.

As a result, the invalidation terminal identification information has a format in which a partial value of the terminal ID and a partial position of the terminal ID are associated with each other, so that some positions are fixedly determined by the operation rule or the like. Since it is possible to represent all terminal IDs having a common range value for any bit string range by information consisting of a set of values and positions, it is possible to effectively manage a large number of invalid terminals with little information. Be able to express in quantity.

Further, the invalidation terminal identification information generated by the invalidation terminal identification information generating means is one set in which representative value information, which is a bit string of a predetermined number of bits, and mask flags of a predetermined number of bits are associated with each other. Including the above, the bit value in each mask flag in the part of the terminal identifier is 1
Is a piece of information that identifies all of the terminal devices identified by each of the terminal identifiers that are the same as the value of the part in the representative value information corresponding to the mask flag. Yes, the determination unit, for each mask flag included in the invalidation terminal identification information, the logical product of the terminal identifier and the mask flag received by the terminal identifier receiving unit, and a representative value corresponding to the mask flag It is checked whether or not the information and the logical product of the mask flag match, and if they match at least once in the check, the received terminal identifier identifies the terminal device to be invalidated. It may be determined to match with any terminal identifier indicated by the invalidation terminal identification information.

As a result, in a system in which a large number of terminal IDs are represented by a set of a partial value of the terminal ID and a partial bit position of the terminal ID, the bit positions forming a part of the terminal ID are set to the values in the mask flag. The bit positions that are shown as 1 and do not form a part thereof are shown as positions where the value in the mask flag is 0. Therefore, of the terminal ID received from the terminal, the portion to be collated with the value included in the invalidation terminal identification information is extracted by a simple calculation with a small calculation amount to obtain the logical product of the terminal ID and the mask flag. You will be able to. This leads to faster determination in the cryptographic communication device.

Further, the invalidation terminal specifying information generating means generates the invalidation terminal specifying information by including the isolated value information of a predetermined number of bits, and the invalidation terminal specifying information is the same as the isolated value information. The terminal identifier having the value of is also information for identifying the terminal device to be invalidated, and the determination means further includes the terminal identifier received by the terminal identifier receiving means, and the isolation included in the invalidated terminal identification information. Even when the value information matches, the received terminal identifier may be determined to match with any terminal identifier indicated by the invalidation terminal identification information as identifying the terminal device to be invalidated. Good.

Here, the outlier value information is the individual information shown in FIG. 8, for example.
, If it does not have a bit in common with the terminal IDs of other invalidation terminals, that is, if it is isolated, the terminal ID of the one invalidation terminal is included in the invalidation terminal specifying information as isolated value information. Therefore, when there are many isolated invalidation terminals, the number of terminal IDs of the one invalidation terminal is smaller than the format represented by the combination of the value of the terminal ID and the mask flag in which all bits are 1. It is possible to configure the invalidation terminal identification information with the above data.

Further, the invalidation terminal identification information generated by the invalidation terminal identification information generating means includes valid high-order digit information indicating the number of bit digits and value information indicating a value of a bit string corresponding to the number of bit digits. Is included in association with one or more pairs,
The value of the bit string for the number of bit digits indicated by each significant upper digit information from the most significant bit in the terminal identifier is the same as the value indicated by the value information corresponding to the valid upper digit information. This is information for identifying all of the identified terminal devices as terminal devices to be invalidated, and the determination means receives, for each valid upper digit information included in the invalidated terminal identification information, the terminal identifier receiving means. It is checked whether the value of the bit string for the number of bit digits indicated by the valid high-order digit information from the most significant bit in the terminal identifier matches the value indicated by the value information corresponding to the valid high-order digit information. , If the test matches even once, the received terminal identifier is
The terminal device to be invalidated may be determined to match with any terminal identifier indicated by the invalidation terminal identification information.

As a result, all the terminal IDs having a common value for the arbitrary number of bits from the higher order of the terminal ID can be represented by the effective upper digit information indicating the number of bits and the value information. In general, in management and operation of the terminal ID, information that distinguishes a group having a common property to the structure and function of the terminal, such as an identifier of a manufacturer of the terminal, is often positioned in the upper bits of the terminal ID. When a large number of terminals to be invalidated are generated in association with a specific manufacturer or product structure, the invalidated terminal specific information can be configured with a relatively small amount of data.

Further, the management device has a terminal identifier acquisition means for acquiring the terminal identifiers of all the terminal devices to be invalidated, and the invalidated terminal identification information generation means, if the predetermined number of bits is N, One or more X values satisfying the condition that the number of terminal identifiers having the same value of X bits from the most significant bit among the terminal identifiers acquired by the terminal identifier acquisition unit is 2 (N−X) th power. Identify each X
2) (N−X) terminal identifiers relating to the condition, valid high-order digit information indicating the number of bit digits X, and the bit string of the portion from the most significant bit to X bits of the terminal identifier. The invalidation terminal specifying information may be generated using a data format that is comprehensively expressed with value information indicating a value.

As a result, it becomes possible to construct the invalidation terminal specifying information with a reduced data amount, without imposing a particular operation burden on the operator of the management apparatus. Further, each terminal device is manufactured by one of a plurality of manufacturers, each terminal identifier for identifying each terminal device, a bit string of a predetermined number of bits from the most significant bit in the terminal identifier. May indicate the manufacturer of the terminal device.

As a result, it is possible to represent all terminal IDs having a fixed number of bits in common from the higher order by a set of small information, and since the information indicating the manufacturer is included in the higher order of the terminal ID, If the terminal manufactured by the manufacturer has a mechanical problem such as a defect that allows the user to copy content indefinitely by executing a certain procedure, etc., You will be able to effectively suppress.

Further, each terminal identifier for identifying each terminal device is a predetermined number of high-order bit strings subsequent to the bit string indicating the manufacturer in the terminal identifier, and indicates what kind of product the terminal device belongs to. It may be indicated. In this way, when it is found that there is a problem only with certain products manufactured by a specific manufacturer, the amount of data of invalidation terminal specific information required to make all terminals on which the product is implemented invalidation terminals. Can be suppressed.

Further, each of the plurality of terminal devices holds a unique decryption key, and the encrypted content, which is the content encrypted with the content key, can be stored inside the own terminal device, and the output means is provided. Performs the output by transmitting the invalidation terminal identification information to an encryption communication device, and the encryption communication device stores an encryption key corresponding to the decryption keys of all the terminal devices. Means and content key storage means for storing the content key, wherein the revocation terminal specifying information acquisition means performs the acquisition by receiving the revocation terminal specifying information transmitted by the output means. The communication means has determined by the determination means that the received terminal identifier does not match any of the terminal identifiers indicated by the invalidation terminal identification information. In this case, the content key is encrypted by using the encryption key corresponding to the decryption key of the terminal device and transmitted to the terminal device that transmitted the terminal identifier. Decryption means for decrypting the transmitted encrypted content key using the decryption key unique to the own terminal device, and decryption means by the decryption means when the encrypted content is stored inside the own terminal device It may be provided with a reproducing means for decrypting and reproducing the encrypted content using the content key.

As a result, when the terminal realizes the system in consideration of copyright protection and the like that the content can be reproduced only when the encrypted content key is acquired from the encryption communication device, the terminal is manufactured by a certain manufacturer. When it is determined that a group of terminals has fallen into a state where copyright protection is not possible, the number of bit digits indicating from the upper part of the terminal ID to the maker ID and a small data amount of the maker ID Since the information for identifying a group of terminals to be invalidated can be configured, the amount of data that must be transmitted from the management device to the encryption communication device can be suppressed, and the transmission time of the data can be shortened. .

The invalidation terminal identification information generated by the invalidation terminal identification information generating means includes one or more values of a part of a bit string of a predetermined number of bits and comprehensive information for specifying the part, and From all terminal identifiers that include one or more exception information of a predetermined number of bits, and the portion specified by each comprehensive information in the portion of the terminal identifier is the same as the value specified by the comprehensive information, All the information except the terminal identifier that is the same value as each exception information is information that specifies the terminal device to be invalidated,
Whether the terminal identifier received by the terminal identifier receiving unit matches a value specified by the comprehensive information in a part specified by any comprehensive information included in the invalidation terminal specifying information, If the received terminal identifier is the same as any of the exception information included in the invalidation terminal identification information, the terminal identifier is inspected, The terminal device to be invalidated may be determined to match with any terminal identifier indicated by the invalidation terminal identification information.

Thus, when the exception information is used, the terminal IDs of all the invalidation terminals can be specified with a small amount of data, rather than the terminal IDs of the invalidation terminals being specified only by the comprehensive information. There is. For example, assuming that there are 15 invalidation terminals and the terminal IDs of all of them are the same in all bit string values except the lower 4 bits, one comprehensive information excludes the lower 3 bits. Eight terminal IDs that all bit string values have in common
Is expressed, and another one comprehensive information expresses four terminal IDs in which the values of all bit strings except the lower 2 bits are common, and yet another terminal ID value expresses the terminal ID. According to the present invention, a bit string excluding the lower 4 bits is shared by one comprehensive information, as compared with the case of constructing the invalidation terminal identification information that identifies the terminal IDs of a total of 15 invalidation terminals. 16 terminal IDs to be represented, and the terminal ID of one terminal which is not the invalidation terminal among the 16 terminal IDs is represented by the exception information.
Since the invalidation terminal specifying information having the same meaning can be constructed by expressing, the data amount of the invalidation terminal specifying information can be suppressed.

Further, the management device has terminal identifier acquisition means for acquiring the terminal identifiers of all the terminal devices to be invalidated, and the invalidated terminal identification information generation means, if the predetermined number of bits is N, It is an N-bit bit string in which only the least significant bit of any of the terminal identifiers acquired by the terminal identifier acquisition unit is inverted, and the value is not the same as any of the other terminal identifiers acquired by the terminal identifier acquisition unit. A bit string satisfying the condition is defined as the exception information, the bit string is regarded as a terminal identifier, and the value from the most significant bit to the X-bit value of the terminal identifier acquired by the terminal identifier acquiring unit and the regarded terminal identifier. The number of terminal identifiers that are the same is 2
The value of X that satisfies the condition of being the (N−X) th power of X, and the value of X that is less than N is identified by one or more, and for each identified X value, the value of X and the condition Generating the invalidation terminal identification information by defining, as the comprehensive information, information that identifies the value of the bit string of the X-bit portion from the most significant bit of the 2 (N−X) th power of the terminal identifier according to May be

As a result, it becomes possible to construct the invalidation terminal specifying information in which the data amount is suppressed in a certain situation without imposing a particular operation burden on the operator of the management apparatus. Further, each of the plurality of terminal devices holds a unique decryption key, and the encryption communication device has an encryption key storage unit that stores an encryption key corresponding to the decryption keys of all the terminal devices. When the determination unit determines that the received terminal identifier does not match any of the terminal identifiers indicated by the invalidation terminal identification information, the communication unit determines that the terminal device that has transmitted the terminal identifier is On the other hand, the communication data is encrypted by using the encryption key corresponding to the decryption key of the terminal device and transmitted, and the terminal device transmits the communication data transmitted from the encrypted communication device by the decryption key unique to the own terminal device. May be used for decoding.

As a result, only for normal terminals,
In a system including a cryptographic communication device that performs a service of transmitting communication data, even if a large number of terminals to be invalidated occur, the invalidation terminal identification information necessary for determining whether or not the terminals are normal Since the amount of data can be suppressed to a small value, the judgment can be speeded up.

Further, the output means performs the output by transmitting the invalidation terminal identification information to the cryptographic communication device, and the invalidation terminal identification information acquisition means includes the invalidation terminal transmission information transmitted by the output means. The acquisition may be performed by receiving the specialized terminal specifying information. As a result, the management device can construct the invalidation terminal identification information required by the cryptographic communication device while suppressing the data amount, and can quickly transmit the invalidated terminal identification information to the cryptographic communication device.

Further, the output means has a mounting portion on which a recording medium can be mounted, and the output is performed by recording the invalidated terminal specifying information on the mounted recording medium to obtain the invalidated terminal specifying information. The acquisition unit may be capable of mounting the recording medium, and may perform the acquisition by reading the invalidation terminal identification information from the mounted recording medium.

As a result, when the management apparatus records the invalidation terminal specifying information required by the encryption communication apparatus on the recording medium and transmits it, it is possible to use the conventional recording medium having a recording allowable capacity which is small to some extent. Like In addition, the management device according to the present invention, invalidation terminal identification information indicating each terminal identifier of one or more terminal devices to be invalidated among the terminal identifiers that are a bit string of a predetermined number of bits that can identify each of the plurality of terminal devices. Is a management device for generating, by using a data format that comprehensively expresses all terminal identifiers that part is the same as the value by the information that specifies the value of a part of the bit string of the predetermined number of bits, It is characterized by comprising an invalidated terminal specifying information generating means for generating the invalidated terminal specifying information and an output means for outputting the generated invalidated terminal specifying information.

With this management device, the invalidation terminal identification information to be output can identify a large number of invalidation terminals with a relatively small amount of data, and the output invalidation terminal identification information can be transmitted or transmitted. It becomes easy to use in terms of recording on a recording medium. Further, the invalidation terminal identification information generated by the invalidation terminal identification information generation means specifies value information indicating a value of a part of a bit string having a predetermined number of bits and a bit position of the part in the bit string. The position information is associated with at least one set, and the value of the partial bit string in the terminal identifier that is located at the bit position specified by each position information is the partial bit string in the terminal identifier. May be information that specifies all of the terminal devices identified by all the terminal identifiers that are the same as the value indicated by the value information corresponding to the terminal information to be invalidated.

As a result, since the invalidation terminal identification information has a format in which a partial value of the terminal ID and a partial position of the terminal ID are associated with each other, some positions are fixedly determined by the operation rule or the like. Since it is possible to represent all terminal IDs having a common range value for any bit string range by information consisting of a set of values and positions, it is possible to effectively manage a large number of invalid terminals with little information. Be able to express in quantity.

Further, each terminal device is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each terminal device is a bit string within a predetermined range in the terminal identifier. The manufacturer of the terminal device may be indicated. As a result, when it is found that the terminal manufactured by a particular manufacturer has a mechanical defect,
The data amount of the invalidation terminal identification information can be effectively suppressed.

The cryptographic communication device according to the present invention is a cryptographic communication for performing communication with each terminal device that holds a terminal identifier that is a bit string of a predetermined number of bits that can identify the own terminal device among a plurality of terminal devices. The device is configured by using a data format that comprehensively represents all terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string of the predetermined number of bits, and invalidates An invalidation terminal identification information acquisition unit that externally obtains invalidation terminal identification information indicating each terminal identifier of one or more terminal devices as a means for identifying a terminal device that should be
The terminal identifier receiving means for receiving the terminal identifier when the terminal identifier held by the terminal device is transmitted, and the terminal identifier received by the terminal identifier receiving means are for identifying the terminal device to be invalidated. Determination means for determining whether or not it matches any terminal identifier indicated by the invalidation terminal identification information, and the received terminal identifier does not match any terminal identifier indicated by the invalidation terminal identification information When determined by the determination means, predetermined communication is performed with the terminal device that transmitted the terminal identifier by performing encryption unique to the terminal device, and the received terminal identifier is the If it is determined by the determination means that the terminal identifier indicated by the invalidation terminal identification information matches, the terminal identifier is transmitted. Between the terminal device, comprising a communication unit that does not perform the predetermined communication.

As a result, whether or not the terminal ID received from the terminal is the terminal ID of the invalidation terminal is acquired by referring to the invalidation terminal specifying information for specifying a large number of invalidation terminals with a relatively small amount of data. It becomes possible to quickly make the determination. The invalidation terminal identification information acquired by the invalidation terminal identification information acquisition unit specifies value information indicating a value of a part of a bit string having a predetermined number of bits and a bit position of the part in the bit string. The position information is associated with at least one set, and the value of the partial bit string in the terminal identifier that is located at the bit position specified by each position information is the partial bit string in the terminal identifier. Is information that identifies all of the terminal devices that are identified by all the terminal identifiers that are the same as the value indicated by the value information that corresponds to, as the terminal device that should be invalidated, and the determination unit is the invalidated terminal identification. For each position information included in the information, a unit located at a bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means. Check whether the value of the target bit string matches the value indicated by the value information corresponding to the position information, and if the value matches even once in the check, the received terminal identifier is invalidated. It may be determined that the terminal device to be identified matches with any terminal identifier indicated by the invalidation terminal identification information.

As a result, since the invalidation terminal identification information has a format in which a partial value of the terminal ID and a partial position thereof are associated with each other, some positions are fixedly determined by the operation rule or the like. Since it is possible to represent all terminal IDs having a common range value for any bit string range by information consisting of a set of values and positions, it is possible to effectively manage a large number of invalid terminals with little information. Be able to express in quantity.

The information generating method according to the present invention is an information generating method for generating invalidation terminal specifying information for specifying a terminal device to be invalidated among a plurality of terminal devices. A terminal identifier obtaining step of obtaining each terminal identifier of each terminal device to be invalidated, out of terminal identifiers having a bit string of a predetermined number of bits capable of identifying each, and information for specifying a partial value in the bit string of the predetermined number of bits By using a data format that comprehensively represents all terminal identifiers whose part is the same as the value,
A generation step of generating the invalidation terminal identification information indicating all the terminal identifiers acquired by the terminal identifier acquisition step.

As a result, the information for specifying a large number of invalidation terminals can be constructed with a small amount of data. Further, a recording medium according to the present invention is a computer-readable recording medium in which invalidation terminal identification data is recorded, and the invalidation terminal identification data is a bit string having a predetermined number of bits capable of identifying each of a plurality of terminal devices. In order to specify each terminal identifier of each terminal device to be invalidated, the terminal identifier specifying field for recording the partial specifying information for specifying the value of a part of the bit string of the predetermined number of bits is provided. However, the part specifying information comprehensively represents all the terminal identifiers whose part is the same as the value. Similarly, the invalidation terminal identification data according to the present invention is, in order to identify each terminal identifier of each terminal device to be invalidated, among the terminal identifiers formed of a bit string of a predetermined number of bits capable of identifying each of a plurality of terminal devices, It has a terminal identifier specifying field in which partial specifying information for specifying a value of a part of the bit string of the predetermined number of bits is recorded, and by the part specifying information, all terminal identifiers whose part is the same as the value are displayed. Characterized by a comprehensive representation.

As a result, all the terminal IDs including a certain bit string are comprehensively expressed by the information specifying the value and position of the common bit string included therein, so that the data amount of the invalidation terminal specifying data is relatively small. It will be possible to keep it small. The cryptographic communication system according to the present invention also includes a cryptographic communication device, a terminal device that transmits a key identifier having a predetermined number of bits to the cryptographic communication device, and an invalidation key identifier that identifies one or more key identifiers to be invalidated. A cryptographic communication system comprising a management device that generates specific information, wherein the management device uses all the keys whose part is the same as the value according to the information that specifies the value of a part of the bit string of the predetermined number of bits. Using a data format that comprehensively represents an identifier, an invalidation key identifier identification information generating unit that generates the revocation key identifier identification information and an output unit that outputs the generated invalidation key identifier identification information. The encryption communication device has an invalidation key identifier specifying information acquisition unit for acquiring the invalidation key identifier specifying information output by the management device, and receives the key identifier from the terminal device. A key identifier receiving unit that, the key identifier key identifier received by the receiving means, determination means for determining whether or not matches with any of the key identifier specified by the invalid key identifier specifying information,
Only when it is determined by the determination means that the received key identifier does not match any key identifier specified by the revocation key identifier specifying information, between the terminal device that transmitted the key identifier. , And a communication means for performing predetermined communication by performing unique encryption on the key identifier.

As a result, it is necessary to confirm the validity of the key identifier in the system that provides a service for performing a predetermined communication such as transmission of certain important data only to the terminal that has transmitted the valid key identifier. Since the amount of data can be suppressed, the practicality of such a system can be improved.

[Brief description of drawings]

FIG. 1 is a configuration diagram of a content key distribution system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a terminal ID and a decryption key stored in each terminal.

FIG. 3 is a conceptual diagram showing a method of determining a value of a terminal ID held by each terminal.

4 is a diagram showing an example of the content of data stored in an encryption key group storage unit 124 of the content key distribution device 120. FIG.

FIG. 5 is a flowchart showing a TRL generation / transmission process performed by the management device 110.

FIG. 6 is a flowchart showing a content reproduction process performed by the content reproduction device 130.

7 is a flowchart showing a content key distribution process performed by the content key distribution device 120. FIG.

FIG. 8 is a diagram showing a data structure of TRL in the first embodiment.

FIG. 9 is a diagram showing an example of contents of TRL.

FIG. 10 is a flowchart showing a TRL data generation process that is a part of the TRL generation and transmission process performed by the management device 110 according to the first embodiment.

FIG. 11 is a flowchart showing a TRL matching process which is a part of the content key distribution process performed by the content key distribution device 120 according to the first embodiment.

FIG. 12 is a diagram showing a data structure of a terminal ID according to the second embodiment.

FIG. 13 is a diagram showing a data structure of TRL in the second embodiment.

FIG. 14 is a flowchart showing a TRL data generation process which is a part of the TRL generation and transmission process performed by the management device 110 according to the second embodiment.

FIG. 15 is a diagram showing an example of contents of TRL.

FIG. 16 is a flowchart showing a TRL matching process which is a part of the content key distribution process performed by the content key distribution device 120 according to the second embodiment.

FIG. 17 is a diagram showing a data structure of TRL in the third embodiment.

FIG. 18 is a flowchart showing a TRL data generation process which is a part of the TRL generation and transmission process performed by the management device 110 according to the third embodiment.

FIG. 19 is a flowchart showing a TRL matching process which is a part of the content key distribution process performed by the content key distribution device 120 according to the third embodiment.

FIG. 20 is a configuration diagram of a content key distribution system according to a fourth embodiment of the present invention.

[Explanation of symbols]

100 Content Key Distribution System 101 communication path 110 management device 111 Invalidation terminal ID group acquisition unit 112 TRL generation unit 113 TRL transmitter 120 Content Key Distribution Device 121 TRL storage 122 TRL receiver 123 Content Key Storage Unit 124 encryption key group storage unit 125 Transmission request reception unit 126 Collating unit 127 encryption unit 128 encrypted content key transmission unit 130 Content playback device (terminal) 131 terminal ID storage unit 132 Decryption key storage unit 133 encrypted content storage 134 Request sending unit 135 Encrypted content key receiver 136 decryption unit 137 Playback section 500 Content Key Distribution System 501 recording medium 510 management device 513 TRL recording section 520 Content Key Distribution Device 522 TRL reading unit

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Makoto Tatebayashi             1006 Kadoma, Kadoma-shi, Osaka Matsushita Electric             Sangyo Co., Ltd. F term (reference) 5J104 AA07 AA16 EA04 EA07 EA18                       JA03 JA21 KA02 KA05 KA15                       MA01 NA02 NA03 NA27

Claims (36)

[Claims] 1. A cryptographic communication device, a plurality of terminal devices having a function of transmitting a terminal identifier, which is a bit string having a predetermined number of bits capable of identifying the self-terminal device, to the cryptographic communication device and a terminal device to be invalidated. A cryptographic communication system comprising: a management device that generates invalidation terminal identification information indicating one or more terminal identifiers, wherein the management device specifies information of a portion of a bit string of the predetermined number of bits. By using a data format that comprehensively expresses all terminal identifiers in which the relevant portion is the same as the value, invalidation terminal identification information generating means for generating the invalidation terminal identification information, and the generated invalidation information Output means for outputting terminal identification information, wherein the encryption communication device acquires the revocation terminal identification information for acquiring the revocation terminal identification information output by the management device. Means, a terminal identifier receiving means for receiving the terminal identifier when the terminal identifier is transmitted from the terminal device, and the terminal identifier received by the terminal identifier receiving means, for identifying the terminal device to be invalidated, Determination means for determining whether or not it matches any terminal identifier indicated by the invalidation terminal identification information, and the received terminal identifier does not match any terminal identifier indicated by the invalidation terminal identification information When determined by the determination means, predetermined communication is performed with the terminal device that transmitted the terminal identifier by performing encryption unique to the terminal device, while the received terminal identifier is transmitted. Is determined by the determination means to match any of the terminal identifiers indicated by the invalidation terminal identification information, the terminal identifier Cryptographic communication system between the transmitted terminal apparatus characterized by having a communication unit that does not perform the predetermined communication. 2. The invalidation terminal identification information generated by the invalidation terminal identification information generating means is value information indicating a value of a part of a bit string having a predetermined number of bits, and a bit position of the part in the bit string. The value of the partial bit string in the terminal identifier, which is included in one or more sets in association with the position information for specifying, is located at the bit position specified by each position information, All the terminal devices identified by all the terminal identifiers that are the same as the value indicated by the value information corresponding to the position information, is information for specifying as a terminal device to be invalidated, the determination means, the invalidation For each position information included in the terminal identification information, the bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means is set. It is checked whether the value of the existing partial bit string matches the value indicated by the value information corresponding to the position information, and if it matches even once in the check, the received terminal identifier is The cryptographic communication system according to claim 1, wherein the cryptographic communication system is determined to identify a terminal device to be revoked and matches any one of the terminal identifiers indicated by the revoked terminal identification information. 3. The invalidation terminal identification information generated by the invalidation terminal identification information generating means is one set in which representative value information, which is a bit string of a predetermined number of bits, and mask flags of a predetermined number of bits are associated with each other. Including all of the above, all terminal identifiers in which the value of the portion of the terminal identifier where the bit value in each mask flag is 1 is the same as the value of that portion in the representative value information corresponding to that mask flag All the terminal devices identified by the is information for specifying as a terminal device to be invalidated, the determination means, for each mask flag included in the invalidation terminal identification information, received by the terminal identifier receiving means The logical product of the terminal identifier and the mask flag matches the logical product of the representative value information corresponding to the mask flag and the mask flag. It is checked whether or not any of the terminal identifiers indicated by the invalidation terminal identification information indicates that the received terminal identifier identifies the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein the cryptographic communication system is determined to match with. 4. The invalidated terminal specifying information generating means generates the invalidated terminal specifying information by including a certain number of bits of isolated value information, and the invalidated terminal specifying information is further the same as the isolated value information. The terminal identifier having the value of is also information for specifying as the terminal device to be invalidated, the determining means further includes the terminal identifier received by the terminal identifier receiving means, and the isolated device included in the invalidated terminal specifying information. Even when the value information matches, the received terminal identifier is determined to match any one of the terminal identifiers indicated by the invalidation terminal identification information as identifying the terminal device to be invalidated. The cryptographic communication system according to claim 3. 5. The invalidation terminal identification information generated by the invalidation terminal identification information generating means includes valid high-order digit information indicating a bit digit number and value information indicating a value of a bit string for the bit digit number. Are associated with each other, and the value of the bit string corresponding to the number of bit digits indicated by each effective upper digit information from the most significant bit in the terminal identifier is indicated by the value information corresponding to the effective upper digit information. All the terminal devices identified by each of all the terminal identifiers that are the same as the value, is information for specifying as a terminal device to be invalidated, the determination means, each valid upper digit included in the invalidation terminal identification information Regarding the information, the value of the bit string for the number of bit digits indicated by the valid upper digit information from the most significant bit in the terminal identifier received by the terminal identifier receiving means is the valid upper digit. It is checked whether or not it matches the value indicated by the value information corresponding to the digit information, and if it matches even once in the check, the received terminal identifier shall identify the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein the encrypted communication system is determined to match with any one of the terminal identifiers indicated by the invalidation terminal identification information. 6. The management device includes a terminal identifier acquisition unit that acquires the terminal identifiers of all the terminal devices to be invalidated, and the invalidation terminal identification information generation unit, when the predetermined number of bits is N, One or more X values satisfying the condition that the number of terminal identifiers having the same value of X bits from the most significant bit among the terminal identifiers acquired by the terminal identifier acquisition unit is 2 (N−X) th power. For each value of X, the 2 (N−X) th power of the terminal identifiers relating to the condition is specified, and the effective high-order digit information indicating the number of bit digits X and the most significant bit from the most significant bit of the terminal identifier are X bits. 6. The encryption communication system according to claim 5, wherein the invalidation terminal specifying information is generated using a data format that is comprehensively expressed with value information indicating a value of a bit string of the portion. 7. The terminal device is manufactured by any one of a plurality of manufacturers, and each terminal identifier for identifying the terminal device is a predetermined bit from a most significant bit in the terminal identifier. The cryptographic communication system according to claim 6, wherein the manufacturer of the terminal device is indicated by a bit string of a number. 8. Each terminal identifier for identifying each terminal device is a predetermined number of high-order bit strings following the bit string indicating the manufacturer in the terminal identifier, and indicates which type of product the terminal device belongs to. 7. The method according to claim 7, wherein
The cryptographic communication system described. 9. The plurality of terminal devices each hold a unique decryption key, and can further store the encrypted content, which is the content encrypted with the content key, inside the own terminal device, the output means. Performs the output by transmitting the invalidation terminal identification information to an encryption communication device, and the encryption communication device stores an encryption key corresponding to the decryption keys of all the terminal devices. Means, and content key storage means for storing the content key, wherein the revocation terminal identification information acquisition means performs the acquisition by receiving the revocation terminal identification information transmitted by the output means. If the communication means determines that the received terminal identifier does not match any of the terminal identifiers indicated by the revocation terminal identification information, the determining means determines that In this case, the content key is encrypted and transmitted to the terminal device that has transmitted the terminal identifier using the encryption key corresponding to the decryption key of the terminal device. Decryption means for decrypting the transmitted encrypted content key using the decryption key peculiar to the own terminal device, and decryption means when the encrypted content is stored inside the own terminal device 8. The encrypted communication system according to claim 7, further comprising a reproducing unit that decrypts and reproduces the encrypted content using the content key. 10. The invalidation terminal identification information generated by the invalidation terminal identification information generating means includes one or more values of a part of a bit string of a predetermined number of bits and comprehensive information for specifying the part, and From all terminal identifiers that include one or more pieces of exception information of a predetermined number of bits and in which the part specified by each comprehensive information among the parts in the terminal identifier is the same as the value specified by the comprehensive information, All except the terminal identifier that is the same value as each exception information is information for specifying as a terminal device to be invalidated, the determination means, the terminal identifier received by the terminal identifier receiving means, the invalidation terminal It is inspected whether the value specified by the comprehensive information matches the part specified by the comprehensive information included in the specific information. If the received terminal identifier has the same value as any of the exception information included in the invalidated terminal identification information, the terminal identifier identifies the terminal device to be invalidated. The cryptographic communication system according to claim 1, wherein the encrypted communication system is determined to match any one of the terminal identifiers indicated by the invalidation terminal specifying information. 11. The management device has a terminal identifier acquisition unit that acquires the terminal identifiers of all the terminal devices to be invalidated, and the invalidation terminal identification information generation unit, where N is the predetermined number of bits, It is an N-bit bit string in which only the least significant bit of any of the terminal identifiers acquired by the terminal identifier acquisition unit is inverted, and the value is not the same as any of the other terminal identifiers acquired by the terminal identifier acquisition unit. The bit string satisfying the condition is defined as the exception information, the bit string is regarded as a terminal identifier, and the terminal identifier acquired by the terminal identifier acquisition unit and the regarded terminal identifier are X bits from the most significant bit.
If the number of terminal identifiers having the same bit value is 2 (N-
The value of X satisfying the condition of being the (X) power, and the value of X that is less than N is specified by one or more, and for each specified value of X, the value of X and the value of 2 related to the condition are specified. (NX)
11. The invalidation terminal identification information is generated by defining, as the comprehensive information, information that identifies the value of the bit string of the X-bit part from the most significant bit of the number of terminal identifiers. Cryptographic communication system. 12. The terminal device is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying the terminal device is a predetermined bit from a most significant bit in the terminal identifier. 12. The manufacturer of the terminal device is indicated by a bit string of a number.
The cryptographic communication system described. 13. The plurality of terminal devices each hold a unique decryption key, and can further store the encrypted content, which is the content encrypted with the content key, inside the own terminal device, the output means. Performs the output by transmitting the invalidation terminal identification information to an encryption communication device, and the encryption communication device stores an encryption key corresponding to the decryption keys of all the terminal devices. Means, and content key storage means for storing the content key, wherein the revocation terminal identification information acquisition means performs the acquisition by receiving the revocation terminal identification information transmitted by the output means. The communication means determines by the determination means that the received terminal identifier does not match any terminal identifier indicated by the invalidation terminal identification information. In this case, the content key is encrypted by using the encryption key corresponding to the decryption key of the terminal device and transmitted to the terminal device that transmitted the terminal identifier. Decryption means for decrypting the transmitted encrypted content key using the decryption key peculiar to the own terminal device, and decryption means when the encrypted content is stored inside the own terminal device 13. The encrypted communication system according to claim 12, further comprising a reproducing unit that decrypts and reproduces the encrypted content using a content key. 14. Each terminal device is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each terminal device is a bit string within a predetermined range in the terminal identifier. The cryptographic communication system according to claim 1, which indicates a manufacturer of the terminal device. 15. The plurality of terminal devices each hold a unique decryption key, and the encrypted communication device stores an encryption key corresponding to the decryption keys of all the terminal devices. And the communication unit transmits the terminal identifier when the received terminal identifier does not match any of the terminal identifiers indicated by the invalidation terminal identification information, when the determination unit determines that To the terminal device, the communication data is encrypted and transmitted using an encryption key corresponding to the decryption key of the terminal device, and the terminal device transmits the communication data transmitted from the encrypted communication device, The cryptographic communication system according to claim 1, wherein the decryption key is used for decryption. 16. The output unit performs the output by transmitting the invalidation terminal identification information to an encryption communication device, and the invalidation terminal identification information acquisition unit includes the invalidation unit transmitted by the output unit. The cryptographic communication system according to claim 1, wherein the acquisition is performed by receiving the encrypted terminal specifying information. 17. The invalidating terminal specifying information is output by recording the invalidating terminal specifying information on the mounted recording medium, wherein the output unit has a mounting portion to which a recording medium can be mounted. The cryptographic communication system according to claim 1, wherein the acquisition unit can mount the recording medium, and performs the acquisition by reading the invalidation terminal identification information from the mounted recording medium. 18. A management device which generates invalidation terminal identification information indicating each terminal identifier of one or more terminal devices to be invalidated among terminal identifiers consisting of a bit string of a predetermined number of bits capable of identifying each of a plurality of terminal devices. In addition, by using a data format that comprehensively expresses all the terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string of the predetermined number of bits, the invalidation terminal identification A management apparatus comprising: an invalidated terminal specifying information generating unit that generates information; and an output unit that outputs the generated invalidated terminal specifying information. 19. The invalidation terminal identification information generated by the invalidation terminal identification information generating means is value information indicating a value of a part of a bit string having a predetermined number of bits, and a bit position of the part in the bit string. The value of the partial bit string in the terminal identifier, which is included in one or more sets in association with the position information for specifying, is located at the bit position specified by each position information, 19. The information for identifying all the terminal devices identified by all the terminal identifiers that are the same as the value indicated by the value information corresponding to the position information as the terminal devices to be invalidated. Management device described. 20. Each of the terminal devices is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each of the terminal devices is a bit string within a predetermined range in the terminal identifier. 20. The management device according to claim 19, which indicates a manufacturer of the terminal device. 21. A cryptographic communication device that performs communication with each terminal device that holds a terminal identifier that is a bit string of a predetermined number of bits that can identify the own terminal device among a plurality of terminal devices, and the predetermined number of bits. Is configured using a data format that comprehensively expresses all terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string of
An invalidation terminal identification information acquisition unit that externally obtains invalidation terminal identification information indicating each terminal identifier of one or more terminal devices for identifying the terminal device to be invalidated, and the terminal device from the terminal. The terminal identifier receiving means for receiving the terminal identifier when the terminal identifier held by the device is transmitted, and the terminal identifier received by the terminal identifier receiving means is the invalidation as specifying the terminal device to be invalidated. Determination means for determining whether or not it matches any terminal identifier indicated by the terminal identification information, and the determination that the received terminal identifier does not match any terminal identifier indicated by the invalidation terminal identification information If it is determined by the means, the terminal device that transmitted the terminal identifier performs a unique encryption on the terminal device. Communication is performed, and when it is determined by the determination means that the received terminal identifier matches any terminal identifier indicated by the invalidation terminal identification information, the terminal device that has transmitted the terminal identifier is A cryptographic communication device, comprising: a communication unit that does not perform the predetermined communication between them. 22. The invalidation terminal identification information acquired by the invalidation terminal identification information acquisition means is value information indicating a value of a part of a bit string having a predetermined number of bits, and a bit position of the part in the bit string. The value of the partial bit string in the terminal identifier, which is included in one or more sets in association with the position information for specifying, is located at the bit position specified by each position information, All the terminal devices identified by all the terminal identifiers that are the same as the value indicated by the value information corresponding to the position information, is information for specifying as a terminal device to be invalidated, the determination means, the invalidation Bit position specified by the position information in the terminal identifier received by the terminal identifier receiving means for each position information included in the terminal identification information. It is checked whether the value of the existing partial bit string matches the value indicated by the value information corresponding to the position information, and if it matches even once in the check, the received terminal identifier is 22. The encrypted communication device according to claim 21, wherein the encrypted communication device is determined to identify a terminal device to be revoked and matches any terminal identifier indicated by the revoked terminal identification information. 23. An information generating method for generating invalidation terminal identification information for identifying a terminal device to be invalidated among a plurality of terminal devices, the method having a predetermined number of bits capable of identifying each of the plurality of terminal devices. Of the terminal identifiers of the bit string, the terminal identifier acquisition step of acquiring each terminal identifier of each terminal device to be invalidated, and the information that specifies the value of a part of the bit string of the predetermined number of bits determines that part is the same as the value. Using a data format that comprehensively represents all certain terminal identifiers, a generation step of generating the invalidated terminal identification information indicating all the terminal identifiers acquired by the terminal identifier acquisition step is included. Information generation method. 24. In the generating step, when the predetermined number of bits is N, the number of terminal identifiers having the same X-bit value from the most significant bit among the terminal identifiers acquired in the terminal identifier acquiring step is 2 The value of X that satisfies the condition of being the (N−X) th power of 1 is specified, and for each value of X, the valid high-order digit information indicating the number of bit digits of X and the highest-order bit of the terminal identifier, X And a value information indicating a value of a bit string of a bit portion are associated with each other, and the invalidation terminal identification information having all the sets of the associated effective upper digit information and the value information as constituent elements is generated. The information generating method according to claim 23. 25. Each of the terminal devices is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each of the terminal devices is a predetermined bit from the most significant bit in the terminal identifier. 25. The manufacturer of the terminal device is indicated by a bit string of a number.
Information generation method described. 26. The generating step is an N-bit bit string obtained by inverting only the least significant bit of one of the terminal identifiers obtained in the terminal identifier obtaining step, where N is the predetermined number of bits, A bit string that satisfies the condition that the value is not the same as any of the other terminal identifiers acquired by the identifier acquisition step, is defined as exception information, and the bit string is regarded as a terminal identifier, and the terminal acquired by the terminal identifier acquisition step Of the identifiers and the considered terminal identifiers, the value of X satisfying the condition that the number of terminal identifiers having the same value of X bits from the most significant bit is 2 (N−X), and less than N The value of X that is 1 or more is specified, and for each specified value of X, the value of the X and 2 (N−X) power of the condition. Generating the invalidation terminal identification information having all the pairs of associated values and the exception information as components, in association with the value of the bit string of the most significant bit to X bit of each terminal identifier. The information generating method according to claim 23, wherein: 27. Each terminal device is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each terminal device is a predetermined bit from the most significant bit in the terminal identifier. 27. The manufacturer of the terminal device is indicated by a bit string of a number.
Information generation method described. 28. A program for causing a computer to execute an information generation process for generating invalidation terminal identification information for specifying a terminal device to be invalidated among a plurality of terminal devices, wherein the information generation process comprises: A terminal identifier acquisition step of acquiring each terminal identifier of each terminal device to be invalidated among the terminal identifiers of a bit string of a predetermined number of bits capable of identifying each of the plurality of terminal devices, and a part of the bit string of the predetermined number of bits The invalidation terminal indicating all the terminal identifiers acquired by the terminal identifier acquisition step by using a data format that comprehensively expresses all the terminal identifiers whose parts are the same as the value by the information specifying the value A program including a generation step of generating specific information. 29. A recording medium having recorded thereon a program for causing a computer to execute information generation processing for generating invalidation terminal identification information for identifying a terminal device to be invalidated among a plurality of terminal devices, The information generation process includes a terminal identifier acquisition step of acquiring each terminal identifier of each terminal device to be invalidated among the terminal identifiers of a bit string of a predetermined number of bits that can identify each of the plurality of terminal devices, and the predetermined number of bits. By using a data format that comprehensively expresses all terminal identifiers whose part is the same as the value by the information that specifies the value of a part of the bit string, all the terminal identifiers acquired by the terminal identifier acquisition step are And a generation step of generating the invalidation terminal identification information. 30. A program for causing a computer to execute a determination process of determining whether or not the terminal device is a terminal device to be invalidated based on a terminal identifier transmitted from the terminal device, the determination process Is a terminal identifier receiving step of receiving a terminal identifier having a predetermined number of bits transmitted from the terminal device, and all the parts having the same value as the value according to information specifying a value of a part of the bit string having the predetermined number of bits. An invalidation terminal identification information acquisition step of obtaining invalidation terminal identification information that identifies each terminal identifier of one or more terminal devices to be invalidated using a data format that comprehensively expresses the terminal identifier; It is determined whether the terminal identifier received in step matches any terminal identifier specified by the invalidation terminal specifying information. A program characterized by comprising a determination step. 31. A recording medium recording a program for causing a computer to execute a determination process for determining whether or not the terminal device is a terminal device to be invalidated based on a terminal identifier transmitted from the terminal device. In the determination processing, the terminal identifier receiving step of receiving a terminal identifier having a predetermined number of bits transmitted from the terminal device, and the part having the value is determined by the information specifying the value of a part of the bit string having the predetermined number of bits. An invalidated terminal specific information acquisition step of acquiring invalidated terminal specific information for identifying each terminal identifier of one or more terminal devices to be invalidated by using a data format that comprehensively expresses all the same terminal identifiers; , The terminal identifier received in the terminal identifier receiving step matches any terminal identifier specified by the invalidation terminal specifying information. Recording medium, characterized in that it comprises a determination step of determining whether Luke. 32. A computer-readable recording medium in which invalidation terminal identification data is recorded, wherein the invalidation terminal identification data is a terminal identifier which is a bit string of a predetermined number of bits capable of identifying each of a plurality of terminal devices. In order to specify each terminal identifier of each terminal device to be invalidated, a terminal identifier specifying field for recording part specifying information for specifying a value of a part of the bit string of the predetermined number of bits is included, and the part specifying is performed. A recording medium characterized in that the information comprehensively represents all the terminal identifiers whose part is the same as the value. 33. The terminal identifier specifying field includes a value information field recording value information indicating a value of a part of a bit string having a predetermined number of bits, and position information for specifying a bit position of the part in the bit string. And one or more sets each of which is associated with a location information field in which the location information field is recorded, wherein the invalidation terminal identification data is a partial bit string in the terminal identifier, and each location in each location information field. The value of the partial bit string located at the bit position specified by the information is the same as the value indicated by the value information recorded in the value information field corresponding to the position information field in which the position information is recorded. 33. The data according to claim 32, characterized in that each of the terminal identifiers is a data for specifying a terminal identifier of each terminal device to be invalidated. Media. 34. Each of the terminal devices is manufactured by one of a plurality of manufacturers, and each terminal identifier for identifying each of the terminal devices is a bit string within a predetermined range in the terminal identifier. The recording medium according to claim 33, which indicates a manufacturer of the terminal device. 35. A part of the bit string having the predetermined number of bits for specifying each terminal identifier of each terminal device to be invalidated among the terminal identifiers having a bit string having a predetermined number of bits capable of identifying each of the plurality of terminal devices. It has a terminal identifier specifying field that records partial specifying information for specifying the value of, and the part specifying information comprehensively represents all the terminal identifiers whose part is the same as the value. Characterizing invalidation terminal identification data. 36. An encryption communication device, a terminal device for transmitting a key identifier having a predetermined number of bits to the encryption communication device, and management for generating revocation key identifier specifying information for specifying one or more key identifiers to be revoked. An encryption communication system comprising a device, wherein the management device comprehensively expresses all key identifiers whose part is the same as the value by information specifying a value of a part of the bit string of the predetermined number of bits. A revocation key identifier specifying information generating means for generating the revocation key identifier specifying information, and an output means for outputting the generated revocation key identifier specifying information, The device includes a revocation key identifier specifying information acquiring unit that acquires the revocation key identifier specifying information output by the management device, and a key identifier receiving unit that receives a key identifier from a terminal device. And a determining means for determining whether or not the key identifier received by the key identifier receiving means matches any key identifier specified by the revocation key identifier specifying information, and the received key identifier Is unique to the key identifier with the terminal device that has transmitted the key identifier, only when it is determined by the determining means that the key identifier does not match any key identifier specified by the revocation key identifier specifying information. And a communication means for performing predetermined communication by performing various encryptions.