JP2005244695A - Information processor, authentication processing method, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a structure for preventing the unauthorized usage of data concerning the structure for performing data transfer and a data processing among a drive, an application and a connection device. <P>SOLUTION: A mutual authentication processing between the drive and the connection device is performed by way of a host device for performing the application. Concerning the authentication, sequence number certificates, which are the certificates for storing identification information corresponding to the application or an apparatus whose validity is confirmed by a management center and also storing a sequence number which is set in an approved group certificate, are mutually presented. Then both apparatuses perform a processing to confirm coincidence in the sequence number of each sequence number certificate which is stored in each self memory. The data transfer and the data processing are performed in a state with sufficient security secured therein by the authentication between the drive and the connection device. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus, an authentication processing method, and a computer program. More specifically, the present invention relates to an information processing apparatus, an authentication processing method, and a computer program that can prevent unauthorized use of content by executing strict authentication processing.

  Recently, various software data (hereinafter referred to as content) such as audio data such as music, image data such as movies, game programs, various application programs, etc. are transmitted via a network such as the Internet or It is distributed via information recording media (media) such as CD (Compact Disc), DVD (Digital Versatile Disk), blue laser disc (Blu-ray Disc), MD (Mini Disk). These distributed contents are reproduced and used in various information processing apparatuses such as PCs (Personal Computers), players, and game machines owned by users.

  Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to have a configuration that restricts the use of the contents, that is, permits the use of the contents only to legitimate users and does not allow unauthorized copying or use. It has become.

  In particular, in recent years, recording devices and storage media for digitally recording information are becoming widespread. According to such a digital recording apparatus and storage medium, for example, recording and reproduction can be repeated without degrading images and sound, distribution of illegally copied content via the Internet, recording of CD-R, etc. There is a frequent problem of unauthorized copying of media.

  There is CPRM (Content Protection for Recordable Media) as a standard for realizing protection of content stored in a recording medium. CPRM provides a system in which content is encrypted and stored in an information recording medium, and only a user device having a valid content usage right can obtain a key to be applied to decryption of the encrypted content.

  A device that directly executes data reading or recording from an information recording medium storing content is a drive device that is loaded and driven by an information recording medium, and that reads data from the information recording medium from a drive for reproduction or information recording It is an application such as a PC connected to the drive that generates the write data for the medium and outputs it to the drive.

  In CPRM, for example, mutual authentication processing between an execution application on a PC and a drive is performed so that unauthorized content exploitation or copying is not performed in data reproduction or recording processing executed in cooperation by such a drive and a PC application. The sequence is defined.

  However, content input to or output from the PC is performed via various connection devices (also called back-end devices) such as a device connected to the PC, such as a tuner, a video card, a sound card, a digital interface, and an analog interface. Often executed.

  In such a case, the output content from the information recording medium or the path of the input content to the information recording medium includes three elements: a drive, a PC application, and a connected device.

  CPRM defines an authentication sequence between a drive and an application that executes playback or recording processing, and provides a system that performs data processing on the condition of mutual authentication between the two parties. The technical means for ensuring the reliability between the connected devices that execute is not defined. Also, technical means for ensuring the security of the data transfer path between the application and the connected device are not specified.

  Therefore, there is a problem that there is a possibility that unauthorized acquisition and unauthorized use of content other than the part defined in CPRM, such as data exploitation in the data transfer path between the application and the connected device, may occur.

  This problem will be described with reference to the drawings. FIG. 1 shows a drive 12 that drives a disk 11 and executes writing or reading of data on the disk 11, an application 13 that is executed in a host such as a PC, and various connection devices 14 to 18. FIG. 1A shows data reproduction processing from the disk 11, and FIG. 1B shows data recording processing.

  The connection device is configured by, for example, a DTCP I / F 14 that is an input / output interface for digital AV data in accordance with the DTCP (Digital Transmission Content Protection) standard, a graphics card 15, a sound card 16, a tuner card 17, an AV capture card 18, and the like. .

  In the data reproduction process from the disk 11 shown in FIG. 1A, read data from the disk is output from the drive 12 to the application 13 via a connection bus such as an ATAPI bus. The application 13 is a data reproduction application program executed by a PC as a host, for example, and executes reproduction control processing including decoding processing of data input from the drive 12.

  The processing result data in the application 13 is output to various connection devices 14 to 16 connected by a host internal bus such as PCI (Peripheral Component Interconnect) or AGP (Accelerated Graphics Port), or by a USB or IEEE 1394 bus, for example. The processing is performed in each device and output to a speaker or a display or output via a network.

  Here, mutual authentication defined in CPRM is executed between the drive 12 and the application 13, and the communication data between the drive 12 and the application 13 is transferred after confirming that it is an authorized partner. Therefore, it can be said that the possibility that data is illegally exploited and used during this period is low. However, the authentication process or the like between the application 13 and the connection devices 14 to 16 is not defined in CPRM, and there is no guarantee that the data transfer between the application 13 and the connection devices 14 to 16 is maintained in a secure state. . Therefore, there is a possibility that data is exploited and illegally used during data transfer or data processing between the application 13 and the connected devices 14 to 16.

  The same applies to content recording on the disc of FIG. 1B. For example, copyright management content is input via the tuner card 17 or the like as a connected device, and is input to the drive 12 via the application 13. In the process of writing data, there is a possibility that data is exploited and illegally used during data transfer or data processing between the application 13 and the connected devices 14, 17, 18.

  With reference to FIG. 2, an example of unauthorized use of content at the time of data input via a connected device will be described.

  In the example of FIG. 2, an unauthorized application is executed on a host such as a PC, and data input via a connected device is illegally stored in the hard disk 31, the data is decoded by the codec 32, and is used for reproduction. An example of unauthorized use that is output to the outside via the terminal 33 is shown.

  When the original legitimate content input process is performed and the legitimate application is executed on the PC as the host, the copyright management content input from the connected devices 14 to 18 is transferred from the connected device to the legitimate application. Further, writing to the disk is performed via the drive.

  However, as described above, in CPRM, although a secure data transfer scheme based on mutual authentication processing is established between the application and the drive, there is a legitimate drive ahead of the application on the connected device side. There is no way to confirm that. Therefore, there is room for the unauthorized application 21 in the host (PC) to receive the data output from the connected device to the application side and to use it illegally.

  In order to prevent such unauthorized use of content, mutual authentication is performed between the three elements of the drive, the application, and the connected device. It is necessary to set a guaranteed state and then perform data reproduction from the disk and data writing to the disk.

  However, as shown in FIG. 3, there may be a plurality of connection devices connected to a legitimate application 55 executed on the host (PC), and the drives are also drive A52 and drive B54 as shown in the figure. There may be multiple such as In some cases, different disks 51 and 53 are mounted in the respective drives, and each process, for example, a process of writing data read from one disk 51 to the other disk 53 is performed.

  In this way, when there are a large number of drives 52 and 54 and connection devices 14 to 18 for inputting / outputting data to / from the application 55, in addition to the applications A and B shown in FIG. It is necessary to execute authentications a to e between devices and authentications f to o between each drive and each connected device, which increases the load of authentication processing to be executed before the start of data processing.

  The present invention has been made in view of the above-described problems, and enables efficient processing of authentication processing among the three elements of the drive, the application, and the connected device, and has confirmed the reliability between the elements. Later, as a configuration to execute data transfer processing between elements and data processing in each element, it was possible to prevent unauthorized use of content by enabling data transfer and data processing with sufficient security An object is to provide an information processing apparatus, an authentication processing method, and a computer program.

The first aspect of the present invention is:
A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; An information processing apparatus having a connection device connected to the host and executing data input / output with the host;
Each of the host, drive, and connection device has a data processing unit,
The drive and the data processing unit of the connected device are:
In this configuration, mutual confirmation processing between the drive and the connected device is executed via the host, and in the mutual confirmation processing, identification information corresponding to an application or device approved by the management center is stored. The sequence number certificate stored in its own memory in both the drive and the connected device is executed by executing the mutual presentation process of the sequence number certificate that stores the sequence number set in the certification group certificate that is a certified certificate. And a sequence number of a certificate presented by a verification partner, and a verification process is performed using a match of these sequence numbers as an authentication condition.

  Furthermore, in one embodiment of the information processing apparatus according to the present invention, the mutual confirmation process between the drive and the connected device includes data including a sequence number certificate and a generated random number held by the drive and the connected device, and the data. It is a process including transmission / reception and verification processing of a query and a response including signature data for.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the mutual confirmation process between the drive and the connected device is executed as a process including a validity confirmation process of a confirmation counterpart device based on the authorized group certificate. It is characterized by being.

  Furthermore, in an embodiment of the information processing apparatus according to the present invention, the host executing the application performs data including the sequence number certificate and a random number in the mutual confirmation process between the drive and the connected device, and the data Receiving the query including the signature data from a plurality of connected devices or drives, generating a query list including the plurality of received queries, and transmitting the query to a single device for executing a confirmation process; The list receiving device is configured to execute processing for verifying the query list and collectively determine whether authentication is possible for a device that generates each query.

  Further, in an embodiment of the information processing apparatus of the present invention, the query list receiving device is included in the sequence number certificate match confirmation stored in a plurality of queries included in the query list, and included in the query list. Confirmation of matching of random numbers stored in multiple queries, confirmation of tampering by signature verification of at least one query included in the query list, authentication of the query generation device included in the query list based on each of the above confirmation processes It is the structure which performs the process which collectively determines the propriety of this.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the query list receiving device transmits a response to which the signature data for the query list is added to the query transmitting device, and the device receiving the response receives the response. It is characterized in that the determination of whether or not authentication is possible is performed by verifying the signature.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the mutual confirmation process between the drive and the connected device includes the establishment of mutual authentication between the drive and the application, and the mutual authentication between the application and the connected device. The mutual authentication process between the drive and the application and the mutual authentication process between the application and the connected device are performed by a verification process of the authenticity of the authentication partner based on the certification group certificate. It is the structure performed as processing including this.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the information processing apparatus executes a distribution process of the sequence number certificate to each of the host, the drive, and the connected device, and after the distribution process, the drive And the mutual confirmation process between the connected devices.

Furthermore, the second aspect of the present invention provides
A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; An authentication processing method in an information processing apparatus having a connection device connected to a host and executing data input / output with the host,
A mutual confirmation processing step for executing mutual confirmation processing between the drive and the connected device via the host;
The mutual confirmation processing step includes
The sequence number certificate that stores the sequence number set in the certification group certificate, which is the certificate that stores the identification information corresponding to the application or device that has been validated by the management center, is mutually presented between the verification devices. A certificate presentation step;
A collation step of performing a collation between the sequence number of the sequence number certificate stored in its own memory in both the drive and the connected device, and the sequence number of the certificate presented by the verification partner;
And a step of executing a confirmation process using the match of the sequence number in the collating step as an authentication condition.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the mutual confirmation processing step between the drive and the connected device includes data including a sequence number certificate and a generated random number held by the drive and the connected device, The present invention is characterized in that the processing includes transmission and verification processing of a query and response including signature data for the data.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the mutual confirmation processing step between the drive and the connected device includes a validity confirmation processing step of a confirmation counterpart device based on the authorized group certificate, To do.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the mutual confirmation processing step between the drive and the connected device is performed by the host executing the application including data including the sequence number certificate and a random number, and the data Receiving a query including signature data for a plurality of connected devices or drives, and generating a query list including the plurality of received queries and transmitting the query to a single device in a host executing the application And a step of executing, in the query list receiving device, verification processing of the query list to collectively determine whether or not each query generating device can be authenticated. .

  Furthermore, in an embodiment of the authentication processing method of the present invention, the query list receiving device is included in the sequence number certificate match confirmation stored in a plurality of queries included in the query list, and included in the query list. Confirmation of matching of random numbers stored in multiple queries, confirmation of tampering by signature verification of at least one query included in the query list, authentication of the query generation device included in the query list based on each of the above confirmation processes It is characterized in that a process for collectively determining whether or not the above is possible is executed.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the authentication processing method further includes: a response generated by adding signature data to the query list in the query list receiving device to the query transmitting device. A step of transmitting, and a step of performing authentication determination by signature verification on the response in the device that has received the response.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the authentication processing method further includes a step of performing mutual authentication between the drive and the application, and performing mutual authentication between the application and the connected device. And the mutual authentication process between the drive and the application and the mutual authentication process between the application and the connected device are executed as a process including a verification process of the authenticity of the authentication partner based on the certification group certificate. It is a step, and the mutual confirmation processing between the drive and the connected device is performed on condition that the authentication is established.

  Furthermore, in an embodiment of the authentication processing method of the present invention, the authentication processing method further includes a step of executing distribution processing of the sequence number certificate to each of the host, the drive, and the connected device, and the sequence After the distribution process of the number certificate, a mutual confirmation process between the drive and the connected device is executed.

Furthermore, the third aspect of the present invention provides
A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; A computer program for executing authentication processing in an information processing apparatus having a connection device connected to a host and executing data input / output with the host,
A mutual confirmation processing step for executing mutual confirmation processing between the drive and the connected device via the host;
The mutual confirmation processing step includes
The sequence number certificate that stores the sequence number set in the certification group certificate, which is the certificate that stores the identification information corresponding to the application or device that has been validated by the management center, is mutually presented between the verification devices. A certificate presentation step;
A collation step of performing a collation between the sequence number of the sequence number certificate stored in its own memory in both the drive and the connected device, and the sequence number of the certificate presented by the verification partner;
And a step of executing an authentication process using a match of sequence numbers in the verification step as an authentication condition.

  The computer program of the present invention is, for example, a recording medium or a communication medium provided in a computer-readable format to a computer system that can execute various program codes, such as a CD, FD, or MO. It is a computer program that can be provided by a recording medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  According to the configuration of the present invention, the authentication of the three elements of the drive, the application, and the connected device is executed in the data recording and reading process via the three elements of the drive, the application, and the connected device. The mutual authentication process between the drive and the connected device is executed via a host that executes the application, and in this authentication process, a certificate storing identification information corresponding to an application or a device that has been validated by the management center. The sequence number certificate that stores the sequence number set in the certification group certificate is mutually presented between the authentication devices, and both devices match the sequence number of the sequence number certificate stored in their own memory. Since it is configured to perform confirmation processing, even if data recording or reading processing is performed via the three elements of the drive, application, and connected device, unauthorized use of content by authentication between the drive and the connected device Eliminate routes that enable Can be, data transfer and data processing while ensuring sufficient security can be realized.

  Furthermore, according to the configuration of the present invention, in the configuration in which data transfer and data processing are performed between the drive, the application, and the connected device, the data is processed between the drive, the application, and the connected device before the data processing by the application. Perform authentication. The mutual authentication includes (1) sequence number certificate sharing processing, (2) authorized group certificate (AGC) distribution processing, (3) drive-application mutual authentication, and application-connected device mutual authentication processing, (4) By executing each process of the drive-connected device mutual confirmation process, mutual authentication among all of the drive, application, and connected device is executed, and the reliability of the three parties is confirmed. Or data acquisition from the data transfer path of each device can be eliminated, and highly secure data processing is realized.

  Furthermore, according to the configuration of the present invention, in the drive-connected device mutual confirmation process, the host receives a query including data including a sequence number certificate and a random number and signature data for the data from a plurality of connected devices or drives. Then, a query list including the plurality of received queries is generated and transmitted to one device that executes the authentication process. The query list receiving device executes a query list verification process to each query generating device. Since the process for collectively determining whether authentication is possible or not is performed, an efficient authentication process is realized even in a structure in which a plurality of devices are connected.

  Furthermore, according to the configuration of the present invention, the device that generated the query receives the response with the signature added from the query list receiving device, and the authentication is completed only by verifying the response. That is, the query list receiving device transmits a response on the condition that all the query transmission devices are authenticated based on the list. If a response is received, it is included in the query list included in the response. This is because all devices are guaranteed to be trusted devices. As described above, according to the configuration of the present invention, it is possible to execute an efficient and reliable authentication process even in an environment where a large number of connected devices and drives are set.

Details of the information processing apparatus, authentication processing method, and computer program of the present invention will be described below with reference to the drawings. The description will be made sequentially for the following items.
1. 1. Details of information processing apparatus configuration and stored data including drive, application, and connection device 2. Basic authentication processing among drives, applications and connected devices 3. Authentication processing in a configuration having a plurality of drive devices or a plurality of connection devices Example of hardware configuration of information processing apparatus, drive, and connection device as application execution apparatus

[1. Details of configuration of information processing apparatus having drive, application and connected device and stored data]
First, the configuration of an information processing apparatus to which the present invention can be applied will be described with reference to FIG. The present invention drives output content from an information recording medium (disc) 101 or an element that becomes a path of input content to the information recording medium (disc) 101, that is, the information recording medium 101, and executes data writing or reading processing. Executed in an information processing apparatus having three elements: a drive 102, an application 103 that is executed by a host device such as a PC that performs data input / output with the drive 102, and a connection device 104 that performs data input / output with the application Is done. In the following embodiments, an example in which a disk type recording medium is applied as an example of an information recording medium will be described. However, the configuration of the present invention is applied to a recording medium of another aspect such as a flash memory other than the disk type. Is also possible.

  The connection device 104 is, for example, a DTCP I / F that is an input / output interface for digital AV data according to the DTCP (Digital Transmission Content Protection) standard, a graphics card, a sound card, a tuner card, an AV capture card, and other various devices. Yes, all devices that perform data input / output with the application 103 are included.

  As a data transfer bus between the drive 102, the application 103, and the connection device 104, an ATAPI bus or a host such as a PC executing the application 103 such as Peripheral Component Interconnect (PCI) or Accelerated Graphics Port (AGP) is used. Various data transfer buses such as an internal bus, for example, a USB bus and an IEEE1394 bus can be applied.

  In FIG. 4, the drive 102 and the connection device 104 are each shown as one box. However, in the present invention, a plurality of drives and connection devices that execute data input / output with the application 103 exist. Is also applicable. In particular, by applying the present invention to a configuration in which a large number of drives and connection devices are connected to an application, more efficient authentication processing and data processing can be performed. Details of these processing sequences will be described later.

  By applying the present invention, reproduction and output processing of data read from the information recording medium 101 on condition that the reliability of all elements existing in the data path via the drive 102, the application 103, and the connection device 104 is confirmed. Alternatively, since the data input from the outside via the connection device 104 is written to the information recording medium (disk) 101, these data processing can be executed securely.

  Information held by the information recording medium (disk) 101, the drive 102, the application 103, and the connection device 104 will be described with reference to FIG.

  Each of the drive 102, the application 103, and the connected device 104 stores a public key certificate (PKC: Public Key Certificate) storing a public key according to a public key cryptosystem and a secret key (KS). As shown in the figure, the drive 102 holds the public key certificate (PKC-D) and private key (KS-D) of the drive 102, and the application 103 has the public key certificate (PKC-Ap) of the application 103, The connection device 104 holds a secret key (KS-ApD), and the connection device 104 holds a public key certificate (PKC-B) and a secret key (KS-B) of the connection device 104.

  The information recording medium 101, the drive 102, and the application 103 store a sequence number certificate (SNC: Sequence Number Certificate) in addition to a public key certificate (PKC) and a private key (KS).

  Furthermore, the information recording medium 101 and the application 103 store an authorized group list (AGL :: Authorized Group List). The authorized group list (AGL :: Authorized Group List) is a list that stores a plurality of authorized group certificates (AGC).

Each of these certificates, ie
Public key certificate (PKC),
Accredited Group Certificate (AGC) and Accredited Group List (AGL),
Sequence number certificate (SNC)
Will be described with reference to FIG. FIG. 6A shows the common configuration of each certificate, and FIG. 6B is a diagram for explaining the correspondence between the type information set in each certificate and the certificate.

As shown in FIG. 6A, a public key certificate (PKC), an authorized group certificate (AGC), and a sequence number certificate (SNC) are all
(A) Certificate type (Certificate Type)
(B) Certificate data (Certificate Data)
(C) Electronic signature (Signature)
Each data is stored.

(A) As shown in FIG. 6B, the certificate type (Certificate Type) is
1: Public key certificate (PKC),
2: Accredited group certificate (AGC),
3: Sequence number certificate (SNC)
As described above, a different type number is set for each certificate. It is possible to determine which certificate is based on the type number.

  (B) The certificate data (Certificate Data) stores data corresponding to each of the public key certificate (PKC), the certification group certificate (AGC), and the sequence number certificate (SNC). Details thereof will be described with reference to FIG.

  (C) The electronic signature (Signature) is signature data generated by applying the digital signature of the management center as the issuing entity of each certificate, that is, the secret key of the management center. (A) Certificate type (Certificate Type) and (b) certificate data (Certificate Data) are generated by applying the secret key of the management center.

  Based on the signature data, it is possible to verify the falsification of the certificate. That is, it is possible to verify the falsification of a certificate by applying the public key of the management center that has been made public.

  Details of the certificate data stored in each certificate will be described below with reference to FIGS. First, the data structure of a public key certificate (PKC) will be described with reference to FIG.

  FIG. 7A shows an example of certificate data of a public key certificate (PKC). FIG. 7B shows a data configuration example of a public key certificate (PKC) to which elliptical encryption is applied.

  As shown in FIG. 7A, the certificate data of the public key certificate (PKC) includes a certificate ID, a public key, and other information. For example, the drive 102 receives a public key certificate (PKC-D) storing a public key corresponding to the drive 102 from the management center, and the drive stores and holds it in the memory. A secret key (KS-D) corresponding to the public key is also provided. A public key certificate (PKC) and a private key pair are also provided to the application 103 and the connected device 104, respectively, and are stored in respective memories.

  The public key certificate (PKC) is data that is permitted to be published, and is output in response to a request from another device, for example. The device that has received the public key certificate of another device performs falsification verification of the public key certificate based on the signature of the management center added to the received public key certificate, and the validity of the received public key certificate After confirming, obtain the public key from the public key certificate. Note that the falsification verification of the public key certificate based on the signature of the management center is executed by applying the public key of the management center. The public key of the management center is also disclosed data, and can be received via a network or a recording medium using, for example, data stored in advance in the nonvolatile memory of the drive 102, the application 103, the connection device 104, or the like. .

  The drive 102, the application 103, and the connection device 104 are provided with a secret key together with a public key certificate that stores a public key corresponding to each device or application. That is, a public key certificate (PKC) and private key pair are provided and stored in their respective memories. The public key certificate storing the public key is data that is permitted to be disclosed, but the private key is securely held in each device so as not to be leaked to the outside.

  FIG. 7B shows a data configuration example of a public key certificate (PKC) to which elliptical encryption is applied. The certificate type (Certificate Type = 1) described with reference to FIG. 6B, the certificate ID (Certificate ID) described with reference to FIG. 7A, and the public key (Public Key) are stored. An electronic signature (Signature) generated by applying the secret key of the management center is set corresponding to the stored data.

  FIG. 8 shows the data structure of (a) authorized group certificate (AGC) data, (b) an example of authorized group certificate (AGC) data to which elliptical encryption is applied, and (c) an authorized group list (AGL). Yes. As described above, (c) the authorized group list (AGL) is set as a list storing a plurality of authorized group certificates (AGC).

  First, (a) authorized group certificate (AGC) data will be described. (A) The authorized group certificate (AGC) data includes [authorized group certificate (AGC) data length], [authorized group certificate (AGC) sequence number], [first to final certificate ID], [authorized] Public key certificate information].

  An authorized group certificate (AGC) is a certificate given to a legitimate content-using device or application approved by the management center, which is a content management entity, and includes a plurality of individual certificate IDs corresponding to each device or application. The certificate is stored and added with the electronic signature of the management center, and is set as a certificate that is difficult to tamper with. Certification group certificate (AGC) is, for example, certification group certificate (AGC) for drive, certification group certificate (AGC) for application, certification group certificate (AGC) corresponding to manufacturer A equipment, Set for various groups.

  The authorized group certificate (AGC) data shown in FIG. 8A is certificate data corresponding to a certain group, and stores the certificate ID of each device or application as the issue destination of the certificate belonging to the group. Is done. This is [first to final certificate ID] in the certificate data of FIG. Furthermore, [authorized public key certificate information] corresponding to the devices or applications belonging to the group is stored. [Authorized public key certificate information] is set as information with which the validity of the public key certificate provided to the device or application belonging to the group can be confirmed.

  When a device or application performs mutual authentication with another device or application, it is necessary to obtain the other party's public key certificate, but it is based on [Authorized Public Key Certificate Information]. Thus, the validity of the other party's public key certificate can be confirmed.

  The authorized group certificate (AGC) is appropriately updated in the management center when a device or application as a member of the group is changed, and a new authorized group certificate (AGC) is issued. [Authorized group certificate (AGC) sequence number] is a different number set for each update. For example, a sequence number with a numerical value increased for each update process is set.

  This sequence number corresponds to [AGL sequence number] set in the authorized group list of FIG. The certification group list stores a plurality of certification group certificates (AGC), and [certification group certificate (AGC) sequence number] corresponding to [AGL sequence number] set in the certification group list is displayed in the list. Are set in all the certification group certificates (AGC) stored in

  For example, the application 103 shown in FIG. 5 has [AGL sequence number] of the authorized group list (AGL-Ap) held in its own memory and [AGL sequence number of the authorized group list stored in the information recording medium 101. ] And the newer one is stored in the memory to update the authorized group list (AGL-Ap). These specific processing sequences will be described later.

  FIG. 8B shows an example of authorized group certificate (AGC) data to which elliptical encryption is applied. The certificate type (Certificate Type = 2) described with reference to FIG. 6B, [Accredited group certificate (AGC) data length], [Accredited group certificate (described above) with reference to FIG. AGC) Sequence Number], [First to Last Certificate ID], [Authorized Public Key Certificate Information] are stored, and an electronic signature generated by applying the secret key of the management center corresponding to these stored data (Signature) is set.

  FIG. 8C shows an authorized group list (AGL) stored in the information recording medium 101 and the host (PC) that executes the application 103. The authorized group list (AGL) is a list in which the authorized group certificate (AGC) is stored as described above. As described above, the certification group certificate (AGC) is issued corresponding to various groups, and the certification group list (AGL) is configured as a list of these various certification group certificates (AGC).

  The authorized group list (AGL) is updated at any time in the management center when various changes occur, such as new issuance or invalidation of a group certificate (AGC). [AGL sequence number] is a different number set for each update. For example, a sequence number with a numerical value increased for each update process is set. This sequence number corresponds to the [authorized group certificate (AGC) sequence number] stored in the aforementioned authorized group certificate (AGC).

  As described above, the application 103 performs a process of updating the authorized group list (AGL) stored in its own memory as needed. For example, if the [AGL sequence number] of the authorized group list (AGL) acquired from the information recording medium 101 is larger than the authorized group list (AGL) held by itself, the authorization held by itself It is determined that it is newer than the group list (AGL), the list stored in the memory is discarded, and a new list acquired from the information recording medium 101 is stored. Details of this processing sequence will be described later.

The authorized group list shown in FIG. 8C stores authorized group certificate (AGC) data [AGC_1 to AGC_n] corresponding to each group. For example, each category such as the drive 102, the application 103, and the connected device is stored. The certification group certificate (AGC) corresponding to is stored. In particular,
Certified group certificate for drive = [AGC-D]
Applicable certification group certificate = [AGC-AP]
Connected device certification group certificate = [AGC-B]
Etc.

  FIG. 9 is a diagram for explaining the sequence number certificate (SNC). FIG. 9A shows the certificate data configuration of the sequence number certificate (SNC), and FIG. 9B shows an example of the data configuration of the sequence number certificate (SNC) to which elliptical encryption is applied.

  As shown in FIG. 9A, [certified group list (AGL) sequence number] is stored in the certificate data of the sequence number certificate (SNC). The sequence number certificate (SNC) is an [authorized group list (AGL) sequence number] corresponding to the latest authorized group list (AGL) issued at that time.

  The drive 102 and the application 103 use the [certified group list (AGL) sequence number] of the sequence number certificate (SNC) stored in its own memory and the sequence number certificate (from the information recording medium 101 and other devices). The [Authorized Group List (AGL) Sequence Number] stored in the SNC) is compared, and the [Authorized Group List (AGL) Sequence Number] of the Sequence Number Certificate (SNC) stored in its own memory is old. If it is found, a newer sequence number certificate (SNC) is obtained and stored in the memory.

  In the mutual authentication process, an authentication process based on an authorized group certificate (AGC) corresponding to a newer sequence number certificate (SNC) is executed. That is, an authorized group list (AGL) set with a sequence number corresponding to [authorized group list (AGL) sequence number] stored in the latest obtainable sequence number certificate (SNC) is obtained, and the sequence is obtained. Based on the authorized group certificate (AGC) corresponding to the number, the validity of the device or application is determined. A detailed sequence of this process will be described later.

  FIG. 9B shows a data configuration example of a sequence number certificate (SNC) to which elliptical encryption is applied. [Authorized Group List (AGL) Sequence Number] described with reference to FIG. 6B is stored, and an electronic signature (Signature) generated by applying the secret key of the management center corresponding to the stored data Is set.

[2. Basic authentication process between drive, application and connected device]
Next, an authentication processing sequence executed in the drive 102, the application 103, and the connected device (back-end device) 104 will be described with reference to FIG.

  First, a basic sequence when there is one drive 102, one application 103, and one connected device 104 will be described with reference to FIG.

As shown in FIG. 10, the authentication processing sequence executed between the drive, the application, and the connected device is roughly composed of the following four steps.
(1) Sequence number certificate sharing step (step S100)
(2) Authorized group certificate (AGC) distribution step (step S120)
(3) Drive-application mutual authentication and application-connected device mutual authentication step (step S130)
(4) Drive-connected device mutual confirmation step (step S150)

(1) In the sequence number certificate sharing step (step S100), for example, the latest sequence number certificate (SNC) stored on the disk is stored in the memory by the drive, application, and connected device, and is common to all devices. This is a process of sharing a sequence number certificate.
(2) The authorization group certificate (AGC) distribution step (step S120) is an authorization group in which an application stores an authorization group certificate (AGC) having a sequence number corresponding to a sequence number certificate shared by all devices. In this process, an authorized group certificate (AGC-Ap) corresponding to the group to which the application belongs is extracted from the list and sent to the drive and the connected device.
(3) The drive-application mutual authentication and the application-connected device mutual authentication step (step S130) are steps for executing mutual authentication between the drive and the application and mutual authentication between the application and the connected device, respectively. .
(4) The drive-connected device mutual confirmation step (step S150) is a mutual authentication step executed between the drive and the connected device via an application.

  In FIG. 10, the data shown in bold lines, ie, the drive sequence number certificate (SNC-D), the application sequence number certificate (SNC-Ap), and the authorized group list (AGL-Ap) are This indicates that the data is stored in a nonvolatile memory. Other data is data that may be temporarily stored, and may be stored in either volatile or non-volatile memory.

Hereinafter, a detailed sequence of each process corresponding to the above (1) to (4) will be described.
First,
(1) Sequence number certificate sharing step (step S100)
(2) Authorized group certificate (AGC) distribution step (step S120)
Details of the processing sequence will be described with reference to FIG.

  Each processing step shown in FIG. 11 will be described. First, in step S101, the drive detects the loading of the disk, and in step S102, the sequence number certificate (SNC-DISC) recorded on the disk is read and acquired.

  In step S103, the drive compares the sequence number of the sequence number certificate (SNC-D) stored in the memory in the drive with the sequence number of the sequence number certificate (SNC-DISC) obtained from the disk, The sequence number certificate (SNC-DISC) obtained from the disc is larger than the sequence number of the sequence number certificate (SNC-D) stored in the memory in the drive, that is, the sequence number certificate obtained from the disc. If (SNC-DISC) is newer, a data update process is executed to replace the sequence number certificate (SNC-D) stored in the memory with the sequence number certificate (SNC-DISC) obtained from the disk. And to set as a new drive corresponding sequence number certificate (SNC-D).

  In step S104, when the application detects that a disk is loaded by a notification from the drive, the application outputs a drive-related sequence number certificate (SNC-D) acquisition request to the drive in step S105. .

  In step S106, the drive transmits the updated sequence number certificate (SNC-D) to the application. In step S107, the application detects the sequence number certificate (SNC-Ap) corresponding to the application stored in the memory of the host device (such as a PC) that executes the application and the sequence number certificate (SNC) obtained from the drive. The sequence number of the sequence number certificate (SNC-Ap) stored in the memory of the application execution device (host) is compared with the sequence number of -D). If the sequence number is larger than the sequence number, that is, the sequence number certificate (SNC-D) obtained from the drive is newer, the sequence number certificate (SNC-Ap) stored in the memory is retrieved from the drive. Running the sequence number certificate (SNC-D) to replace data update processing, it sets this as a new application corresponding sequence number certificate (SNC-Ap).

  Further, in step S108, the application includes the sequence number recorded in the application-compatible sequence number certificate (SNC-Ap) updated in step S107, and the application-compatible authorized group stored in the memory of the host device that executes the application. The sequence number set in the list (AGL-Ap) is compared, and the sequence number set in the authorized group list (AGL-Ap) is recorded in the updated application corresponding sequence number certificate (SNC-Ap) If it is older than the sequence number, in step S109, a new certification group list (AGL) for the drive, that is, the updated application corresponding sequence number certificate (SNC- To request a certification group list (AGL) with a sequence number corresponding to the recorded sequence number to p).

  In response to a request from the application, the drive reads an authorized group list (AGL) from the disk in step S110, and transmits it to the application in step S111.

  In step S112, the application stores the authorized group list (AGL) obtained from the disk via the drive in the memory of the host, updates the authorized group list (AGL), and includes the application from the authorized group list (AGL). An authorized group certificate (AGC-Ap) corresponding to the group is selected and transmitted to the drive.

  Further, in step S113, the application transmits the application-corresponding sequence number certificate (SNC-Ap) previously updated in step S107 to the connected device. Further, in step S114, the application previously transmits to the connected device in step S112. An authorized group certificate (AGC-Ap) corresponding to the group including the application is selected from the updated application authorized group list (AGL-Ap), and this is transmitted to the drive.

By this processing, the processing of steps S100 and S120 shown in FIG. 10, that is, (1) sequence number certificate sharing step (step S100)
(2) Authorized group certificate (AGC) distribution step (step S120)
This process ends.

  By completing this process, all drives, applications, and connected devices have a common sequence number certificate, and both drives and connected devices have an authorized group certificate (AGC-Ap) corresponding to the group that contains the application. The application will own an authorized group list (AGL-Ap). The authorized group list (AGL-Ap) owned by the application includes not only the authorized group certificate (AGC-Ap) corresponding to the group including the application but also the authorized group certificate (AGC) corresponding to the group including the drive. -D) and an authorized group certificate (AGC-B) corresponding to the group containing the connected device will be included and owned.

Next, in step S130,
(3) Drive-application mutual authentication (step S131) and application-connected device mutual authentication (step S132) are executed.

  This processing sequence will be described with reference to FIG. FIG. 12 is a diagram for explaining the sequence of drive-application mutual authentication (step S131). The application-connected device mutual authentication (step S132) is also executed by the same processing sequence.

  Each step of the authentication process of FIG. 12 will be described. In step S135, the host application transmits the challenge data [C_ap1] generated by the random number generation process and the public key certificate [Cert_apl] to the drive.

  In step S136, the drive side that has received this data verifies the validity of the public key certificate [Cert_apl] by the signature verification process of the public key certificate [Cert_apl]. The signature verification process is executed by applying the public key of the management center held by the drive.

  When the validity of the public key certificate [Cert_apl] is verified, an application ID or public key certificate ID is obtained from the public key certificate [Cert_apl], and an authorized group certificate (AGC) corresponding to the group including the application is obtained. -It is determined whether the ID is registered in Ap). If it is a registered ID, the application is determined to be a valid application.

  If the validity of the public key certificate [Cert_Apl] is not confirmed, or if the application ID is not registered in the authorized group certificate (AGC-Ap) and the application is found to be invalid, an error occurs. Execute message notification, etc., and end the process. Subsequent data processing is stopped.

  When the validity of the public key certificate [Cert_Apl] is confirmed and it is confirmed that the host application is a valid application, in step S137, the drive generates challenge data [ C_drive] and the public key certificate [Cert_drive] on the drive side are transmitted.

  The host application verifies the validity of the public key certificate [Cert_drive] through signature verification processing of the public key certificate [Cert_drive] on the drive side. The signature verification process is executed by applying the public key of the management center held by the drive.

  When the validity of the public key certificate [Cert_drive] is verified, a drive ID or public key certificate ID is obtained from the public key certificate [Cert_drive], and an authorized group certificate (AGC) corresponding to the group including the drive is obtained. -D) It is determined whether or not the ID is registered. If it is a registered ID, the drive is determined to be a valid drive.

  If the validity of the public key certificate [Cert_drive] is not confirmed, or if the drive ID is not registered in the authorized group certificate (AGC-D) and the drive is found to be invalid, an error occurs. Execute message notification, etc., and end the process. Subsequent data processing is stopped.

  When the validity of the drive is confirmed, the host application executes an operation based on the challenge data [C_drive] received from the drive, calculates the parameter [A_Apl], and drives the drive together with the newly generated random number [R_Apl]. (Step S139).

  On the other hand, the drive executes an operation based on the challenge data [C_ap1] received from the host application, calculates the parameter [A_drive], and transmits it to the host application together with the newly generated random number [R_drive] (step S140).

  By this process, both the drive and the host application share the random numbers [R_apl], [R_drive], the parameters [A_apl], and [A_drive]. Both the drive and the host application share these shared data. Based on this, a common session key Ks is generated (step S141).

  Thus, mutual authentication between the drive and the application ends, and session key sharing ends.

  Note that a sequence similar to this processing sequence is executed between the application and the connected device. In the authentication process between the application and the connected device, the application checks the validity of the connected device with reference to the authorized group certificate (AGC-D) set corresponding to the group of connected devices, and the connected device. Confirms the legitimacy of the application with reference to the certification group certificate (AGC-Ap) corresponding to the application.

  If the validity is mutually confirmed, mutual authentication is established and a session key sharing process is performed. If the validity is not confirmed in either one, mutual authentication is not established and the session key is not shared.

  The above-described processing corresponds to the processing in step S131 and step S132 in FIG.

  Next, (4) a drive-connected device mutual confirmation step (step S150) is executed. This is a sequence number certificate mutual confirmation step executed between the drive and the connected device via the application.

  FIG. 13 is a diagram corresponding to the drive-connected device mutual confirmation step in step S150 of FIG.

  The details of the (4) drive-connected device mutual confirmation step will be described with reference to FIGS.

  First, in step S151, the drive generates a random number [RNG-D] and transmits it to the connected device. Note that communication between the drive and the connected device is executed via an application, and is transmitted as data transfer between the drive and the application and data transfer between the application and the connected device.

  When the connected device receives the random number [RNG-D] from the drive via the application, the connected device stores the random number [RNG-D], the random number [RNG-B] generated in the connected device, and further stores it in the memory of the connected device. Data [RNG-D‖Cert-B‖RNG-B‖SNC-B] of the public key certificate [Cert-B] and the sequence number certificate [SNC-B] is generated. Is applied with the secret key [KS-B] of the connected device, and the signature data [Sign-B] is added to the concatenated data. In step S153, this data is driven via the application. As a query [Query]. Note that [‖] above and [‖] shown in FIG. 10 indicate data concatenation processing.

When the drive receives the query data [RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B] from the connected device via the application, in step S154, the drive receives [ The sequence number set in the sequence number certificate [SNC-B] for the connected device included in RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B] It is verified whether or not it matches the sequence number set in the sequence number certificate [SNC-D].

  If the match of the sequence numbers is confirmed, the process proceeds to step S155. If the sequence number does not match, the subsequent processing is stopped.

  When the sequence numbers are confirmed to match and the process proceeds to step S155, the random number [RNG-D] included in the received data [RNG-DＮCert-B‖RNG-B‖SNC-B‖Sign-B] from the connected device. Is verified whether it matches the random number [RNG-D] generated by itself.

  If the match of the random numbers is confirmed, the process proceeds to step S156. If the random number match is not confirmed, the subsequent processing is stopped.

  When the match of the random numbers is confirmed and the process proceeds to step S156, the public key of the connected device is acquired from the public key certificate [Cert-B] of the connected device, the public key of the connected device is applied, and the data [RNG -D 有無 Cert-B‖RNG-B‖SNC-B‖Sign-B] The verification of the presence / absence of data tampering by signature verification is executed. If it is not confirmed that the data has not been tampered with, the subsequent processing is stopped.

  The procedure of the verification process from step S154 to step S156 may be interchanged. In the course of these verification processes, if the match of the sequence number certificate is not confirmed, or if the match of the random number is not confirmed, Alternatively, if it is not confirmed that there is no data falsification, a message indicating NG is notified to the application as shown in FIG. 13, the match of the sequence number certificate is confirmed, and the match of the random number is confirmed, If it is confirmed that there is no data falsification, a message indicating OK is notified to the application as shown in FIG. For example, the application may execute processing such as outputting the success or failure of verification of the connected device in the drive to the display.

In these verification processes, when all the verifications are successful, the drive concatenates the sequence number certificate [SNC-D] corresponding to its own drive to the query received from the connected device in step S157, Further, the digital signature data is generated by applying the secret key [KS-D] of the connected device to the concatenated data, and the signature data [Sign-D] is added to the concatenated data, and this data is obtained in step S158. ,
[RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B‖SNC-D‖Sign-D]
As a response [Response] to the connected device via the application.

  In step S159 and step S160, the connected device receives the public key certificate [Cert-D] of the drive and the certified group certificate [AGC-D] corresponding to the drive from the application. These data receiving processes may be executed at any timing before, during or after the mutual authentication between the two parties in step S130.

  In step S161, the connected device performs signature verification processing of the drive-compatible authorized group certificate [AGC-D] received from the application and signature verification processing of the drive public key certificate [Cert-D] received from the application. Execute and verify the validity of each certificate, that is, the presence or absence of falsification. The signature verification process is executed by applying the public key of the management center.

  When the validity of these certificates is confirmed and the drive authentication is completed through the registration confirmation of the certificate ID recorded in the public key certificate [Cert-D] in the authorization group certificate [AGC-D], step S162 is completed. Proceed to If it is determined that data has been tampered with or the drive has been revoked, the subsequent processing is stopped.

In step S162, the connected device sends a response [Response] received from the drive, that is,
Query data previously transmitted by the connected device to [RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B‖SNC-D‖Sign-D] [RNG-D‖Cert-B‖RNG -B 判定 SNC-B‖Sign-B] is determined.

  If the same query data as the transmission query is not included, the process is stopped. If the same query data as the transmission query is included, the process proceeds to the next process.

In step S163, the response [Response] received from the drive by applying the drive public key [KP-D] extracted from the public key certificate [Cert-D] of the drive whose validity has been confirmed, that is,
[RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B‖SNC-D‖Sign-D]
The signature verification process for is executed.

  If it is determined by this signature verification processing that the response [Response] received from the drive is valid, it is determined that authentication of the drive and the connected device has been established. If it is determined by the signature verification process that the response [Response] received from the drive is not valid, authentication is not established and the subsequent data processing is stopped.

  In the verification processing in step S162 and step S163, if the match between the data in the query and the response is not confirmed, or if it is not confirmed that there is no response data falsification, a message indicating NG as shown in FIG. 13 is displayed. When it is notified to the application, and it is confirmed that the data in the query and the response match and it is confirmed that there is no response data falsification, a message indicating OK is notified to the application as shown in FIG. For example, the application may execute processing such as outputting the success or failure of the verification of the drive in the connected device to the display.

As described above, in the authentication process of the present invention,
(1) Sequence number certificate sharing step (step S100)
(2) Authorized group certificate (AGC) distribution step (step S120)
(3) Drive-application mutual authentication and application-connected device mutual authentication step (step S130)
(4) Drive-connected device mutual confirmation step (step S150)
By executing each step of the above, mutual authentication between all of the drive, application, and connected device is executed, and after the reliability of the three parties is confirmed, the data processing is executed. It is impossible to intervene in applications or obtain data from the data transfer path of each device, and data processing with high security is realized.

  Next, processing sequences of the application, the drive, and the connected device in the above-described three-party authentication process will be described with reference to FIGS.

  First, processing of a host that executes an application will be described with reference to the flow of FIG. First, in step S501, the activation of the application is confirmed. In step S502, when the information recording medium (disc) insertion information for the drive is received from the drive, mutual authentication between the drive and the application is started in steps S503 and S504. The session key is shared along with the validity confirmation (revocation status confirmation) based on the certification group certificate. The exchange of the revocation information is a distribution process of the authorized group certificate in step S120 in FIG. 10 (the process is shown in detail in FIG. 11). The mutual authentication process is the process of step S131 in FIG. 10, and is executed as a process according to the sequence shown in FIG.

  On the condition that mutual authentication between the application and the drive is established (step S505: Yes), the process proceeds to step S506. Steps S506 to S508 are mutual authentication processing between the application and the connected device, and the session key is shared together with the validity confirmation (revocation status confirmation) based on the authorization group certificate. The exchange of the revocation information is a distribution process of the authorized group certificate in step S120 in FIG. 10 (the process is shown in detail in FIG. 11). The mutual authentication process is the process of step S132 in FIG. 10, and is executed as a process according to the sequence shown in FIG.

  The processing after step S509 corresponds to the processing of step S150 in FIG. In step S509, the application requests the drive to transfer a random number. When the application receives the random number (S510: Yes), the application transfers the random number to the connected device (back end) in step S511.

  In step S512, the application requests the connected device (back end) to send a query, and the query from the connected device, that is, the query data described above: [RNG-DＮCert-B‖RNG-B‖SNC. -B‖Sign-B] is received (S510: Yes), it is transferred to the drive in step S514.

  In step S515, the application requests the drive to send a response. If it is determined in step S516 that a NG (error) report has been received from the drive side as a result of the query verification (S516: Yes), an error is determined in step S524, and the subsequent processing is stopped.

  If the drive side does not receive a report of NG (error) due to the verification of the query, or receives a report of OK (S516: No), the response from the drive, that is, the response data described above: [RNG -D‖Cert-B‖RNG-B‖SNC-B‖Sign-B‖SNC-D‖Sign-D] is received (S517: Yes), it is transferred to the connected device (back end) in step S518. To do.

  Furthermore, in step S519, the application sends a public key certificate [Cert-D] of the drive, which is data necessary for drive authentication in the connected device, and an authorized group certificate [AGC-D] corresponding to the drive to the connected device. Send.

  In step S520, when a report indicating that the response is NG (error) is received from the connected device side (S520: Yes), it is determined as an error in step S524, and the subsequent processing is stopped.

  If a report indicating NG (error) is not received from the connected device side due to verification of the response, or if a report indicating OK is received (S520: No), the process proceeds to step S521. In step S521, the ejection of the disc is detected. If the disc is ejected, the process returns to step S502. If the ejection of the disk is not detected, the process proceeds to step S522, where it is determined whether or not a connected device has been added. If it is determined that there has been an addition, the process from step S506 is executed on the added device.

  If no connection device is added, the process proceeds to step S523 to execute the application. Specifically, it is a process of reproducing read data from a disk inserted into the drive and a process of writing data to the disk, and is a process in which data transfer is performed via the drive, application, and connected device.

  Next, the processing sequence of the drive will be described with reference to FIG. In step S531, it is detected that an information recording medium (disc) has been inserted into the drive, and in step S532, a mutual authentication processing request is received from the host application side that executes content playback or recording processing on the bus-connected host side. In steps S533 to S535, mutual authentication between the drive and the application is started, and the session key is shared along with the validity confirmation (revocation status confirmation) based on the certification group certificate. The exchange of the revocation information is a distribution process of the authorized group certificate in step S120 in FIG. 10 (the process is shown in detail in FIG. 11). The mutual authentication process is the process of step S131 in FIG. 10, and is executed as a process according to the sequence shown in FIG.

  On the condition that mutual authentication between the application and the drive is established (step S535: Yes), the process proceeds to step S536. The processing after step S536 corresponds to the processing of step S150 in FIG. 10, that is, the processing shown in FIG.

  When a random number transfer request is received from the application in step S536, a random number [RNG-D] is generated and output in step S537. Next, when there is a query reception request in step S538, in step S539, a query from the connected device is received via the application: [RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B]. .

  Next, in step S540, the public key of the connected device is obtained from the public key certificate of the connected device included in the query, and signature verification of the query is executed. In step S541, the random number [RNG-D included in the query is executed. ] Matches the random number generated by itself, and in step S542, the sequence number of the sequence number certificate [SNC-B] corresponding to the connected device included in the query and the memory of the drive itself are stored. Verification is performed as to whether or not the sequence number of the sequence number certificate [SNC-D] corresponding to the drive matches.

a. The query has not been tampered with by verifying the signature of the query,
b. The random number [RNG-D] included in the query matches the random number generated by itself;
c. The sequence number of the sequence number certificate [SNC-B] corresponding to the connected device matches the sequence number of the sequence number certificate [SNC-D] corresponding to the drive stored in the memory of the drive itself;
The process advances to step S544 on the condition that all of the above a to c are confirmed.
If any of them is not confirmed, the process proceeds to step S551 to output an error report to the application, that is, output that the verification result is NG.

In step S544, the sequence number certificate [SNC-D] corresponding to the drive is concatenated with the query. In step S545, a response with a signature added with the private key of the drive is generated, and a response transmission request from the application (step In response to (S546: Yes), a response is output in step S547. As mentioned above, the response is
This is data configured as [RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B‖SNC-D‖Sign-D].

  If disc ejection is detected in step S548, the process returns to step S531, and if a new mutual authentication request is received from the application side in step S549, the process returns to step S534.

  If no disc ejection is detected in step S548 and there is no mutual authentication request in step S549, a general operation as a drive is executed in step S550. The general operation here is, for example, data reading and output processing from the disk requested by the application, writing processing of data input from the application side to the disk, and the like. Note that these data are output or input via a connection device and an application that have been authenticated.

  Next, processing of the connected device (back end) will be described with reference to FIG. In step S571, when a mutual authentication processing request is received from the host application side that executes content playback or recording processing on the host side, in step S572 to S574, mutual authentication between the connected device and the application is started, and the certification group certification is obtained. The session key is shared with the validity check (revocation status check) based on the certificate. The exchange of the revocation information is a distribution process of the authorized group certificate in step S120 in FIG. 10 (the process is shown in detail in FIG. 11). The mutual authentication process is the process of step S132 in FIG. 10, and is executed as a process according to the sequence shown in FIG.

  On the condition that mutual authentication between the application and the connected device has been established (step S574: Yes), the process proceeds to step S575. The processing after step S575 corresponds to the processing of step S150 in FIG. 10, that is, the processing shown in FIG.

  When a random number reception request is received from the application in step S575, a random number [RNG-D] is received from the drive via the application in step S576. Next, when there is a query transmission request in step S577, a random number [RNG-B] is generated in step S578, and a query: [RNG-D ［Cert-B‖RNG-B‖SNC-B‖ in step S579. Sign-B] is generated, and in step S580, a query: [RNG-D‖Cert-B‖RNG-B‖SNC-B‖Sign-B] is transmitted to the drive via the application.

  Next, when there is a response reception request in step S581, in step S582, a response from the drive is received via the application.

  Next, in step S583, when there is a request for receiving authentication information necessary for the drive authentication process, in step S584, the drive public key certificate [CERT-D] and the drive-compatible certification group certificate [AGC] -D] from the application side.

  In step S585, verification processing of the public key certificate [CERT-D] of the drive is executed using the public key of the management center. In step S586, signature verification processing of the response is executed. The signature verification process of the response is executed by applying the drive public key [KP-D] extracted from the public key certificate [CERT-D] of the verified drive.

  In step S587, it is verified whether or not the query data included in the response received from the drive matches the data generated and transmitted by the connected device itself.

a. The drive's public key certificate [CERT-D] is valid,
b. That the response has not been tampered with,
c. The query data included in the response matches the data generated and sent by the connected device itself,
The process proceeds to step S588 on condition that all of the above a to c are confirmed.
If any of them is not confirmed, the process advances to step S590 to output an error report to the application, that is, output that the verification result is NG.

  If a new mutual authentication request is received from the application side in step S588, the process returns to step S573. If there is no mutual authentication request in step S588, a general operation as a connected device is executed in step S589. The general operation here includes, for example, reproduction output processing of data read from the disk requested by the application, network output processing, acquisition of data written to the disk, generation processing, output processing for the application, and the like. Note that these data are output or input via an authenticated application or drive.

  As described above, as the connection device, for example, DTCP I / F which is an input / output interface for digital AV data in accordance with the DTCP (Digital Transmission Content Protection) standard, graphics card, sound card, tuner card, AV capture card Various other devices are included, and processing corresponding to each device is executed.

[3. Authentication process in a configuration with multiple drive devices or multiple connected devices]
Next, an authentication processing sequence executed between a plurality of connected devices and a drive when a plurality of connected devices are connected to an application executed on the host will be described with reference to FIG.

  As described above, there are various types of connected devices, and in many cases, processing using a plurality of connected devices is executed in data reproduction or recording processing from a disc loaded in the drive. In such a case, authentication is executed among all connected devices, applications, and drives, and processing for confirming the validity of each is required.

  The process described above with reference to FIG. 10 is repeatedly performed on each connected device. One method is described below. However, in the following, efficiency in the case where there are a plurality of connected devices and a plurality of drives. A typical authentication process will be described.

  FIG. 17 is a diagram corresponding to the basic authentication sequence when there is one drive-application-connection device described above with reference to FIG. 10, and there are a plurality of connection devices and a plurality of drives. It is a figure explaining the process sequence which performs the authentication between the drive and connection device in the case efficiently.

Also in the sequence shown in FIG. 17, the authentication processing sequence executed between the drive, the application, and the connected device is roughly divided into the following steps as in the basic sequence shown in FIG.
(1) Sequence number certificate sharing step (step S700)
(2) Authorized group certificate (AGC) distribution step (step S720)
(3) Drive-application mutual authentication and application-connected device mutual authentication step (step S730)
(4) Drive-connected device mutual confirmation step (step S750)

In this example,
(1) Sequence number certificate sharing step (step S700)
(2) Authorized group certificate (AGC) distribution step (step S720)
(3) Drive-application mutual authentication and application-connected device mutual authentication step (step S730)
Is executed as a process similar to that described above with reference to FIGS. However, mutual authentication between the two parties between the application and the connected device needs to be repeatedly executed between each connected device and the application.

In the present embodiment, the process of step S750 shown in FIG.
(4) The drive-connected device mutual confirmation step is executed as a process different from the basic sequence described with reference to FIGS.

  Details of this drive-connected device mutual confirmation step will be described below with reference to FIGS.

  First, in step S751, the drive (D1) generates a random number [RNG-D1] and transmits it to the connected device (B1). Note that there are a plurality of drives (D1 to Dn) and a plurality of connected devices (B1 to Bm), each of which performs data input / output via a host that executes an application. FIG. 17 shows a processing example of the drive (D1) and the connection device (B1).

  Communication between each drive and each connected device is executed via an application. Data transfer between the drive and the application and data transfer between the application and the connected device are performed by using a session key generated in each mutual authentication as necessary. It is sent as applied encrypted data.

When the connected device receives the random number [RNG-D1] from the drive via the application, the connected device stores the random number [RNG-D1], the random number [RNG-B1] generated in the connected device, and further stores it in the memory of the connected device. Data [RNG-D1‖Cert-B1‖RNG-B1‖SNC-B1] between the public key certificate [Cert-B1] and the sequence number certificate [SNC-B1], and this concatenated data Is applied with the secret key [KS-B1] of the connected device to generate digital signature data, and the signature data [Sign-B1] is added to the concatenated data. In step S753, the query data, that is,
[RNG-D1 | Cert-B1 | RNG-B1 | SNC-B1 | Sign-B1] is transmitted to the application.

  The application receives similar query data from other connected devices. Here, it is assumed that two drives [D1] and [D2] and three connected devices [B1], [B2], and [B3] are connected to the application.

  In this case, the random number [RKG-D1] transmitted to the application by the drive D1 in step S751 is transmitted to all the connected devices except the drive D1, that is, the drive D2 and all of the connected devices B1, B2, and B3. A query similar to the connection device B1 described above is generated and transmitted to the application.

  In step S754, the application concatenates these received queries to generate a query list, and transmits the generated query list to the drive D1.

In a configuration in which two drives [D1] and [D2] and three connected devices [B1], [B2], and [B3] are connected to the application, the query list generated by the application is
(A) [RNG-D1 | Cert-D2 | RNG-D2 | SNC-D2 | Sign-D2]
(B) [RNG-D1‖Cert-B1‖RNG-B1‖SNC-B1‖Sign-B1]
(C) [RNG-D1 | Cert-B2 | RNG-B2 | SNC-B2 | Sign-B2]
(D) [RNG-D1 | Cert-B3 | RNG-B3 | SNC-B3 | Sign-B3]
The list includes the query data (a) to (d).

  (A) is a generation query for the drive D2, (b) is a generation query for the connection device B1, (c) is a generation query for the connection device B2, and (d) is a generation query for the connection device B3.

  In step S754, the application generates a list including the queries received from all the connected devices (including drives), and transmits the list to the drive, in this case, the drive D1, which first generates and outputs a random number.

  In step S755, the drive D1 determines whether or not the random number data [RNG-D1] of all the queries included in the query list is equal and equal to the previously generated random number [RNG-D1]. Sequence number certificate [SNC] corresponding to each device of all queries included in the list, that is, in this example, the sequence numbers of [SNC-D2], [SNC-B1], [SNC-B2], and [SNC-B3] Are all equal to the sequence number set in the own sequence number certificate [SNC-D1].

  If the match of the random number or the match of the sequence number certificate sequence number is not confirmed, an error report (NG) is output to the application as an authentication error. Further, one arbitrary query is extracted from the query list, and in step S756, a public key is acquired from the public key certificate [Cert-X] included in the query for the extracted query, and the acquired public key is applied. Then, the presence / absence of data tampering is verified by verifying the signature of the extracted query. If it is not confirmed that there is no data falsification, an error report (NG) is output to the application as an authentication error.

  If it is determined by the signature verification of the extracted query that the query is correct without data alteration, an authentication OK is notified to the application. For example, the application may execute processing such as outputting the success or failure of verification of the connected device in the drive to the display.

  Note that the query tampering verification need only be performed for one query. It is proved that the one query is a correct query and the sequence number of the random number data [RNG-D1] stored in the query and the authorization group certificate [SNC] corresponding to the device is the data without falsification. For example, since it has been confirmed that the same random number data [RNG-D1] and the sequence number certificate corresponding to the device [SNC] are stored in all other queries, it is common to all devices. This is because it is confirmed that a query based on the random number data [RNG-D1] and the sequence number certificate [SNC] having a common sequence number is generated.

  Next, when the verification based on the query list is successful, the drive D1 concatenates the sequence number certificate [SNC-D1] corresponding to its own drive to the query list received from the application in step S757. Further, the digital signature data is generated by applying the secret key [KS-D1] of the connected device to the concatenated data, and the signature data [Sign-D1] is added to the concatenated data. Data is transmitted as a response [Response] to each device via the application.

  Here, the transmission destination of the response is all devices that transmitted the query. In this example, the response is transmitted to all of the drive [D2] and the connected devices [B1], [B2], and [B3].

  In each of the drive [D2] and the connected devices [B1], [B2], and [B3], the public key certificate [Cert-D1] of the drive D1 from the application and the certification group certification corresponding to the drive in step S759 and step S760. Certificate [AGC-D1] is received. These data receiving processes may be executed at any timing before, during or after the mutual authentication between the two parties in step S730.

  In step S761, each of the drive [D2] and the connected devices [B1], [B2], and [B3] performs signature verification processing of the certified group certificate [AGC-D1] corresponding to the drive D1 received from the application, and the application The signature verification process of the public key certificate [Cert-D1] of the drive D1 received from the server is executed, and the validity of each certificate, that is, the presence or absence of falsification is verified. The signature verification process is executed by applying the public key of the management center.

  If the validity of these certificates is confirmed, the process proceeds to step S762. If it is determined that data has been tampered with, the subsequent processing is stopped.

  In step S762, each of the drive [D2] and the connected devices [B1], [B2], and [B3] adds itself to the response [Response] received from the drive D1, that is, the response including the query list described above. Judges whether or not contains the generated query.

  If the same query data as the transmission query is not included, the process is stopped. If the same query data as the transmission query is included, the process proceeds to the next process.

  In step S763, the signature on the response [Response] received from the drive by applying the public key [KP-D1] of the drive extracted from the public key certificate [Cert-D1] of the drive D1 whose validity has been confirmed. Perform verification processing.

  If it is determined by this signature verification processing that the response [Response] received from the drive is valid, it is determined that authentication of the drive and the connected device has been established. If it is determined by the signature verification process that the response [Response] received from the drive is not valid, authentication is not established and the subsequent data processing is stopped.

  In the verification processing in step S762 and step S763, if the match between the data in the query and the response is not confirmed, or if it is not confirmed that there is no response data falsification, a message indicating NG as shown in FIG. 18 is displayed. When the application is notified, and it is confirmed that the data in the query and the response match and it is confirmed that there is no response data falsification, a message indicating OK is notified to the application as shown in FIG. For example, the application may execute processing such as outputting the success or failure of the verification of the drive in the connected device to the display.

As described above, in the authentication process of this embodiment,
(1) Sequence number certificate sharing step (step S700)
(2) Authorized group certificate (AGC) distribution step (step S720)
(3) Drive-application mutual authentication and application-connected device mutual authentication step (step S730)
(4) Drive-connected device mutual confirmation step (step S750)
Each step is executed.

  Further, in (4) drive-connected device mutual confirmation step (step S750), a random number generated by one drive connected to the application is transmitted to all connected devices including other drives, and the received random number and self A query including the certified group certificate that is held is generated and transmitted to the application, and the application generates a query list including these queries as configuration data and transmits it to the random number generation drive.

  The drive that has received the query list verifies that the random number data generated by itself contained in the query configuration data in the query list matches all the generated random numbers, and the certification included in the query configuration data in the query list. It is determined whether or not the sequence numbers in the group list all match the sequence numbers in the authorized group list owned by the group list. Further, one query is selected and the falsification verification process is executed.

In this way, the drive
(A) The random number data generated by itself included in the query configuration data in the query list all matches the generated random number. (B) The sequence number of the authorized group list included in the query configuration data in the query list is self. (C) Confirm that there is no falsification by falsification verification of one query All the devices (including other drives) connected to the application are authenticated by the above processing. can do.

  On the other hand, devices other than the drive that first generated the random number need only verify the response from the drive. In other words, a random number is generated, a verification process based on the list is executed, and a response is transmitted on condition that all connected devices are authenticated.If a response is received, the response is sent to the query list included in the response. This is because it is guaranteed that all included devices are trusted devices.

  As described above, according to the configuration of the present embodiment, even when a large number of connected device drives are connected to an application, a process of generating and verifying a query list is performed, so that a plurality of drives-applications are executed. -Mutual authentication in a multi-connection device configuration can be performed efficiently.

  With reference to FIG. 19, the processing sequence of the drive that does not generate random numbers in the above-described example, that is, the drive D2 will be described. Note that substantially the same processing is executed in the connected device.

  In step S801, insertion of an information recording medium (disc) into the drive D2 is detected, and in step S802, a mutual authentication processing request is received from the host application side that executes content playback or recording processing on the bus-connected host side. Then, in steps S803 to S805, mutual authentication between the drive D2 and the application is started, and the session key is shared along with the validity confirmation (revocation status confirmation) based on the certification group certificate. The exchange of revocation information is the distribution process of the certification group certificate in step S720 in FIG. 17 (the process is shown in detail in FIG. 11). The mutual authentication process is a process corresponding to step S731 in FIG. 17, and is executed as a process according to the previously described sequence shown in FIG.

  On the condition that mutual authentication between the application and the drive D2 is established (step S805: Yes), the process proceeds to step S806. The processing after step S806 corresponds to the processing in step S750 in FIG. 17, that is, the processing shown in FIG.

  When a random number reception request is received from the application in step S806, a random number [RNG-D1] is received from the drive D1 via the application in step S807. Next, when there is a query transmission request in step S808, a random number [RNG-D2] is generated in step S809, and a query: [RNG-D1ＲCert-D2‖RNG-D2‖SNC-D2‖ in step S810. Sign-D2] is generated, and a query is transmitted to the application in step S811.

  The application executes a process of generating a query list based on a plurality of queries and transmitting it to the DLife D1.

  Next, when there is a response reception request in step S812, the drive D2 receives a response from the drive via the application in step S813. This response includes a query list.

  Next, when there is a request for receiving authentication information necessary for the authentication process of the drive D1 in step S814, in step S815, the public key certificate [CERT-D1] of the drive D1 and the certified group certificate corresponding to the drive D1. The document [AGC-D1] is received from the application side.

  In step S816, verification processing of the public key certificate [CERT-D1] of the drive D1 is executed using the public key of the management center. In step S817, response signature verification processing is executed. The signature verification process of the response is executed by applying the drive public key [KP-D1] extracted from the public key certificate [CERT-D1] of the drive D1 whose validity is verified.

  In step S818, it is verified whether or not the query list included in the response received from the drive includes data that matches the query data generated and transmitted by the drive D2.

a. That the public key certificate [CERT-D1] of the drive D1 is valid;
b. That the response has not been tampered with,
c. The response includes query data that matches the query data generated and transmitted by the drive D2 itself,
The process advances to step S819 on the condition that all of the above a to c are confirmed.
If any of them is not confirmed, the process advances to step S822 to output an error report to the application, that is, output that the verification result is NG.

  If it is determined in step S819 that the disc has been ejected, the process returns to step S801. If a new mutual authentication request is received from the application in step S820, the process returns to step S804. If it is not determined in step S819 that the disc has been ejected and there is no new mutual authentication request in step S820, a general operation as a drive is executed in step S821. The general operations here include, for example, data reading and output processing from the disk requested by the application, data writing processing to the disk, and the like. Note that these data are output or input via an authenticated application, drive, or connected device.

  The same processing as described above is also executed in the plurality of connected devices. These processes can be executed in parallel in each connected device, and the mutual authentication process between all devices, drives, and applications can be completed in a short time even in an environment where a large number of devices are connected to the application.

[4. Example of hardware configuration of host device, drive, and connected device as application execution device]
Next, referring to FIG. 20, FIG. 21, and FIG. 22, when data reproduction from the information recording medium or data recording on the information recording medium is executed, data processing, a drive located on the data transfer path, and an application execution device A hardware configuration example of an information processing apparatus and a connection device that constitute a host will be described.

  First, with reference to FIG. 20, the configuration of a host device that constitutes a host as an application execution device will be described. The host device 600 is a CPU 670 that executes data processing according to various programs such as an OS, a content reproduction application program, and the mutual authentication processing program described above, a ROM 660 as a storage area for programs, parameters, and the like, a memory 680, and a digital signal. Input / output I / F 610 for output, input / output I / F 640 for inputting / outputting analog signals and having an A / D / D / A converter 641, MPEG codec 630 for performing MPEG data encoding / decoding processing, TS (Transport Stream) TS / PS processing means 620 for executing PS (Program Stream) processing, encryption processing means 650 for executing various encryption processing such as mutual authentication and decryption processing of encrypted content, a recording medium 691 such as a hard disk, and a recording medium 691 Drive, data recording / playback signal Has a drive 690 for performing input and output, each block is connected to the bus 601.

  The host device 600 is connected to a drive by a connection bus such as ATAPIBUS, and is connected to a connection device by various buses such as an internal bus, USB, and IEEE1394 bus. The data is input from the digital signal input / output I / F 610 and is encrypted and transferred by the encryption processing unit 650 as necessary.

  Note that an application program, specifically, an execution program for data reproduction processing or data recording processing, or a mutual authentication processing program is stored in, for example, the ROM 660, and parameters and data are stored as needed during the execution processing of the program. The memory 680 is used as a storage and work area.

  The ROM 660 or the recording medium 691 stores various data described above with reference to FIG. 5 and others, that is, a public key certificate storing a public key, a private key, an authorized group list, a sequence number certificate, and a management center Public key etc. are stored. If a plurality of host applications are held, the corresponding private key and public key certificate are stored.

  Next, with reference to FIG. 21, a description will be given of the configuration of a drive device that loads an information recording medium and executes data writing to the information recording medium or data reading from the information recording medium. The drive device 700 is a CPU 702 that executes data processing according to various programs such as a data recording / reproduction program and a mutual authentication processing program, a ROM 705 as a storage area for programs, parameters, and the like, a memory 706, and an input / output device for inputting / outputting digital signals. Output I / F 703, mutual authentication, encryption processing means 704 for performing various encryption processing such as output data encryption processing, driving of information recording medium 708 such as DVD, Blu-ray disc, input / output of data recording / reproducing signal A recording medium I / F 707 is provided, and each block is connected to a bus 701.

  The drive 700 is connected to the host device via a connection bus such as ATAPIBUS, for example, and encrypts data stored in the information recording medium 708 as necessary, and outputs it from the input / output I / F 703. In addition, recording processing of data input from the input / output I / F 703 to an information recording medium is performed.

  The ROM 705 or the memory 706 stores various data described above with reference to FIG. 5, that is, a public key certificate storing a public key, a private key, a sequence number certificate, and a management center public key. Etc. are stored. In addition, a program and the like for executing content reading, acquisition, and mutual authentication processing are stored.

  Next, a configuration example of the connection device will be described with reference to FIG. As described above, the connection device is, for example, a DTCP I / F that is an input / output interface for digital data according to the DTCP (Digital Transmission Content Protection) standard, a graphics card, a sound card, a tuner card, an AV capture card, or the like. And has a configuration corresponding to each device. FIG. 22 shows an example of a connected device.

  As shown in FIG. 22, a connection device 800 as an example includes a CPU 802 that executes data processing according to various programs such as a data processing program and a mutual authentication processing program according to the device, and a ROM 805 as a storage area for programs, parameters, and the like. , Memory 806, input / output I / F 803 for inputting / outputting digital signals, mutual authentication, encryption processing means 804 for executing various encryption processes such as output data encryption processing, A / D, D for performing analog-digital signal conversion The A / A converter 807 has an input / output I / F 808 as an analog signal input / output interface, and each block is connected to the bus 801.

  It is connected to a host (information processing apparatus such as a PC) as an application execution apparatus via an input / output I / F 803 to input / output data.

  The ROM 805 or the memory 806 stores various data described above with reference to FIG. 5 and others, that is, a public key certificate storing a public key, a private key, and a management center public key. In addition, various data processing and programs for executing mutual authentication processing are stored.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the configuration of the present invention, authentication of the three elements of the drive, the application, and the connected device is performed in the data recording and reading process via the three elements of the drive, the application, and the connected device. The configuration is to execute. The mutual authentication process between the drive and the connected device is executed via a host that executes the application, and in this authentication process, a certificate storing identification information corresponding to an application or a device that has been validated by the management center. The sequence number certificate that stores the sequence number set in the certification group certificate is mutually presented between the authentication devices, and both devices match the sequence number of the sequence number certificate stored in their own memory. Since it is configured to perform confirmation processing, even if data recording or reading processing is performed via the three elements of the drive, application, and connected device, unauthorized use of content by authentication between the drive and the connected device Eliminate routes that enable Can be, data transfer and data processing while ensuring sufficient security can be realized.

  Furthermore, according to the configuration of the present invention, in the configuration in which data transfer and data processing are performed between the drive, the application, and the connected device, the data is processed between the drive, the application, and the connected device before the data processing by the application. Perform authentication. The mutual authentication includes (1) sequence number certificate sharing processing, (2) authorized group certificate (AGC) distribution processing, (3) drive-application mutual authentication, and application-connected device mutual authentication processing, (4) By executing each process of the drive-connected device mutual confirmation process, mutual authentication among all of the drive, application, and connected device is executed, and the reliability of the three parties is confirmed. Or data acquisition from the data transfer path of each device can be eliminated, and highly secure data processing is realized.

  Furthermore, according to the configuration of the present invention, in the drive-connected device mutual confirmation process, the host receives a query including data including a sequence number certificate and a random number and signature data for the data from a plurality of connected devices or drives. Then, a query list including the plurality of received queries is generated and transmitted to one device that executes the authentication process. The query list receiving device executes a query list verification process to each query generating device. Since the process for collectively determining whether authentication is possible or not is performed, an efficient authentication process is realized even in a structure in which a plurality of devices are connected.

  Furthermore, according to the configuration of the present invention, the device that generated the query receives the response with the signature added from the query list receiving device, and the authentication is completed only by verifying the response. That is, the query list receiving device transmits a response on the condition that all the query transmission devices are authenticated based on the list. If a response is received, it is included in the query list included in the response. This is because all devices are guaranteed to be trusted devices. As described above, according to the configuration of the present invention, it is possible to execute an efficient and reliable authentication process even in an environment where a large number of connected devices and drives are set.

It is a figure explaining the data recording and reproduction | regeneration processing to which the information recording medium (disk) performed via a drive, an application, and a connection device is applied. It is a figure explaining the problem which generate | occur | produces about the data recording and reproduction | regeneration processing which applied the information recording medium (disk) performed via a drive, an application, and a connection device. It is a figure explaining the problem at the time of performing all the mutual authentication of a drive, an application, and a connection device. It is a figure explaining the system configuration | structure and data processing which have a drive, an application, and a connection device which can apply this invention. It is a figure explaining the data which each of the drive in this invention, an application, and a connection device holds. It is a figure explaining the basic composition of various certificates other than a public key certificate. It is a figure explaining the data structure of a public key certificate. It is a figure explaining the data structure of an authorization group certificate and an authorization group list. It is a figure explaining the data structure of a sequence number certificate. It is a figure explaining the authentication process sequence in the system which has a drive, an application, and a connection device according to this invention. It is a figure explaining the sharing process sequence of a sequence number certificate. It is a figure explaining the mutual authentication process sequence between two devices directly connected. It is a figure explaining the mutual authentication process sequence between a drive and a connection device. It is a flowchart explaining the process of the host as an application execution apparatus in the authentication process of the system which has a drive, an application, and a connection device according to this invention. It is a flowchart explaining the process of a drive in the authentication process of the system which has a drive, an application, and a connection device according to this invention. It is a flowchart explaining the process of the connection device in the authentication process of the system which has a drive, an application, and a connection device according to this invention. It is a figure explaining the authentication process sequence in the system which has a some drive according to this invention, an application, and a some connection device. It is a figure explaining the mutual authentication processing sequence in the system with a some drive and a some connection device. It is a flowchart explaining the process of one drive in the authentication process of the system which has a some drive, application, and several connection device according to this invention. It is a figure which shows the structural example of the host apparatus as an application execution apparatus of this invention. It is a figure which shows the structural example of the drive apparatus of this invention. It is a figure which shows the structural example of the connection device of this invention.

Explanation of symbols

11 Information Recording Medium 12 Drive 13 Application 14 DTCP I / F
15 graphic card 16 sound card 17 tuner card 18 AV capture card 21 illegal application 31 hard disk 32 codec 33 network 51, 53 information recording medium 52, 54 drive 55 application 101 information recording medium 102 drive 103 application 104 connection device 600 host device 601 Bus 610 I / O I / F
620 TS / PS processing means 630 MPEG codec 640 I / O I / F
641 A / D, D / A converter 650 Encryption processing means 660 ROM
670 CPU
680 Memory 690 Drive 691 Recording medium 700 Drive device 701 Bus 702 CPU
703 I / O I / F
704 Cryptographic processing means 705 ROM
706 Memory 707 Recording medium I / F
708 Information recording medium 800 Connection device 801 Bus 802 CPU
803 I / O I / F
804 Encryption processing means 805 ROM
806 Memory 807 A / D, D / A converter 808 I / O I / F

Claims (17)

A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; An information processing apparatus having a connection device connected to the host and executing data input / output with the host;
Each of the host, drive, and connection device has a data processing unit,
The drive and the data processing unit of the connected device are:
In this configuration, mutual confirmation processing between the drive and the connected device is executed via the host, and in the mutual confirmation processing, identification information corresponding to an application or device approved by the management center is stored. The sequence number certificate stored in its own memory in both the drive and the connected device is executed by executing the mutual presentation process of the sequence number certificate that stores the sequence number set in the certification group certificate that is a certified certificate. And a sequence number of a certificate presented by the confirmation partner, and an information processing apparatus characterized by performing a confirmation process using a match of these sequence numbers as an authentication condition. The mutual confirmation process between the drive and the connected device is:
2. The processing including transmission / reception and verification processing of a query and a response including data including a sequence number certificate and a generated random number held by the drive and the connected device, and signature data for the data. The information processing apparatus described. The mutual confirmation process between the drive and the connected device is:
The information processing apparatus according to claim 1, wherein the information processing apparatus is configured to be executed as a process including a validity confirmation process of a confirmation counterpart device based on the authorization group certificate. The host executing the application is
In the mutual confirmation process between the drive and the connected device,
A query including data including the sequence number certificate and random number and signature data for the data is received from a plurality of connected devices or drives, a query list including the plurality of received queries is generated, and a confirmation process is executed 1 It is a configuration that executes processing to send to one device,
The query list receiving device is:
The information processing apparatus according to claim 1, wherein the information processing apparatus is configured to execute verification processing of the query list to perform batch determination processing for determining whether or not each query generation device can be authenticated. The query list receiving device is:
Matching of sequence number of sequence number certificates stored in multiple queries included in the query list,
Matching of random numbers stored in multiple queries included in the query list,
Confirmation of tampering by signature verification of at least one query in the query list,
5. The information processing apparatus according to claim 4, wherein the information processing apparatus is configured to execute a process of collectively determining whether or not authentication is possible for a query generation device included in the query list based on each of the confirmation processes. The query list receiving device is:
Send a response with signature data for the query list to the query sending device,
The device that has received the response
The information processing apparatus according to claim 4, wherein authentication determination is performed by signature verification for the response. The mutual confirmation process between the drive and the connected device is:
It is configured to execute on the condition that mutual authentication between the drive and the application is established, and mutual authentication between the application and the connected device is established,
The mutual authentication process between the drive and the application, and the mutual authentication process between the application and the connected device are configured to be executed as a process including a validity check process of an authentication partner based on the certification group certificate. The information processing apparatus according to claim 1. The information processing apparatus includes:
The sequence number certificate is distributed to each of the host, the drive, and the connected device, and a mutual confirmation process is executed between the drive and the connected device after the distribution processing. The information processing apparatus according to claim 1. A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; An authentication processing method in an information processing apparatus having a connection device connected to a host and executing data input / output with the host,
A mutual confirmation processing step for executing mutual confirmation processing between the drive and the connected device via the host;
The mutual confirmation processing step includes
The sequence number certificate that stores the sequence number set in the certification group certificate, which is the certificate that stores the identification information corresponding to the application or device that has been validated by the management center, is mutually presented between the verification devices. A certificate presentation step;
A collation step of performing a collation between the sequence number of the sequence number certificate stored in its own memory in both the drive and the connected device, and the sequence number of the certificate presented by the verification partner;
An authentication processing method, characterized in that a confirmation process using the match of the sequence number in the collating step as an authentication condition is executed. The mutual confirmation processing step between the drive and the connected device includes:
10. The process including transmission and verification processing of a query and a response including data including a sequence number certificate and a generated random number held by the drive and the connected device, and signature data for the data. The authentication processing method described. The mutual confirmation processing step between the drive and the connected device includes:
The authentication processing method according to claim 9, further comprising a verification process step of a verification counterpart device based on the authorization group certificate. The mutual confirmation processing step between the drive and the connected device includes:
Receiving a query including data including the sequence number certificate and a random number and signature data for the data from a plurality of connected devices or drives in a host executing the application;
In the host executing the application, generating a query list including the plurality of received queries and transmitting the query list to one device that executes a confirmation process;
In the query list receiving device, executing the query list verification process, and executing a process of collectively determining whether or not authentication is possible for the generation device of each query;
The authentication processing method according to claim 9, further comprising: The query list receiving device is:
Matching of sequence number of sequence number certificates stored in multiple queries included in the query list,
Matching of random numbers stored in multiple queries included in the query list,
Confirmation of tampering by signature verification of at least one query in the query list,
13. The authentication processing method according to claim 12, wherein a process of collectively determining whether or not authentication is possible for a device that generates a query included in the query list is executed based on each of the confirmation processes. The authentication processing method further includes:
In the query list receiving device, sending a response generated by adding signature data to the query list to the query transmitting device;
In the device that has received the response, performing authentication propriety determination by signature verification for the response;
The authentication processing method according to claim 12, further comprising: The authentication processing method further includes:
Performing mutual authentication between the drive and the application;
Performing mutual authentication between the application and the connected device;
The mutual authentication process between the drive and the application and the mutual authentication process between the application and the connected device are steps to be executed as a process including a verification process of the authenticity of an authentication partner based on the certification group certificate,
The authentication processing method according to claim 9, wherein the mutual confirmation process between the drive and the connected device is executed on the condition that each authentication is established. The authentication processing method further includes:
A step of executing a distribution process of the sequence number certificate to each of the host, the drive, and the connected device, and executing a mutual confirmation process between the drive and the connected device after the distribution process of the sequence number certificate The authentication processing method according to claim 9, wherein: A host that executes an application that involves data recording or data reproduction processing on the information recording medium, a drive that mounts the information recording medium, reads or records data from the information recording medium, and executes data input / output with the host; A computer program for executing authentication processing in an information processing apparatus having a connection device connected to a host and executing data input / output with the host,
A mutual confirmation processing step for executing mutual confirmation processing between the drive and the connected device via the host;
The mutual confirmation processing step includes
The sequence number certificate that stores the sequence number set in the certification group certificate, which is the certificate that stores the identification information corresponding to the application or device that has been validated by the management center, is mutually presented between the verification devices. A certificate presentation step;
A collation step of performing a collation between the sequence number of the sequence number certificate stored in its own memory in both the drive and the connected device, and the sequence number of the certificate presented by the verification partner;
A computer program comprising: a step of executing an authentication process using a match of sequence numbers in the collating step as an authentication condition.

Images