JP2003195752A - Recording and reproducing device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To permit contents reproduction only once and to move them after recording them in a medium. <P>SOLUTION: A recording and reproducing device is provided with: a seed of a cipher key for ciphering a prescribed unit block in ciphering, by each unit block, information in which a plurality of unit blocks are continued; a ciphering means in which the seed of the cipher key for deciphering the ciphered unit block is constituted of the information based on the cipher key used when ciphering the unit blocks other than the prescribed unit block; a recording means for recording the ciphered information on a recording medium; and a deciphering means for deciphering and reproducing, by the unit block, the plurality of unit blocks of the ciphered information read from the recording medium. The device is provided with a memory integrally provided to the recording medium for recording the cipher key or the seed of the cipher key when recording the ciphered information on the recording medium. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a recording / reproducing apparatus that encrypts and records content with parental restrictions, or decrypts and reproduces encrypted content, and more particularly, an encryption key used during encryption. And a method of managing the seed of the encryption key.

[0002]

2. Description of the Related Art Conventionally, contents such as video and audio have been recorded on tape-shaped recording media such as video tapes and audio tapes, or on disk-shaped recording media such as CDs and DVDs. It has been a problem that content recorded on the medium is illegally copied by an act such as dubbing.

In addition, a digital system has come to be adopted when recording contents such as video and audio, and the contents are distributed not only by recording on the above-mentioned medium but also by data distribution or the like, which is illegal. Copy protection is becoming more important.

Next, a method of restricting copying of digital content data will be described. In recent years, with the widespread use of digital distribution of video and audio as described above, content providers that distribute content have restricted viewing of digital content data such as "copy prohibited" and "copy once". . Further, in the case of analog copying, by inserting a copy guard signal into the content, when copying the content, the image of the copied content is disturbed.

A typical copy guard adopting such a method is called a macrovision system (pseudo sync pulse system, color stripe system). This is because by recording a certain signal in the specific part of the analog signal of the content for which "copy prohibition" is restricted, even if this content is recorded, the recording device recognizes the signal embedded in the specific part and records it. In order to
This is a method in which when the screen after copying is reproduced, the screen becomes unpleasant for viewing due to the influence of the above-mentioned signal. Moreover, even if an attempt is made to record the content adopting this type of copy guard with a digital recording device, the recording device recognizes this signal and cannot record. Note that this method is adopted for PPV (Pay Per View) programs of digital broadcasting.

However, with this type of copy guard, copying can be performed in a normal state simply by removing a signal that disturbs the screen, and therefore, a device for avoiding this copy guard has been commercially available.

[0007] In addition, for the content which is restricted to "copy once", the copy generation is managed to prevent copying more than a specified number of times. A typical example of this method is CGMS (Copy Generation Ma
There is something called a nagement System). This is because a specific digital signal (1. copy not allowed, 2. copy one generation only allowed, 3.
This is a method of restricting copying as directed by a specific digital signal incorporated in the content by incorporating (unlimited copy three ways) and identifying this signal by a digital recording device. Note that the CGMS method is also used for MD (mini disk) copy generation management.

However, in the CGMS system as well, the copy guard can be released by rewriting the flag relating to the copy generation from the "copy not possible" to the "copy possible".

In view of the above, in the DVD, the digital content data itself is encrypted and recorded on the medium. Therefore, even if you try to retrieve the data as it is, you will have to retrieve the encrypted content, and since it is difficult to retrieve the encryption key, it is not possible to copy the digital signal that is not actually encrypted. It's getting harder.

DE, which is one of such encryption methods
The S (Data Encryption Standard) will be described. D
ES is a block cipher having a size of 64 bits for the plaintext (original text), ciphertext, and cipher key. However, the encryption key is 6
Since 8 bits out of 4 bits are used for parity, the substantial length of the encryption key is 56 bits.

The basic structure of the DES is shown in FIG. After swapping the bits so that adjacent bits of the plaintext are approximately 32 bits apart, the same 16-stage transformation is applied repeatedly. In each stage, the top 32 input from the previous stage
L _n-1 of the bits and R _n-1 of the lower 32 bits are grouped together, and are converted into L _n and R _n by using a 48-bit key K _n input from the key generation unit. Output to the next stage. After exchanging L ₁₆ and R ₁₆ of the 16th stage output, each bit is replaced by IP ⁻¹ to output the ciphertext. On the other hand, the key is 8 by the selective replacement PC-1.
The parity pits of the bits are removed and the remaining 56 bits are replaced.

After that, the upper 28-bit C _n and the lower 28
1 shift for each D _n of bits
A key K _n is created for each step while repeating 6 steps. Figure 1
The 16-stage conversion unit that is the basic unit of the DES shown in FIG. 2 has the structure shown in FIG.
_n−1 , R _n−1 ) and the output (L _n , R _n ) of the next stage satisfy the following relationship. _{L n = R n-1,} R n = L n-1 EXORf In _{(R n-1, K n} ) where, EXOR indicates an exclusive OR function _{f (R n-1, K} n) Further has the structure shown in FIG.

The input R _n-1 to the f-function consists of 32 bits, but is expanded to 48 bits by the expansion replacement E. Next, the 48 bits and K _n are subjected to exclusive OR in bit units, and then divided into eight 6-bit units, each of which is input to the S box of S _{1 to} S ₈ . In each S box, a 6-bit input is non-linearly converted into a 4-bit output. Finally, the bit position of the 32 bits obtained by combining 8 bits of the output is replaced by the replacement P, and f
The output is (R _n-1 , K _n ).

Solving the equations L _n = R _n-1 and R _n = L _n-1 EXORf (R _n-1 , K _n ) which are basic transformations of DES, (L _n-1 , R _n-1 ) Is expressed by (L _n , R _n ), the following equation is obtained. R _n-1 = L _n , L _n-1 = R _n EXORf (R _n-1 , K _n ) = R
_n EXORf (L _n , K _n ) Thus, the operation of obtaining (R _n-1 , L _n-1 ) from (R _n , L _n ) is performed from (L _n-1 , R _{n -1} ) to (L _n , R _n ) has the same structure. This property means that decryption can be performed with the same conversion as encryption.

[0015]

However, for example, a PPV program of digital broadcasting is restricted by "copy prohibition", so that the content can be viewed only once, but the viewer can watch the PPV program. I had to see it at a fixed time. As described above, with respect to the content of “copy prohibition”, even if the copyright holder intends to permit the content to be viewed only once, the time period for actually viewing the content is limited. It was In addition, when recording "copy prohibited" contents on a recording medium and allowing viewing only once,
There has not been established a method that makes it impossible to reproduce the content once the content is viewed. Further, in order to realize this, it is difficult to realize that it is difficult to erase the data at the end of viewing while reproducing the content. For example, in a personal computer or the like, the data on the hard disk is deleted only by erasing the FAT of the file system, and thus the data is not actually deleted.

On the other hand, the contents of "copy once" are
For example, even when recording is performed by a recording / reproducing apparatus that is a combination of a VTR and an HDD (hard disk drive), if recording is performed on either medium once, further recording cannot be performed because it is a second copy. Therefore, it was not possible to re-record only the desired program on the storage medium after viewing once. Like this, "copy once"
As for the content, even if the copyright holder intends to limit the content to one medium, the content recorded once is actually recorded on another medium and the original recording medium The so-called movement of contents, which erases the recorded part, was not permitted.

Further, regarding encryption, it has become easier to know the encryption key due to the improvement in computer performance.
And using a fixed key for one piece of content means that if the key can be known, all the content has been decrypted, and as a result, digital content can be illegally copied. . Therefore, in order to avoid this, there is a method of changing the key every time. As a result, even if the key used to encrypt a part of the content is known, the entire content is not decrypted, and the security is increased as compared to the case where a fixed key is used. The key used for encryption is calculated when multiple keys are generated during decryption. It is necessary to store the key or the seed of the key separately. There is a drawback that it grows in proportion to the number of keys. Here, the “key seed” represents information that is a source of key generation.

Further, regarding the encryption, Japanese Patent Laid-Open No. 9-107
As described in Japanese Patent No. 536, as encryption processing in the block chaining method, P (1) is made to depend on an encryption key K and an initial value IV, encrypted using an encryption function E1, and P (i) ) (2 ≦ i ≦ n) is the encryption key K and P (i-
1), the data blocks (C (1), C (1), C (1), C) that are sequentially encrypted by using the encryption function E2
A method for generating (2), ..., C (n)) is disclosed. However, in this case, since the encryption key K is fixed and the data on which the encryption is based is the data before the data to be encrypted, there is a problem that the risk of decrypting the encryption is high. .

[0019]

In order to solve the above-mentioned problems, when encrypting information in which a plurality of unit blocks are continuous for each unit block, an encryption key for encrypting a predetermined unit block is used. The seed and the seed of the encryption key for decrypting the encrypted unit block are encryption means based on information based on an encryption key when a unit block other than the predetermined unit block is encrypted. A recording means for recording the encrypted information on a recording medium; and a decoding means for decoding and reproducing a plurality of unit blocks of the encrypted information read from the recording medium for each unit block. A recording / reproducing apparatus having: a recording medium, which is provided integrally with the recording medium, for recording the encryption key or a seed of the encryption key when recording the encrypted information in the recording medium. To provide a recording and reproducing apparatus characterized in that it comprises a re.

The recording / reproducing apparatus according to claim 1, wherein the plurality of unit blocks have a reproduction order.

The recording / reproducing apparatus according to claim 2, wherein seeds of an encryption key for encrypting the predetermined unit block are chained at least twice.

[0022]

BEST MODE FOR CARRYING OUT THE INVENTION An embodiment of an encryption method according to the present invention will be described below with reference to the drawings. When the digital content data is AV data sent from a broadcasting station and is "copy prohibited", the digital content data is recorded and reproduced as a recording / playback device that allows the program to be viewed only once at an arbitrary time after the broadcast time. A VTR will be described as an example.

In the present embodiment, such a digital VTR is realized by allowing the content "copy prohibited" to be viewed only once. MP for videotape
The transport stream (TS) of EG (Motion Picture Expert Group) is recorded. DES is used for encryption / decryption.

FIG. 4 is a diagram showing a recording section of a digital VTR incorporating an encryption section to which the encryption method according to the present invention is applied. MPE by tuner 1 and external signal input unit 2
The G TS is input and sent to the switch circuit unit 3.
Here, according to the instruction issued by the user interface 200, a signal is sent from the tuner 1 or the external signal input unit 2 to the recording signal processing unit 4. A time code, an absolute track number, etc. are generated for the signal sent to the recording signal processing unit 4. After that, the signal is sent to the encryption unit 5 to encrypt the data. Then, it is recorded on the tape 100 in the recording unit 6. In addition to the video signal and the audio signal, a time code or the like is recorded on the tape 100, for example, in a sub code area. The encryption key generated by the encryption unit 5, the seed of the encryption key, or the like is recorded in the memory attached to the tape.

FIG. 5 is a diagram showing a reproducing unit of a digital VTR having a built-in decoding device for decoding a signal encrypted by the encryption method according to the present invention. First, the reproducing unit 10 reads the signal of the tape 100. At the same time, the memory reading unit 14 reads the encryption key or the seed of the encryption key recorded in the memory attached to the cassette tape. The read signals are sent to the decoding unit 9. Therefore, after the data is decoded, it is sent to the reproduction signal processing unit 8 and subjected to error correction and the like, and then output to the monitor 300 via the external signal output unit 7.

As described above, in the digital VTR having the configuration shown in FIGS. 4 and 5, when the digital content data of "copy prohibited" is recorded, the signal indicating "copy prohibited" is recorded by the CGMS described above. . For example, in digital broadcasting, TS is digital copy control d
There is a descriptor called escriptor, and digitalre
There is a 2-bit field called cording control data (digital copy control information). In the field, for example, "copy permitted" = 00, "copy once" = 10,
It is described as “copy prohibition” = 11. When the hard disk recorder detects 2 bits of “11” for the input signal, the constant value IV = h _i (Const _i ) is calculated with constant Const _i as the input of the initial vector generation function h _{i for} the same content. To do.

The initial value IV serves as a key seed when encrypting the first unit block of the input content. Therefore, if the initial value IV is easily known, the encrypted content may be decrypted.
The initial value IV is recorded on a medium that is difficult to analyze. For example, a memory attached to a video tape is used as the medium.

A concrete structure of the video tape is shown in FIG. As shown in the figure, a non-contact type memory chip 12 is provided in the housing of the tape 11. This memory chip includes a non-volatile memory and its control circuit. Having a non-volatile memory allows the information in that memory to be read at any time while the tape is inserted into the VCR. Therefore, the initial value IV can be read regardless of the current position of the tape. Also,
Since the memory is a non-contact type, an antenna 13 is provided for exchanging data with the interface. Furthermore, by recording the start address of the part that is allowed to play in the memory, if the current position of the tape is the part where the play is not allowed, the tape is fast-forwarded to the start address of the part that is allowed to play. Or, it becomes possible to rewind.

The internal structure of the non-contact type memory chip is shown in FIG. As shown in the figure, it includes a power circuit 14, an RF processing unit 15, a controller 16, and a ROM 17. Power is supplied externally via the antenna. The power supplied to the power circuit is supplied to the RF processing unit 15, controller 16, ROM 1
7 is supplied. The RF processing unit 15 is where the received signal is demodulated. The controller 16 controls decoding of the received signal and writing to the ROM 17. It can also be realized by having a contact-type non-volatile memory instead of a non-contact type. A method of actually managing data by attaching a memory to a tape is disclosed in Japanese Patent Laid-Open No. 2000-173237.

First, assuming that the unit block is 184 bytes, the initial value IV is used as the input of the key generation function g to generate the key K.
Calculate ₁ = g (IV, Const). After that, K _i is
It represents a key used when encrypting / decrypting the i-th block. Also, Const represents other information that is the basis of key generation. Here, assuming that the Const information changes with time within the same content, the Const information must be stored. Also, if the information changes with time, a large-capacity memory for storing all the changed information must be used.
It is assumed that nst consists of constant parameters in the same content such as an ID unique to a video deck. Since DES is used for encryption / decryption, the key K _i needs to be 56 bits. Therefore, the initial value I
It is preferable that the total number of bits of V and Const is 56 bits or more. Because the key generation function g is 1: 1
This is because it is easy to infer the initial value IV or Const from the key K _i if it is a function. Therefore, the key generation function g is n (n
≧ 2) Make a one-to-one function.

Next, the encryption method according to the present invention will be described with reference to FIG. The value of 184 bytes of the unit block excluding the 4 bytes of the header from the 188 bytes of 1 TS packet is the number of bytes in the area in which AV data is recorded. There are 23 DES encrypted block 64-bit blocks in the 184 bytes that are the AV data of the TS packet P (1). Then, each of these 23 blocks is encrypted with the encryption key K ₁ of the TS packet P (1). The encrypted P (1) is described as C (1). The same operation is performed for the TS packets P (2), P (3), ....

Next, the key K ₂ used for encryption of P (2)
Explain how to create. Key K ₂ = g (S ₁ , Const)
It is defined as Here, S ₁ is defined as S _i = h (K _i ) where h is the key seed generation function. That is, the encryption key / decryption key of the previous unit block is used as the key seed. This makes the encryption key variable for each unit block, and even if one encryption key is known, it is difficult to decrypt all plaintexts. In addition to this, there is a method of making the encryption key variable by preparing a plurality of seeds of the encryption key, but it is necessary to separately store the seeds of all the keys. However, when the method of the present invention is adopted, the seed of the encryption key is calculated based on the encryption key / decryption key not recorded on the tape, and therefore it is difficult to analyze and is stored in another area. There is no need to leave it. After K ₃ K ₃
= G (S ₂ , Const), K ₄ = g (S ₃ , Cons)
t), ...

On the other hand, when reproducing, the initial value I on the memory
Read V to generate key K ₁ and decrypt C (1). At that time, K ₁ to S ₁ are also generated at the same time. Then the S
Generate the key K ₂ from ₁ and decrypt C (2). The outline of encryption and decryption is shown in FIG. Further, in the above-described embodiment, the seed of the encryption key of the unit block is generated from the encryption key / decryption key of one unit block. Alternatively, the key seed may be generated from a plurality of unit blocks. Further, although the key seed is generated from the encryption key / decryption key of the immediately preceding unit block, it goes without saying that the encryption key / decryption key of the preceding two unit block may be used.

Next, a description will be given of a method of preventing the part that has been once reproduced from being seen when the "copy prohibited" content is reproduced halfway. TS as shown in FIG.
It is assumed that packets C (1) to C (4) are reproduced. As described above, first read the initial value IV and then C
Decoding starts from (1). Then, when the decoding of C (4) is finished, the reproduction is finished. Where next time C
The initial value IV recorded in the memory is erased so that the data from (1) to C (4) cannot be reproduced. This causes the key K ₁ to decrypt C (1)
Can no longer be generated. But next time, C
In order to start reproduction from (5), the seed S ₄ of the key K ₅ for decrypting C (5) must be recorded. Therefore, the initial value IV is erased from the memory when the reproduction is started, or moved to the buffer if necessary thereafter. Then, when the reproduction is finished, S ₄ is recorded in the memory. As a result, the next time P (1) to P (4) cannot be decoded, the reproduction cannot be performed. On the other hand, by recording the start address of P (5) together with S ₄ in the memory, the next playback from P (5) can be performed even if fast-forwarding or rewinding from the position of P (5). It will be possible. In this example, S _i is the seed of the key K _{i + 1} used to decrypt C (i + 1), but two initial values I
By having V ₁ and IV ₂ , S _i may be the seed of the key K _{i + 2} used to decrypt C (i + 2). Similarly, by having an initial value IV of three, four, ...
It is possible to use S _i as a seed for decoding a unit block three or four ahead. Further, a plurality of seeds of K _{i + 2} may be set as S _i and S _{i + 1} , that is, a key may be generated based on two or more plaintexts in the past. The fact that S _i is the seed of K _{i + 1} , S _{i + 1} is the seed of K _{i + 2} , ... Is referred to as “chained” hereinafter.

Originally, the content of "copy prohibited" is broadcast for the purpose of being viewed only once at the time of broadcasting. Therefore, there is a possibility that it will be against the intention of the copyright holder to rewind and watch the reproduced portion, and thus it may not be permitted. However, it is natural that the current content of "copy prohibited" cannot be rewound and viewed, but it is possible to view it from the middle. Therefore, in the case of "copy prohibited" content, only fast-forwarding may be permitted. Therefore, if fast-forwarding is performed by the method described above, even if data is recorded on a randomly accessible hard disk or optical disk, it is always C (1).
I have to decrypt from. Therefore, if the content is viewed from the latter half, it takes a very long time to access that content. Therefore, the following configuration can be considered.

FIG. 10 shows its outline. The arrow in the drawing indicates that the information at the starting point of the arrow serves as a seed of a key for encrypting the information pointed to. Frequently resetting the chain of adjacent blocks, instead of resetting, a block called P (2-1) is provided next. P (2-
1) is encrypted with a key using the initial value IV as a seed.
Then, K _2-1 becomes a seed of the encryption keys of P (2-2) and P (3-1). With such a configuration, for example, P (3
-4), the initial value IV → P (2-
1) → P (3-1) → P (3-2) → P (3-3) → P
If decoding is performed in the order of (3-4), it becomes possible to access in a short time. Such a structure will be hereinafter referred to as two “hierarchies”. Then, P (2-
1), P (3-1), P (4-1), ... Are referred to as “second layer”. In the above-mentioned embodiment,
Although the case where the number of layers is two has been described, the number of layers may be three or more. However, if the number of layers is three or more, the time required for random access is shortened, but the method of encryption / decryption is complicated. From here, a function that generates a seed of a key that encrypts / decrypts a unit block of the first layer is h ₁ , and a function that generates a seed of a key that encrypts / decrypts a unit block of the second layer. Is described as h ₂ , ... Also, the seed of the key K _3-1 generated by K _{2 -1} of the second layer is T _2-1 and the seed of the key K _{4 -1} generated by K _3-1 is T _3-1 . To do.

Next, a method of making the once reproduced portion of the content unviewable in the case of a plurality of layers will be described. As shown in FIG. 11, the TS packet C
It is assumed that (1-1) to C (2-3) are reproduced. At the start of reproduction, the initial value IV is recorded in the memory. Then, the initial value IV is erased from the memory when the reproduction is started, or moved to the buffer when necessary thereafter, and when the reproduction is completed up to C (2-3), T
Record _2-1 and S _2-3 in the memory. The reason why S _2-3 is recorded is that K _2-4 is generated as in the case of not having a plurality of layers, that is, reproduction is possible from C (2-4). On the other hand, when the reproduction is completed up to C (2-3) and the next reproduction is to be performed from C (4-1), in order to randomly access C (4-1) of the second layer as quickly as possible, T The fastest way is to go from _{2-1 to} C (3-1) to C (4-1). Therefore, for random access, T
_{2-1 is} also recorded in the memory. By using the above method, reproduction from C (2-4) and random access become possible.

Up to this point, the description has been given of the case of recording "copy prohibited" digital contents on the digital VTR.
In this embodiment, 184 bytes corresponding to the digital content data of the MPEG TS packet has been taken as the size of the unit block, but this can take various sizes depending on the application.
When the chain as shown in FIG. 8 or FIG. 10 is performed through one content, the data may not be correctly reproduced by mistakenly reading or recording the data in the middle. In this case, since an error at one place occurs due to chaining after that, in order to prevent this, the initial value IV
It is also possible to reset the chain starting from multiple times within the same content. For example, by preparing a plurality of initial values IV as shown in FIG. 12, the chain is reset a plurality of times, so that error propagation can be prevented.

Although only the digital VTR has been described in this embodiment, in the case of "copy prohibited" contents, it can be realized by a hard disk recorder, an optical disk recorder, or the like.

Up to now, the case of the content of "copy prohibited" has been described, but hereinafter, when the digital content data sent from the broadcasting station is "copy once", the program is classified into one. As an example of a recording / reproducing apparatus capable of recording only on a medium, a recording / reproducing apparatus combining a hard disk recorder and a digital VTR will be described. As described above, a description will be given of the case of recording the digital content data of "copy once" by the recording / reproducing apparatus in which the hard disk recorder and the digital VTR are combined. The signal indicating "copy once" is recorded by the CGMS in the same manner as the signal indicating "copy prohibited". For example, in digital broadcasting, TS is digita
There is a descriptor called “l copy control descriptor”, and further there is a 2-bit field called “digital recording control data”. In the field, for example, “copy permitted” = 00, “copy once permitted” = 10, and “copy prohibited” = 11 are described. When the recording / reproducing apparatus detects 2 bits of “10” in the input signal, a constant Const _i is input to the initial vector generation function h _{i for} the same content, and an initial value IV = h _i (Const _i ). Hereinafter, the encryption is performed as in the case of "copy prohibition". Also, unlike the content that is "copy prohibited", the content that is "copy once" can be repeated many times. Therefore, the content that is "copy once" can be recorded only on another medium. We will delete the key. Therefore, at the time of reproduction, the initial value IV stored in the memory is referred to, but recording or erasing is not performed in the memory.

Considering the case as shown in FIG. 13, C (1-2) to C (2-2) recorded on the video tape.
And C (2-4) to C (3-2) are copied to the tape. At this time, before the start of copying, a plurality of IN points and OUT points are designated to start copying, and when the copying ends, the initial value IV of the memory is set to T _3-1 and S ₃ Rewrite to ₂ . This gives C (3-3)
After that, it can be played back on video tape, and C (3-2)
Previously, the initial value IV has been erased from the memory, and thus cannot be reproduced. In this way, the same function can be realized for the program of "copy once".

In the above, the description has been given for recording the "one-time copy allowed" digital content by the recording / reproducing apparatus in which the hard disk recorder and the digital VTR are combined. A hard disk recorder and a digital VTR
Although only the recording / reproducing apparatus in which the and are combined has been described, in the case of the content of "copy once", the hard disk drive unit can be replaced with a recording apparatus capable of random access such as an optical disk recorder,
The VTR section can be replaced with any recording device.

[0043]

As described above in detail, according to the encryption method of the present invention, the content of "copy prohibition" can be viewed only until the broadcasting until now. Content can now be viewed only once at the time you want to watch. Also, "copy once"
The contents can be copied and edited on another medium only once after being recorded on the medium. At that time, the security of the data on the video tape is ensured by being encrypted. Furthermore, if you see the content halfway to the "copy prohibited" content, it is possible to realize the function of making it impossible to play back to the middle point by the method of deleting the seed of the decryption key up to that point. Is. Similarly, the content that is "copy once" can be made unplayable in the portion copied to another medium. Further, since the seed of the encryption key is an encryption key other than the predetermined unit block, the number of bits is smaller than that of plaintext or the like used as the seed of the key, and thus the processing can be simplified. By adopting the chaining method, the capacity of the key seed information to be recorded can be very small. Further, since the chain has a plurality of layers, random access can be smoothly performed. Further, by recording the encryption key or the seed of the encryption key in the memory attached to the tape, it is possible to make a specific portion of the tape unreproducible even on a tape-shaped recording medium that cannot be randomly accessed.

[Brief description of drawings]

FIG. 1 is a diagram showing a basic configuration of a DES.

FIG. 2 is a diagram showing a structure of a 16-stage conversion unit which is a basic unit of DES.

FIG. 3 is a diagram showing a structure of a function f used in DES.

FIG. 4 is a block diagram showing a configuration of a recording unit of a digital VTR to which the encryption key management method according to the present invention is applied.

FIG. 5 is a block diagram showing a configuration of a reproducing unit of a digital VTR that reproduces a signal recorded by applying the encryption key management method according to the present invention.

FIG. 6 is a diagram showing a configuration of a video tape which is recorded by applying the encryption key management method according to the present invention and which has a nonvolatile memory in a housing.

FIG. 7 is a diagram showing a configuration of a non-contact type memory chip provided on a video tape, which is recorded by applying the encryption key management method according to the present invention.

FIG. 8: MPEG T in the encryption method according to the present invention
It is a figure which shows the structure of S, and the outline of encryption.

FIG. 9 is a diagram showing encryption by the encryption method according to the present invention, decryption method, and decryption by the decryption device.

FIG. 10 is a diagram showing a method for reproducing content encrypted by the encryption method according to the present invention.

FIG. 11 is a diagram showing an example of encryption by the encryption method according to the present invention.

FIG. 12 is a diagram showing another reproduction method of content encrypted by the encryption method according to the present invention.

FIG. 13 is a diagram showing another example of encryption by the encryption method according to the present invention.

FIG. 14 is a diagram showing a copy method of a recording / reproducing apparatus in which a hard disk recorder to which the encryption key management method according to the present invention is applied and a digital VTR are combined.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04N 5/91 H04N 5/91 P (72) Inventor Takayuki Sugawara 3-12 Moriya-cho, Kanagawa-ku, Yokohama-shi, Kanagawa Address In Japan Victor Co., Ltd. (72) Inventor Wataru Inaba 3-12 Moriya-cho, Kanagawa-ku, Yokohama, Kanagawa Prefecture In-house Japan Victor Co., Ltd. (72) Toshio Kuroiwa 3-chome, Moriya-cho, Kanagawa-ku, Yokohama No. 12 F-term within Victor Company of Japan (reference) 5C053 FA13 FA15 FA20 JA01 LA07 LA11 LA14 5D044 AB05 AB07 BC01 BC04 CC03 CC04 DE12 DE50 EF05 GK17 HL08 5J104 AA12 EA17 EA18 JA03 JA07

Claims (3)

[Claims] 1. When encrypting information in which a plurality of unit blocks are continuous for each unit block, a seed of an encryption key for encrypting a predetermined unit block, and decrypting the encrypted unit block. The seed of the encryption key for
An encryption unit that uses information based on an encryption key when a unit block other than the predetermined unit block is encrypted, a recording unit that records the encrypted information on a recording medium, and a read unit from the recording medium. A recording / reproducing apparatus having a decoding means for decoding and reproducing a plurality of unit blocks of the issued encrypted information for each unit block, when recording the encrypted information on the recording medium. The recording / reproducing apparatus, further comprising a memory, which is integrated with the recording medium, for recording the encryption key or the seed of the encryption key. 2. The recording / reproducing apparatus according to claim 1, wherein the plurality of unit blocks have a reproducing order. 3. The recording / reproducing apparatus according to claim 2, wherein seeds of an encryption key for encrypting the predetermined unit block are chained at least twice.