JP2004118830A - Limited-regional reproducing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a limited-regional viewing system which realizes limited-regional viewing by precluding a content from being correctly reproduced in a reproducing system in which a function for confirming a region code is bypassed. <P>SOLUTION: A content recorder enciphers the content based on the incorporated region code to record it in a recording medium, and the content reproducing device decodes the content based on the incorporated region code to reproduce it. <P>COPYRIGHT: (C)2004,JPO

Description

The present invention relates to a technique for supplying and reproducing a digital work, and more particularly to a technique for restricting the reproduction of a digital work according to an area where the digital work is supplied.

Various technologies for preventing unauthorized use of digital works and protecting rights of authors have been put to practical use.
According to Patent Literature 1, a technique for protecting copyright of a content such as a movie or a music clip or limiting a sales right is disclosed. According to this technology, the world is divided into six regions, and a DVD-Video disc and a playback device are assigned a region code (country region code) indicating each region. The playback device plays back the content recorded on the disc only when the region code of the playback device matches at least one of the region codes recorded on the disc. Here, the playback device has one region code, but two or more region codes can be recorded on the disc side. Once all the region codes have been recorded on the disc, the disc is virtually unregulated.
USP 6,141,483 "Recording medium for recording data, reproducing apparatus for reproducing data recorded on recording medium, and data reproducing system for reproducing data recorded on recording medium via network or the like" Nakano, Omori, Tatebayashi, “Key Management Method for Digital Content Protection”, 2001 Cryptography and Information Security Symposium, SCIS2001 5A-5, Jan. 2001.

However, it was modified to match the region code of the playback device with the region code recorded on the disc, or to bypass the function to check the region code recorded on the disc and the region code of the playback device. As a result, some reproduction devices that do not comply with the regulations based on the region code are on the market, and therefore, there is a problem that digital works are illegally used.

Therefore, in the present invention, in order to solve the above-mentioned problem, in a reproducing apparatus in which the built-in area information is illegally changed or an illegal remodeling that illegally bypasses confirmation by the area information is performed, It is an object of the present invention to provide an area-limited reproduction system, a supply apparatus, a reproduction apparatus, a recording medium, and a computer program that realizes area-limited reproduction by preventing the reproduction of a file.

In order to achieve the above object, the present invention provides a recording device for encrypting and recording digital content, a recording medium for recording the encrypted digital content, and a reproducing device for reading and decrypting the encrypted digital content from the recording medium. It is an area limited viewing system consisting of The recording device holds one or more region codes for specifying a region, and selects, from the region codes, a region code of a region where decryption of the encrypted digital content to be recorded on the recording medium is permitted. Then, the digital content is encrypted based on the selected area code and recorded on the recording medium. The playback device holds one of the area codes, reads the encrypted digital content from the recording medium, and decrypts the encrypted digital content based on the held area code.

Further, in the regional limited viewing system, the recording device holds device key data of the playback device, and encrypts media key data with the device key data, and the media key data. Encryption key data is generated from at least two pieces of information with the selected area code, and the encrypted digital content obtained by encrypting the digital content based on the encryption key data is recorded on the recording medium. The playback device reads two encrypted data from the recording medium, decrypts the encrypted media key data with the device key data to obtain the media key data, and decrypts the media key data. And decryption key data is generated from at least two pieces of information of the area code and the encrypted digital content is decrypted based on the decryption key data.

Further, in the limited area viewing system, the recording device and the reproducing device retain secret information set for each regional code instead of retaining the regional code.
Further, in the area limited viewing system, the recording device also records the selected area code on the recording medium, and the playback device has an area code held by the playback device and is recorded on the recording medium. It is determined whether or not the area code matches. If the area code does not match, the subsequent processing is not executed. If the area code matches, the subsequent processing is executed.

Further, in the regional limited viewing system, at least one of the processes of the recording device or the playback device is implemented by an IC card, and only the recording device or the playback device in which the IC card is inserted, The digital content can be encrypted or decrypted.
Further, the present invention is a recording apparatus for encrypting digital content and recording the encrypted digital content on a recording medium. The recording device holds one or more region codes for specifying a region, and from the region codes, selects a region code of a region where decryption of the encrypted digital content to be recorded on the recording medium is permitted, Digital content is encrypted based on the selected area code, and is recorded on the recording medium.

Further, the recording device holds device key data of the playback device, and encrypts media key data with the device key data, and at least one of the media key data and the selected area code. Encryption key data is generated from the two pieces of information, and the encrypted digital content obtained by encrypting the digital content based on the encryption key data is recorded on the recording medium.

Further, the present invention is a reproducing apparatus for reading and decoding encrypted digital content from a recording medium. The playback device holds one area code, reads the encrypted digital content from the recording medium, and decrypts the encrypted digital content based on the held area code.
Further, the playback device reads the three encrypted data from the recording medium, decrypts the encrypted media key data with device key data to obtain media key data, and decrypts the media key data obtained by decrypting the encrypted media key data with the area. A decryption key data is generated from at least two pieces of information including a code, and the encrypted digital content is decrypted based on the decryption key data.

Further, the present invention is a recording medium for recording data. The recording device records the encrypted digital content obtained by encrypting the digital content based on an area code for specifying an area on the recording medium.
Further, the present invention is a recording medium for recording data. The recording device holds device key data possessed by the reproducing device, and at least two pieces of information of encrypted media key data obtained by encrypting media key data with the device key data, and the media key data and the selected area code. And generates encrypted key data from the storage medium, and records the encrypted digital content encrypted based on the encrypted key data on the recording medium.

In addition, the present invention provides a recording apparatus for encrypting and recording digital content, a recording medium for recording the encrypted digital content, and a playback apparatus for reading and decrypting the encrypted digital content from the recording medium, and limiting the viewing area. System. The recording device manages a device key held by the playback device using one tree structure that partially defines a relationship shared with another playback device, and further manages a device key corresponding to the lowest layer of the tree structure. A device associated with the highest level of a partial tree in a region where the playback device to be attached is managed collectively for each region and associated with the same partial tree, and decryption of encrypted digital content recorded on the recording medium is permitted. Selecting a key, encrypting the digital content based on the selected device key, and recording the encrypted digital content on the recording medium; The playback device holds a plurality of device keys, reads encrypted digital content from the recording medium, and decrypts the encrypted digital content based on the held device keys.

In addition, the present invention provides a recording apparatus for encrypting and recording digital content, a recording medium for recording the encrypted digital content, and a playback apparatus for reading and decrypting the encrypted digital content from the recording medium, and limiting the viewing area. System. The recording device prepares and manages, for each region, a tree structure that defines a relationship partially shared with another reproduction device, and manages a device key held by the reproduction device, and encrypts the recording device on the recording medium. All the device keys associated with the top of the tree structure of the region where the digital content is permitted to be decrypted are selected, and the digital content is encrypted based on the selected device key and recorded on the recording medium. The playback device holds a plurality of device keys, reads the encrypted digital content from the recording medium, and decrypts the encrypted digital content based on the held plurality of device keys.

The present invention is also a recording device for encrypting and recording digital content. The recording device manages a device key held by the playback device using one tree structure that partially defines a relationship shared with another playback device, and further manages a device key corresponding to the lowest layer of the tree structure. A device associated with the same partial tree, wherein the playback device attached to each region is managed in association with the same partial tree, and is associated with the top of the partial tree of the regional area where decryption of the encrypted digital content to be recorded on the recording medium is permitted. Selecting a key, encrypting the digital content based on the selected device key, and recording the encrypted digital content on the recording medium;

The present invention is also a recording device for encrypting and recording digital content. The recording device prepares and manages, for each region, a tree structure that defines a relationship partially shared with another reproduction device, and manages a device key held by the reproduction device, and encrypts the recording device on the recording medium. All the device keys associated with the top of the tree structure of the region where the digital content is permitted to be decrypted are selected, and the digital content is encrypted based on the selected device key and recorded on the recording medium.

Also, the present invention is a recording medium for encrypting and recording digital content. The recording device manages the device key held by the playback device using one tree structure that partially defines a relationship shared with another playback device, and further associates the device key with the lowest layer of the tree structure. A device key associated with the top of a partial tree of a region where decryption of encrypted digital content to be recorded on the recording medium is managed by hardening the playback device for each region in association with the same partial tree. Is recorded, and the encrypted digital content obtained by encrypting the digital content based on the selected device key is recorded.

Also, the present invention is a recording medium for encrypting and recording digital content. The recording device prepares and manages, for each region, a tree structure that defines a relationship shared by the playback device with a device key held by the playback device in part, and records the encrypted digital data on the recording medium. All the device keys associated with the highest level of the tree structure of the region where the decryption of the content is permitted are selected, and the encrypted digital content obtained by encrypting the digital content based on the selected device key is recorded.

In addition, the present invention provides a recording apparatus for encrypting and recording digital content, a recording medium for recording the encrypted digital content, and a playback apparatus for reading and decrypting the encrypted digital content from the recording medium, and limiting the viewing area. System. The recording device holds only one area code for specifying an area, encrypts digital content based on the held area code, and records the digital content on the recording medium. The playback device holds only one area code, reads the encrypted digital content from the recording medium, and decrypts the encrypted digital content based on the held area code.

As described above, the present invention is an area-limited playback system for limiting content reproduction according to an area, and encrypts content based on first area information indicating an area to generate encrypted information. The supply device that supplies the generated encryption information, and the second area information indicating the area are stored in advance, the encryption information is obtained, and the obtained information is obtained based on the stored second area information. A decryption device that attempts to decrypt the encrypted information and, if decrypted successfully, generates content and reproduces the generated content.

According to this configuration, the supply device encrypts the content on the basis of the first region information indicating the region, generates and supplies the encrypted information, and the playback device performs the encryption based on the second region information stored in advance. Attempts to decrypt the obtained encrypted information, and if the decryption is successful, the content is generated. Therefore, the second area information is illegally changed, or the reproduction is performed by bypassing the confirmation function based on the second area information. The device cannot correctly decrypt the encrypted information. Thus, the content cannot be correctly reproduced, and as a result, the area-limited reproduction can be realized.

1. First Embodiment A copyright protection system 10 according to a first embodiment of the present invention will be described.
1.1 Configuration of Work Protection System 10 As shown in FIG. 1, the work protection system 10 includes a key management device 100, a key information recording device 200, recording devices 300a, 300b, 300c,. , 400b, 400c,...

The key management device 100 records the key information by using the key information recording device 200 on a recording medium 500a, which is a recordable medium such as a DVD-RAM, on which no information is currently recorded, and records the key information. The recorded recording medium 500b is generated in advance. Further, the key management device 100 allocates a device key for decrypting key information to each of the recording devices 300a, 300b, 300c,... And the playback devices 400a, 400b, 400c,. The device key, device key identification information for identifying the device key, and ID information for identifying the recording devices 300a, 300b, 300c,... And the reproducing devices 400a, 400b, 400c,. , 300b, 300c,... And the playback devices 400a, 400b, 400c,.

The recording device 300a encrypts the digitized content to generate an encrypted content, records the generated encrypted content on the recording medium 500b, and generates the recording medium 500c. The playback device 400a extracts the encrypted content from the recording medium 500c, and decrypts the encrypted content to obtain the original content. The recording devices 300b, 300c, ... operate in the same manner as the recording device 300a, and the playback devices 400b, 400c, ... operate in the same manner as the playback device 400a.

In the following, the recording devices 300b, 300c,... And the reproducing devices 400b, 400c,.
1.1.1 Key Management Device 100
As shown in FIG. 2, the key management device 100 includes a tree structure construction unit 101, a tree structure storage unit 102, a device key allocation unit 103, an invalidation device designation unit 104, a tree structure update unit 105, a key information header generation unit 106 And a key information generation unit 107.

The key management device 100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The key management device 100 achieves its functions by the microprocessor operating according to the computer program.

(1) Tree structure storage unit 102
The tree structure storage unit 102 is specifically composed of a hard disk unit, and has a tree structure table D100 as shown as an example in FIG.
The tree structure table D100 corresponds to the tree structure T100 shown as an example in FIG. 4, and shows a data structure for expressing the tree structure T100. As will be described later, a data structure for expressing the tree structure T100 by the tree structure construction unit 101 is generated as a tree structure table D100 and written to the tree structure storage unit 102.

(Tree structure T100)
As shown in FIG. 4, the tree structure T100 is a binary tree including five layers from layer 0 to layer 4. Since the tree structure T100 is a binary tree, each node (excluding leaves) of the tree structure T100 is connected to two lower nodes via two paths. Layer 0 contains one node that is the root, layer 1 contains two nodes, layer 2 contains four nodes, and layer 3 contains eight nodes. , Layer 4 includes 16 nodes as leaves. In the tree structure, the lower side indicates the leaf side, and the upper side indicates the root side.

Of the two paths connecting each node (except the leaf) of the tree structure T100 and the lower node, one of the left paths is assigned the number “0”, and the other is the number “0”. Is assigned a number “1”. Here, on the page of FIG. 4, a path connected from the node to the lower left side with respect to each node is referred to as a left path, and a path connected from the node to the lower right side is referred to as a right path. I have.

ノ ー ド Each node is given a node name. The node name of the node that is the root is “root”. In addition, a character string having the same number of characters as the value indicated by the number of layers is given as a node name to nodes belonging to layers lower than layer 1 including layer 1. This character string is generated by arranging the numbers assigned to the route from the root to the node in order from the top. For example, the node names of two nodes belonging to layer 1 are “0” and “1”, respectively. The node names of the four nodes belonging to layer 2 are “00”, “01”, “10”, and “11”, respectively. The node names of the eight nodes belonging to layer 3 are “000”, “001”, “010”, “011”,..., “101”, “110”, and “111”. The node names of the 16 nodes belonging to layer 4 are “0000”, “0001”, “0010”, “0011”,..., “1100”, “1101”, “1110”, and “1111”. ".

(Tree structure table D100)
The tree structure table D100 is configured to include the same number of node information as the nodes included in the tree structure T100, and each node information corresponds to each node configuring the tree structure T100.
Each node information includes a node name, a device key, and a revocation flag.

The node name is a name for identifying a node corresponding to the node information.
The device key is a key assigned to a node corresponding to the node information.
The revocation flag is a flag indicating whether or not the device key corresponding to the node information has been revoked. When the revocation flag is “0”, it indicates that the device key has not been revoked. When the invalidation flag is “1”, it indicates that the invalidation has been performed.

Each node information is stored in the tree structure table D100 in the order according to the following order rule 1. The order rule 1 shown here is applied even when each node information is sequentially read from the tree structure table D100 by the recording devices 300a, 300b, 300c,..., The reproducing devices 400a, 400b, 400c,. Is done.
(A) In the tree structure table D100, node information corresponding to nodes belonging to each layer is stored in ascending order of the number of layers of the tree structure T100. Specifically, in the tree structure table D100, one piece of node information corresponding to one route belonging to layer 0 is first stored, and then two nodes corresponding to two nodes belonging to layer 1 are stored. Pieces of node information are stored, and then four pieces of node information corresponding to the four nodes belonging to layer 2 are stored. The same applies hereinafter.

(B) For nodes belonging to each layer, corresponding node information is stored in ascending order of node names identifying each node.
Specifically, each node information is stored in the tree structure table D100 shown in FIG. 3 in the following order.
"Route", "0", "1", "00", "01", "10", "11", "000", "001", "010", "011", ..., "101" , "110", "111", "0000", "0001", "0010", "0011", ..., "1100", "1101", "1110", "1111"
Here, the order in which each node information is stored is indicated by the node name included in each node information.

(2) Tree structure construction unit 101
The tree structure construction unit 101 constructs a data structure of an n-ary tree for managing device keys as described below, and stores the constructed tree structure in the tree structure storage unit 102. Here, n is an integer of 2 or more, and as an example, n = 2.
The tree structure construction unit 101 first generates node information including “root” as a node name, and writes the node information to the tree structure table of the tree structure storage unit 102.

Next, the tree structure construction unit 101 generates node names “0” and “1” for identifying two nodes with respect to layer 1, and generates two node names including the generated node names “0” and “1”, respectively. Is generated, and the generated two pieces of node information are added in this order to the tree structure table of the tree structure storage unit 102 and written.
Next, the tree structure construction unit 101 generates node names “00”, “01”, “10”, and “11” for identifying four nodes for layer 2, and generates the generated node names “00”, Four pieces of node information including “01”, “10”, and “11” are generated, and the generated four pieces of node information are added to the tree structure table of the tree structure storage unit 102 in this order. And write.

Thereafter, the tree structure construction unit 101 performs the generation of the node information and the writing to the tree structure table for the layers 3 and 4 in this order in the same manner as described above.
Next, the tree structure construction unit 101 generates a device key using a random number for each node of the tree structure, and writes the generated device key in the tree structure table in association with each node.
(3) Device key assignment unit 103
The device key assignment unit 103 appropriately associates a leaf to which a user device is not assigned with a user device to which a device key is to be assigned from the tree structure stored in the tree structure storage unit 102 as described below. Device key, and outputs the selected device key to the user device.

The device key assignment unit 103 has a 4-bit variable ID.
The device key assignment unit 103 repeats the following processes (a) to (f) 16 times. In each of the 16 repetitions, the variable ID holds a value of “0000”, “0001”, “0010”,..., “1110”, “1111”. By repeating 16 times, the device key assignment unit 103 assigns ID information and 5 device keys to each of the 16 user devices.

(A) The device key assignment unit 103 acquires node information including the node name of “root” from the tree structure table of the tree structure storage unit 102, and extracts a device key included in the acquired node information. The extracted device key is the device key assigned to the root.
(B) The device key assignment unit 103 acquires, from the tree structure table of the tree structure storage unit 102, node information including the node name consisting of the first one bit of the variable ID, and acquires the device key included in the acquired node information. Extract. Here, the extracted device key is referred to as a device key A.

(C) The device key assignment unit 103 acquires node information including a node name consisting of the first two bits of the variable ID from the tree structure table of the tree structure storage unit 102, and assigns the device key included in the acquired node information. Extract. Here, the extracted device key is referred to as a device key B.
(D) The device key assignment unit 103 acquires node information including a node name consisting of the first three bits of the variable ID from the tree structure table of the tree structure storage unit 102, and assigns a device key included in the acquired node information to the node information. Extract. Here, the extracted device key is referred to as a device key C.

(E) The device key assignment unit 103 acquires, from the tree structure table included in the tree structure storage unit 102, node information including a node name including the first 4 bits of the variable ID, and acquires the device key included in the acquired node information. Extract. Here, the extracted device key is referred to as a device key D.
(F) The device key assignment unit 103 stores the variable ID as ID information, the device key assigned to the root, the device keys A, B, C, D assigned to each node, and the five device keys. The five device key identification information items to be identified are written to the key information storage unit of the user device.

Thus, the key information storage unit of each user device stores the ID information, the five device key identification information, and the five device keys as shown as an example in FIG. Here, the five device key identification information and the five device keys are associated with each other. Each device key identification information is the number of layers (layer number) to which the node to which the corresponding device key is assigned belongs.

As described above, the ID information and the five device keys are assigned to each of the 16 user devices.
As an example, as described above, the tree structure T100 illustrated in FIG. 4 is a binary tree having five layers, and includes 16 leaves. Here, it is assumed that there are 16 user devices, and each of the 16 user devices corresponds to 16 leaves. Each user device is provided with a device key assigned to a node located on a path from a corresponding leaf to a root in the tree structure T100. For example, the user device 1 is given five device keys of IK1, KeyH, KeyD, KeyB, and KeyA. Further, for example, the user device 1 is provided with ID information “0000”, and the user device 14 is provided with ID information “1101”.

(4) Invalidation device designation unit 104
The revocation device specifying unit 104 receives one or more pieces of ID information for identifying one or more user devices to be revoked from the operation manager of the key management device 100, and transmits the received ID information to the tree structure updating unit 105. Output to
(5) Tree structure updating unit 105
The tree structure updating unit 105 receives one or more pieces of ID information from the invalidation device specifying unit 104. Upon receiving the ID information, the following processes (a) to (d) are repeated for each of the received one or more pieces of ID information.

(A) The tree structure update unit 105 acquires node information including the received ID information as a node name from the tree structure table of the tree structure storage unit 102, and adds an invalidation flag “1” to the acquired node information. Then, the node information to which the invalidation flag “1” is added is overwritten on the tree structure table at the position where the acquired node information is stored.
(B) The tree structure updating unit 105 acquires node information including the first three bits of the received ID information as a node name from the tree structure table of the tree structure storage unit 102, and acquires the acquired node information in the same manner as described above. To the tree structure table by adding an invalidation flag “1” to the table.

(C) The tree structure updating unit 105 acquires node information including the first two bits of the received ID information as a node name from the tree structure table of the tree structure storage unit 102, and acquires the acquired node information in the same manner as described above. To the tree structure table by adding an invalidation flag “1” to the table.
(D) The tree structure updating unit 105 acquires node information including “root” as a node name from the tree structure table of the tree structure storage unit 102, and adds an invalidation flag “ "1" is added to overwrite the tree structure table.

As described above, based on the ID information received from the invalidation device specifying unit 104, the tree structure updating unit 105 determines, based on the ID information received from the leaf indicated by the received ID information, everything existing on the path from the leaf indicated by the received ID information to the node. Invalidate the node.
In the tree structure T100 illustrated in FIG. 4, when it is assumed that the user devices indicated by the ID information “0000”, “1010”, and “1011” are invalidated, the tree structure in which the nodes are invalidated as described above. T200 is shown in FIG.

The tree structure table D100 has an invalidation flag added corresponding to the tree structure T200.
In the tree structure T200, all nodes existing on the path from the leaf corresponding to the user device 1 indicated by the ID information “0000” to the root, from the leaf corresponding to the user device 11 indicated by the ID information “1010” to the root , All nodes existing on the path from the leaf to the root corresponding to the user device 12 indicated by the ID information “1011” are marked with “X”. Indicates a disabled node.

In the tree structure table D100, an invalidation flag is added to the node information corresponding to the invalidated node.
(6) Key information header generator 106
The key information header generation unit 106 has a variable i indicating the number of layers and a variable j indicating the name of a node included in the layer.

The key information header generation unit 106 repeats the following process (a) for the number of layers included in the tree structure. In each of the repetitions for the number of layers, the variable i indicating the number of layers holds values of “0”, “1”, “2”, and “3”.
(A) The key information header generation unit 106 repeats the following processes (a-1) to (a-3) for each node by the number of all nodes included in the layer whose number of layers is indicated by the variable i. . Here, a target node name to be subjected to the processes (a-1) to (a-3) is indicated by a variable j.

(A-1) The key information header generation unit 106 acquires node information including a node name obtained by joining “0” to a variable j from the tree structure table of the tree structure storage unit 102, The node information including the node name obtained by combining “1” is obtained.
The two pieces of node information thus obtained correspond to the two lower nodes connected immediately below the target node indicated by the variable j.

(A-2) The key information header generation unit 106 checks whether or not both of the invalidation flags included in each of the two pieces of acquired node information are “0”, and if both are “0”, , The two invalidation flags included in each of the obtained two pieces of node information are arranged in the order in which the two pieces of node information are stored in the tree structure table, and the node invalidation is performed. Generate a pattern (Node \ Revocation \ Pattern, hereinafter referred to as NRP).

Specifically, if the invalidation flags included in each of the two pieces of acquired node information are “0” and “0”, no node invalidation pattern is generated.
If the invalidation flags included in each of the two pieces of acquired node information are “1” and “0”, NRP {10} is generated.
If the invalidation flags included in each of the two pieces of acquired node information are “0” and “1”, NRP {01} is generated.

When the invalidation flags included in each of the two pieces of acquired node information are “1” and “1”, NRP {11} is generated.
(A-3) The key information header generation unit 106 outputs the generated NRP to the key information recording device 200.
As described above, the key information header generation unit 106 checks, for each node in the tree structure layer, whether two lower nodes directly connected to the lower side of the node are invalidated. If one of the two lower nodes is invalidated, the NRP is generated as described above. In the tree structure T200 shown in FIG. 5, NRPs generated corresponding to the nodes are shown near nodes marked with a cross.

In addition, since the key information header generation unit 106 outputs the NRP in the above-described repetition, in the case shown in FIG. 5, a plurality of NRPs shown as an example in FIG. 6 are generated and output. The key information header generator 106 outputs the plurality of NRPs as header information.
In the tree structure T200 illustrated in FIG. 5, the user device 1, the user device 11, and the user device 12 are each invalidated. Here, nodes existing on the route from the leaf corresponding to each user device to be invalidated to the root (nodes marked with a cross in FIG. 5) are referred to as invalidated nodes. In addition, the case where the child node of one node is an invalidation node is represented by “1”, and the case where it is not the case is represented by “0”. It is. The NRP is n-bit information in the case of an n-ary tree. Regarding the root T201 of the tree structure T200 in FIG. 5, the NRP is expressed as {11} because both the child nodes are invalidation nodes. The NRP assigned to the node T202 is expressed as {10}. Also, although the node T203 is an invalidated node, it is a leaf having no child node, and thus no NRP is added.

As shown as an example in FIG. 6, the header information D200 is composed of NRP {11}, {10}, {10}, {10}, {01}, {10}, {11}. Include in order.
Note that the positions where the plurality of NRPs are stored in the header information D200 are determined. This position is determined by the above repetition. As shown in FIG. 6, NRP {11} at positions determined by “0”, “1”, “2”, “3”, “4”, “5” and “6” in the header information D200, respectively. , {10}, {10}, {10}, {01}, {10}, {11}.

As described above, the key information header generation unit 106 extracts one or more NRPs of the invalidation node, and outputs the extracted NRP to the key information recording device 200 as header information of the key information. At this time, the key information header generation unit 106 arranges a plurality of NRPs in order of level. That is, a plurality of NRPs are arranged in order from an upper layer to a lower layer, and NRPs having the same layer are arranged in order from left to right. Note that the arrangement of the NRPs may be based on a certain rule. For example, when the layers are the same, the NRPs may be arranged in order from right to left.

(7) Key information generation unit 107
The key information generation unit 107 has a variable i indicating the number of layers and a variable j indicating the name of a node included in the layer, similarly to the key information header generation unit 106.
The key information generation unit 107 repeats the following process (a) for the number of layers except for the layer 0 included in the tree structure. In each of the repetitions for the number of layers, the variable i indicating the number of layers holds the values of “1”, “2”, and “3”.

(A) The key information generation unit 107 repeats the following processes (a-1) to (a-3) for each node by the number of all nodes included in the layer whose number is indicated by the variable i. Here, a target node name to be subjected to the processes (a-1) to (a-3) is indicated by a variable j.
(A-1) The key information generation unit 107 acquires node information including the variable j as a node name from the tree structure table of the tree structure storage unit 102, and sets the invalidation flag included in the acquired node information to “1”. ”Or“ 0 ”.

(A-2) When the invalidation flag is “0”, the key information generation unit 107 further determines whether or not encryption has been performed with the device key corresponding to the upper node connected to the target node. Judge.
(A-3) When the encryption has not been performed, the key information generation unit 107 extracts the device key included in the acquired node information, applies the encryption algorithm E1, and uses the extracted device key. Then, the generated media key is encrypted to generate an encrypted media key.

Encrypted media key = E1 (device key, media key)
Here, E (A, B) indicates that the data B is encrypted using the key A by applying the encryption algorithm E.
Further, the encryption algorithm E1 is, for example, DES (Data Encryption Standard).

Next, the key information generation unit 107 outputs the generated encrypted media key to the key information recording device 200.
When the invalidation flag “1” is added or when encryption is performed, the process (a-3) is not performed.
As described above, the key information generation unit 107 outputs the encrypted media key in the above-described repetition. Therefore, in the case shown in FIG. 5, a plurality of encrypted media shown in FIG. A key is generated and output. The key information generation unit 107 outputs the plurality of encrypted media keys as key information D300.

The positions where the plurality of encrypted media keys are stored in the key information D300 are defined. This position is determined by the above repetition. As shown in FIG. 7, at positions determined by “0”, “1”, “2”, “3” and “4” in the key information D300, the encrypted media key E1 (KeyE, media key), E1 (KeyG, media key), E1 (KeyI, media key), E1 (KeyL, media key), and E1 (IK2, media key) are arranged.

1.1.2 Key Information Recording Device 200
The key information recording device 200 receives header information from the key information header generation unit 106, receives key information from the key information generation unit 107, and writes the received header information and key information to the recording medium 500a.
1.1.3 Recording media 500a, b, c
The recording medium 500a is a recordable medium such as a DVD-RAM, on which no information has been recorded.

The recording medium 500b is obtained by writing the key information with the header information added thereto by the key management device 100 and the key information recording device 200 as described above.
The recording medium 500c has the encrypted content written on the recording medium 500b by any of the recording devices 300a, 300b, 300c,... As described above.

As shown in FIG. 8, the recording medium 500c records key information to which header information is added and encrypted content.
1.1.4 Recording Devices 300a, 300b, 300c,...
As shown in FIG. 8, the recording device 300a includes a key information storage unit 301, a decryption unit 302, a specification unit 303, an encryption unit 304, and a content storage unit 305. Since the recording devices 300b, 300c,... Have the same configuration as the recording device 300a, their description is omitted.

The recording device 300a is specifically configured to include a microprocessor, a ROM, a RAM, and the like, and the RAM stores a computer program. The recording device 300a achieves its functions by the microprocessor operating according to the computer program.
A recording medium 500b is mounted on the recording device 300a. The recording device 300a analyzes the header information stored in the recording medium 500b based on the ID information stored therein, and specifies the position of the encrypted media key to be decrypted and the device key to be used. Then, decryption is performed using the specified device key to obtain a media key. Next, the digital content is encrypted using the obtained media key, and the encrypted content is recorded on the recording medium 500b.

(1) Key information storage unit 301
The key information storage unit 301 includes an area for storing ID information, five device keys, and five device key identification information for identifying the five device keys, respectively.
(2) Identifying unit 303
The specifying unit 303 operates on the assumption that the key information header generation unit 106 included in the key management device 100 generates the header information of the key information according to the above-described order rule 1.

The identification unit 303 reads out the ID information from the key information storage unit 301. The header information and the key information are read from the recording medium 500b. Next, the identification unit 303 uses the read ID information and the read header information to sequentially examine the header information from the upper level, thereby determining the position where one encrypted media key exists from the key information. X and data key identification information for identifying a device key used for decrypting the encrypted media key. The detailed operation for specifying the position X where the encrypted media key exists and the device key identification information will be described later.

Next, the identification unit 303 outputs the identified one encrypted media key and the determined one device key identification information to the decryption unit 302.
(3) Decoding section 302
The decryption unit 302 receives one encrypted media key and one device key identification information from the identification unit 303. When one encrypted media key and one device key identification information are received, the device key identified by the received device key identification information is read out from the key information storage unit 301 and read out by applying the decryption algorithm D1. The received media key is decrypted using the device key to generate a media key.

Media key = D1 (device key, encrypted media key)
Here, D (A, B) means that the decryption algorithm D is applied, the encrypted data B is decrypted using the key A, and the original data is generated.
The decryption algorithm D1 corresponds to the encryption algorithm E1, and is an algorithm for decrypting data encrypted by applying the encryption algorithm E1.

Next, the decryption unit 302 outputs the generated media key to the encryption unit 304.
Each block illustrated in FIG. 8 is connected to another block by a connection line. However, some connection lines are omitted. Here, each connection line indicates a path through which signals and information are transmitted. In addition, among the plurality of connection lines connected to the block indicating the decryption unit 302, those having a key mark on the connection line indicate a path through which information as a key is transmitted to the decryption unit 302. . The same applies to the block indicating the encryption unit 304. The same applies to other drawings.

(4) Content storage unit 305
The content storage unit 305 stores content that is a literary work such as digitized music.
(5) Encryption unit 304
The encryption unit 304 receives the media key from the decryption unit 302 and reads out the content from the content storage unit 305. Next, the encryption unit 304 applies the encryption algorithm E2, encrypts the read content using the received media key, and generates encrypted content.

Encrypted content = E2 (media key, content)
Here, the encryption algorithm E2 is, for example, an encryption algorithm based on DES.
Next, the encryption unit 304 writes the generated encrypted content to the recording medium 500b. Thus, the recording medium 500c on which the encrypted content is written is generated.

1.1.5 Playback devices 400a, 400b, 400c, ...
As shown in FIG. 9, the playback device 400a includes a key information storage unit 401, a specification unit 402, a decryption unit 403, a decryption unit 404, and a playback unit 405. Since the playback devices 400b, 400c,... Have the same configuration as the playback device 400a, description thereof will be omitted.

The playback device 400a specifically includes a microprocessor, a ROM, a RAM, and the like, and a computer program is stored in the RAM. The playback device 400a achieves its functions by the microprocessor operating according to the computer program.
Here, the key information storage unit 401, the identification unit 402, and the decryption unit 403 have the same configurations as the key information storage unit 301, the identification unit 303, and the decryption unit 302 included in the recording device 300a, respectively. Therefore, the description is omitted.

The recording medium 500c is mounted on the playback device 400a. The playback device 400a analyzes the header information stored in the recording medium 500c based on the ID information stored therein, and specifies the position of the encrypted media key to be decrypted and the device key to be used. Then, decryption is performed using the specified device key to obtain a media key. Next, the reproducing device 400a decrypts the encrypted content recorded on the recording medium 500c and reproduces the content by using the obtained media key. (1) Decryption unit 404
The decryption unit 404 receives the media key from the decryption unit 403, reads the encrypted content from the recording medium 500c, applies the decryption algorithm D2, and decrypts the read encrypted content using the received media key. , And outputs the generated content to the reproducing unit 405.

Content = D2 (media key, encrypted content)
Here, the decryption algorithm D2 corresponds to the encryption algorithm E2, and is an algorithm for decrypting data encrypted by applying the encryption algorithm E2.
(2) Reproduction unit 405
The reproduction unit 405 receives the content from the decryption unit 404 and reproduces the received content. For example, when the content is music, the reproducing unit 405 converts the content into sound and outputs the sound.

1.2. Operation of the Copyrighted Work Protection System 10 The operation of the copyrighted work protection system 10 will be described.
1.2.1 Operation of assigning a device key, generating a recording medium, and encrypting or decrypting content Here, an operation of allocating a device key to a user device, an operation of generating key information and writing to a recording medium, and a user device Will be described with reference to the flowchart shown in FIG. In particular, the operation of each device until the device key is exposed by an unauthorized third party will be described.

The tree structure construction unit 101 of the key management device 100 generates a tree structure table representing the tree structure, writes the generated tree structure table into the tree structure storage unit 102 (step S101), and then, for each node of the tree structure. A device key is generated, and the generated device key is written in the tree structure table in association with each node (step S102). Next, the device key assignment unit 103 outputs the device key, the device key identification information, and the ID information to the corresponding user device (Steps S103 to S104). The key information storage unit of the user device receives the device key, the device key identification information, and the ID information (Step S104), and records the received device key, the device key identification information, and the ID information (Step S111).

In this way, a user device recording the device key, the device key identification information, and the ID information is produced, and the produced user device is sold to the user.
Next, the key information generation unit 107 generates a media key (Step S105), generates key information (Step S106), and outputs the generated key information to the recording medium 500a via the key information recording device 200 ( Steps S107 to S108), the recording medium 500a records the key information (step S121).

In this manner, the recording medium 500b on which the key information is recorded is generated, and the generated recording medium 500b is distributed to users by selling or the like.
Next, the recording medium in which the key information is recorded is mounted on the user device, and the user device reads the key information from the recording medium (step S131), and is assigned to the user device itself using the read key information. The encrypted media key is identified (step S132), the media key is decrypted (step S133), and the content is encrypted using the decrypted media key and written on the recording medium 500b, or the encrypted content is recorded. The encrypted content is read from the stored recording medium 500c, and the read encrypted content is decrypted using the decrypted media key to generate the content (step S134).

As described above, the encrypted content is written on the recording medium 500b by the user device, the encrypted content is read from the recording medium 500c on which the encrypted content is recorded by the user device, decrypted, and the content is reproduced.
Next, an unauthorized third party illegally acquires the device key assigned to the user device by some means. An unauthorized third party distributes the content illegally or produces and sells an unauthorized device imitating a legitimate user device.

The operation manager of the key management device 100 or the copyright holder of the content knows that the content is distributed illegally or that an unauthorized device is distributed, and reports that the device key has been leaked. know.
1.2.2 Operation after device key is revealed Here, after the device key has been disclosed by an unauthorized third party, the invalidation of a node in the tree structure corresponding to the disclosed device key is performed. The operation, the operation of generating new key information and writing to a recording medium, and the operation of encrypting or decrypting content by the user device will be described with reference to the flowchart shown in FIG.

(4) The revocation device specifying unit 104 of the key management device 100 receives one or more pieces of ID information of one or more user devices to be revoked, and outputs the received ID information to the tree structure updating unit 105 (Step S151). Next, the tree structure update unit 105 receives the ID information, updates the tree structure using the received ID information (step S152), and the key information header generation unit 106 generates the header information and generates the generated header. The information is output to the key information recording device 200 (step S153), the key information generation unit generates a media key (step S154), generates key information (step S155), and stores the generated key information in the key information recording device. 200 (steps S156 to S157), and the recording medium 500a records the key information (step S161).

In this way, the recording medium 500b on which the new key information is recorded is generated, and the generated recording medium 500b is sold or distributed to users.
Next, the recording medium on which the new key information is recorded is mounted on the user device, and the user device reads the key information from the recording medium (step S171), and uses the read key information to send the key information to the user device itself. The assigned encrypted media key is specified (step S172), the media key is decrypted (step S173), and the content is encrypted and written to the recording medium 500b using the decrypted media key, or the encrypted content is recorded. The encrypted content is read out from the recorded recording medium 500c and decrypted using the decrypted media key to generate the content (step S174).

As described above, the encrypted content is written on the recording medium 500b by the user device, or the encrypted content is read from the recording medium 500c on which the encrypted content is recorded and decrypted by the user device to reproduce the content.
1.2.3 Operation for Constructing and Storing Tree Structure Here, the flowchart shown in FIG. This will be described with reference to FIG. The operation described here is the details of step S101 in the flowchart shown in FIG.

First, the tree structure construction unit 101 generates node information including “root” as the node name, and writes the node information to the tree structure table of the tree structure storage unit 102 (step S191).
Next, the tree structure construction unit 101 repeats the following steps S193 to S194 for the layer i (i = 1, 2, 3, 4).
The tree structure construction unit 101 generates 2 ⁱ character strings as node names (step S193), and sequentially writes node information including the generated 2 ⁱ character strings as node names in the tree structure table (step S194). ).

1.2.4 Operation of Outputting Device Key and ID Information to Each User Apparatus Here, FIG. 13 is a flowchart showing an operation of outputting the device key and ID information to each user apparatus by the device key assignment unit 103. It will be described using FIG. The operation described here is the details of step S103 in the flowchart shown in FIG.
The device key assignment unit 103 changes the variable IDs to “0000”, “0001”, “0010”,..., “1110”, “1111”, and for each variable ID, the following step S222 To S227 are repeated.

The device key assignment unit 103 acquires the device key assigned to the root (step S222), acquires the device key A assigned to the node having the first bit of the variable ID as the node name (step S223), The device key B assigned to the node having the first two bits of the ID as the node name is obtained (step S224), and the device key C assigned to the node having the first three bits of the variable ID as the node name is obtained (step S224). In step S225, a device key D assigned to a node having the first 4 bits of the variable ID as a node name is obtained (step S226), and a variable ID as ID information, a device key assigned to a root, and a The device keys A, B, C, and D are output to the user device (step S227).

1.2.5 Operation of Updating Tree Structure Here, the operation of updating the tree structure by the tree structure updating unit 105 will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S152 in the flowchart shown in FIG.
The tree structure updating unit 105 repeats the following steps S242 to S246 for each of the one or more pieces of ID information received from the invalidation device specifying unit 104.

The tree structure updating unit 105 acquires node information including the received ID information as a node name, and adds an invalidation flag “1” to the acquired node information (step S242).
Next, the tree structure updating unit 105 acquires node information including the first three bits of the received ID information as a node name, and adds an invalidation flag “1” to the acquired node information (step S243).

Next, the tree structure updating unit 105 acquires node information including the first two bits of the received ID information as a node name, and adds an invalidation flag “1” to the acquired node information (step S244).
Next, the tree structure updating unit 105 acquires node information including the first bit of the received ID information as a node name, and adds an invalidation flag “1” to the acquired node information (step S245).

Next, the tree structure updating unit 105 acquires node information including “root” as a node name, and adds an invalidation flag “1” to the acquired node information (Step S246).
1.2.6 Operation for Generating Header Information Here, the operation for generating header information by the key information header generation unit 106 will be described using the flowchart shown in FIG. The operation described here is the details of step S153 in the flowchart shown in FIG.

The key information header generation unit 106 repeats steps S262 to S266 for each layer from layer 0 to layer 3. Further, the key information header generation unit 106 repeats steps S263 to S265 for each target node included in each layer.
The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S263), and adds an invalidation flag to each of the two selected lower nodes. It is checked whether or not the NRP is present (step S264), and the generated NRP is output (step S265).

1.2.7 Key Information Generation Operation Here, the key information generation operation of the key information generation unit 107 will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S155 in the flowchart shown in FIG.
The key information generation unit 107 repeats steps S282 to S287 for each layer from layer 1 to layer 3. Further, the key information generation unit 107 repeats steps S283 to S286 for each target node included in each layer.

(4) The key information generation unit 107 determines whether or not the target node has the invalidation flag “1”. If the invalidation flag “1” has not been added (step S283), it is further determined whether or not encryption has been performed with the device key corresponding to the upper node connected to the target node. If the encryption has not been performed (step S284), the device key corresponding to the target node is obtained from the tree structure table (step S285), and the generated media key is encrypted using the obtained device key. An encrypted media key is generated, and the generated encrypted media key is output (step S286).

When the invalidation flag “1” is added (step S283) or when encryption is performed (step S284), steps S285 to S286 are not performed.
1.2.8 Specific Operation of Key Information Here, the operation of specifying one encrypted media key from the key information stored in the recording medium 500b by the specifying unit 303 included in the recording device 300a will be described. This will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S172 in the flowchart shown in FIG.

In addition, the operation of the specifying unit 402 included in the playback device 400a is the same as the operation of the specifying unit 303, and thus the description is omitted.
The specifying unit 303 includes a variable X indicating the position of the encrypted media key, a variable A indicating the position of the NRP related to the user device itself, a variable W indicating the number of NRPs in a certain layer, and a value indicating the number of layers in the tree structure. D. Here, an NRP (Node Revolution Pattern, hereinafter referred to as NRP) related to the user device itself is a node existing on a path from a leaf assigned to the user device to a root in a tree structure. 2 shows the NRP of

The specifying unit 303 performs analysis from the layer i = 0 to the layer i = D−1 according to the following procedure.
The specifying unit 303 sets variable A = 0, variable W = 1, and variable i = 0 as initial values (step S301).
The variable i is compared with the value D, and when the variable i is larger than the value D (step S302), since the user device has been invalidated, the specifying unit 303 ends the process.

When the variable i is smaller than or equal to the value D (step S302), the specifying unit 303 is located at a bit position corresponding to the value of the upper i-th bit of the ID information among the left and right 2 bits forming the A-th NRP. It is checked whether the value B is “0” or “1” (step S303). Here, as shown in FIG. 4, “0” is assigned to the left path and “1” is assigned to the right path in the tree structure, and ID information is configured based on these rules. Therefore, the value “0” of the i-th bit of the ID information corresponds to the left bit of the A-th NRP, and the value “1” of the i-th bit corresponds to the right bit of the A-th NRP.

If the value B = 0 (step S303), the specifying unit 303 counts the number of NRPs that are not all “1” among the NRPs checked so far, and substitutes the counted value into a variable X. The variable X thus obtained indicates the position of the encrypted media key. The variable i at this time is device key identification information for identifying a device key (step S307). Next, the specifying unit 303 ends the processing.

When the value B = 1 (step S303), the specifying unit 303 counts the number of “1” s of all W NRPs present in the layer i, and substitutes the counted value into a variable W. The variable W thus obtained indicates the number of NRPs existing in the next layer i + 1 (step S304).
Next, the specifying unit 303 counts NRPs from the first NRP in the layer i to the corresponding bit position, and substitutes the counted value into a variable A. Here, the value of the corresponding bit position is not counted. The variable A thus obtained indicates the position of the NRP related to the user device itself among the NRPs of the next layer i + 1 (step S305).

Next, the specifying unit 303 calculates a variable i = i + 1 (step S306), then shifts the control to step S302, and repeats the above processing.
1.2.9 Specific Example of Specific Operation of Key Information As a specific example, using the header information and the key information shown in FIGS. 6 and 7, the non-invalidated user device 14 shown in FIG. The operation until the media key is specified will be described below. It is assumed that ID information “1101” is assigned to the user device 14 and device keys “KeyA”, “KeyC”, “KeyG”, “KeyN”, and “IK14” are assigned.

(Step 1) Since the value of the most significant bit of the ID information “1101” assigned to the user device 14 is “1”, the identifying unit 303 checks the right bit of the first NRP {11} (Step S303). ).
(Step 2) Since the value of the right bit of the first NRP {11} is “1”, the specifying unit 303 continues the analysis (B = 1 in step S303).

(Step 3) The identification unit 303 counts the number of “1” in one NRP {11} existing in layer 0. Since the counted value is “2”, it is known that two NRPs exist in the next layer 1 (step S304).
(Step 4) The specifying unit 303 counts the number of “1” of the NRP up to the corresponding bit position. However, the value of the corresponding bit position is not counted. Since the counted value is “1”, the position of the corresponding NRP of the next layer 1 is the first in the layer 1 (step S305).

(Step 5) Next, since the value of the second highest bit of the ID information “1101” is “1”, the identifying unit 303 checks the right bit of the first NRP {10} of Layer 1 ( Step S303).
(Step 6) Here, since the value of the right bit of the first NRP {10} of layer 1 is “0”, the identifying unit 303 ends the analysis (B = 0 in step S303).

(Step 7) The identification unit 303 counts the number of NRPs that are not all “1” among the NRPs so far. However, the NRP checked last is not counted. Since the counted value is “1”, the position of the encrypted media key is the first in the key information (step S307).
(Step 8) As shown in FIG. 7, the encrypted media key stored in the first position of the key information is E1 (KeyG, media key).

The user device 14 holds KeyG. Therefore, the user device 14 can obtain the media key by decrypting the encrypted media key using KeyG.
1.3 Conclusion As described above, according to the first embodiment, a plurality of NRPs are arranged in order of level in the header information of the key information recorded in advance on the recording medium. Becomes compact. Further, the player can efficiently specify the encrypted media key to be decrypted.

2. Second Embodiment Here, a second embodiment as a modification of the first embodiment will be described.
In the first embodiment, as shown in FIG. 18 as an example, there is a possibility that a user device to be invalidated is biased toward a specific leaf in a tree structure. In this case, in the header information of the key information that the key management device 100 writes on the recording medium, the NRP of {11} increases. In the example shown in FIG. 18, since the left half leaf of the tree structure T300 corresponds to all the invalidated devices, the header information in the key information includes 11 NRPs, of which 8 are $ 11 ｝.

In the example shown in FIG. 18, since the left half of the tree structure T300 is an invalidated device, if all the nodes below the left node of the layer 1 are invalidated nodes, There is no need to record the corresponding NRP as header information on the recording medium.
Therefore, in the second embodiment, when the invalidated devices are concentrated on a specific leaf in the tree structure, the copyright protection system 10b (shown in the drawing) can reduce the data amount of the header information. No) will be described.

The key management device 100 generates the NRP as the header information of the key information as described in the first embodiment. Here, the key management device 100 adds one bit to the head of the NRP. When the added bit is “1”, it indicates that all the user devices assigned to the descendant nodes of the node are invalidation devices. In FIG. 19, the nodes T401 and T402 have a head bit of “0” because the devices assigned to the descendant nodes of these nodes are not all invalidation devices, and the NRPs are {011}, It is expressed as {010}. Since the devices assigned to the nodes descended from the node T403 are all invalidation devices, the NRP is expressed as {111}. The key management device 100 does not write the NRP for the descendant node of the node T403 on the recording medium.

2.1 Configuration of Work Protection System 10b The work protection system 10b has the same configuration as the work protection system 10. Here, the description will focus on differences from the copyright protection system 10.
In the second embodiment, it is assumed that the user devices 1 to 8 and the user device 12 are respectively invalidated as shown in FIG.

2.1.1 Key Management Device 100
The key management device 100 of the copyrighted work protection system 10b has the same configuration as the key management device 100 described in the first embodiment. Here, the difference will be mainly described.
(1) Tree structure storage unit 102
The tree structure storage unit 102 has a tree structure table D400 shown in FIG. 20 as an example, instead of the tree structure table D100.

The tree structure table D400 corresponds to the tree structure T400 shown as an example in FIG. 19, and shows a data structure for expressing the tree structure T400.
The tree structure table D400 is configured to include the same number of node information as the nodes included in the tree structure T400, and each node information corresponds to each node configuring the tree structure T400.

Each node information includes a node name, a device key, a revocation flag, and an NRP.
The node name, the device key, and the invalidation flag are the same as those described in the first embodiment, and a description thereof will not be repeated.
The NRP is composed of three bits, and the upper one bit indicates that, as described above, all the user devices assigned to the descendants of the node indicated by the corresponding node name are invalidation devices. The lower two bits have the same contents as the NRP described in the first embodiment.

(2) Key information header generation unit 106
If the first bit of the NRP is “1”, the key information header generation unit 106 generates an NRP indicating that all user devices assigned to nodes descended from the node are invalidation devices. , And outputs the generated NRP to the key information recording device 200. The details of the generation of the NRP will be described later.

The key information header generation unit 106 generates the header information D500 shown in FIG. 21 as an example. The header information D500 includes NRPs {011}, {111}, {010}, {001}, and {001}, and includes each NRP in this order. Also, as shown in this figure, NRPs {011}, {111}, {} at positions determined by “0”, “1”, “2”, “3”, and “4” in the header information D500, respectively. 010}, {001} and {001} are arranged.

(3) Key information generation unit 107
The key information generation unit 107 generates, for example, key information D600 shown in FIG. The key information D600 includes three encrypted media keys. The three encrypted media keys are obtained by encrypting the media keys using device keys KeyG, KeyL, and IK11, respectively.

(4) The position where each of the plurality of encrypted media keys is stored in the key information D600 is determined. As shown in this figure, at positions defined by “0”, “1” and “2” in the key information D600, the encrypted media key E1 (KeyG, media key), E1 (KeyL, media key) and E1 (IK11, media key) is arranged.

2.1.2 Recording device 300a
The recording device 300a has the same configuration as the recording device 300a described in the first embodiment. Here, the difference will be mainly described.
(1) Identifying unit 303
The identification unit 303 identifies the position X where one encrypted media key exists from the key information by sequentially examining the header information from the top using the ID information and the header information. The detailed operation for specifying the position X where the encrypted media key exists will be described later.

2.2 Operation of Copyright Protection System 10b The operation of the copyright protection system 10b will be described focusing on differences from the operation of the copyright protection system 10.
2.2.1 Operation of Generating Header Information Here, the operation of generating the header information by the key information header generation unit 106 will be described with reference to the flowcharts shown in FIGS. The operation described here is the details of step S153 in the flowchart shown in FIG.

The key information header generation unit 106 repeats steps S322 to S327 for each layer from layer 0 to layer 3. Further, the key information header generation unit 106 repeats steps S323 to S326 for each target node included in each layer.
The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S323), and determines whether each of the selected two lower nodes has an invalidation flag. Is generated, an NRP is generated (step S324), an extension bit having a value “0” is added to the head of the generated NRP (step S325), and the NRP added with the extension bit is It is added to the node information corresponding to the node (step S236).

When the repetition of steps S321 to S328 is completed as described above, an NRP is added to each node information as in the method described in the first embodiment. Here, a value “0” (1 bit) is added to the head of each NRP.
Next, the key information header generation unit 106 repeats steps S330 to S335 for each layer from layer 3 to layer 0. Further, the key information header generation unit 106 repeats steps S331 to S334 for each target node included in each layer.

The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S331), and determines whether NRP {111} is added to both of the selected two nodes. Find out what. However, if the two selected nodes are leaves, it is checked whether or not both of the selected two nodes have an invalidation flag (step S332).

Only if both of the selected two lower nodes have NRP {111}, but if the selected two nodes are leaves, it is invalid for both of the selected two lower nodes. Only when the activation flag is attached (step S333), the key information header generation unit 106 rewrites the first bit of the NRP added to the target node to “1” (step S334).

When the repetition of steps S329 to S336 is completed as described above, {111} is added to the upper nodes connected to the two lower nodes to which NRP {111} is added. .
Next, the key information header generation unit 106 repeats steps S338 to S343 for each layer from layer 2 to layer 0. Further, the key information header generation unit 106 repeats steps S339 to S342 for each target node included in each layer.

The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S339), and determines whether NRP {111} is added to both of the selected two lower nodes. Is checked (step S340).
Only when NRP {111} is added to both of the selected two lower nodes (step S341), key information header generating section 106 generates a tree of the NRP added to each of the selected two lower nodes. It is deleted from the structure table (step S342).

Next, the key information header generation unit 106 sequentially reads and outputs the NRPs stored in the tree structure table from the root (step S345).
As described above, when the first bit of the NRP is “1”, an NRP indicating that all the user devices assigned to the descendant nodes of the node are invalidation devices is generated.

2.2.2 Specific operation of key information Here, the operation of specifying one encrypted media key from the key information stored in the recording medium 500b by the specifying unit 303 included in the recording device 300a will be described. This will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S172 in the flowchart shown in FIG.

The operation of specifying one encrypted media key by the specifying unit 303 is the same as the operation described in the first embodiment, and the description will focus on the differences.
When the value B = 0 (step S303), the specifying unit 303 counts the number of NRPs whose lower 2 bits are not all “1” among the NRPs checked so far, and substitutes the counted value into a variable X. I do. The variable X thus obtained indicates the position of the encrypted media key (step S307a). Next, the specifying unit 303 ends the processing.

When the value B = 1 (step S303), the specifying unit 303 counts the number of “1” of all W NRPs present in the layer i. However, the NRP in which the most significant bit of the NRP is “1” is not counted. The counted value is substituted for a variable W. The variable W thus obtained indicates the number of NRPs existing in the next layer i + 1. (Step S304a).
Next, the specifying unit 303 counts the number of “1” s of the NRP up to the corresponding bit position, counting from the first NRP. However, the NRP in which the most significant bit of the NRP is “1” is not counted. The counted value is substituted for a variable A. Here, the value of the corresponding bit position is not counted. The variable A thus obtained indicates the position of the NRP related to the user device itself among the NRPs of the next layer i + 1 (step S305a).

2.2.3 Specific Example of Specific Operation of Key Information As a specific example, using the key information shown in FIGS. 21 and 22, the non-invalidated user device 10 shown in FIG. The operation until the identification is described below. It is assumed that ID information “1001” is assigned to the user device 10, and device keys “KeyA”, “KeyC”, “KeyF”, “KeyL”, and “IK10” are assigned.

(Step 1) Since the value of the most significant bit of the ID information “1001” assigned to the user device 10 is “1”, the specifying unit 303 determines the right bit of the lower two bits of the first NRP {011}. Is checked (step S303).
(Step 2) Since the value of the right bit of the lower two bits of the first NRP {011} is “1”, the specifying unit 303 continues the analysis (B = 1 in step S303).

(Step 3) The identification unit 303 counts the number of “1” in the lower two bits of one NRP {011} existing in layer 0. Since the counted value is “2”, it is known that two NRPs exist in the next layer 1 (step S304a).
(Step 4) The identification unit 303 counts the number of “1” in the lower two bits of NRP {011} up to the corresponding bit position. However, the value of the corresponding bit position is not counted. Since the counted value is “1”, the position of the corresponding NRP of the next layer 1 is the first in the layer 1 (step S305a).

(Step 5) Next, since the value of the second highest bit of the ID information “1001” is “0”, the specifying unit 303 determines that the lower two bits of the first NRP {010} of layer 1 The left bit is checked (step S303).
(Step 6) Here, since the value of the left bit of the lower two bits of the first NRP {010} of layer 1 is “1”, the specifying unit 303 continues the analysis (at step S303, B = 1).

(Step 7) The identification unit 303 counts the number of “1” in the lower two bits of the two NRPs {111} and {010} existing in layer 1. However, the NRP in which the most significant bit of the NRP is “1” is not counted. Since the counted value is “1”, it is known that one NRP exists in the next layer 2 (step S304a).
(Step 8) The specifying unit 303 counts the number of “1” s of the NRP up to the corresponding bit position. However, the value of the corresponding bit position is not counted. Since the counted value is “0”, the position of the corresponding NRP of the next layer 2 is the 0th in layer 2 (step S305a).

(Step 9) Next, since the value of the third bit from the high order of the ID information “1001” is “0”, the specifying unit 303 determines whether the low order 2 bits of the 0th NRP {001} of layer 2 The left bit is checked (step S303).
(Step 10) Here, since the value of the left bit of the lower 2 bits of the 0th NRP {001} of the layer 2 is “0”, the specifying unit 303 ends the analysis (at step S303, B = 0).

(Step 11) The identification unit 303 counts the number of NRPs whose lower two bits are not all “1” among the NRPs analyzed so far. The NRP checked last is not counted. Since the counted value is “1”, the position of the encrypted media key is the first in the key information (step S307a).
(Step 12) From FIG. 22, the encrypted media key stored in the first position of the key information is E1 (KeyL, media key).

The user device 10 holds KeyL. Therefore, the user device 10 can obtain the media key by decrypting the encrypted media key using KeyL.
In the second embodiment described above, when all of the user devices existing in descendants of a certain node are invalidation devices, the added bit is set to “1”. However, if there is a tree structure in which the number of leaf layers is different, and if there is no NRP in the descendant of a certain node, the added bit is set to "1" so that it can be used as a flag indicating the end. Can be.

3. Third Embodiment In the above-described second embodiment, invalidation devices are concentrated by adding a bit indicating whether all descendants of a certain node are invalidation devices to the head of the NRP. In this case, there is shown a method for further reducing the header information.
In the third embodiment described below, instead of adding a bit to the NRP, an NRP having a specific pattern {00} is used to determine whether all descendants of one node are invalidation devices. to decide. This focuses on the fact that NRP {00} is not used in all layers except layer 0. The following describes a copyright protection system 10c (not shown) that can further reduce the amount of header information as compared with the second embodiment.
Here, it is assumed that the user devices 1 to 8 and the user device 12 are respectively invalidated as shown in FIG. In the third embodiment, the NRP is as shown in the first embodiment, but when all the user devices descended from a certain node are invalidating devices, the NRP of the node is set to {00}. Express. For the node T501 in FIG. 28, the descendants of the node are all the invalidation devices, so the NRP is expressed as {00}.

3.1 Configuration of Work Protection System 10c The work protection system 10c has the same configuration as the work protection system 10. Here, the description will focus on differences from the copyright protection system 10.
3.1.1 Key Management Device 100
The key management device 100 of the copyrighted work protection system 10c has the same configuration as the key management device 100 described in the first embodiment. Here, the difference will be mainly described.

(1) Key information header generation unit 106
When the NRP is {00}, the key information header generation unit 106 generates an NRP indicating that all the user devices assigned to the descendant nodes of the node are invalidation devices, and generates the generated NRP. Output to the key information recording device 200. The details of the generation of the NRP will be described later.

The key information header generation unit 106 generates the header information D700 shown in FIG. 29 as an example. The header information D700 is composed of NRP {11}, {00}, {10}, {01}, and {01}, and includes each NRP in this order. Also, as shown in this figure, NRP {11}, {00}, {} at positions determined by “0”, “1”, “2”, “3”, and “4” in the header information D700, respectively. 10}, {01} and {01} are arranged.

(2) Key information generation unit 107
The key information generation unit 107 generates, for example, key information D800 illustrated in FIG. The key information D800 includes three encrypted media keys. The three encrypted media keys are obtained by encrypting the media keys using device keys KeyG, KeyL, and IK11, respectively.

(4) The position where each of the plurality of encrypted media keys is stored in the key information D800 is determined. As shown in this figure, at positions determined by “0”, “1” and “2” in the key information D800, the encrypted media key E1 (KeyG, media key), E1 (KeyL, media key) and E1 (IK11, media key) is arranged.

3.1.2 Recording device 300a
The recording device 300a of the copyrighted work protection system 10c has the same configuration as the recording device 300a described in the first embodiment. Here, the difference will be mainly described.
(1) Identifying unit 303
The identification unit 303 identifies the position X where one encrypted media key exists from the key information by sequentially examining the header information from the top using the ID information and the header information. The detailed operation for specifying the position X where the encrypted media key exists will be described later.

3.2 Operation of Copyright Protection System 10c The operation of the copyright protection system 10c will be described focusing on differences from the operation of the copyright protection system 10.
3.2.1 Operation of Generating Header Information Here, the operation of generating the header information by the key information header generation unit 106 will be described using the flowcharts shown in FIGS. The operation described here is the details of step S153 in the flowchart shown in FIG.

The key information header generation unit 106 repeats steps S322 to S327 for each layer from layer 0 to layer 3. Further, the key information header generation unit 106 repeats steps S323 to S326a for each target node included in each layer.
The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S323), and determines whether each of the selected two lower nodes has an invalidation flag. Is checked to generate an NRP (step S324), and the generated NRP is added to the node information corresponding to the target node in the tree structure table (step S236a).

When the repetition of steps S321 to S328 is completed as described above, the NRP is added to each node in the same manner as in the method described in the first embodiment.
Next, the key information header generation unit 106 repeats steps S330 to S335 for each layer from layer 3 to layer 0. Further, the key information header generation unit 106 repeats steps S331 to S334a for each target node included in each layer.

The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S331), and determines whether NRP {11} is added to both of the selected two nodes. Find out what. However, if the two selected nodes are leaves, it is checked whether or not both of the selected two nodes have an invalidation flag (step S332).

Only if both of the selected two lower nodes have NRP {11}, but if the selected two nodes are leaves, it is invalid for both of the selected two lower nodes. Only when the activation flag is attached (step S333), the key information header generation unit 106 rewrites the NRP added to the target node to {00} (step S334a).

When the repetition of steps S329 to S336 is completed as described above, {00} is added to the upper nodes connected to the two lower nodes to which NRP {11} is added. .
Next, the key information header generation unit 106 repeats steps S338 to S343 for each layer from layer 2 to layer 0. Further, the key information header generation unit 106 repeats steps S339 to S342a for each target node included in each layer.

The key information header generation unit 106 selects two lower nodes connected immediately below the target node (step S339), and determines whether NRP {00} is added to both of the selected two lower nodes. Is checked (step S340a).
Only when NRP {00} is added to both of the selected two lower nodes (step S341a), the key information header generation unit 106 generates a tree of the NRP added to each of the selected two lower nodes. It is deleted from the structure table (step S342a).

Next, the key information header generation unit 106 sequentially reads and outputs the NRPs stored in the tree structure table from the root (step S345).
As described above, when the NRP is {00}, an NRP indicating that all the user devices assigned to the descendant nodes of the node are invalidation devices is generated.
3.2.2 Specific operation of key information Here, an operation of specifying one encrypted media key from the key information stored in the recording medium 500b by the specifying unit 303 included in the recording device 300a will be described. This will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S172 in the flowchart shown in FIG.

The operation of specifying one encrypted media key by the specifying unit 303 is the same as the operation described in the first embodiment, and the description will focus on the differences.
When the value B = 0 (step S303), the specifying unit 303 counts the number of NRPs that are not all “1” and the number of NRPs that are not all “0” among the NRPs checked so far. However, only for layer 0, the NRP of all “0” is counted. The counted value is substituted for a variable X. The variable X thus obtained indicates the position of the encrypted media key. The variable i at this time is device key identification information for identifying a device key (step S307b). Next, the specifying unit 303 ends the processing.

3.2.3 Specific Example of Specific Operation of Key Information As a specific example, using the key information shown in FIGS. 29 and 30, the non-invalidated user device 10 shown in FIG. The operation until the identification is described below. It is assumed that ID information “1001” is assigned to the user device 10, and device keys “KeyA”, “KeyC”, “KeyF”, “KeyL”, and “IK10” are assigned.

(Step 1) Since the value of the most significant bit of the ID information “1001” assigned to the user device 10 is “1”, the identification unit 303 checks the right bit of the first NRP {11} (Step S303). ).
(Step 2) Since the value of the right bit of the first NRP {11} is “1”, the specifying unit 303 continues the analysis (B = 1 in step S303).

(Step 3) The identification unit 303 counts the number of “1” in one NRP {11} existing in layer 0. Since the counted value is “2”, it is known that two NRPs exist in the next layer 1 (step S304).
(Step 4) The specifying unit 303 counts the number of “1” of the NRP up to the corresponding bit position. However, the value of the corresponding bit position is not counted. Since the counted value is “1”, the position of the corresponding NRP of the next layer 1 is the first in the layer 1 (step S305).

(Step 5) Next, since the value of the second highest bit of the ID information “1001” is “0”, the identifying unit 303 checks the left bit of the first NRP {10} of Layer 1 ( Step S303).
(Step 6) Since the value of the left bit of the first NRP {10} of the layer 1 is “1”, the identifying unit 303 continues the analysis (B = 1 in step S303).

(Step 7) The identification unit 303 counts the number of “1” s of two NRPs existing in layer 1. Here, NRP {00} is not counted. Since the counted value is “1”, it is known that one NRP exists in the next layer 2 (step S304).
(Step 8) The specifying unit 303 counts the number of “1” s of the NRP up to the corresponding bit position. However, the value of the corresponding bit position is not counted. Since the counted value is “0”, the position of the corresponding NRP of the next layer 2 is the 0th in layer 2 (step S305).

(Step 9) Next, since the value of the third bit from the high order of the ID information “1001” is “0”, the identifying unit 303 determines that the low order 2 bits of the 0th NRP {01} of the layer 2 The left bit is checked (step S303).
(Step 10) Here, since the value of the left bit of the lower 2 bits of the 0th NRP {01} of the layer 2 is “0”, the identifying unit 303 ends the analysis (at step S303, B = 0).

(Step 11) The identifying unit 303 counts the number of NRPs that are not all “1” among the NRPs analyzed so far. The NRP checked last is not counted. Since the counted value is “1”, the position of the encrypted media key is the first in the key information.
(Step 12) From FIG. 30, the encrypted media key stored at the first position of the key information is E1 (KeyL, media key).

The user device 10 holds KeyL. Therefore, the user device 10 can obtain the media key by decrypting the encrypted media key using KeyL.
4. Fourth Embodiment In the above-described first embodiment, a plurality of NRPs are arranged in order from an upper layer to a lower layer, and NRPs having the same layer are arranged in order from left to right.

In a fourth embodiment described below, a copyright protection system 10d (not shown) that outputs a plurality of NRPs in another arrangement will be described.
4.1 Configuration of Work Protection System 10d The work protection system 10d has the same configuration as the work protection system 10. Here, the description will focus on differences from the copyright protection system 10.

4.1.1 Key Management Device 100
The key management device 100 of the copyrighted work protection system 10d has the same configuration as the key management device 100 described in the first embodiment. Here, the difference will be mainly described.
(1) Tree structure storage unit 102
The tree structure storage unit 102 is specifically composed of a hard disk unit, and has a tree structure table D1000 as shown as an example in FIG.

The tree structure table D1000 corresponds to the tree structure T600 shown as an example in FIG. 36, and shows a data structure for expressing the tree structure T600. As will be described later, a data structure for expressing the tree structure T600 by the tree structure construction unit 101 is generated as a tree structure table D1000 and written to the tree structure storage unit 102.
(Tree structure T600)
As shown in FIG. 36, the tree structure T600 is a binary tree including five layers from layer 0 to layer 4, similarly to the tree structure T100.

The number of nodes included in each layer of the tree structure T600 is the same as that of the tree structure T100. Also, the numbers assigned to the paths connecting the upper node and the lower node are the same as in the tree structure T100. In the tree structure T600, nodes marked with “x” are invalidated.
The node name of the node that is the root of the tree structure T600 is blank. The node names of the other nodes are set similarly to the tree structure T100.

Each node name is represented by four digits. The node name of the root node is composed of four digits of blank characters. The node name “0” is, specifically, a character “0” +1 digit blank character + 1 digit blank character + 1 digit blank character. The node name “00” is a character “0” + a character “0” +1 digit blank character + 1 digit blank character. The node name “101” is a character “1” + character “0” + character “1” + 1-digit blank character. The node name “1111” is a character “1” + a character “1” + a character “1” + a character “1”. The same applies to other node names.

In the tree structure T600, {10} or the like added near each node indicates an NRP. The number enclosed by a circle near each node indicates the order in which NRPs are output.
(Tree structure table D1000)
The tree structure table D1000 is configured to include the same number of node information as the nodes included in the tree structure T600, and each node information corresponds to each node configuring the tree structure T600.

Each node information includes a node name, a device key, and a revocation flag. The node name, the device key, and the invalidation flag are the same as those in the tree structure table D100, and a description thereof will not be repeated.
Each node information is stored in the tree structure table D1000 in the order according to the order rule 2 shown below. The order rule 2 shown here is applied even when each node information is sequentially read from the tree structure table D1000 by the recording devices 300a, 300b, 300c,..., The reproducing devices 400a, 400b, 400c,. Is done.

(A) At the head of the tree structure table D1000, node information corresponding to the root node is stored.
(B) After node information corresponding to one node (referred to as a specific node) is stored in the tree structure table D1000, there are two lower nodes connected to the lower side of the specific node. , The node information is arranged as shown below. Subsequent to the node information corresponding to the specific node, the node information corresponding to the left node and all the nodes connected to the lower nodes of the left node among the two lower nodes is stored. Subsequently, node information corresponding to the right node of the two lower nodes and all nodes connected to the lower nodes of the right node is stored.

(C) Within (b), (b) is applied again.
Specifically, each node information is stored in the tree structure table D100 shown in FIG. 37 in the following order.
Blank (indicating the route), “0”, “00”, “000”, “0000”, “0001”, “001”, “0010”, “0011”, “01”, “010”,. , “11”, “110”, “1100”, “1101”, “111”, “1110”, “1111”
(2) Tree structure construction unit 101
The tree structure construction unit 101 constructs an n-ary tree data structure for managing device keys, and stores the constructed tree structure in the tree structure storage unit 102. Here, n is an integer of 2 or more, and as an example, n = 2.

The details of the operation of constructing the tree structure by the tree structure construction unit 101 and storing it in the tree structure storage unit 102 will be described later.
Next, the tree structure construction unit 101 generates a device key using a random number for each node of the tree structure, and writes the generated device key in the tree structure table in association with each node.
(3) Key information header generator 106
The key information header generation unit 106 generates a plurality of NRPs and outputs the generated NRPs to the key information recording device 200 as header information. The detailed operation of generating the NRP will be described later.

FIG. 38 shows an example of header information generated by the key information header generation unit 106. The header information D900 shown in this figure includes NRP {11}, {11}, {11}, {10}, {01}, {11}, {10}, {10}, {10}, {01}, {11}, and includes each NRP in this order.
Note that the positions where the plurality of NRPs are stored in the header information D900 are determined. As shown in this figure, “0”, “1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9” are included in the header information D900. , "10", NRP {11}, {11}, {11}, {10}, {01}, {11}, {10}, {10}, {10}, {01} and {11} are arranged.

(4) Key information generation unit 107
The key information generation unit 107 encrypts the media key by using the device key corresponding to the node that has not been revoked in the same order as the order in which the node information is stored in the tree structure table. Is generated, and the generated encrypted media key is output as key information.
The key information generation unit 107 generates and outputs the following key information as an example.

The key information includes device keys “IK2”, “IK3”, “IK6”, “IK8”,
The encrypted media key E1 (IK2, media key), E1 (IK3, media key), and E1 (IK6, media key) are generated by encrypting the media key using “KeyL” and “KeyG”, respectively. ), E1 (IK8, media key), E1 (KeyL, media key), and E1 (KeyG, media key). In the key information, at positions determined by “0”, “1”, “2”, “3”, “4”, “5”, and “6”, the encrypted media key E1 (IK2, media key ), E1 (IK3, media key), E1 (IK6, media key), E1 (IK8, media key), E1 (KeyL, media key), and E1 (KeyG, media key).

4.1.2 Recording device 300a
The recording device 300a of the copyrighted work protection system 10d has the same configuration as the recording device 300a described in the first embodiment. Here, the difference will be mainly described.
(1) Identifying unit 303
The identification unit 303 identifies the position X where one encrypted media key exists from the key information by sequentially examining the header information from the top using the ID information and the header information. The detailed operation for specifying the position X where the encrypted media key exists will be described later.

4.2 Operation of Copyright Protection System 10d The operation of the copyright protection system 10d will be described focusing on differences from the operation of the copyright protection system 10.
4.2.1 Operation for Constructing and Storing Tree Structure Here, the flowchart of FIG. 39 shows the operation of generating the tree structure table by the tree structure construction unit 101 and writing the tree structure table into the tree structure storage unit 102. This will be described with reference to FIG. The operation described here is the details of step S101 in the flowchart shown in FIG.

The tree structure construction unit 101 generates node information including a blank node name and writes the node information in the tree structure table (step S401).
Next, the tree structure construction unit 101 repeats the following steps S403 to S404 for layer i (i = 1, 2, 3, 4).
The tree structure construction unit 101 generates 2 ⁱ character strings as node names. Specifically, when i = 1, 2 ¹ = 2 character strings “0” and “1” are generated. When i = 2, 2 ² = 4 character strings “00”, “01”, “10” and “11” are generated. When i = 3, 2 ³ = 8 character strings “000”, “001”, “010”,..., “111” are generated. When i = 4, 2 ⁴ = 16 character strings “0000”, “0001”, “0010”, “0011”,..., “1111” are generated (step S403). Next, the tree structure construction unit 101 writes the node information including each of the generated node names into the tree structure table (step S404).

Next, the tree structure construction unit 101 rearranges the node information included in the tree structure table in ascending order of the node names, and overwrites the rearranged node information on the tree structure table again (step S406). ).
Thus, a tree structure table D1000 shown as an example in FIG. 37 is generated. The generated tree structure table D1000 includes each node information according to the order rule 2 described above. At this stage, each device key has not yet been recorded in the tree structure table D1000.

4.2.2 Operation of Generating Header Information Here, the operation of generating the header information by the key information header generation unit 106 will be described with reference to the flowcharts shown in FIGS. The operation described here is the details of step S153 in the flowchart shown in FIG.
The key information header generation unit 106 attempts to read node information one by one from the tree structure table in order according to the order rule 2 (step S421).

Upon detecting the end of the node information (Step S422), the key information header generation unit 106 shifts the control to Step S427.
If the end of the node information is not detected and the node information is read (step S422), the key information header generation unit 106 determines whether the two nodes connected to the lower side of the target node corresponding to the read node information The information of the two nodes corresponding to the lower nodes of is read out (step S423).

If there is a lower node (step S424), the key information header generation unit 106 determines whether both of the two pieces of node information corresponding to the two read lower nodes have an invalidation flag. The NRP is checked to generate an NRP (step S425), and the generated NRP is added to the node information corresponding to the read target node (step S426). Next, the process returns to step S421 to repeat the processing.

If there is no lower node (step S424), the process returns to step S421 to repeat the processing.
Next, the key information header generation unit 106 attempts to read node information one by one from the tree structure table in order according to the order rule 2 (step S427).
Upon detecting the end of the node information (step S422), the key information header generation unit 106 ends the processing.

If the end of the node information has not been detected and the node information has been read (step S428), the key information header generation unit 106 checks whether or not the read node information has an NRP added thereto. If there is (Step S429), the added NRP is output (Step S430), and the process returns to Step S427 to repeat the processing.
When the NRP has not been added (step S429), the key information header generation unit 106 returns to step S427 and repeats the processing.

4.2.3 Specific operation of key information Here, the operation of specifying one encrypted media key from the key information stored in the recording medium 500b by the specifying unit 303 included in the recording device 300a will be described. This will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S172 in the flowchart shown in FIG.

In addition, the operation of the specifying unit 402 included in the playback device 400a is the same as the operation of the specifying unit 303, and thus the description is omitted.
The specifying unit 303 checks whether to check the variable i indicating the bit position of the ID information to be checked, the variable L indicating the layer including the currently checked NRP, the variable X storing the layer of the node at the branch point, and NRP. And a value D indicating the number of layers in the tree structure. Further, it has a pointer A indicating the position of the NRP to be checked.

The specifying unit 303 sets variable i = 0, variable L = 0, flag F = 0, variable X = 0, and pointer A = 0 (step S1300).
Next, the specifying unit 303 determines whether or not the variable L is smaller than the number of layers D-1. If the values are larger or equal (step S1301), the specifying unit 303 inputs the last layer number of the variable X for the variable L. The variable X is a last-in first-out variable, and the output value is to be deleted. That is, if the variable X is input in the order of layer 0, layer 2, and layer 3, the first output is the layer 3, the layer 3 is deleted, and the layer 2 is output next (step S1313). ). Next, the process returns to step S1301 to repeat the processing.

When the variable L is smaller than the number of layers D-1 (step S1301), the specifying unit 303 determines whether or not the variable i = variable L. If the variable i is not the variable L (step S1302), the specifying unit 303 shifts the control to step S1310.
When the variable i = the variable L (step S1302), the specifying unit 303 further determines whether or not the flag F = 0. If the flag F is not 0 (step S1303), the specifying unit 303 sets the flag F = 0 (step S1309), and the specifying unit 303 shifts the control to step S1310.

If the flag F is 0 (step S1303), the specifying unit 303 checks the value B at the corresponding bit position of the A-th NRP according to the value of the upper i-th bit of the ID information, and sets the variable i = i + 1. (Step S1304).
Next, the specifying unit 303 checks whether or not the value B = 1. If the value B is not equal to 1 (step S1305), the specifying unit 303 specifies that the device to which the ID information is assigned is not invalidated. The unit 303 ends the processing.

If the value B is 1 (step S1305), it is checked whether or not the variable is ≠ D-1. If the value is not ≠ D-1 (step S1306), the device to which this ID information is assigned is invalidated. The specifying unit 303 terminates the process.
Next, if the variable is {D-1} (step S1306), the specifying unit 303 determines whether or not the NRP is {11} and the (i−1) th value of the ID information is “1”. I do. If No (step S1307), the specifying unit 303 shifts the control to step S1310.

If Yes (step S1307), the specifying unit 303 sets the flag F = 1 (step S1308), and then sets L = L + 1 (step S1310). If NRP is {11}, the layer number is set to the variable X (Step S1311), A = A + 1 (Step S1312), and the process returns to Step S1310 to repeat the processing.
5. Fifth Embodiment In the above fourth embodiment, a plurality of NRPs are arranged according to the order rule 2.

In the fifth embodiment described below, a plurality of NRPs are output by arranging according to the order rule 2 in the same manner as the copyright protection system 10d described in the fourth embodiment. Similarly to the copyright protection system 10b described above, when the invalidated devices are concentrated on a specific leaf in the tree structure, the copyright protection system 10e (shown in the figure) can reduce the data amount of the header information. Not described).

5.1 Configuration of Copyright Protection System 10e The copyright protection system 10e has the same configuration as the copyright protection system 10d. Here, the description will focus on differences from the copyright protection system 10d.
5.1.1 Key Management Device 100
The key management device 100 of the copyrighted work protection system 10e has the same configuration as the key management device 100d described in the fourth embodiment. Here, the difference will be mainly described.

(1) Tree structure storage unit 102
The tree structure storage unit 102 has a tree structure table. The tree structure table included in the tree structure storage unit 102 has the same structure as the tree structure table D1000 included in the tree structure storage unit 102 described in the fourth embodiment, and is included in the tree structure table. Each node information further includes an NRP.

(2) Key information header generation unit 106
The key information header generation unit 106 generates a plurality of NRPs and outputs the generated NRPs to the key information recording device 200 as header information. Each NRP is composed of 3 bits as described in the second embodiment.
The detailed operation of generating the NRP will be described later.

5.1.2 Recording device 300a
The recording device 300a of the copyrighted work protection system 10e has the same configuration as the recording device 300a described in the fourth embodiment. Here, the difference will be mainly described.
(1) Identifying unit 303
The identification unit 303 identifies the position X where one encrypted media key exists from the key information by sequentially examining the header information from the top using the ID information and the header information. The detailed operation for specifying the position X where the encrypted media key exists will be described later.

5.2 Operation of Copyright Protection System 10e The operation of the copyright protection system 10e will be described focusing on differences from the operation of the copyright protection system 10d.
5.2.1 Operation of Generating Header Information Here, the operation of generating the header information by the key information header generation unit 106 will be described with reference to the flowcharts shown in FIGS. The operation described here is the details of step S153 in the flowchart shown in FIG.

The key information header generation unit 106 attempts to read node information one by one from the tree structure table in order according to the order rule 2 (step S451).
Upon detecting the end of the node information (Step S452), the key information header generation unit 106 transfers the control to Step S458.
If the end of the node information is not detected and the node information is read (step S452), the key information header generation unit 106 determines whether the two nodes connected to the lower side of the target node corresponding to the read node information The node information of the two nodes corresponding to the lower nodes is read out (step S453).

When there is a lower node (step S454), the key information header generation unit 106 determines whether or not both of the two pieces of node information corresponding to the two read lower nodes have an invalidation flag. Then, an NRP is generated (step S455), and an extension bit having a value “0” is added to the head of the generated NRP (step S456). It is added to the corresponding node information (step S457). Next, the process returns to step S451 to repeat the processing.

If there is no lower node (step S454), the process returns to step S451 to repeat the processing.
Next, the key information header generation unit 106 tries to read node information one by one from the tree structure table in accordance with the order rule 2 (step S458).
Upon detecting the end of the node information (step S459), the key information header generation unit 106 shifts the control to step S465.

If the end of the node information has not been detected and the node information has been read (step S459), the key information header generation unit 106 checks all the nodes connected to the lower side of the target node corresponding to the read node information. All node information corresponding to the lower node is read (step S460).
When there is a lower node (step S461), the key information header generation unit 106 checks whether or not all the node information corresponding to all the read lower nodes has an invalidation flag (step S462). ), The head bit of the NRP added to the node information corresponding to the target node is rewritten to “1” only when it is added to all the node information (step S463) (step S464).

Next, the process returns to step S458 to repeat the processing.
If there is no lower node (step S461), the process returns to step S458 and repeats the process.
Next, the key information header generation unit 106 tries to read node information one by one from the tree structure table in order according to the order rule 2 (step S465).

Upon detecting the end of the node information (step S466), the key information header generation unit 106 shifts the control to step S472.
When the end of the node information has not been detected and the node information has been read (step S466), the key information header generation unit 106 checks all the nodes connected to the lower side of the target node corresponding to the read node information. All node information corresponding to the lower node is read (step S467).

If there is a lower node (step S468), the key information header generation unit 106 checks whether or not NRP {111} is added to all the node information corresponding to all the read lower nodes (step S468). Only when it is added to all the node information (step S469), a deletion flag is added to all the node information (step S471).

Next, the process returns to step S465 to repeat the processing.
If there is no lower node (step S468), the process returns to step S465 to repeat the processing.
Next, the key information header generation unit 106 tries to read node information one by one from the tree structure table in order according to the order rule 2 (step S472).

Upon detecting the end of the node information (step S473), the key information header generation unit 106 ends the processing.
If the end of the node information has not been detected and the node information has been read (step S473), the key information header generation unit 106 checks whether or not the read node information has an NRP added thereto. If the deletion flag is added (step S474), it is further checked whether or not the deletion flag is added. If the deletion flag is not added (step S475), the added NRP is output (step S476). Then, the process returns to step S472 to repeat the processing.

When the NRP has not been added (step S474) or when the deletion flag has been added (step S475), the key information header generation unit 106 returns to step S472 and repeats the processing.
5.2.2 Specific operation of key information Here, an operation of specifying one encrypted media key from the key information stored in the recording medium 500b by the specifying unit 303 included in the recording device 300a will be described. This will be described with reference to the flowchart shown in FIG. The operation described here is the details of step S172 in the flowchart shown in FIG.

In addition, the operation of the specifying unit 402 included in the playback device 400a is the same as the operation of the specifying unit 303, and thus the description is omitted.
The description here will focus on the differences from the flowchart shown in FIG.
As in the case of the fourth embodiment, the specifying unit 303 includes a variable i indicating a bit position of ID information to be checked, a variable L indicating a layer including the currently checked NRP, and a layer of a node at a branch point. Has a flag F (initial value, F = 0) for determining whether or not to check the NRP, and has a value D indicating the number of layers in the tree structure. Further, it has a pointer A indicating the position of the NRP to be checked.

When the value B = 1 (step S1305), only when the most significant bit of the NRP is “1” (step S1316), the specifying unit 303 sets the variable i = D−1 and the variable L = D−1 (Step S1317).
When the NRP is {11} and the most significant bit of the NRP is not “1”, the specifying unit 303 stores the layer number in a variable X (Step S1311).

6. Other Modifications Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) As an embodiment of the present invention, an invalidation method according to a conventional method has been described as an example, but the present invention is not limited to the above embodiment. A key management device holds a certain tree structure, a recording device or a playback device is assigned to a leaf of the tree structure, and a device key associated with a node is assigned to each recording device or each playback device. If the revocation of the device key and the creation of the key information are performed using this tree structure, what is the method of allocating the device key associated with the node and the method of allocating the device key to each device? It may be something.

(2) Further, although the embodiment of the present invention has been described by taking the tree structure of the binary tree as an example, the present invention is not limited to the binary tree. Generally, it can also be realized by an n-ary tree. At this time, the ID information is assigned 0 to n-1 for the n paths descending from a certain node, and is assigned on the path from the leaf to the root as in the above-described embodiment. The values are set by concatenating the values in order from the top.

(3) In the embodiment of the present invention described above, a recordable medium such as a DVD-RAM has been described. However, pre-recorded media such as DVD-Video can be realized in a similar manner.
The copyright protection system 10f for pre-recorded media will be described.
As shown in FIG. 48, the copyright protection system 10f includes a key management device 100, a data recording device 1701, data reproducing devices 1703a, 1703b, 1703c,...

As described in the above embodiment, the key management device 100 outputs the key information to which the header information is added and the content key to the data recording device 1701, and outputs the plurality of device keys, each device key identification information, and the ID. The information is output to the data reproducing devices 1703a, 1703b, 1703c,...
The recording medium 500a, which is a pre-recorded medium, is mounted on the data recording device 1701. The data recording device 1701 receives the key information and the media key from the key management device 100, encrypts the content using the media key, generates encrypted content, and records the generated encrypted content and the received key information. Write to medium 500a. Thus, the recording medium 500d in which the encrypted content and the key information are written is produced.

The recording medium 500d is distributed in the market, and the user obtains the recording medium 500d. The user attaches the recording medium 500d to the data reproducing device 1703a.
The data reproducing device 1703a has previously received a plurality of device keys, each device key identification information, and ID information from the key management device 100, and when the recording medium 500d is mounted, the key information and the encrypted content from the recording medium 500d. Is read out, the encrypted media key is identified from the key information, the identified encrypted media key is decrypted using the device key, and the encrypted content is decrypted using the obtained media key to generate the content. I do.

In such a system as well, by the same operation as the key management device 100 shown in the embodiment, the header information to be recorded on the recording medium is reduced, and the encrypted media key to be efficiently decrypted by each data reproducing device is determined. Can be identified.
(4) In the above, the case where the present invention is used to protect the copyright of digital contents has been described as an example. However, the application of the present invention is not limited to this. It can be used for the purpose of so-called conditional access, which provides information to members other than the members.

(5) In the embodiment of the present invention, an example has been shown in which key information or encrypted content is distributed using a recording medium, but a communication medium represented by the Internet is used instead of a recording medium. You may.
(6) The key management device and the key information recording device may be configured as an integrated device.
(7) In the above embodiment, device keys are allocated to all nodes constituting the n-ary tree in advance, and all device keys existing on the path from the leaf to the root are used for the leaf. Although it is described that the device key is allocated, the present invention is not limited to such a device key allocation method.

Instead of assigning device keys to all nodes constituting the n-ary tree in advance, device keys may be assigned to only some of the nodes in advance.
Also, instead of allocating all device keys existing on the path from the leaf to the root to the use device corresponding to the leaf, a part of all the device keys existing on the path from the leaf to the root is used. May be assigned to the use device.

(8) As an example, assume a tree structure shown in FIG. In an initial state where the device key is not leaked, the media key is encrypted using the device key KeyA, and an encrypted media key is generated.
At this time, it is assumed that any one of the user devices 1 to 16 is hacked by a malicious third party, the device key KeyA is exposed, and a clone device having only the device key KeyA therein is manufactured. At this time, since the clone device has only the device key KeyA, it is not possible to specify which of the user devices 1 to 16 is the hacked device. On the other hand, since the clone device has the device key KeyA, it is possible to illegally obtain a correct media key.

In such a situation, only the device key KeyA is invalidated, and a media key is used by using a device key that covers all devices, in other words, by using a device key shared by all devices. Must be encrypted. Here, the reason why all the devices are covered is that in such a situation, it is not possible to determine which device the hacked device is.
Therefore, the media key is encrypted using the device keys KeyB and KeyC, respectively, to generate two encrypted media keys.

Next, when the device key KeyB is exposed, the device key KeyB is invalidated, and further, the media key is encrypted using each of the device keys KeyC, KeyD, and KeyE to generate three encrypted media keys. I do.
When such an operation is repeated for the height of the tree, the hacked device is finally specified.

In order to cope with the situation described above, when invalidating only the device key KeyA, the key management device adds NRP {100} to the node corresponding to the device key KeyA. In the case of the tree structure shown in FIG. 4, NRP {100} is added to the route.
A leading bit “1” of NRP {100} indicates that this node is invalidated, and a bit string “00” following the leading bit “1” is connected below this node. Both nodes indicate that they have not been revoked.

That is, in the case of the tree structure shown in FIG. 4, if NRP {100} is added to the root, two media keys generated by encrypting the media key using the device keys KeyB and KeyC are used. An encrypted media key will be present. As described above, the first bit “1” of the NRP can be said to be a flag indicating that there are two encrypted media keys below this node.

On the other hand, as described in the second embodiment, the leading bit “1” when the NRP is {111} indicates that there is no NRP below this node.
This will be described in more detail below.
(Key management device 100)
Here, it is assumed that the key management device 100 generates a tree structure T100 shown in FIG. 4, allocates a device key to each node, and allocates a user device to each leaf, as shown in FIG.

Thereafter, as illustrated in FIG. 49, the device keys KeyA, KeyB, and KeyE assigned to the root T701, the node T702, and the node T703, respectively, leaked as described above. Then, the device keys KeyA, KeyB, and KeyE are invalidated, header information and key information are generated, and the generated header information and key information are written to a recording medium via the key information recording device 200.

(A) Invalidation of Device Keys KeyA, KeyB, and KeyE The key management device 100 adds an invalidation flag “1” to node information that includes the device keys KeyA, KeyB, and KeyE in the tree structure table.
(B) Generation of Header Information The key management device 100 generates an NRP {010} to be added to the root T701 by using the tree structure table including the node information to which the invalidation flag has been added, and generates the generated NRP {010 Is written to a recording medium via the key information recording device 200 as a part of the header information. Here, the leading bit “0” of the NRP indicates that one of the two lower nodes connected immediately below the root T701 is invalidated, and the other is not invalidated. As described in the above embodiment, the lower two bits “10” of the NRP indicate that the left node T702 of the two lower nodes connected immediately below the root T701 is invalidated. The right node T704 indicates that it has not been invalidated.

{Next, the key management device 100 generates NRP {001} to be added to the node T702, and writes the generated NRP {001} as a part of header information to the recording medium via the key information recording device 200. Here, the first bit “0” of the NRP indicates that one of the two lower nodes connected immediately below the node T702 is invalidated, and the other is not invalidated. The lower two bits “01” of the NRP indicate that the left node T705 is not invalidated and the right node T703 is invalid among the two lower nodes connected immediately below the node T702. It has been shown that

{Next, the key management device 100 generates an NRP {100} to be added to the node T703, and writes the generated NRP {100} as a part of the header information to the recording medium via the key information recording device 200. As described above, the NRP {100} does not invalidate both of the two lower nodes T706 and T707 connected immediately below the node T703, and these two nodes T706 and T707 have , Respectively, indicates that an encrypted media key exists.

Thus, the header information D1000 shown in FIG. 50 is written on the recording medium. As shown in the figure, the header information D1000 includes NRP {010}, {001}, and {100} in this order.
(C) Generation of Key Information Next, the key management device 100 encrypts and encrypts the media key using some of the device keys that have not been revoked, as described below. A media key is generated, and the key information including the generated encrypted media key and the header information including the NRP are written to the recording medium via the key information recording device 200.

First, the key management device 100 generates an encrypted media key by encrypting a media key using a device key assigned to a node existing in the highest layer among device keys that have not been revoked. I do. Here, as shown in FIG. 49, among the device keys that have not been revoked, the device key assigned to the node existing in the highest layer is the device key KeyC assigned to the node T704. The key management device 100 encrypts the media key using the device key KeyC, generates an encrypted media key E1 (KeyC, media key), and generates the encrypted media key E1 (KeyC, media key). The data is written to a recording medium via the key information recording device 200.

Next, the key management device 100 invalidates the nodes T704 to which the device key KeyC has been allocated and the other nodes except for all nodes lower than the node T704, which have been revoked to these other nodes. A media key is encrypted by using a device key assigned to a node existing in the highest layer among device keys that are not present, and an encrypted media key is generated. Here, since the corresponding node is the node T705, the key management device 100 encrypts the media key using the device key KeyD assigned to the node T705, and encrypts the encrypted media key E1 (KeyD, media key ) Is generated, and the generated encrypted media key E1 (KeyD, media key) is written to the recording medium via the key information recording device 200.

Next, the key management device 100 transmits the nodes T704 and all the nodes below the node T704 to which the device key KeyC is assigned, and the nodes T705 and T705 to which the device key KeyD is assigned. For other nodes except for all nodes, the media key is used by using the device key assigned to the node existing in the highest layer among the non-invalidated device keys assigned to these other nodes. To generate an encrypted media key. Here, since the corresponding node is the node T706, the key management device 100 encrypts the media key using the device key KeyJ assigned to the node T706, and encrypts the encrypted media key E1 (KeyJ, media key ) Is generated, and the generated encrypted media key E1 (KeyJ, media key) is written to the recording medium via the key information recording device 200.

Next, the key management device 100 encrypts the media key using the device key KeyK assigned to the node t707 in the same manner as described above to generate an encrypted media key E1 (KeyK, media key). The generated encrypted media key E1 (KeyK, media key) is written to the recording medium via the key information recording device 200.
In this way, the key information D1010 shown in FIG. 50 is written on the recording medium. As shown in the figure, the key information D1010 includes an encrypted media key E1 (KeyC, media key), E1 (KeyD, media key), E1 (KeyJ, media key), and E1 (KeyK, media key). It is configured to include in order.

(Recording device 300a)
FIG. 51 is a flowchart illustrating an operation of specifying one encrypted media key from the header information and the key information stored in the recording medium as described above by the specifying unit 303 included in the recording device 300a. It will be described using FIG.
The specifying unit 303 indicates a variable X indicating the position of the encrypted media key, a variable A indicating the position of the NRP relating to the user device itself, a variable W indicating the number of NRPs in a certain layer, and indicating the number of layers to be processed. It has a variable i.

The specifying unit 303 sets variable A = 0, variable W = 1, and variable i = 0 as initial values (step S301).
Next, the specifying unit 303 determines whether the value B at the bit position corresponding to the value of the upper i-th bit of the ID information is “0” or “1” in the lower 2 bits of the A-th NRP. It is checked whether there is (Step S303). Here, as described in the above embodiment, “0” is assigned to the left path and “1” is assigned to the right path in the tree structure shown in FIG. Since the ID information is configured based on the rule, the value “0” of the upper i-th bit of the ID information corresponds to the left bit of the lower 2 bits of the A-th NRP, and the value of the i-th bit “ "1" corresponds to the right bit of the lower two bits of the A-th NRP.

Next, when the value B = 0 (step S303), the specifying unit 303 checks each NRP from the first NRP to the last NRP checked as follows. However, the A-th NRP is not included.
(A) When the most significant bit of the NPR is “0” and the lower two bits are not “11”, “1” is added to the variable X.

(B) When the most significant bit of the NPR is “1”, the number of “0” included in the lower two bits is added to the variable X.
For the A-th NRP checked last, the number of “0” s up to the corresponding bit position is added to the variable X only when the most significant bit of the NRP is “1”. Here, it is assumed that the corresponding bit itself is not included. The variable X thus obtained indicates the position of the encrypted media key. The variable i at this time is device key identification information for identifying a device key (step S307c). Next, the specifying unit 303 ends the processing.

On the other hand, when the value B is 1 (step S303), the specifying unit 303 determines whether the most significant bit of the NRP is not “1” and determines that the most significant bit of the NRP is “1”. If so (step S308), since this user device has been invalidated, the specifying unit 303 ends the process.
When determining that the most significant bit of the NRP is not “1” (step S308), the specifying unit 303 counts the number of “1” included in the lower 2 bits of all W NRPs present in layer i. , And substitute the counted value into a variable W. However, the NPR in which the most significant bit of the NRP is “1” is not counted. The variable W thus obtained indicates the number of NRPs existing in the next layer i + 1 (step S304c).

Next, the specifying unit 303 counts the number of “1” included in the lower two bits of the NRP for each NRP from the first NRP among the NRPs existing in the layer i to the corresponding bit position. The value obtained is substituted for the variable A. Here, the value of the corresponding bit position is not counted. NRPs whose most significant bit is “1” are not counted. The variable A thus obtained indicates the position of the NRP of the next layer i + 1 relating to the user device itself (step S305c).

Next, the specifying unit 303 calculates a variable i = i + 1 (step S306), then shifts the control to step S303, and repeats the above processing.
As described above, not only when the device key existing on the path from the leaf of the tree structure to the root is invalidated, the device key assigned to some nodes of the tree structure is invalidated. Even in this case, the key management device can write the header information and the key information on the recording medium and the reproducing device can specify the encrypted media key.

(9) As an example, suppose the tree structure shown in FIG. 4 is in an initial state in which no device key is leaked, and there is no invalidated node in the tree structure.
In this case, the key management device encrypts the media key using the device key KeyA associated with the root to generate one encrypted media key. Next, the key management device generates one special NRP {00} indicating that there is no invalidated node in the tree structure and all nodes are valid. Next, the key management device writes the generated encrypted media key and the generated NRP {00} to a recording medium via a key information recording device.

In this case, the reproducing apparatus reads the NRP from the recording medium, and when determining that the read NRP is only {00} and that the NRP is not recorded on the recording medium, the reproducing apparatus Determines that there is no invalidated node in the tree structure, then reads the encrypted media key recorded on the recording medium, and retrieves the device key stored in the playback device itself. The read-out encrypted media key is decrypted using the device key KeyA associated with the root to generate a media key.

In this case, the recording device operates in the same manner as the reproducing device.
7. Sixth Embodiment A content distribution system 2000 as another embodiment according to the present invention will be described.
7.1 Configuration of Content Distribution System 2000 As shown in FIG. 52, the content distribution system 2000 includes a content server device 2200, a content recording device 2100, a content reproduction device 2400,..., And a content reproduction device 2400x. . Here, the total number of content reproduction devices is n.

The content server device 2200 and the content recording device 2100 are held by a content supplier, and the content server device 2200 and the content recording device 2100 are connected by a LAN. The content server device 2200 stores content which is a digital work such as a movie or music, and the content recording device 2100 acquires the content and the content key from the content server device 2200, and based on the n device keys. Generating n encrypted media keys by encrypting the media key, generating S encryption keys based on the media key and the S region codes, and using the generated S encryption keys. Encrypts the content key to generate S encrypted content keys, encrypts the content using the content key to generate encrypted content, and generates n encrypted media keys and S encrypted content keys. Then, the encrypted content is written to the recording medium 2120.

The recording medium 2120 is sold, and the user acquires the recording medium 2120 by purchasing the recording medium 2120.
The content reproduction device 2400 is held by a user, and the recording medium 2120 is mounted by the user. Next, according to a user's instruction, the content reproducing apparatus 2400 selects and reads one encrypted media key from the recording medium 2120, reads S encrypted content keys and encrypted content, and uses the device key. Decrypts the encrypted media key to generate a media key, generates a decryption key based on the generated media key and the built-in area code, and uses the generated decryption key to generate S encrypted content keys. To generate S content keys, select one correct content key from the generated S content keys, and decrypt the encrypted content using the selected correct content key to generate content. Next, a video signal and an audio signal are generated from the generated content, and the generated video signal and audio signal are output to a monitor 2421 and a speaker 2422 connected to the content reproduction device 2400.

The other content reproduction devices are the same as the content reproduction device 2400.
7.2 Configuration of Content Server Device 2200 The content server device 2200 is a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a communication unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The content server device 2200 achieves its functions by the microprocessor operating according to the computer program.

The communication unit is connected to the content recording device 2100 via the LAN, and transmits and receives information to and from the content recording device 2100.
The hard disk unit stores a plurality of digital works such as movies and music in advance. Also, a content key is stored in association with each content. The content key is key information used when encrypting the corresponding content.

The content server device 2200 reads the content and the content key from the hard disk unit in accordance with an instruction from the content recording device 2100, and transmits the read content and the content key to the content recording device 2100 via the LAN.
7.3 Configuration of Content Recording Device 2100 As shown in FIG. 53, the content recording device 2100 includes a device key storage unit 2101, a media key storage unit 2102, a media key data generation unit 2103, a local code storage unit 2104, an encryption key It comprises a generation unit 2105, a content key encryption unit 2106, a content encryption unit 2107, a control unit 2108, an input unit 2109, a display unit 2110, a transmission / reception unit 2111, and an output unit 2112.

The content recording device 2100 is a computer system including a microprocessor, a ROM, a RAM, and the like, like the content server device 2200. The RAM stores a computer program. When the microprocessor operates according to the computer program, the content recording device 2100 achieves some of its functions.

(1) Device key storage unit 2101, media key storage unit 2102, and region code storage unit 2104
The device key storage unit 2101 stores in advance n device keys 1,..., Device keys n that are secretly held by the n content reproduction devices. Here, each device key is, for example, 64 bits long.

The media key storage unit 2102 stores a media key unique to each recording medium in advance. Here, the media key is, for example, 64 bits long.
Note that the media key is unique to each recording medium, but is not limited to this. For example, the recording medium on which the same content is recorded may be unique. That is, the same media key may be set for a plurality of recording media on which the same content is recorded. Further, the information may be unique to a recording medium on which content by the same copyright holder is recorded. Further, it may be unique for recording media supplied by the same supplier.

The area code storage unit 2104 stores six area codes in advance. As shown in Patent Document 1, each area code is a code indicating each area when the world is divided into six areas. Specifically, the six area codes are 0x0001, 0x0002, ..., 0x0006. Here, 0x0001 and the like are in hexadecimal notation.
(2) Media key data generation unit 2103
The media key data generation unit 2103 reads n device keys from the device key storage unit 2101, reads media keys from the media key storage unit 2102, and uses each of the read n device keys to read the media key. Is subjected to an encryption algorithm E3, and n encrypted media keys E3 (device key 1, media key),
E3 (device key 2, media key),
...
E3 (device key n, media key) is generated.

Here, the encryption algorithm E3 is, for example, DES.
Next, the media key data generation unit 2103 transmits the generated n encrypted media keys in the recording medium 2120 via the output unit 2112 in the order corresponding to the device keys 1, 2, ..., n. To the media key data recording area 2121 (to be described later).
(3) Encryption key generation unit 2105
The encryption key generation unit 2105 reads the media key from the media key storage unit 2102, and then reads the media key from the media key storage unit 2100 to the area code storage unit 2104 via the input unit 2109 and the control unit 2108 according to an instruction from the operator of the content recording device 2100. From among the plurality of stored area codes, S area codes of an area for which content reproduction is permitted are selected. Here, 1 ≦ S ≦ 6.

Next, for each of the selected S area codes, the encryption key generation unit 2105 generates the connected data by connecting the read media key and the area code in this order, and generates the connected data, for example, , SHA-1 or the like to obtain a 160-bit output value. For example, when the encryption algorithm is DES, the upper 56 bits of the output value are encrypted. Key. Thus, S encryption keys K1, K2,..., KS are generated.

Next, the encryption key generation unit 2105 outputs the generated S encryption keys K1, K2,..., KS to the content key encryption unit 2106.
As an example, if it is assumed that content reproduction is permitted only in the content reproduction devices belonging to the areas of the area codes 0x0001 and 0x0005, the encryption key generation unit 2105 selects two area codes 0x0001 and 0x0005, It generates two encryption keys K1 and K5, and outputs the two encryption keys K1 and K5 to the content key encryption unit 2106.

(4) Content key encryption section 2106
The content key encryption unit 2106 receives the content key from the content server device 2200 via the transmission / reception unit 2111, and receives S encryption keys K1, K2,..., KS from the encryption key generation unit 2105. Then, the fixed data and the received content key are combined to generate combined data. Here, the fixed data is, for example, 0x0000. The fixed data is used at the time of decoding to determine whether or not the decoded data is correct. Next, the content key encrypting unit 2106 performs an encryption algorithm E4 on the combined data using each of the received encryption keys, and generates S encrypted content keys E4 (K1, fixed data + content key).
E4 (K2, fixed data + content key)
...
E4 (KS, fixed data + content key)
Is generated, and the generated S encrypted content keys are written to an encrypted content key recording area 2122 (described later) of the recording medium 2120 via the output unit 2112.

Here, “+” is an operator indicating a combination.
The encryption algorithm E4 is, for example, DES.
The content key encrypting unit 2106 receives two encryption keys K1 and K5, for example, and receives two encrypted content keys E4 (K1, fixed data + content key).
E4 (K5, fixed data + content key)
Is generated, and the two generated encrypted content keys are written.

(5) Content encryption unit 2107
The content encryption unit 2107 receives the content key and the content from the content server device 2200 via the transmission / reception unit 2111, performs an encryption algorithm E5 on the received content using the received content key, and E5 (content key, content)
Is generated, and the generated encrypted content is written to the encrypted content recording area 2123 (described later) of the recording medium 2120 via the output unit 2112.

Here, the encryption algorithm E5 is, for example, DES.
(6) Control unit 2108, input unit 2109, and display unit 2110
The control unit 2108 controls each component configuring the content recording device 2100. The input unit 2109 receives an instruction and information input from the operator of the content recording device 2100 and outputs the instruction and information to the control unit 2108. The display unit 2110 displays various information under the control of the control unit 2108.

(7) Transmission / reception unit 2111 and output unit 2112
The transmission / reception unit 2111 is connected to the content server device 2200 via the LAN, receives the content and the content key from the content server device 2200 under the control of the control unit 2108, and transmits the received content and the content key to the content server. The content key is output to encryption section 2107, and the received content key is output to content key encryption section 2106.

The output unit 2112 forms a media key data recording area 2121, an encrypted content key recording area 2122, and an encrypted content recording area 2123 on a recording medium 2120, and includes n encrypted media keys and S Write the encrypted content key and the encrypted content.
7.4 Configuration of Recording Medium 2120 The recording medium 2120 is a pre-recorded medium such as a DVD-Video. In the initial state, no information is written on the recording medium 2120.

When the information is written by the content recording device 2100, as shown in FIG. 54, the recording medium 2120 includes a media key data recording area 2121, an encrypted content key recording area 2122, and an encrypted content recording area 2123.
In this figure, as described above, the total number of content playback devices is n, and each content playback device holds one individual device key 1 to device key n, and each of the content playback devices has an area code of 0x0001 and 0x0005. A specific example of various data recorded on the recording medium 2120 in a case where the reproduction of the content is permitted only for the reproducing device to which it belongs is shown.

In the media key data recording area 2121, n encrypted media keys are recorded, and in the encrypted content key recording area 2122, two encrypted content keys are recorded. In 2123, one encrypted content is recorded.
7.5 Configuration of Content Playback Device 2400 As shown in FIG. 55, the content playback device 2400 includes a device key storage unit 2401, a control unit 2402, a media key decryption unit 2403, an area code storage unit 2404, a decryption key generation unit 2405, It comprises a content key decryption unit 2406, a content decryption unit 2407, a drive unit 2408, a playback unit 2409, an input unit 2410, and a display unit 2411.

The content reproduction device 2400 is, specifically, a computer system including a microprocessor, a ROM, a RAM, and the like. The RAM stores a computer program. When the microprocessor operates according to the computer program, the content reproduction device 2400 achieves its function.
Note that the other content reproduction devices have the same configuration as the content reproduction device 2400, and thus the description is omitted.

(1) Device key storage section 2401 and area code storage section 2404
The device key storage unit 2401 stores the device key secretly. The device key is key information uniquely assigned to the content reproduction device 2400.
The area code storage unit 2404 stores one area code in advance. Specifically, the area code is 0x0001. 0x0001 indicates an area where the content reproduction device 2400 is sold.

(2) Media key decryption unit 2403
The media key decryption unit 2403 sends the media key data recording area 2121 of the recording medium 2120 via the drive unit 2408 to the device number (one of 1, 2, ..., n) assigned to the content reproduction device. Read the encrypted media key recorded at the corresponding position.

For example, if the device number assigned to the content playback device is “5”, the media key decryption unit 2403 determines whether the head number of the n encrypted media keys in the media key data recording area 2121 of the recording medium 2120 is And reads the fifth encrypted media key.
Next, the media key decryption unit 2403 reads the device key from the device key storage unit 2401, and performs a decryption algorithm D3 on the read encrypted media key using the read device key to generate a media key. The generated media key is output to the decryption key generation unit 2405.

Here, the decryption algorithm D3 is an algorithm for decrypting a cipher text generated using the encryption algorithm E3, and is, for example, DES.
(3) Decryption key generation unit 2405
The decryption key generation unit 2405 receives the media key from the media key decryption unit 2403 and reads out the area code from the area code storage unit 2404.

Next, one decryption key is generated using the received media key and the read area code in the same manner as the encryption key generation unit 2105, and the generated decryption key is output to the content key decryption unit 2406.
(4) Content key decryption unit 2406
The content key decryption unit 2406 receives the decryption key from the decryption key generation unit 2405, reads out and receives the S encrypted content keys from the encrypted content key recording area 2122 of the recording medium 2120 via the drive unit 2408. Using the decryption key, a decryption algorithm D4 is applied to the read S encrypted content keys to generate S pieces of combined data, and among the generated combined data, the combined data whose head is 0x0000 is set to 1 Select one. Next, the content key is generated by removing the leading 0x0000 from the selected combined data. Next, the generated content key is output to the content decryption unit 2407.

Here, the decryption algorithm D4 is an algorithm for decrypting a cipher text generated using the encryption algorithm E4, and is, for example, DES.
Note that the content key decryption unit 2406 reads one encrypted content key from the encrypted content key recording area 2122, and decrypts the read encrypted content key using the decryption key to generate combined data. It is determined whether the head of the generated combined data is 0x0000, and if it is 0x0000, the leading 0x0000 is removed from the combined data to generate a content key. If it is not 0x0000, the reading, decryption, and determination of the encrypted content key may be repeated until the leading 0x0000 is found.

(5) Content decryption unit 2407
The content decryption unit 2407 receives the content key from the content key decryption unit 2406, reads out the encrypted content from the encrypted content recording area 2123 of the recording medium 2120 via the drive unit 2408, and reads out using the received content key. A decryption algorithm D5 is applied to the encrypted content to generate a content, and the generated content is output to the playback unit 2409.

(6) Reproduction unit 2409
The playback unit 2409 receives the content from the content decoding unit 2407, converts the received content into an analog video signal and an audio signal by a built-in digital AV processing unit, and converts the video signal and the audio signal into a monitor 2421 and a speaker, respectively. 2422.

(7) Control unit 2402, input unit 2410, display unit 2411, and drive unit 2408
The control unit 2402 controls each component configuring the content reproduction device 2400. The input unit 2410 receives an instruction and information input from the operator of the content reproduction device 2400 and outputs the instruction and information to the control unit 2402. The display unit 2411 displays various information under the control of the control unit 2402. The drive unit 2408 reads information from a recording medium.

7.6 Operation of Content Distribution System 2000 Here, the operation of the content distribution system 2000 will be described.
(1) Operation of Content Recording Device 2100 The operation of the content recording device 2100 will be described with reference to the flowchart shown in FIG.

The media key data generation unit 2103 generates an encrypted media key by encrypting the media key stored in the media key storage unit 2102 using the device key stored in the device key storage unit 2101. The encrypted media key is recorded in the media key data recording area 2121 of the recording medium 2120 (Step S2201).
Next, the encryption key generation unit 2105 selects one or more area codes of the area in which the content is permitted to be reproduced from the plurality of area codes stored in the area code storage unit 2104 (step S2202). One or more encryption keys for encrypting the content key are generated from one or more area codes and the media key. Here, the same number of encryption keys as the number of selected area codes are generated (step S2203).

Next, the content key encrypting unit 2106 encrypts the content key using the generated one or more encryption keys to generate one or more encrypted content keys, and generates the generated encrypted content key. Is recorded in the encrypted content key recording area 2122 of the recording medium 2120 (step S2204).
Next, the content encryption unit 2107 encrypts the content using the content key to generate encrypted content, and records the generated encrypted content in the encrypted content recording area 2123 of the recording medium 2120 (step S2205). ).

(2) Operation of Content Playback Device 2400 The operation of the content playback device 2400 will be described with reference to the flowchart shown in FIG.
The media key decryption unit 2403 decrypts the encrypted media key selected and read out from the media key data recording area 2121 of the recording medium 2120 using the device key stored in the device key storage unit 2401, and decrypts the media key. It is generated (step S2501).

Next, the decryption key generation unit 2405 generates a decryption key for decrypting the encrypted content key based on the generated media key and the area code stored in the area code storage unit 2404 (step S2502).
Next, the content key decryption unit 2406 decrypts one or more encrypted content keys read from the encrypted content key recording area 2122 of the recording medium 2120 by using the generated decryption key to generate one or more content keys. A key is generated, and one correct content key is specified from the generated content keys (step S2503).

Next, the content decryption unit 2407 decrypts the encrypted content read from the encrypted content recording area 2123 of the recording medium 2120 using the generated content key to generate the content (Step S2504).
Next, the reproducing unit 2409 converts the generated content into an analog video signal and an audio signal, and outputs them to the monitor 2421 and the speaker 2422 (step S2505).

7.7 Summary In the content distribution system 2000 of the sixth embodiment, an encrypted content key is generated by a content recording device using an encryption key generated from a region code and a media key, and the generated encrypted content is generated. Record the key on a recording medium. The content reproduction device is a device having an area code indicating an area in which content reproduction is permitted, wherein the content reproduction apparatus has an area code used for recording an encrypted content key on a recording medium. When the region code matches, a correct content key for decrypting the encrypted content can be obtained by using the decryption key generated from the region key and the media key of the content reproducing apparatus.

On the other hand, if the area code used when recording the encrypted content key on the recording medium does not match the area code of the content playback apparatus, the content playback apparatus cannot obtain the correct content key. Cannot decrypt the encrypted content.
As described above, the limited viewing of the content in the set area unit is realized by using the area code when encrypting and decrypting the content.

7.8 Modifications (1) In the above-described sixth embodiment, the content recording device 2100 is connected to the content server device 2200 via the LAN, and the content recording device 2100 is connected to the content server device 2200 via the LAN. Although the content and the content key are acquired, the present invention is not limited to the configuration.

The content recording device 2100 is connected to the content server device 2200 via the Internet, and the content recording device 2100 may acquire the content and the content key from the content server device 2200 via the Internet.
The digital broadcast transmitting apparatus broadcasts the content and the content key on the digital broadcast wave. The content recording apparatus 2100 receives the digital broadcast wave, and extracts the content and the content key from the received digital broadcast wave. It may be.

The content recording device 2100 may have a configuration in which a content key and content are stored internally. Further, the content key may be generated inside the content recording device 2100 each time. Further, the content recording device 2100 may be configured to generate content. For example, a camera and an encoding unit that compresses and encodes a moving image may be provided to generate a compression-encoded moving image as content.

(2) In the sixth embodiment, the area code is exemplified as the public information, but the present invention is not limited to the configuration.
For example, secret information is set in association with each area code, and the content recording device and each content reproducing device are strictly held and managed in each device so that the secret information does not leak to the outside. A configuration in which an encryption key and a decryption key are generated from the secret information and the media key may be employed.

(3) The content recording apparatus directly records the area code indicating the area in which the content is permitted to be reproduced on the recording medium, and the content reproducing apparatus first compares the area code on the recording medium with its own area code. Then, a configuration may be adopted in which the subsequent processing is not performed if they do not match.
(4) The content reproducing apparatus, when specifying a media key encrypted using a device key of the content reproducing apparatus from a plurality of encrypted media keys recorded on a recording medium, for example, The lower 8 bits of the key are set to all 1's, and the content reproducing apparatus checks whether or not the lower 8 bits of the data obtained by decrypting the encrypted media key are all 1's. In some cases, it may be determined that the decryption of the encrypted media key has been successful.

With such a configuration of the pre-check, it is possible to reliably obtain the media key and to prevent erroneous decrypted data from being destroyed by noise or the like generated by a speaker connected to the content reproducing apparatus.
(5) The content key encryption unit 2106 included in the content recording device 2100 according to the sixth embodiment combines fixed data and a content key. Also, as in the above (4), a part of the media key is set to a specific value. This is for confirming whether or not the original content key and media key are correctly obtained when the encrypted content key and the encrypted media key are decrypted.

As described above, in order to confirm whether or not the original data has been correctly obtained, the following configuration may be adopted.
An ID for identifying the decryption key is assigned to the decryption key used for decryption. The content recording device assigns the ID to the ciphertext to indicate which key has been used for encryption, that is, to indicate which key should be used for decryption. When decrypting the content, the content reproducing apparatus performs matching between the ID of the key held by the content reproducing apparatus and the ID assigned to the cipher text, and decrypts the cipher text if they match.

(6) In the sixth embodiment, the media key storage unit 2102 included in the content recording device 2100 stores a media key unique to each recording medium in advance. Instead, it may be generated each time.
8. Seventh Embodiment A content distribution system 3000 as another embodiment according to the present invention will be described.

In the sixth embodiment, if the content reproducing apparatus has a device key, all the content reproducing apparatuses can acquire the media key. Realize limited viewing in units.
On the other hand, in the seventh embodiment, as described below, even if the content playback device has a device key, if the playback device is located in a region where content playback is not permitted, a correct media key is obtained. In this way, limited viewing on a regional basis is realized.

8.1 Configuration of Content Distribution System 3000 As shown in FIG. 58, the content distribution system 3000 includes a key management device 3300, a content server device 3200, a content recording device 3100, a content reproduction device 3400,..., A content reproduction device 3400x. It is composed of Here, the total number of content reproduction devices is n.

In the seventh embodiment, a device key of each content reproduction device is managed using a tree structure. Non-Patent Document 1 discloses the content of a key management method using such a tree structure, for example.
Here, the content server device 3200 has the same configuration as the content server device 2200, and a description thereof will be omitted.

8.2 Configuration of Key Management Device 3300 The key management device 3300 has the same configuration as the key management device 100, and has a tree structure T3000 shown in FIG. This diagram shows an example of a device key associated with each node of the tree structure, each content reproduction device associated with each leaf, and an area code indicating an area associated with each leaf.

As shown in this figure, the tree structure T3000 is a binary tree having five layers, like the tree structure T100 shown in FIG. Each node of the tree structure T3000 is associated with a device key.
More specifically, as shown in this figure, a node (root) T3001 belonging to layer 0 is associated with a device key “Kr”, and nodes T3002 and T3003 belonging to layer 1 are respectively assigned a device key “Kr”. The keys "Kp" and "Kq" are associated with each other, and the device keys "Ki", "Kj", "Km", and "Kn" are associated with the nodes T3004 to T3007 belonging to layer 2, respectively. The device keys “Ka”, “Kb”, “Kc”, “Kd”, “Ke”, “Kf”, “Kg”, and “Kh” correspond to the nodes T3008 to T3015 belonging to layer 3 respectively. It is attached. Also, device keys “K0” to “K15” are associated with the nodes (leaves) T3021 to T3036 belonging to layer 4 respectively.

The content reproduction devices 0 to 15 are respectively associated with the leaves T3021 to T3036, and the content reproduction devices are collectively associated with each of the regions to which they belong (the regions where the reproduction devices are sold and used). ing. More specifically, the content reproduction devices 0 to 3 belong to the region 0, the content reproduction devices 4 to 7 belong to the region 1, the content reproduction devices 8 to 11 belong to the region 2, and the content reproduction devices 12 to 15. Belongs to region 3.

That is, the leaf T3021 to T3036 are associated with a device number for identifying each content reproduction device, and are also associated with an area code indicating an area.
The key management device 3300, like the key management device 100, transmits all the device keys located on the path from the associated leaf to the root to each content reproduction device, and transmits the area code to which the content reproduction device belongs. Also sent.

For example, the key management device 3300 transmits five device keys “K0”, “Ka”, “Ki”, “Kp”, and “Kr” to the content reproduction device 0, and a region code 0x0000 indicating the region 0. Send
In addition, the key management device 3300 sends, to the content recording device 3100, a tree structure T3000, a device key associated with all nodes of the tree structure T3000, a device number indicating a content reproduction device associated with each leaf, and An area code indicating an area associated with each leaf is transmitted.

8.3 Configuration of Content Recording Device 3100 As shown in FIG. 60, the content recording device 3100 includes a device key storage unit 3101, a media key storage unit 3102, a media key data generation unit 3103, a content key encryption unit 3104, a content encryption unit. It comprises a conversion unit 3105, a control unit 3108, an input unit 3109, a display unit 3110, a transmission / reception unit 3111, and an output unit 3112.

The content recording device 3100 is a computer system, like the content recording device 2100.
(1) Device key storage unit 3101
The device key storage unit 3101 has a tree structure T3000, and stores all device keys of each content reproduction device. Further, a device number indicating each content reproducing device is stored in association with each leaf, and an area code indicating an area is stored in association with each leaf.

These are information transmitted from the key management device 3300.
Specifically, in the case of the tree structure T3000 shown in FIG. 59, device keys K0 to K15 and device keys Ka to Kr are stored.
(2) Media key storage unit 3102
The media key storage unit 3102 stores a media key unique to a recording medium in advance. Here, the media key is, for example, 64 bits long, and the lower 8 bits of the media key are all 1s. The lower 8 bits are used to determine whether the media key has been successfully decrypted.

(3) Media key data generation unit 3103
The media key data generation unit 3103 reads the media key from the media key storage unit 3102.
Next, the media key data generation unit 3103 receives, from the operator of the content recording device 3100, a region code indicating a region in which content reproduction is permitted, via the input unit 3109 and the control unit 3108, and uses the received region code. In the tree structure T3000, S device keys belonging to the highest layer are selected from among device keys possessed only by a plurality of content reproduction devices belonging to the indicated region and not possessed by content reproduction devices belonging to other regions. Here, S ≧ 1.

Next, the media key data generation unit 3103 performs an encryption algorithm E3 on the read media key using the selected S device keys, generates S encrypted media keys, and generates the generated S media keys. The encrypted media keys are recorded in the media key data recording area 3121 of the recording medium 3120.
In the tree structure T3000 shown in FIG. 59, for example, when the area in which the content is permitted to be reproduced is the area 0, the device key assigned only to the content reproduction apparatuses 0 to 3 belonging to the area 0 is “Ki , "Ka", "Kb", "K0", "K1", "K2", and "K3", and the device key belonging to the highest layer among the device keys is "Ki". Therefore, the media key data generation unit 3103 selects the device key “Ki” and generates one encrypted media key E3 (Ki, media key).

In addition, for example, in the case where the regions in which the content reproduction is permitted are the region 1, the region 2, and the region 3, the device key assigned only to the content reproduction devices 4 to 7 belonging to the region 1 is “Kj”. , “Kc”, “Kd”, “K4”, “K5”, “K6”, and “K7”, and the device key belonging to the highest layer among the device keys is “Kj”. The device keys assigned only to the content reproduction devices 8 to 15 belonging to the region 2 and the region 3 are “Kq”, “Km”, “Kn”, “Ke”, “Kf”, “Kg”, “Kh”. , "K8" to "K15", and the device key belonging to the highest layer among the device keys is "Kq". Therefore, the media key data generation unit 3103 selects the device keys “Kj” and “Kq” and generates two encrypted media keys E3 (Kj, media key) and E3 (Kq, media key).

In addition, when the area where the reproduction of the content is permitted is, for example, the area 0, the area 1, the area 2, and the area 3, that is, in the case of all areas, the media key data generation unit 3103 transmits the device key. "Kr" is selected, and one encrypted media key E3 (Kr, media key) is generated.
(4) Content key encryption section 3104
The content key encryption unit 3104 reads the media key from the media key storage unit 3102, acquires the content key from the content server device 3200, and performs an encryption algorithm E4 on the acquired content key using the read media key. Then, an encrypted content key E4 (media key, content key) is generated, and the generated encrypted content key is recorded in the encrypted content key recording area 3122 of the recording medium 3120.

(5) Content encryption unit 3105
The content encryption unit 3105 obtains the content and the content key from the content server device 3200, performs an encryption algorithm E5 on the obtained content using the obtained content key, and obtains an encrypted content E5 (content key, content). Is generated, and the generated encrypted content is recorded in the encrypted content recording area 3123 of the recording medium 3120.

(6) Other Configurations The control unit 3108, the input unit 3109, the display unit 3110, the transmission / reception unit 3111, and the output unit 3112 are the control unit 2108, the input unit 2109, the display unit 2110, the transmission / reception unit 2111, and the output unit of the content recording device 2100. Since it is the same as 2112, the description is omitted.
8.4 Configuration of Recording Medium 3120 The recording medium 3120 is a pre-recorded medium such as a DVD-Video, like the recording medium 2120. In the initial state, no information is written on the recording medium 2120.

記録 In the tree structure T3000 shown in FIG. 59, FIG. 61 shows a recording medium 3120a in which information is written and generated by the content recording device 3100 in a case where the region where the reproduction of the content is permitted is the region 0 as an example. The recording medium 3120a includes a media key data recording area 3121a, an encrypted content key recording area 3122a, and an encrypted content recording area 3123a. One encrypted media key E3 (Ki, media key) is recorded in the media key data recording area 3121a, and the encrypted content key recording area 3122a and the encrypted content recording area 3123a are respectively encrypted. A content key E4 (media key, content key) and an encrypted content E5 (content key, content) are recorded.

FIG. 62 shows a recording medium 3120b in which information is written and generated by the content recording device 3100 in a case where, for example, the regions in which content reproduction is permitted are the region 1, the region 2, and the region 3. The recording medium 3120b includes a media key data recording area 3121b, an encrypted content key recording area 3122b, and an encrypted content recording area 3123b. In the media key data recording area 3121b, two encrypted media keys E3 (Kj, media key) and E3 (Kq, media key) are recorded, and an encrypted content key recording area 3122b and an encrypted content recording area 3122b are recorded. An encrypted content key E4 (media key, content key) and an encrypted content E5 (content key, content) are recorded in 3123b.

For example, in a case where the area where the reproduction of the content is permitted is the area 0, the area 1, the area 2, and the area 3, that is, in the case of the entire area, the information is written and generated by the content recording device 3100. FIG. 63 shows the recording medium 3120c. The recording medium 3120c includes a media key data recording area 3121c, an encrypted content key recording area 3122c, and an encrypted content recording area 3123c. One encrypted media key E3 (Kr, media key) is recorded in the media key data recording area 3121c, and the encrypted content key recording area 3122c and the encrypted content recording area 3123c are respectively encrypted. A content key E4 (media key, content key) and an encrypted content E5 (content key, content) are recorded.

8.5 Configuration of Content Playback Device 3400 As shown in FIG. 64, the content playback device 3400 includes a device key storage unit 3401, a control unit 3402, a media key decryption unit 3403, a content key decryption unit 3406, a content decryption unit 3407, and a drive. It comprises a unit 3408, a reproducing unit 3409, an input unit 3410, and a display unit 3411. The reproduction unit 3409 is connected to the monitor 3421 and the speaker 3422.

The content reproduction device 3400 is a computer system, like the content reproduction device 2400.
Note that the other content reproduction devices have the same configuration as the content reproduction device 3400, and thus the description is omitted.
(1) Device key storage unit 3401
The device key storage unit 3401 stores a plurality of device keys secretly. Here, the plurality of device keys are all device keys existing on the path from the root T3001 to the leaf associated with the content reproduction device 3400 in the tree structure T3000 shown in FIG.

(2) Media key decryption unit 3403
The media key decryption unit 3403 reads out all the device keys from the device key storage unit 3401, and reads out all the encrypted media keys from the media key data recording area 3121 of the recording medium 3120 via the drive unit 3408.
Next, using the read device keys, the media key decryption unit 3403 performs a decryption algorithm D3 on the read encrypted media keys to generate decrypted data. It is determined whether or not the generated decrypted data is a media key. Here, in order to determine whether or not it is a media key, it is checked whether or not the lower 8 bits of the decrypted data are all 1s. Success is determined that the decrypted data is a media key, otherwise, it is determined that decryption of the encrypted media key has failed.

Next, when it is determined that the key is a media key, the generated decrypted data is output to the content key decrypting unit 3406 as a media key.
Next, when it is determined that the media key does not exist at all, the subsequent processing is stopped.
(3) Content key decryption unit 3406
The content key decryption unit 3406 receives the media key from the media key decryption unit 3403, reads out the encrypted content key from the encrypted content key recording area 3122 of the recording medium 3120 via the drive unit 3408, and uses the received media key. Then, a decryption algorithm D4 is applied to the read encrypted content key to generate a content key, and the generated content key is output to the content decryption unit 3407.

(4) Content decryption unit 3407
The content decrypting unit 3407 receives the content key from the content key decrypting unit 3406, reads the encrypted content from the encrypted content recording area 3123 of the recording medium 3120 via the drive unit 3408, and reads using the received content key. A decryption algorithm D5 is applied to the encrypted content to generate a content, and the generated content is output to the playback unit 3409.

(5) Other components The playback unit 3409, the control unit 3402, the input unit 3410, the display unit 3411, and the drive unit 3408 are respectively a playback unit 2409, a control unit 2402, an input unit 2410, and a display unit included in the content playback device 2400. Since the configuration is the same as that of the drive unit 2411 and the drive unit 2408, the description is omitted here.

8.6 Operation of Content Distribution System 3000 Here, the operation of content distribution system 3000 will be described.
(1) Operation of Content Recording Device 3100 The operation of the content recording device 3100 will be described with reference to the flowchart shown in FIG.

The media key data generation unit 3103 is the device key stored in the device key storage unit 3101, and among the device keys of only the content reproduction apparatuses belonging to the region where the reproduction of the content is permitted, among the plurality of device keys, One or more device keys located in the upper layer are selected (step S3101), and the media key stored in the media key storage unit 3102 is encrypted using the selected device key, and the encrypted media key is encrypted. Is generated, and the generated encrypted media key is recorded in the media key data recording area 3121 of the recording medium 3120 (step S3102).

Next, the content key encrypting unit 3104 encrypts the acquired content key using the media key to generate an encrypted content key, and stores the generated encrypted content key in the encrypted content key recording area of the recording medium 3120. 3122 (step S3103).
Next, the content encryption unit 3105 encrypts the obtained content using the obtained content key to generate encrypted content, and records the generated encrypted content in the encrypted content recording area 3123 of the recording medium 3120. (Step S3104).

(2) Operation of Content Playback Device 3400 The operation of the content playback device 3400 will be described with reference to the flowchart shown in FIG.
The media key decryption unit 3403 decrypts the encrypted media key read from the media key data recording area 3121 of the recording medium 3120 using the device key stored in the device key storage unit 3401 to obtain a media key. (Step S3201).

Next, the content key decryption unit 3406 decrypts the encrypted content key read from the encrypted content key recording area 3122 of the recording medium 3120 using the obtained media key to generate a content key (step S3202). ).
Next, the content decrypting unit 3407 decrypts the encrypted content read from the encrypted content recording area 3123 of the recording medium 3120 using the generated content key to generate the content (Step S3203).

Next, the reproducing unit 3409 converts the generated content into an analog video signal and an audio signal, and outputs them to the monitor 3421 and the speaker 3422 (step S3204).
8.7 Summary In the present invention, in the case of a content reproducing device belonging to an area in which content reproduction is permitted, a correct content key for decrypting encrypted content is obtained by using a device key of the content reproducing device. can do. On the other hand, in a content reproduction device belonging to an area where the content is not permitted, even if the device key of the content reproduction device is used, a correct content key cannot be obtained, and thus the encrypted content cannot be decrypted.

As described above, the content key required for decrypting the encrypted content can be obtained only for the content reproduction devices belonging to the region where the reproduction of the content is permitted, so that the limited viewing in the set region unit can be realized.
8.8 Modifications (1) The content recording device 3100 is connected to the content server device 3200 via the Internet, and the content recording device 3100 receives the content and the content key from the content server device 3200 via the Internet. You may get it.

Also, the digital broadcast transmitting apparatus broadcasts the content and the content key on the digital broadcast wave, and the content recording apparatus 3100 receives the digital broadcast wave and extracts the content and the content key from the received digital broadcast wave. It may be.
Further, the content recording device 3100 may have a configuration in which the content key and the content are stored. Further, the content key may be generated inside the content recording device 3100 each time.

(2) When reproduction is permitted in all regions, the device key of the root is used when there is one tree structure, and the device key of the root of each tree structure is used when there are a plurality of tree structures. By using this, it is also possible to realize the generation of a recording medium on which content is recorded without restriction on reproduction by region.
(3) Although the seventh embodiment exemplifies the case where there is one tree structure, the present invention is not limited to this configuration.

For example, as shown in FIG. 67, a configuration in which an independent tree structure is prepared for each region may be adopted. In this figure, tree structures T3101, T3102, T3103, and T3104 correspond to region 0, region 1, region 2, and region 3, respectively, and are assigned to the roots of the tree structures T3101, T3102, T3103, and T3104. The device keys are “Ki”, “Kj”, “Km”, and “Kn”, respectively.

In this case, when content reproduction is permitted in all regions, four device keys “Ki”, “Kj”, “Km”, and “Kn” may be selected, and the media key may be encrypted for each. .
FIG. 68 shows an example of the recording medium 3120d thus generated. As shown in this figure, the recording medium 3120d includes a media key data recording area 3121d, an encrypted content key recording area 3122d, and an encrypted content recording area 3123d, and the media key data recording area 3121d has four encryption keys. The media key E3 (Ki, media key), E3 (Kj, media key), E3 (Km, media key), and E3 (Kn, media key) are recorded, and the encrypted content key recording area 3122d stores an encryption key. An encrypted content key E4 (media key, content key) is recorded, and an encrypted content (content key, content) is recorded in the encrypted content recording area 3123d.

(4) When preparing a plurality of tree structures, it is not necessary that all the tree structures have the same height, and may have different heights for each region. Further, the tree structure does not need to be a binary tree, and may be a tree structure of a triple tree or a mixed structure.
(5) The content recording device records on the recording medium a region code indicating a region in which the content is permitted to be reproduced, and the content reproducing device also has a built-in region code. A configuration may be adopted in which the local codes are compared, and if they do not match, the subsequent processing is not performed.

As described above, the lower 8 bits of the media key may be determined to be all 1s in advance, and the playback device may check the location and determine whether or not the decryption has succeeded. With such a configuration of the pre-check, it is possible to confirm the correct decryption of the media key and to prevent the speaker connected to the playback device from being damaged by noise or the like due to incorrect decrypted data.

(6) In the sixth and seventh embodiments, the case where the content recording device manages the device key of each content reproducing device and the recording medium is a pre-recorded medium such as a DVD-Video is described. Although illustrated, the present invention is not limited to such a configuration.
For example, similarly to the content reproducing apparatus, one area code or a device key for the apparatus is given to the content recording apparatus, and the recording medium is a recordable medium such as a DVD-RAM. In this case, for example, a recording device belonging to the region 0 can record the content correctly (in a form compatible with other devices) only on the recording medium for the region 0, and similarly, the recording device belonging to the region 0 Only the playback device can play back the recorded content. As a result, it is possible to realize limited use, limited recording, and limited viewing on a regional basis of the recording medium.

(7) In the sixth embodiment and the seventh embodiment, the configuration in which the content reproducing apparatus has each decoding unit inside the apparatus has been exemplified, but the present invention is not limited to the configuration. .
For example, even if the configuration is such that each decryption unit is mounted on an IC card and various data are generated or decrypted in the IC card, and the content can be obtained only for the content reproduction device in which the IC card is inserted. Good.

With the configuration using such an IC card, for example, the risk of eavesdropping of the content key on the bus is reduced. Also, not all processing units need to be mounted on the IC card, and one or more processing units may be mounted on the IC card. Further, a configuration in which the processing unit of the content recording device is mounted on an IC card may be employed.
(8) In the sixth and seventh embodiments, the case where the content is encrypted with the content key has been exemplified, but the present invention is not limited to the configuration.

For example, in the sixth embodiment, the content may be encrypted with an encryption key generated from a media key and a region code. In the seventh embodiment, the content may be encrypted with a media key. The configuration may be as follows.
Furthermore, a configuration may be adopted in which the number of encryption layers is further increased, such as providing a second content key, encrypting the second content key with the content key, and encrypting the content with the second content key. .

(9) In the sixth embodiment and the seventh embodiment, a case where digital content is used for copyright protection has been exemplified, but the present invention is not limited to the application.
For example, in a membership-based information providing system, the present invention can be applied to the purpose of so-called conditional access in which information is provided only to members in a certain specific area.
(10) In the sixth and seventh embodiments, the case where the key information or the encrypted content is recorded on the recording medium and distributed is exemplified, but the present invention is limited to the configuration. Not something.

For example, instead of the recording medium, the transmission may be performed using a communication medium represented by the Internet as shown below.
This content distribution system includes a content server device 2200, six Web server devices, and n content reproduction devices. The six Web server devices are connected to the content server device 2200 via dedicated lines. Here, the content server device 2200 is the same as the content server device 2200 of the content distribution system 2000. Each of the n content reproduction devices can be connected to six Web server devices via the Internet.

The world is divided into six regions, each Web server device corresponds to each region, and a region code indicating the corresponding region is stored therein. It corresponds to any one of the regions, and stores any one of the six region codes therein. This is the same as the content reproduction device 2400 of the content distribution system 2000.

Each web server device receives the content and the content key from the content server device 2200 of the content distribution system 2000, and performs n encrypted media keys, one encrypted content key, and Generate encrypted content. Here, the difference from the content recording device 2100 is that the Web server device generates one encrypted content key using the area code stored therein. Next, the generated n encrypted media keys, one encrypted content key, and the encrypted content are stored therein, and in response to a request from each content playback device, , N encrypted media keys, one encrypted content key and encrypted content are transmitted via the Internet.

メ デ ィ ア Here, the media key is key information unique to each unit of content to be supplied. Further, the media key may be unique for each content. That is, the same media key may be set for the same content. Further, the content may be unique to the content by the same copyright holder. Also, the content supplied by the same supplier may be unique.

Each content reproduction device transmits the above request to the Web server device, and receives n encrypted media keys, one encrypted content key, and encrypted content from the Web server device. Next, each content reproduction device decodes and reproduces the content in the same manner as the content reproduction device 2400 of the content distribution system 2000.
In the above description, the Web server device corresponds to one region. However, the Web server device may correspond to a plurality of regions. In this case, the Web server device stores therein a plurality of area codes respectively indicating a plurality of corresponding areas, and generates the same number of encrypted content keys as the area codes using the plurality of area codes.

As described above, in the content distribution system 2000, even if a method of distributing the content via the network is adopted instead of the method of storing and distributing the content on the recording medium, the content distribution Regional limitation can be realized.
The same can be applied to the content distribution system 3000.
It is not necessary to install the Web server device in the corresponding area.

(11) The content recording devices described in the sixth and seventh embodiments may be configured to generate and distribute encrypted content in accordance with a viewing request from a content reproducing device. May be configured to charge according to.
9. Other Modifications Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.

(1) Each of the above devices is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. Each device achieves some or all of its functions by the microprocessor operating according to the computer program.

(2) The present invention may be the method described above. Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.
Further, the present invention provides a computer-readable recording medium for reading the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc). ), A semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

Further, according to the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is executed by another independent computer system. It may be.
(3) The above embodiment and the above modifications may be combined. 10. Conclusion As is apparent from the above description, according to the invention disclosed in the first embodiment, key information is compactly arranged by arranging NRPs in order of level as header information of key information recorded on a recording medium in advance. It is also possible to specify the encrypted media key that the player should efficiently decrypt.

According to the invention disclosed in the second embodiment, a bit indicating whether or not all descendants of a certain node are invalidating devices is added to the head of the NRP as header information. When concentrated, header information can be reduced.
Further, according to the invention disclosed in the third embodiment, it is possible to further reduce header information by determining whether or not all descendants of a certain node are invalidation devices in a certain specific pattern. .

Further, according to the inventions disclosed in the fourth and fifth embodiments, the order of NRPs can be other than the order disclosed in the first to third embodiments.
Further, in the sixth embodiment, the area code is directly used for decrypting the encrypted content, or the secret information set for each area code is used, so that the content is not allowed to be reproduced in the area. The playback device to which the content playback device belongs cannot obtain a content key for decrypting the encrypted content, thereby realizing limited viewing on a regional basis.

Further, in the seventh embodiment, a key management method using a tree structure is used, and a partial tree or an independent tree structure is provided for each region, so that a region code or a region code is set for each region code. Even if confidential information is not used, a playback device belonging to an area where content playback is not permitted cannot obtain a content key for decrypting the encrypted content, so that limited viewing on a regional basis is not possible. Has been realized.

11. Effect of the Invention As described above, the present invention is an area-limited playback system for limiting content playback according to an area, and encrypts content based on first area information indicating an area to generate encrypted information. And a supply device that supplies the generated encryption information, and the second area information indicating the area is stored in advance, and the encryption information is acquired and based on the stored second area information. A decryption device that attempts to decrypt the obtained encrypted information and, if decryption is successful, generates content and reproduces the generated content.

According to this configuration, the supply device encrypts the content on the basis of the first region information indicating the region, generates and supplies the encrypted information, and the playback device performs the encryption based on the second region information stored in advance. Attempts to decrypt the obtained encrypted information, and if the decryption is successful, the content is generated. Therefore, the second area information is illegally changed, or the reproduction is performed by bypassing the confirmation function based on the second area information. The device cannot correctly decrypt the encrypted information. Thus, the content cannot be correctly reproduced, and as a result, the area-limited reproduction can be realized.

Further, the present invention is a supply device for supplying content whose reproduction is limited according to a region, wherein the generating device encrypts the content based on region information indicating the region to generate encrypted information; Supply means for supplying the encrypted information.
According to this configuration, the supply device encrypts the content based on the region information indicating the region and generates and supplies the encrypted information. Therefore, the pre-stored region information is illegally changed or the region information is changed. In a reproducing apparatus modified so as to bypass the function of checking the encrypted information, the encrypted information cannot be decrypted correctly, and as a result, area-limited reproduction can be realized.

Here, the supply unit writes the generated encryption information on a recording medium, and distributes the recording medium, or transmits the generated encryption information via a network, so that the encryption information is transmitted. Supply.
According to this configuration, the supply device can reliably supply the encrypted information to the partner device via the recording medium or via the network.

Here, the generation unit includes: a content storage unit that stores the content and a content key corresponding to the content; a reading unit that reads the content and the content key from the content storage unit; A region code storage unit that stores a region code for identifying a region, and encrypts the content key based on the region code to generate encrypted content key information, and encrypts the content using the content key. Encrypting the encrypted content key information to generate the encrypted content key information and the encrypted content. And the encrypted information composed of the encrypted content.

According to this configuration, the supply device encrypts the content key based on the region code for identifying the region, generates encrypted content key information, encrypts the content using the content key, and encrypts the encrypted content. Generates and supplies the encrypted information composed of the encrypted content key information and the encrypted content, so that the area code stored in advance is illegally changed or the function of confirming by the area code is bypassed. The playback device cannot correctly decrypt the encrypted content key information. Thus, the content key cannot be obtained, and the content cannot be reproduced correctly. As a result, local limited reproduction can be realized.

Here, the encryption unit obtains a media key determined according to the supply of the content, encrypts the media key to generate an encrypted media key, and uses the area code and the media key, Encrypting a content key to generate an encrypted content key to generate the encrypted content key information including the encrypted media key and the encrypted content key; Providing the encrypted information composed of key information and the encrypted content, wherein the encrypted content key information is composed of the encrypted media key and the encrypted content key;

According to this configuration, the supply device obtains a media key determined according to the supply of the content, encrypts the media key to generate an encrypted media key, and uses the area code and the media key, By encrypting the content key to generate an encrypted content key, the encrypted content key information including the encrypted media key and the encrypted content key is generated and supplied. In a playback device that illegally changes the existing area code or bypasses the function of confirming the area code, the encrypted content key cannot be decrypted correctly. Thus, the content key cannot be obtained, and the content cannot be reproduced correctly. As a result, local limited reproduction can be realized.

Here, the encryption unit generates an encryption key using the area code and the media key, and encrypts the content key using the generated encryption key.
According to this configuration, the supply device generates an encryption key using the area code and the media key, and encrypts the content key using the generated encryption key. A playback device that has incorrectly changed the code or bypassed the function of confirming with the area code cannot generate the same decryption key as the encryption key. Thus, the encrypted content key cannot be decrypted correctly, the content key cannot be obtained, and the content cannot be reproduced correctly. As a result, local limited reproduction can be realized.

Here, the encryption unit generates the encryption key by combining the area code with the media key and applying a one-way function to the combination result.
According to this configuration, the supply device combines the area code and the media key and applies a one-way function to the combined result to generate the encryption key, so that the supply device depends on the values of both the area code and the media key. Encryption key to be generated. For this reason, a reproducing apparatus that illegally changes the pre-stored area code or bypasses the function of confirming the area code cannot generate the same decryption key as the encryption key.

Here, the encryption unit obtains a device key unique to one playback device, and encrypts the media key using the obtained device key.
According to this configuration, the supply device encrypts the media key using the device key unique to one playback device. Therefore, the supply device encrypts the encrypted media key only in the playback device having the same device key as the device key. It can be decrypted to generate a media key.

Here, the encryption unit further obtains another device key unique to another playback device, encrypts the media key using the obtained other device key, and obtains another encrypted media key. The supply means generates and supplies the encrypted information further including the other encrypted media key.
According to this configuration, since the supply device further encrypts the media key using another device key unique to another one playback device, the playback device having the same device key as the device key, and the other device. The media key can be generated by decrypting the encrypted media key only in another playback device having the same device key as the device key of the above.

Here, the supplying unit arranges and supplies the encrypted media key and the other encrypted media key in a predetermined order.
According to this configuration, the supply device arranges and supplies the encrypted media key and the other encrypted media key in a predetermined order, so that the playback device can store the encrypted media key arranged in the predetermined order. From the and the other encrypted media key, the encrypted media key used for itself can be specified.

Here, the encryption unit acquires the media key including a fixed character string, encrypts the acquired media key, and generates the encrypted media key and the other encrypted media key.
According to this configuration, the supply device encrypts the media key including the fixed character string to generate the encrypted media key and the other encrypted media key. If decryption is possible, it is possible to specify an encrypted media key to be used for itself.

Here, the area code storage unit further stores another area code for identifying another area, and the encryption unit further encrypts the content key based on the other area code. Generating the encrypted content key information, the encrypted content key information, the encrypted content key information, and the encrypted content including the encrypted content. And supplying the encrypted content key information, the other encrypted content key information, and the encrypted information including the encrypted content.

According to this configuration, the supply device further encrypts the content key based on the other area code to generate another encrypted content key information, so that the encrypted content key information and the other Since the encrypted information composed of the encrypted content key information and the encrypted content is generated and supplied, the encrypted information is decrypted in separate playback devices each having the area code and the other area code. Can be played.

Here, the encryption unit combines a fixed character string with the content key, encrypts a combination result based on the region code and another region code, respectively, and encrypts the encrypted content key information and the other Generates encrypted content key information.
According to this configuration, the supply device encrypts a combination result of the fixed character string and the content key based on the region code and another region code, and performs the encrypted content key information and the other encryption. Since the content key information is generated, the playback device can specify the encrypted content key information to be used for itself when the unique character string can be decrypted.

Here, the reading unit reads the content key including a fixed character string, and the encryption unit encrypts the acquired content key.
According to this configuration, since the supply device encrypts the content key including the fixed character string, the playback device decrypts the encrypted content key information, and decrypts the decrypted data including the fixed character string. Is generated, the decrypted data can be specified as a content key used for itself.

Here, the generation unit includes: a content storage unit that stores the content and a content key corresponding to the content; a reading unit that reads the content and the content key from the content storage unit; A region code storage unit storing secret information corresponding to a region code for identifying a region, and encrypting the content key based on the secret information to generate encrypted content key information, and using the content key. Encrypting the content to generate encrypted content, thereby generating an encrypted content composed of the encrypted content key information and the encrypted content, and an encryption unit that generates the encrypted information. Supplying encrypted content key information and the encrypted information composed of the encrypted content; .

According to this configuration, the supply device generates the encrypted content key information by encrypting the content key based on the secret information corresponding to the region code for identifying the region. Only one can decrypt the encrypted content key information to generate a content key.
Here, the generation unit includes a content storage unit that stores the content and a content key corresponding to the content, a reading unit that reads the content and the content key from the content storage unit, and a tree structure system. Tree structure storage in which each node is associated with a device key of the playback device, and each leaf is associated with a playback device and an area to which the playback device belongs. And a selection unit for selecting, as the region information, a device key that is included only in the playback device belonging to the region and not owned by a playback device belonging to another region, from the tree structure system of the tree structure storage unit. Generating the encrypted content key information by encrypting the content key based on the selected device key; An encryption unit that encrypts the content to generate the encrypted content, thereby generating the encrypted content key information and the encrypted information composed of the encrypted content. And supplying the encrypted information including the content key information and the encrypted content.

According to this configuration, from the tree structure system, the supply device includes, from among the device keys that only the playback devices belonging to the region have and the playback devices that do not have the other regions have, belong to the highest hierarchy, As the area information, selected, based on the selected device key, the content key is encrypted to generate encrypted content key information, so that the device key as the area information stored in advance is illegally changed, Alternatively, a playback device that bypasses the function of confirmation using a device key as local information cannot correctly decrypt encrypted content key information. Thus, the content key cannot be obtained, and the content cannot be reproduced correctly. As a result, local limited reproduction can be realized.

Here, the encryption unit obtains a media key determined in accordance with the supply of the content, encrypts the obtained media key using the selected device key, generates an encrypted media key, and obtains the encrypted media key. Using the obtained media key, encrypting the content key to generate an encrypted content key, thereby generating the encrypted content key information including the encrypted media key and the encrypted content key, The supply means supplies the encrypted content key information and the encrypted information composed of the encrypted content, and the encrypted content key information is composed of the encrypted media key and the encrypted content key. You.

According to this configuration, the supply device encrypts the media key determined in accordance with the supply of the content using the selected device key to generate an encrypted media key, and encrypts the content key using the media key. By generating the encrypted content key by encrypting the encrypted content key, the encrypted content key information including the encrypted media key and the encrypted content key is generated. A playback device that has been tampered with or that bypasses the function of checking with a device key as regional information cannot correctly decrypt the encrypted media key. Thus, the media key cannot be obtained, the encrypted content key cannot be decrypted to obtain the content key, and the content cannot be further decrypted. As a result, local limited reproduction can be realized.

Here, the tree structure system of the tree structure storage unit includes one tree structure, and each node of the tree structure is associated with a device key of a playback device. Each leaf is associated with a playback device and an area to which the playback device belongs, and the selection unit selects the device key from the tree structure of the tree structure storage unit.
According to this configuration, since the supply device has the tree structure system including one tree structure, the management of the tree structure system is easy.

Here, the tree structure system included in the tree structure storage unit includes the same number of tree structures as the number of regions, each tree structure corresponds to each region, and each tree structure has a plurality of nodes. , Each node is associated with a device key of a playback device belonging to the region, each leaf is associated with a playback device belonging to the region, and the selection unit is configured to correspond to the region. Device key corresponding to the root of the tree structure to be selected.

According to this configuration, the tree structure system included in the supply device includes the same number of tree structures as the number of regions, so that the management of the tree structure for each region is easy.
Here, the supply unit further supplies an area code for identifying the area together with the encryption information.
According to this configuration, since the supply device further supplies the area code, the playback apparatus can perform the collation using the acquired area code and the area code owned by the playback apparatus.

Here, the generating means is constituted by a portable IC card.
According to this configuration, since the generating means of the supply device is constituted by a portable IC card, the IC card is inserted into the supply device when used, and when the use is completed, the IC card is removed from the supply device. Accordingly, it is possible to prevent the supply means in the supply device from being used by a person who does not have an IC card.

Also, the present invention relates to a reproducing apparatus for restricting reproduction of content according to a region, wherein the storage means pre-stores second region information indicating the region, and the content based on the first region information indicating the region. Acquiring means for acquiring encrypted information generated by encrypting the information, and attempting to decrypt the acquired encrypted information based on the stored second area information. And a reproducing unit that reproduces the generated content.

According to this configuration, the encrypted information generated by encrypting the content based on the first area information indicating the area is obtained, and the obtained encrypted information is decrypted based on the stored second area information. If the decryption is successful and the content is generated normally, the content is generated. Therefore, in a reproducing apparatus that changes the second area information or bypasses the function of confirming the second area information, the encrypted information can be correctly decrypted. Absent. Thus, the content cannot be reproduced correctly. As a result, local limited reproduction can be realized.

Here, the obtaining unit obtains the encrypted information by reading the encrypted information from a recording medium or by receiving the encrypted information via a network.
According to this configuration, the playback device can reliably acquire the encrypted information via the recording medium or via the network.
Here, the storage unit previously stores a second region code for identifying a region as the second region information, and the obtaining unit includes the encrypted content key information and the encrypted content. Obtaining encrypted information, wherein the encrypted content key information is generated by encrypting a content key based on a first area code for identifying an area as the first area information; The content is generated by encrypting the content using the content key, and the decryption unit performs the encryption of the encrypted content key based on a second area code identifying the area as the second area information. An attempt is made to decrypt the information, and when the decryption is successful, a content key is generated, and the content is decrypted using the generated content key to generate the content.

According to this configuration, the playback device attempts to decrypt the encrypted content key information based on the second region code, and if successful, generates a content key and uses the generated content key to generate a content key. Is decrypted to generate the content, so that the reproducing device that illegally changes the second area code or bypasses the function of confirmation using the second area code cannot correctly decrypt the encrypted content key information. Thus, the content key cannot be obtained and the content cannot be decrypted. As a result, local limited reproduction can be realized.

Here, the obtaining unit obtains the encrypted information including encrypted content key information and encrypted content, and the encrypted content key information includes an encrypted media key and an encrypted content key. , The encrypted media key is generated by encrypting a media key determined in accordance with the supply of the content, and the encrypted content key is obtained by using the first area code and the media key. The decryption means decrypts the obtained encrypted media key to generate a media key, and uses the second area code and the generated media key to perform encryption. Attempts to decrypt the encrypted content key, and if successful, generates a content key.

According to this configuration, the playback device obtains an encrypted content key generated by encrypting the content key using the first area code and the media key, and obtains the encrypted content key using the second area code and the media key. Since the decryption of the encrypted content key is attempted, the reproducing device that incorrectly changes the second area code or bypasses the function of confirmation by the second area code cannot correctly decrypt the encrypted content key. Thus, the content key cannot be obtained and the content cannot be decrypted. As a result, local limited reproduction can be realized.

Here, the decryption means generates a decryption key using the second area code and the media key, and attempts to decrypt the encrypted content key using the generated decryption key.
According to this configuration, the playback device attempts to decrypt the encrypted content key by using the decryption key generated using the second area code and the media key, and thus illegally changes the second area code. Alternatively, a playback device that bypasses the function of confirmation by the second area code cannot correctly decrypt the encrypted content key. Thus, the content key cannot be obtained and the content cannot be decrypted. As a result, local limited reproduction can be realized.

Here, the decryption unit generates the decryption key by combining the second area code and the media key and applying a one-way function to the combined result.
According to this configuration, the playback device generates the decryption key by applying a one-way function to the combined result of the second area code and the media key, so that the second area code is illegally A playback device that has changed or bypassed the function of confirmation by the second area code cannot generate the decryption key correctly. Thus, the content key cannot be obtained and the content cannot be decrypted. As a result, local limited reproduction can be realized.

Here, the obtaining unit obtains the encrypted media key generated by encrypting the media key using a device key unique to the playback device, and the decryption unit obtains a device unique to the playback device. Attempt to decrypt the encrypted media key using the key, and if successful, generate the media key.
According to this configuration, the playback device obtains the encrypted media key generated by encrypting the media key using a device key unique to the playback device, and uses the device key unique to the playback device. Since the decryption of the encrypted media key is attempted, the encrypted media key can be decrypted only by the playback apparatus.

Here, the obtaining unit further obtains another encrypted media key generated by encrypting the media key using another device key unique to another playback device, and the decrypting unit includes: From the encrypted media key and the other encrypted media key, the encrypted media key for the playback device is specified, and an attempt is made to decrypt the specified encrypted media key.
According to this configuration, the playback device includes the encrypted media key and the other encrypted media generated by encrypting the media key using other device keys unique to the playback device and another playback device, respectively. Since the encrypted media key for the playback device is specified from the keys, it is possible to generate a media key from the specified encrypted media key, then generate a content key, and further generate content.

Here, the obtaining unit obtains the encrypted media keys and the other encrypted media keys arranged in a predetermined order, and the decryption unit obtains the encrypted media keys and the other encrypted media keys arranged in a predetermined order. By extracting one encrypted media key arranged at a specific position from the other encrypted media keys, an encrypted media key for the playback device is specified.
According to this configuration, the playback device obtains the encrypted media keys and the other encrypted media keys arranged in a predetermined order, and one of the encrypted media keys arranged at a specific position from among them. By extracting the key, the encrypted media key for the playback device can be reliably specified. Here, the obtaining unit encrypts the media key including a fixed character string and generates the encrypted media key. Obtaining an encrypted media key and the other encrypted media key, and the decryption unit decrypts the encrypted media key and the other encrypted media key using a device key unique to the playback device. Attempt, of the generated decrypted data, the one including the fixed character string is regarded as the media key.

According to this configuration, the playback device acquires the encrypted media key and the other encrypted media key generated by respectively encrypting the media keys including the fixed character string, and obtains a device unique to the playback device. Attempts to decrypt the encrypted media key and the other encrypted media key using keys, and among the generated decrypted data, those containing the fixed character string are regarded as the media key. An encrypted media key for the device can be specified.

Here, the obtaining means further obtains another encrypted content key information, wherein the other encrypted content key information is based on another area code identifying another area. The key is generated by encrypting a key, and the decryption unit further attempts to decrypt the other encrypted content key information based on the second area code, and respectively decrypts the encrypted content key information and the encrypted content key information. Using the decryption data generated by decrypting the other encrypted content key information, a person who can decrypt normally is identified, and the identified decrypted data is regarded as a content key, thereby generating a content key.

According to this configuration, the playback device encrypts the content key based on the second area code and the other area code for identifying the area and the other area, and generates the encrypted content key information and the other encryption information. By obtaining the content key information and decrypting the encrypted content key information and other encrypted content key information based on the second area code, and specifying a person who can decrypt normally, a plurality of encrypted content keys can be obtained. From the information, the encrypted content key information for the playback device can be reliably specified.

Here, the acquisition unit encrypts a combination result of a fixed character string and the content key based on the second area code and another area code, and generates the generated encrypted content key information and The other encrypted content key information is obtained, and the decryption unit converts the fixed character string out of the decrypted data generated by decrypting the encrypted content key information and the decrypted other encrypted content key information. The content key is generated by deleting the fixed character string from the content key.

According to this configuration, the playback device encrypts a combination result of the fixed character string and the content key based on the second area code and the other area code, and respectively generates the encrypted content key information. And obtaining the other encrypted content key information, and among the decrypted data generated by the decryption of the encrypted content key information and the other encrypted content key information, from those including the fixed character string, The content key is generated by deleting the fixed character string. Thus, the encrypted content key information for the playback device can be reliably specified from the plurality of encrypted content key information, and the content key can be obtained.

Here, the acquisition unit encrypts the content key including a fixed character string based on the second area code and another area code, and respectively generates the generated encrypted content key information and the other encrypted content key information. Obtaining encrypted content key information, the decrypting means includes a decrypted data generated by decrypting the encrypted content key information and the other encrypted content key information, the decrypted data including the fixed character string. , The content key.

According to this configuration, the playback device encrypts the content key including a fixed character string based on the second area code and another area code, and respectively generates the generated encrypted content key information and the other. Of the encrypted content key information and the decrypted data generated by the decryption of the other encrypted content key information, the decrypted data including the fixed character string, Is considered. Thus, the encrypted content key information for the playback device can be reliably specified from the plurality of encrypted content key information, and the content key can be obtained.

Here, the storage means stores in advance, as the second area information, second secret information corresponding to a second area code for identifying an area, and the obtaining means stores the encrypted content key information and the encrypted content key information. Acquiring the encrypted information composed of the content, and encrypting the encrypted content key information based on first secret information corresponding to a first area code for identifying an area as the first area information; The encrypted content is generated by encrypting the content using the content key, and the decryption unit encrypts the content based on the second secret information. An attempt is made to decrypt the content key information. If the decryption is successful, a content key is generated, and the content is decrypted using the content key to generate the content.

According to this configuration, the playback device encrypts the encrypted content key information generated by encrypting the content key based on the first secret information corresponding to the first area code identifying the area as the first area information. Since the decryption of the encrypted content key information is attempted based on the acquired and stored second secret information, only the playback device that knows the second secret information decrypts the encrypted content key information and A key can be generated.

Here, the storage unit stores a plurality of device keys as the second area information, and stores the plurality of device keys in a node existing on a path from one leaf to the root of the tree structure system. The leaf is associated with the playback device, and the obtaining unit obtains the encrypted information including encrypted content key information and encrypted content, and The encrypted content key information is generated by encrypting a content key based on a device key associated with one node of the tree structure system, and the encrypted content is a content using the content key. And the decryption means decrypts the encrypted content key information based on each of the stored device keys. Attempts, when can be decrypted successfully, generates a content key, decrypts the content to generate content using the generated content key.

According to this configuration, the playback device attempts to decrypt the encrypted content key information based on each of the plurality of device keys as the second area information, and thus illegally changes the second area information, or (2) A playback device that bypasses the function of confirmation based on regional information cannot correctly decrypt encrypted content key information. Thus, the content key cannot be obtained and the content cannot be decrypted. As a result, local limited reproduction can be realized.

Here, the obtaining unit obtains the encrypted information including the encrypted content key information and the encrypted content, and the encrypted content key information includes an encrypted media key and an encrypted content key. The encrypted media key is generated by encrypting a media key determined in accordance with the supply of content using the device key, and the encrypted content key is generated using the media key. The content key is generated by encrypting the content key, and the decryption unit attempts to decrypt the encrypted media key based on each of the stored plurality of device keys. A media key is generated, and the content key is generated by decrypting the encrypted content key using the generated media key.

According to this configuration, the playback device obtains and stores an encrypted media key generated by encrypting a media key determined according to the supply of the content, using the device key as the second area information. Since the decryption of the encrypted media key is attempted on the basis of each of the plurality of device keys, the reproducing device that illegally changes the second area information or bypasses the function of confirmation based on the second area information, Media key cannot be decrypted correctly. Thus, the media key cannot be obtained, the content key cannot be obtained, and further the content cannot be obtained. As a result, local limited reproduction can be realized.

Here, the tree structure system is composed of one tree structure, each node of the tree structure is associated with a device key of a playback device, and each leaf of the tree structure has a playback key. The device and the area to which the playback device belongs are associated with each other, and the plurality of device keys stored in the storage unit correspond to nodes existing on a path from one leaf of the tree structure to a root. The leaf is associated with the playback device, and the obtaining unit encrypts and generates a content key based on a device key associated with one node of the tree structure. Obtained encrypted content key information is obtained.

According to this configuration, the playback device uses the device key associated with one node of the tree structure system formed of one tree structure. Is easy to manage.
Here, the tree structure system includes the same number of tree structures as the number of regions, each tree structure corresponds to each region, each tree structure has a plurality of nodes, and each node has: Device keys of playback devices belonging to the area are associated with each other, playback devices belonging to the area are associated with each leaf, and the plurality of device keys stored in the storage unit are: The leaf is associated with a node existing on the route from one leaf to the root of the tree structure corresponding to the area to which the playback device belongs, and the leaf is associated with the playback device, and the acquisition The means acquires the encrypted content key information generated by encrypting a content key based on a device key associated with one node of the tree structure.

According to this configuration, the playback device uses the device key associated with one node of the tree structure associated with the region from the tree structure system including the same number of tree structures as the number of regions. In the management device that manages the system, it is easy to manage the tree structure for each area.
Here, the storage unit previously stores a second region code for identifying the region as the second region information, and the acquisition unit further includes a second region code for identifying the region together with the encryption information. 3 area codes are obtained, and the decryption means compares the second area code with the third area code prior to decryption of the encrypted information, and decrypts the encrypted information if they do not match. Suppress, and if they match, attempt to decrypt the encrypted information.

According to this configuration, the playback device checks the second area code against the acquired third area code prior to decryption of the encrypted information, and suppresses decryption of the encrypted information if they do not match, Region-limited reproduction can be easily realized, and in the case of a mismatch, there is no need to uselessly decrypt the encrypted information.
Here, the decoding means is constituted by a portable IC card.

According to this configuration, the decoding means of the playback device is constituted by a portable IC card, so that the IC card is inserted into the playback device when used, and when the use is completed, the IC card is removed from the playback device. Thus, it is possible to prevent the decoding means in the playback device from being used by a person who does not have an IC card.

The copyright protection system and the content distribution system described above are business-oriented, that is, iterative and repetitive in the industry of providing digitized copyrighted works such as music, movies, and novels from content providers to users. Can be used continuously.
In particular, the present invention is suitable for an industry in which a digitalized work is stored in a recording medium such as a DVD and distributed on the market, or distributed via a network, and supplied.

FIG. 1 is a block diagram illustrating a configuration of a copyrighted work protection system 10. FIG. 2 is a block diagram showing a configuration of the key management device 100. 4 shows an example of the data structure of a tree structure table D100. It is a key map showing tree structure T100. FIG. 9 is a conceptual diagram illustrating a tree structure T200 including an invalidated node. It is a data structure figure showing an example of a node invalidation pattern. FIG. 8 is a data structure diagram illustrating an example of key information including a plurality of encrypted media keys. FIG. 3 is a block diagram illustrating a configuration of a recording device 300a. FIG. 14 is a block diagram showing a configuration of a playback device 400a. 9 is a flowchart showing an operation of assigning a device key to a user device, an operation of generating key information and writing it on a recording medium, and an operation of encrypting or decrypting content by the user device. In particular, it is a flowchart showing the operation of each device until the device key is exposed by an unauthorized third party. After the device key has been exposed by an unauthorized third party, the operation of invalidating nodes in the tree structure corresponding to the exposed device key, the operation of generating new key information and writing it to a recording medium, 9 is a flowchart showing an operation of encrypting or decrypting content by the user device. 6 is a flowchart illustrating operations of generating a tree structure table by the tree structure construction unit 101 and writing the tree structure table into the tree structure storage unit 102. 6 is a flowchart illustrating an operation of the device key assignment unit 103 to output a device key and ID information to each user device. 6 is a flowchart illustrating an operation of updating a tree structure by a tree structure update unit 105. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. 5 is a flowchart illustrating an operation of generating key information by a key information generation unit 107. 11 is a flowchart illustrating an operation of specifying one encrypted media key from key information stored in a recording medium by a specifying unit included in the recording apparatus. In the first embodiment, an example of a tree structure in a case where a user device to be invalidated may be concentrated on a specific leaf in the tree structure is shown as an example. In the second embodiment, the tree structure shows a special node invalidation pattern when the user device to be invalidated is concentrated on a specific leaf in the tree structure. 13 shows an example of the data structure of a tree structure table D400. 13 shows an example of the data structure of header information D500. 14 shows an example of the data structure of key information D600. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. Continued from FIG. 11 is a flowchart illustrating an operation of specifying one encrypted media key from key information stored in a recording medium by a specifying unit included in the recording apparatus. It is a tree structure showing a special node invalidation pattern in the third embodiment. 15 shows an example of the data structure of header information D700. 15 shows an example of the data structure of key information D800. 9 is a flowchart illustrating an operation of generating header information. It continues to FIG. 9 is a flowchart illustrating an operation of generating header information. It continues to FIG. 9 is a flowchart illustrating an operation of generating header information. It continues to FIG. 9 is a flowchart illustrating an operation of generating header information. Continued from FIG. 11 is a flowchart illustrating an operation of specifying one encrypted media key from key information stored in a recording medium by a specifying unit included in the recording apparatus. 16 is a tree structure showing how to arrange a plurality of node invalidation patterns in the fourth embodiment. 4 shows an example of the data structure of a tree structure table D100. 13 shows an example of the data structure of header information D900. 6 is a flowchart illustrating operations of generating a tree structure table by the tree structure construction unit 101 and writing the tree structure table into the tree structure storage unit 102. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. Continued from FIG. 11 is a flowchart illustrating an operation of specifying one encrypted media key from key information stored in a recording medium by a specifying unit included in the recording apparatus. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. It continues to FIG. 5 is a flowchart illustrating an operation of generating header information by a key information header generation unit 106. Continued from FIG. 11 is a flowchart illustrating an operation of specifying one encrypted media key from key information stored in a recording medium by a specifying unit included in the recording apparatus. It is a block diagram showing composition of copyright protection system 10f. FIG. 12 is a conceptual diagram showing a tree structure T700 including nodes to which revoked device keys KeyA, KeyB, and KeyE are assigned. FIG. 9 is a data structure diagram showing a configuration of header information D1000 and key information D1010. 9 is a flowchart illustrating an operation of specifying one encrypted media key by a specifying unit included in the recording device. FIG. 2 is a block diagram illustrating a configuration of a content distribution system 2000. FIG. 2 is a block diagram showing a configuration of a content recording device 2100. 4 shows a data structure of a recording medium 2120. FIG. 21 is a block diagram showing a configuration of a content reproduction device 2400. 6 is a flowchart illustrating an operation of the content recording device 2100. 21 is a flowchart showing the operation of the content reproduction device 2400. FIG. 3 is a block diagram illustrating a configuration of a content distribution system 3000. FIG. 3 is a conceptual diagram showing a tree structure T3000 used in the content distribution system 3000. FIG. 3 is a block diagram showing a configuration of a content recording device 3100. 4 shows a data structure of a recording medium 3120a. 4 shows a data structure of a recording medium 3120b. 5 shows a data structure of a recording medium 3120c. FIG. 21 is a block diagram illustrating a configuration of a content reproduction device 3400. 13 is a flowchart illustrating an operation of the content recording device 3100. 35 is a flowchart showing the operation of the content reproduction device 3400. FIG. 18 is a conceptual diagram showing another tree structure used in the content distribution system 3000. 14 shows a data structure of a recording medium 3120d.

Explanation of reference numerals

3000 content distribution system 3100 content recording device 3101 device key storage unit 3102 media key storage unit 3103 media key data generation unit 3104 content key encryption unit 3105 content encryption unit 3108 control unit 3109 input unit 3110 display unit 3111 transmission / reception unit 3112 output unit 3120 recording medium 3200 content server device 3300 key management device 3400 content playback device 3401 device key storage unit 3402 control unit 3403 media key decryption unit 3406 content key decryption unit 3407 content decryption unit 3408 drive unit 3409 playback unit 3410 input unit 3411 display unit 3421 monitor

Claims (56)

An area limited playback system that limits content playback according to the area,
A supply device that encrypts the content based on the first region information indicating the region, generates encrypted information, and supplies the generated encrypted information;
The second area information indicating the area is stored in advance, the encrypted information is obtained, and based on the stored second area information, the obtained encrypted information is attempted to be decrypted and successfully decrypted. And a playback device that generates the content and reproduces the generated content. A supply device that supplies content whose reproduction is limited according to a region,
Generating means for encrypting the content based on the regional information indicating the region to generate encrypted information;
A supply unit for supplying the generated encrypted information. The supply unit supplies the encrypted information by writing the generated encrypted information on a recording medium and distributing the recording medium or transmitting the generated encrypted information via a network. The supply device according to claim 2, characterized in that: The generation means,
A content storage unit that stores the content and a content key corresponding to the content,
A reading unit that reads the content and the content key from the content storage unit;
A region code storage unit that stores a region code for identifying the region as the region information;
Encrypting the content key based on the region code to generate encrypted content key information; encrypting the content using the content key to generate encrypted content; And an encryption unit that generates the encrypted information composed of the encrypted content.
The supply device according to claim 3, wherein the supply unit supplies the encrypted information including the encrypted content key information and the encrypted content. The supply unit according to claim 4, wherein the generation unit further includes an acquisition unit that acquires the content and the content key from the outside and writes the acquired content and the content key into the content storage unit. apparatus. The supply device according to claim 4, wherein the generation unit further includes a content generation unit that generates the content and the content key and writes the generated content and the content key into the content storage unit. . The encryption unit obtains a media key determined according to the supply of the content, encrypts the media key to generate an encrypted media key, and uses the area code and the media key to generate the content key. By encrypting and generating an encrypted content key, generating the encrypted content key information composed of the encrypted media key and the encrypted content key,
The supply means supplies the encrypted content key information and the encrypted information composed of the encrypted content, and the encrypted content key information is composed of the encrypted media key and the encrypted content key. The supply device according to claim 4, wherein: The supply unit according to claim 7, wherein the encryption unit generates an encryption key using the area code and the media key, and encrypts the content key using the generated encryption key. apparatus. The supply device according to claim 8, wherein the encryption unit generates the encryption key by combining the area code and the media key and applying a one-way function to the combination result. The supply device according to claim 7, wherein the encryption unit acquires a device key unique to one playback device, and encrypts a media key using the acquired device key. The encryption unit further obtains another device key unique to another playback device, encrypts the media key using the obtained other device key, and generates another encrypted media key,
The supply device according to claim 10, wherein the supply unit further supplies the encrypted information including the another encrypted media key. The supply device according to claim 11, wherein the supply unit supplies the encrypted media key and the another encrypted media key arranged in a predetermined order. The encryption unit obtains the media key including a fixed character string, encrypts the obtained media key, and generates the encrypted media key and the other encrypted media key. Item 12. The supply device according to Item 11. The area code storage unit further stores another area code for identifying another area,
The encryption unit further encrypts the content key based on the other region code to generate another encrypted content key information, thereby obtaining the encrypted content key information and the other encrypted content key. Generating the encrypted information composed of information and the encrypted content,
The supply device according to claim 4, wherein the supply unit supplies the encrypted content key information, the other encrypted content key information, and the encrypted information including the encrypted content. The encryption unit combines a fixed character string with the content key, encrypts a combined result based on the area code and another area code, respectively, and encrypts the encrypted content key information and the other encrypted data. The supply device according to claim 14, wherein the supply device generates content key information. The reading unit reads the content key including a fixed character string,
The supply device according to claim 14, wherein the encryption unit encrypts the acquired content key. The generation means,
A content storage unit that stores the content and a content key corresponding to the content,
A reading unit that reads the content and the content key from the content storage unit;
An area code storage unit that stores secret information corresponding to an area code for identifying an area, as the area information;
Encrypting the content key to generate encrypted content key information based on the secret information, and encrypting the content using the content key to generate encrypted content; And an encryption unit that generates the encrypted information composed of the encrypted content.
The supply device according to claim 3, wherein the supply unit supplies the encrypted information including the encrypted content key information and the encrypted content. 18. The supply according to claim 17, wherein the generation unit further includes an obtaining unit that obtains the content and the content key from the outside and writes the obtained content and the content key into the content storage unit. apparatus. 18. The supply apparatus according to claim 17, wherein the generation unit further includes a content generation unit that generates the content and the content key, and writes the generated content and the content key into the content storage unit. . The generation means,
A content storage unit that stores the content and a content key corresponding to the content,
A reading unit that reads the content and the content key from the content storage unit;
It has a plurality of nodes constituting a tree structure system, and each node is associated with a device key of the playback device, and each leaf is associated with a playback device and an area to which the playback device belongs. A tree structure storage unit
A selection unit that selects, as the region information, a device key that is included only in the playback device belonging to the region and not included in the playback device belonging to another region, from the tree structure system of the tree structure storage unit;
Encrypting the content key based on the selected device key to generate encrypted content key information, and encrypting the content using the content key to generate encrypted content; An encryption unit that generates the encrypted information composed of the content key information and the encrypted content,
The supply device according to claim 3, wherein the supply unit supplies the encrypted information including the encrypted content key information and the encrypted content. 21. The supply according to claim 20, wherein the generation unit further includes an acquisition unit that acquires the content and the content key from the outside and writes the acquired content and the content key into the content storage unit. apparatus. The supply device according to claim 20, wherein the generation unit further includes a content generation unit that generates the content and the content key and writes the generated content and the content key into the content storage unit. . The encryption unit obtains a media key determined in accordance with the supply of content, encrypts the obtained media key using the selected device key, generates an encrypted media key, and obtains the obtained media. Using a key, encrypting the content key to generate an encrypted content key, thereby generating the encrypted content key information including the encrypted media key and the encrypted content key,
The supply means supplies the encrypted content key information and the encrypted information composed of the encrypted content, and the encrypted content key information is composed of the encrypted media key and the encrypted content key. 21. The supply device according to claim 20, wherein: The tree structure system included in the tree structure storage unit includes one tree structure, and each node of the tree structure is associated with a device key of a playback device. Is associated with the playback device and the region to which the playback device belongs,
The supply device according to claim 23, wherein the selection unit selects the device key from the tree structure of the tree structure storage unit. The tree structure system included in the tree structure storage unit includes the same number of tree structures as the number of regions, each tree structure corresponds to each region, and each tree structure has a plurality of nodes. Is associated with a device key of a playback device belonging to the region, and each leaf is associated with a playback device belonging to the region.
The supply device according to claim 23, wherein the selection unit selects a device key associated with a root of a tree structure corresponding to the region. The supply device according to claim 3, wherein the supply unit further supplies an area code for identifying the area together with the encrypted information. The supply device according to claim 3, wherein the generation unit is configured by a portable IC card. A playback device for limiting content playback according to a region,
Storage means for storing in advance second area information indicating the area;
Acquiring means for acquiring encrypted information generated by encrypting the content based on the first area information indicating the area;
A decryption unit that attempts to decrypt the acquired encrypted information based on the stored second area information and, if decryption is performed normally, generates content;
A reproducing device comprising: reproducing means for reproducing the generated content. 29. The reproducing apparatus according to claim 28, wherein the acquisition unit acquires the encrypted information by reading the encrypted information from a recording medium or by receiving the encrypted information via a network. The storage means stores in advance a second area code for identifying an area as the second area information,
The obtaining means obtains the encrypted information including encrypted content key information and encrypted content, and the encrypted content key information includes a first area code for identifying an area as the first area information. Based on the content key is generated by encrypting, the encrypted content is generated by encrypting the content using the content key,
The decryption unit attempts to decrypt the encrypted content key information based on a second area code that identifies the area as the second area information, and if the decryption is successful, generates a content key. 30. The playback device according to claim 29, wherein the content is generated by decrypting the content by using the obtained content key. The acquiring means acquires the encrypted information composed of encrypted content key information and encrypted content, and the encrypted content key information is composed of an encrypted media key and an encrypted content key. The media key is generated by encrypting a media key determined according to the supply of the content. The encrypted content key is obtained by encrypting the content key using the first area code and the media key. Generated by
The decrypting means decrypts the obtained encrypted media key to generate a media key, attempts to decrypt the encrypted content key using the second area code and the generated media key, and successfully decrypts the encrypted content key. 31. The playback device according to claim 30, wherein a content key is generated when the content key is created. The decryption means generates a decryption key using the second area code and the media key, and attempts to decrypt the encrypted content key using the generated decryption key. A playback device according to claim 1. The said decryption means combines the said 2nd area code and the said media key, and produces | generates the said decryption key by performing a one-way function with respect to the combining result. The said decryption means is characterized by the above-mentioned. Playback device. The obtaining means obtains the encrypted media key generated by encrypting the media key using a device key unique to the playback device,
32. The decryption unit according to claim 31, wherein the decryption unit attempts to decrypt the encrypted media key using a device key unique to the playback device, and generates a media key when the decryption is performed normally. Playback device. The obtaining unit further obtains another encrypted media key generated by encrypting the media key using another device key unique to another playback device,
The decrypting means specifies the encrypted media key for the playback device from the encrypted media key and the other encrypted media key, and attempts to decrypt the specified encrypted media key. 35. The playback device according to claim 34, wherein: The obtaining means obtains the encrypted media key and the other encrypted media key arranged in a predetermined order,
The decryption unit extracts one encrypted media key arranged at a specific position from the encrypted media keys and the other encrypted media keys arranged in a predetermined order, thereby The playback device according to claim 35, wherein an encrypted media key for the playback device is specified. The obtaining means obtains the encrypted media key and the other encrypted media key generated by encrypting the media keys each including a fixed character string,
The decryption unit attempts to decrypt the encrypted media key and the other encrypted media key using a device key unique to the playback device, and replaces the fixed character string in the decrypted data respectively generated. 36. The playback device according to claim 35, wherein a content including the media key is regarded as the media key. The obtaining means further obtains another encrypted content key information, wherein the other encrypted content key information encrypts the content key based on another area code for identifying another area. Is generated by
The decryption unit further attempts to decrypt the other encrypted content key information based on the second area code, and generates the decrypted content key information and the decrypted other encrypted content key information, respectively. 31. The playback device according to claim 30, wherein a content key is generated by identifying a person who can decrypt normally using the decrypted data, and regarding the identified decrypted data as a content key. The acquisition unit encrypts a combination result of a fixed character string and the content key based on the second area code and another area code, and respectively generates the generated encrypted content key information and the other encrypted content key information. Obtain the encrypted content key information,
The decrypting means deletes the fixed character string from the decrypted data generated by decrypting the encrypted content key information and the other encrypted content key information, respectively, from the data including the fixed character string. 39. The playback device according to claim 38, wherein the content key is generated. The acquiring means encrypts the content key including a fixed character string based on the second area code and another area code, and respectively generates the generated encrypted content key information and the other encrypted content. Get key information,
The decryption means regards, as decryption data, a decryption data generated by decrypting the encrypted content key information and the other encrypted content key information, the decryption data including the fixed character string. The playback device according to claim 38, wherein: The storage means stores in advance, as the second area information, second secret information corresponding to a second area code for identifying an area,
The obtaining means obtains the encrypted information including encrypted content key information and encrypted content, and the encrypted content key information includes a first area code for identifying an area as the first area information. Based on the corresponding first secret information, the content key is generated by encrypting the content key, and the encrypted content is generated by encrypting the content using the content key,
The decryption unit attempts to decrypt the encrypted content key information based on the second secret information, and if successful, generates a content key, decrypts the content using the content key, and decrypts the content. The playback device according to claim 29, wherein the playback device generates the content. The storage unit stores a plurality of device keys as the second area information, and the plurality of device keys are associated with nodes existing on a path from one leaf to a root of the tree structure system. The leaf is associated with the playback device,
The obtaining means obtains the encrypted information including encrypted content key information and encrypted content, and the encrypted content key information is based on a device key associated with one node of the tree structure system. The encrypted content is generated by encrypting the content key, and the encrypted content is generated by encrypting the content using the content key,
The decryption unit attempts to decrypt the encrypted content key information based on each of the plurality of stored device keys, and when the decryption is successfully performed, generates a content key and uses the generated content key. The playback device according to claim 29, wherein the playback device decrypts the content to generate the content. The acquiring means acquires the encrypted information composed of the encrypted content key information and the encrypted content, and the encrypted content key information is composed of an encrypted media key and an encrypted content key, The encrypted media key is generated by encrypting a media key determined according to the supply of the content using the device key, and the encrypted content key is generated by encrypting the content key using the media key. Is generated by encrypting
The decryption unit attempts to decrypt the encrypted media key based on each of the plurality of stored device keys, and if successful, generates a media key and uses the generated media key. 43. The playback device according to claim 42, wherein the content key is generated by decrypting the encrypted content key. The tree structure system includes a single tree structure. Each node of the tree structure is associated with a device key of a playback device. Each leaf of the tree structure has a playback device, The region to which the playback device belongs is associated,
The plurality of device keys stored in the storage unit are associated with nodes existing on a path from one leaf of the tree structure to a root, and the leaf corresponds to the playback device. It is attached,
44. The acquisition unit according to claim 43, wherein the acquisition unit acquires the encrypted content key information generated by encrypting a content key based on a device key associated with one node of the tree structure. Playback device. The tree structure system includes the same number of tree structures as the number of regions, each tree structure corresponds to each region, each tree structure has a plurality of nodes, and each node has A device key of the playback device to which the playback device belongs is associated with the playback device.
The plurality of device keys stored in the storage means are associated with nodes existing on a path from one leaf to a root of a tree structure corresponding to an area to which the playback device belongs, and The leaf is associated with the playback device,
44. The acquisition unit according to claim 43, wherein the acquisition unit acquires the encrypted content key information generated by encrypting a content key based on a device key associated with one node of the tree structure. Playback device. The storage means stores in advance a second area code for identifying the area as the second area information,
The acquiring means further acquires a third area code for identifying the area together with the encryption information,
The decryption means compares the second area code with the third area code prior to decryption of the encrypted information, suppresses decryption of the encrypted information if they do not match, and 30. The reproducing apparatus according to claim 29, wherein an attempt is made to decrypt the encrypted information. The playback device according to claim 29, wherein the decryption unit is configured by a portable IC card. A computer-readable recording medium,
A recording medium storing encrypted information generated by encrypting content based on region information indicating a region. The encrypted information includes encrypted content key information and encrypted content, and the encrypted content key information is generated by encrypting a content key based on a region code that identifies a region as the region information. 49. The recording medium according to claim 48, wherein the encrypted content is generated by encrypting the content using the content key. The encrypted information includes encrypted content key information and encrypted content, and the encrypted content key information is generated by encrypting a content key based on a device key as the area information, The encrypted content report is generated by encrypting the content using the content key,
The device key is, from the tree structure system, a device key that only a playback device belonging to a region has, and a device key that does not have a playback device belonging to another region is selected as the region information,
The tree structure system has a plurality of nodes, each node is associated with a device key of the playback device, and each leaf is associated with a playback device and an area to which the playback device belongs. The recording medium according to claim 48, wherein: A supply method used in a supply device that supplies content whose reproduction is limited according to a region,
A generating step of encrypting the content to generate encrypted information based on the regional information indicating the region;
Supplying the generated encrypted information. A supply program used in a supply device that supplies content whose reproduction is limited according to a region,
A generating step of encrypting the content to generate encrypted information based on the regional information indicating the region;
A supplying step of supplying the generated encrypted information. The supply program according to claim 52, wherein the supply program is recorded on a computer-readable recording medium. A playback method used in a playback device that limits playback of content according to a region,
The playback device includes storage means for storing second area information indicating an area in advance,
The reproduction method includes:
An obtaining step of obtaining encrypted information generated by encrypting the content based on the first area information indicating the area;
A decryption step of attempting to decrypt the acquired encrypted information based on the stored second area information, and generating a content if decryption is successful;
A reproducing step of reproducing the generated content. A playback program used in a playback device that limits playback of content according to a region,
The playback device includes storage means for storing second area information indicating an area in advance,
The playback program includes:
An obtaining step of obtaining encrypted information generated by encrypting the content based on the first area information indicating the area;
A decryption step of attempting to decrypt the obtained encrypted information based on the stored second area information, and generating a content if the decryption is successful;
A reproducing step of reproducing the generated content. The reproduction program according to claim 55, wherein the reproduction program is recorded on a computer-readable recording medium.

Images