JP2005354121A - Drive, reproduction processor, information processor, information recording medium, information processing method, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an arrangement for realizing the prevention of unauthorized utilization of data being read out from an information recording medium and output from a drive. <P>SOLUTION: A drive acquires application attribute values based on an application ID being acquired from a public key certificate corresponding to an application, forms an encryption key through data processing including an operation processing applied with the application attribute values thus acquired, and outputs the encryption key thus formed and an encrypted content which can be decrypted through application of the encryption key to the application side. Only in an application having an authorized content utilization right corresponding to specific application attribute values, a correct encryption key applicable to decryption of the content can be acquired, reproduction of the content is permitted, and decryption and utilization of the content by other application can be excluded. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a drive device, a reproduction processing device, an information processing device, an information recording medium, an information processing method, and a computer program. More specifically, the present invention relates to a drive device, a reproduction processing device, an information processing device, an information recording medium, an information processing method, and a computer program that can prevent unauthorized use of content stored in the information recording medium.

  In recent years, disks capable of storing large volumes of data such as DVDs and blue-violet laser disks (Blu-ray Discs) have been used and developed, and high-definition images and high-quality audio that are large volumes of data can be stored and played back. It is possible. As a playback environment for these large-capacity recording media, not only conventional consumer recording and playback devices, but also personal computers (PCs) equipped with high-performance CPUs and video cards, and other information playback devices have been developed. , Use is progressing.

  For example, as a problem when content is played back on a PC, there is content copyright protection. Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to adopt a configuration that restricts the use of the contents, that is, permits the use of the contents only to authorized users and prevents unauthorized copying or the like. It is the target.

  In particular, according to the digital recording device and the recording medium, it is possible to repeat recording and reproduction without deteriorating images and sound, distribution of illegally copied content via the Internet, CD-R, DVD, etc. There is a problem of distribution of pirated discs with content copied to other recording media.

  On a large-capacity recording medium such as a DVD or a blue laser disk, various video information and music information to be protected by copyright are stored as digital data and distributed in the market. In the case where such a medium on which digital data is recorded is distributed to the market, a configuration that prevents unauthorized copying and protects the copyright holder is essential. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been put into practical use.

  For example, a DVD player employs a content scramble system (CSS: Content Scramble System). In the content scramble system, video data, audio data, etc. are encrypted and recorded on a recording medium such as a DVD-ROM (Read Only Memory), and a key used for decrypting the encrypted data is licensed. Give only to the player who received it. The license is given only to a player designed to comply with a predetermined operation rule such as not performing illegal copying. Therefore, the licensed player can reproduce images and sounds by decrypting the encrypted data recorded on the information recording medium using the given key.

  On the other hand, an unlicensed player does not have a key for decrypting encrypted data, and therefore cannot decrypt encrypted data recorded on an information recording medium. As described above, the content scramble system (CSS) provides a system that allows only a player having a regular license to use the content.

  However, this content scramble system (CSS) has a problem that it is not possible to exclude unauthorized use of content with certainty. In particular, there is a problem that content can be illegally used in the process of outputting content from a drive loaded with an information recording medium to an information processing apparatus such as a PC for playback. Hereinafter, this problem will be described with reference to the drawings.

  FIG. 1 shows an example of data stored in an information recording medium storing content adopting a content scramble system (CSS), and processing of a playback device (player).

  An information recording medium 10 shown in FIG. 1 is, for example, a DVD video disk. The information recording medium 10 includes an encrypted disk key (Secured Disc Key) 11 and encryption corresponding to the title of content stored in the information recording medium 10. Scrambled MPEG data 13 is stored as a title key 12 and content that has been scrambled based on the CSS system.

  A playback device 20, such as a DVD player, that plays back content by mounting the information recording medium 10 applies the master key stored in the playback device 20, and the encrypted disk key acquired from the information recording medium 10 in step S11. (Secured Disc Key) 11 is decrypted to obtain the disc key, and the decrypted title key 12 obtained from the information recording medium 10 is decrypted by applying the disc key obtained in step S12 to obtain the title. The key is acquired, and the acquired title key is applied to execute descrambling processing of the scrambled MPEG data 13 in step S13, and then MPEG decoding processing is executed in step S14 to reproduce the audio / video data 25.

  Next, a processing sequence in which content is input to the PC from a drive such as a PC and content is played back by a player application on the PC will be described with reference to FIG.

  As shown in FIG. 2, mutual authentication and key sharing (AKE: Authentication and Key Exchange) are executed between the drive 30 loaded with the information recording medium and the player application 40 on the PC side in steps S31 and S41 shown in the figure. . The mutual authentication process is executed according to an algorithm according to, for example, a public key cryptosystem or a common key cryptosystem. In the mutual authentication, a session key is generated, and the drive 30 and the player application 40 on the PC side share the session key.

  In step S32, the drive 30 applies the session key to execute re-encryption of the encrypted disk key 11 acquired from the information recording medium 10, and transmits it to the player application 40. In step S33, the drive key is also transmitted. The encrypted title key 12 acquired from the information recording medium by applying is re-encrypted and transmitted to the player application 40. The drive 30 and the PC as the execution device of the player application 40 are connected by a connection bus, for example, ATAPI-BUS, and the encryption key information is transmitted to the player application 40 side of the PC via the connection bus.

  Further, the drive 30 outputs the scrambled MPEG data 13 which is the content obtained from the information recording medium and scrambled based on the CSS system to the PC side via the connection bus between the drive and the PC.

  In step S42, the player application 40 on the PC side uses the session key to decrypt the re-encrypted data using the session key of the encrypted disk key 11 received from the drive 30, and obtains the encrypted disk key 11. In step S43, the encrypted title key 12 is obtained by decrypting the re-encrypted data using the session key of the encrypted title key 12 received from the drive 30.

  Subsequent processes in steps S51 to S55 are the same as the processes (S11 to S14) described above with reference to FIG.

  FIG. 3 is a flowchart showing the processing on the drive side in the processing shown in FIG. If it is determined in step S61 that the information recording medium (disc) has been inserted, in step S62, mutual authentication and key exchange (AKE: Authentication and Key Exchange) with the host, that is, the PC executing the player application 40 shown in FIG. Execute.

  When mutual authentication and key sharing (AKE) are successful (step S63: Yes), the process shifts to a state in which output of CSS scrambled data, which is stored content of the information recording medium loaded in the drive, is permitted, and output of this CSS scrambled data. The permission state continues until the information recording medium is ejected or the power is turned off.

  In this way, before mutual authentication with the content output destination device is established, the drive is set in a state where the output of CSS scramble data is not permitted, and after mutual authentication with the content output destination device is established, The output of the CSS scramble data is permitted, and this output permission state is continued until the information recording medium is ejected or the power is turned off.

  The unauthorized use of the content shown in FIG. 4 may occur depending on the content output allowable state from the drive.

  FIG. 4A shows an example of bypassing content by switching a host-side application such as a PC that is a content output destination from a drive.

  Processing on the host (PC) 60 side (steps S71 to S73) will be described. In step S71, mutual authentication is executed between the legitimate player application of the drive 50 loaded with the information recording medium and the host (PC) 60. As a result of the mutual authentication, the drive 50 is set in a CSS scrambled data output permission state.

  In step S72, audio / video data including CSS scramble data is read from the drive 50 and stored in the hard disk.

  In step S73, the application is switched and the CSS descrambling software is applied to execute descrambling processing of the CSS scrambled data stored in the hard disk.

  The descrambling can be performed by such a process, and the plaintext content that has been descrambled can be used without limitation.

  The process shown in FIG. 4 (2) shows an example of unauthorized use of content by wiretapping processing of a connection bus between the host (PC) and the drive, for example, ATAPI-BUS.

  Processing on the host (PC) 60 side (steps S81 to S83) will be described. In step S81, mutual authentication is executed between the authorized player application of the drive 50 loaded with the information recording medium and the host (PC) 60, and content acquisition and playback are executed.

  The content is input as CSS scrambled data via a connection bus between the host (PC) and the drive, for example, ATAPI-BUS.

  In step S82, the host 60 monitors the connection bus between the host (PC) and the drive, and stores the data acquired by the monitoring, that is, CSS scrambled data, in the hard disk.

  In step S63, the CSS descrambling software is applied to execute descrambling processing of the CSS scrambled data stored in the hard disk.

  The scrambled content can be obtained by such processing, and the plaintext content that has been descrambled can be used without limitation.

  As described above, the current content scramble system (CSS) cannot reliably prevent unauthorized use of content. In particular, as described above, there is a problem in that unauthorized use of content tends to occur when content is output to an information processing apparatus such as a PC from a drive in which an information recording medium is mounted.

  However, changing the CSS mechanism already widely used to deal with the problem leads to loss of compatibility with the DVD player and DVD playback application owned by the user. Absent. A video signal handled by a DVD or the like has a standard image quality such as NTSC, and is standardized as 4.7 GB in the case of a single-layer DVD with the goal of recording the video signal for 2 hours.

  A new standard disk format using a blue-violet laser such as Blu-ray aims to record a high-definition video signal such as HD (High Definition), and the capacity of the optical disk medium is expanded to about 50 GB. As the capacity increases and the data quality improves, the value of the recorded content becomes higher than that of the DVD. Therefore, the seriousness of the problem with the CSS system becomes higher than that of the DVD, and the importance of eliminating unauthorized use of the content is further increased. Get higher.

With a large-capacity recording medium such as a Blu-ray disc, for example, not only one movie is recorded in one format, but also recorded as different encoded data using various video codecs, and the user's PC, etc. It is possible to adopt a data recording configuration that makes it possible to support various playback applications and codecs used in.
For example, record data 1 and 2 as different encoded data of the same movie is recorded on the disc,
The recorded data 1 is data corresponding to the reproduction application 1 The recorded data 2 is data corresponding to the reproduction application 2, and so on.

Furthermore, game content that can be played back by the game application is stored on the disc, HD movie data that can be played back by HD (High Definition) is stored,
When the application executed on the PC is an HD playback application, the HD data is read from the disc and played back, and when the application executed on the PC is a game application, the game content is read from the disc and played back. Such processing is possible.

  However, when data corresponding to various applications is stored in a recording medium and a reproduction process corresponding to the application is performed as described above, a PC or the like that performs the reproduction process as described above with reference to FIG. If there is an unauthorized application, the content is provided to the unauthorized application and used illegally.

  The present invention has been made in view of the above-described problems, and is a drive device, a playback processing device, and information that can eliminate content illegal use by strictly setting content output conditions from a drive. It is an object to provide a processing device, an information recording medium, an information processing method, and a computer program.

  More specifically, the content is encrypted using key information generated by applying an application attribute value that is a value set corresponding to an application that executes content reproduction, and stored in an information recording medium. When outputting content from the drive to the application side, the drive acquires an application attribute value based on the application ID acquired from the application during mutual authentication, generates an encryption key using the application attribute value, and generates the generated encryption key. By adopting a configuration provided to the application that executes content playback, a drive device, a playback processing device, an information processing device, and an information storage device that allow content use only by a legitimate application and eliminate content use by an unauthorized application. And to provide the medium, an information processing method, and a computer program.

The first aspect of the present invention is:
A drive device that reads and outputs data from an information recording medium,
A recording medium interface for mounting an information recording medium and executing data reading;
An input / output interface for performing communication with a reproduction processing apparatus that executes a host application as a data reproduction program;
A data processing unit that executes output control of read data from the information recording medium to the reproduction processing device,
The data processing unit
An application attribute value set corresponding to the host application is acquired, an encryption key is generated by data processing including calculation processing to which the application attribute value is applied, and the generated encryption key and decryption are performed by applying the encryption key A drive apparatus having a configuration for outputting possible encrypted contents to a reproduction processing apparatus.

  Furthermore, in one embodiment of the drive device of the present invention, the data processing unit acquires an application ID recorded in an application public key certificate that is a public key certificate set in correspondence with the host application, The application ID or a value corresponding to the application ID corresponding to the application ID is applied as the application attribute value, and the encryption key generation process is executed.

  Furthermore, in one embodiment of the drive device of the present invention, the data processing unit acquires an application ID recorded in an application public key certificate that is a public key certificate set in correspondence with the host application, The application ID or application ID corresponding value corresponding to the application ID is acquired by the search processing of the application ID or application ID corresponding value data read from the information recording medium, and the acquired application ID or application ID corresponding value is used as the application attribute value. And the encryption key generation processing is executed.

  Furthermore, in one embodiment of the drive device of the present invention, the data processing unit is adapted to correspond to the application ID or application ID corresponding to the application ID by a search process of the application ID or application ID corresponding value data read from the information recording medium. When the value cannot be acquired, the error notification process is executed for the playback processing apparatus that executes the host application.

  Furthermore, in an embodiment of the drive device of the present invention, the data processing unit executes a mutual authentication process between the drive device and the host application, and the mutual authentication process is set corresponding to the host application. An application public key certificate that is a public key certificate is acquired, and after the validity verification by signature verification of the acquired application public key certificate, an application ID is acquired from the application public key certificate, and the application ID or application An application ID corresponding value corresponding to an ID is applied as the application attribute value.

  Furthermore, in an embodiment of the drive device of the present invention, the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data that can be acquired from an information recording medium. .

  Furthermore, in one embodiment of the drive device of the present invention, the data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with data obtainable from the information recording medium, the arithmetic processing result, and the information recording medium. It is the structure including the encryption key generation process by the encryption process with the data acquirable from 1).

  Furthermore, in one embodiment of the drive device of the present invention, the data processing unit determines whether or not to perform encryption processing based on the encryption key according to the value of the output control flag included in the read data from the information recording medium It is the structure which performs the process which determines this.

Furthermore, the second aspect of the present invention provides
A reproduction processing device for inputting information recording medium storage data from a drive device on which an information recording medium is mounted and executing reproduction processing,
A data processing unit that executes a host application as a data reproduction program;
A storage unit storing a certificate recording an application ID corresponding to the host application;
An input / output interface for performing communication with the drive device;
The data processing unit
A certificate in which the application ID is recorded is output to the drive device, the application ID or an encryption key generated by applying an application ID corresponding value is input in the drive device, and input data from the drive device The reproduction processing apparatus is configured to perform data reproduction by executing a decryption process using the encryption key.

  Furthermore, in an embodiment of the reproduction processing apparatus of the present invention, the certificate is a public key certificate, and the data processing unit executes a mutual authentication process with the drive device, and the public authentication is performed during the mutual authentication process. The key certificate is output to the drive device.

Furthermore, the third aspect of the present invention provides
An information processing apparatus that performs content recording processing on an information recording medium,
An encryption key is generated by data processing including calculation processing that applies application attribute values set for applications with content playback rights, and content encryption is performed by applying the generated encryption key. An information processing apparatus having a configuration for executing a process of recording encrypted content in an information recording medium.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the application attribute value is an application ID or an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the application. It is a corresponding application ID corresponding value.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data recorded on an information recording medium. .

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with the recording data of the information recording medium, the arithmetic processing result and the information recording medium. The present invention is characterized in that it includes an encryption key generation process by an encryption process with recorded data.

Furthermore, the fourth aspect of the present invention provides
An information recording medium,
It has a configuration in which encrypted content encrypted by an encryption key generated by a data process including a calculation process using an application attribute value set corresponding to an application having a content reproduction right is stored. It is in an information recording medium.

  Furthermore, in one embodiment of the information recording medium of the present invention, the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data recorded on the information recording medium. .

  Furthermore, in one embodiment of the information recording medium of the present invention, the data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with the recording data of the information recording medium, the arithmetic processing result and the information recording medium. It includes an encryption key generation process by an encryption process with recorded data.

  Furthermore, in an embodiment of the information recording medium of the present invention, the information recording medium is further configured to store application ID data.

  Furthermore, in an embodiment of the information recording medium of the present invention, the information recording medium is further configured to store correspondence data between an application ID and an application ID corresponding value.

Furthermore, the fifth aspect of the present invention provides
An information processing method in a drive device that executes data reading from an information recording medium and output processing to a reproduction processing device,
An application attribute value acquisition step for acquiring an application attribute value set corresponding to a host application executed in the reproduction processing device;
An encryption key generation step of generating an encryption key by data processing including calculation processing to which the application attribute value is applied;
Outputting the generated encryption key and encrypted content that can be decrypted by application of the encryption key to a reproduction processing device;
There is an information processing method characterized by comprising:

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further includes: an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the host application. And acquiring the application ID or an application ID corresponding value corresponding to the application ID as the application attribute value, and executing the encryption key generation process.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further includes: an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the host application. The application ID or application ID corresponding value corresponding to the application ID is acquired by the search processing of the application ID or application ID corresponding value data acquired and read from the information recording medium, and the acquired application ID or application ID corresponding value is It is applied as an application attribute value, and includes a step of executing the encryption key generation process.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further includes an application ID or an application ID corresponding to the application ID by a search process of application ID or application ID corresponding value data read from an information recording medium. When the application ID correspondence value cannot be acquired, the method includes a step of executing an error notification process for the playback processing apparatus that executes the host application.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further executes a mutual authentication process between the drive device and the host application, and the mutual authentication process corresponds to the host application. An application public key certificate that is a set public key certificate is acquired, and after the validity verification by signature verification of the acquired application public key certificate, an application ID is acquired from the application public key certificate, and the application An application ID corresponding value corresponding to an ID or application ID is applied as the application attribute value.

  Furthermore, in an embodiment of the information processing method of the present invention, the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data that can be acquired from an information recording medium. To do.

  Furthermore, in an embodiment of the information processing method of the present invention, the data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with data obtainable from an information recording medium, the arithmetic processing result, and the information recording It includes an encryption key generation process by an encryption process with data that can be acquired from a medium.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further includes: an encryption process based on the encryption key according to a value of an output control flag included in read data from the information recording medium. It has the step which performs the process which determines the presence or absence of execution, It is characterized by the above-mentioned.

Furthermore, the sixth aspect of the present invention provides
An information processing method in a reproduction processing device for inputting information recording medium storage data from a drive device equipped with an information recording medium and executing reproduction processing,
A certificate output step of outputting a certificate recording the application ID to the drive device;
An encryption key input step of inputting an encryption key generated by applying the application ID or an application ID corresponding value in the drive device;
A decryption step of executing decryption processing applying the encryption key to input data from the drive device;
There is an information processing method characterized by comprising:

  Furthermore, in an embodiment of the information processing method of the present invention, the certificate is a public key certificate, and the certificate output step performs a mutual authentication process with the drive device, It is a step of outputting a public key certificate to the drive device.

Furthermore, the seventh aspect of the present invention provides
An information processing method for executing content recording processing on an information recording medium,
Generating an encryption key by data processing including calculation processing to which application attribute values set corresponding to an application having content playback rights are applied;
Performing the process of encrypting the content by applying the generated encryption key and recording the generated encrypted content on the information recording medium;
There is an information processing method characterized by comprising:

  Furthermore, in an embodiment of the information processing method of the present invention, the application attribute value is an application ID or an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the application. It is a corresponding application ID corresponding value.

  Furthermore, in an embodiment of the information processing method of the present invention, the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data recorded on an information recording medium. .

  Furthermore, in one embodiment of the information processing method of the present invention, the data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with the recording data of the information recording medium, the arithmetic processing result and the information recording medium. It includes an encryption key generation process by an encryption process with recorded data.

Furthermore, the eighth aspect of the present invention provides
A computer program that executes data reading from an information recording medium and output processing to a reproduction processing device,
An application attribute value acquisition step for acquiring an application attribute value set corresponding to a host application executed in the reproduction processing device;
An encryption key generation step of generating an encryption key by data processing including calculation processing to which the application attribute value is applied;
Outputting the generated encryption key and encrypted content that can be decrypted by application of the encryption key to a reproduction processing device;
There is a computer program characterized by comprising:

Furthermore, the ninth aspect of the present invention provides
A computer program for inputting information recording medium storage data from a drive device equipped with the information recording medium and executing reproduction processing,
A certificate output step of outputting a certificate recording the application ID to the drive device;
An encryption key input step of inputting an encryption key generated by applying the application ID or an application ID corresponding value in the drive device;
A decryption step of executing decryption processing applying the encryption key to input data from the drive device;
There is a computer program characterized by comprising:

Furthermore, the tenth aspect of the present invention provides
A computer program for executing content recording processing on an information recording medium,
Generating an encryption key by data processing including calculation processing to which application attribute values set corresponding to an application having content reproduction rights are applied;
Performing the process of encrypting the content by applying the generated encryption key and recording the generated encrypted content on the information recording medium;
There is a computer program characterized by comprising:

  The computer program of the present invention is, for example, a recording medium or a communication medium provided in a computer-readable format to a computer system that can execute various program codes, such as a CD, FD, or MO. It is a computer program that can be provided by a recording medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  According to the configuration of the present invention, the application attribute value is acquired based on the application ID acquired from the application-compatible public key certificate set corresponding to the host application executed in the playback processing apparatus, and the acquired application attribute value Since the encryption key is generated by data processing including the arithmetic processing to which is applied, and the generated encryption key and the encrypted content that can be decrypted by applying the encryption key are output to the host application side, the specific application attribute It is possible to acquire a correct encryption key applicable to content decryption only in an application having a valid content usage right with which a value is associated, content reproduction is permitted, and a specific application attribute value is associated Other apps that are not Application content decryption by, it is possible to eliminate the use.

  In the configuration of the present invention, ID information of a legitimate application having the right to reproduce recorded content or application attribute values such as an application ID corresponding value is applied as key generation information applied to encryption of content to be recorded on the information recording medium. When the content is output from the drive to the host application, the application attribute value acquired based on the application ID acquired from the public key certificate acquired from the host application by the drive is applied, and executed when recording the content. Since the key is applied to the decryption of the content and is generated and provided to the host application, the application ID applied at the time of recording the content and the host (playback processing device) side execute it. Only if the ID of the application of the match, will be successfully decoded content, content decryption by the application with a different ID becomes impossible, thereby preventing the content use by unauthorized application.

  Further, according to the configuration of the present invention, in the configuration example in which the application ID corresponding value data corresponding to the application ID is recorded on the information recording medium, the drive is valid for the host application by the search process based on the application ID corresponding value data. Whether or not the application is an application can be known in advance, and if the application is not valid, the process can be terminated without executing the generation process of the encryption key corresponding to the application. Also, by canceling the processing at this point, there is no need to read out the encrypted content from the information recording medium or the content transfer processing, and content leakage due to the content read processing or transfer is possible. The safety can be reduced and the safety can be further improved.

Hereinafter, the details of a drive device, a reproduction processing device, an information processing device, an information recording medium, an information processing method, and a computer program according to the present invention will be described with reference to the drawings. The description will be made according to the following description items.
1. 1. Data storage structure of information recording medium 2. Content recording and playback processing Other Embodiments 4. Reproduction processing device, information processing device, and drive device configuration

[1. Storage data structure of information recording medium]
First, the storage data structure of the information recording medium will be described. FIG. 5 shows an example of an information recording medium in which content is stored. Here, an example of storing information on a ROM disk as a content stored disk is shown.

  This ROM disk is, for example, an information recording medium such as a Blu-ray disk or a DVD, and is a legitimate content manufactured at a disk manufacturing factory with permission of a so-called content rights holder who has a valid content copyright or distribution right. An information recording medium storing content. In the following embodiments, a disk-type medium will be described as an example of the information recording medium. However, the present invention can be applied to various forms of information recording medium. In the following description, reference "Content Protection System for Blu-ray Disc ROM Specification Informational Version, version 0.9a, April 2004" is referred to.

  As shown in FIG. 5, the information recording medium 100 stores a data storage area 101 for storing data such as content, supplementary information corresponding to the disc and stored content, key information applied to content decryption processing, and the like. It has an in area 102.

  In the data storage area 101, there are encrypted (scrambled) content 111 and unit key generation information Vu112, which is a recording seed (REC SEED) as information necessary for generating a key to be applied to decryption processing of the encrypted content. Revocation information 113 is stored. Note that the scramble process is an aspect of the encryption process. In this specification, the expression “encrypted content” is used as a superordinate concept of the scrambled content. The encrypted content 111 is divided into predetermined unit units, and is stored in the data storage area 101 of the information recording medium 100 in a state where encryption is performed by applying a unit key associated with the unit. Unit key generation information: Vu 112 is information applied to generation of each of these unit keys, and is also referred to as seed information. The revocation information 113 will be described later.

  The lead-in area 102 stores various information necessary for generating a key to be applied to the decryption process of the encrypted content 111. One of them is ROM mark: Ve114. ROM mark: Ve 114 is also called a physical index and is fixed information that cannot be rewritten. The lead-in area 102 further stores encryption key information 120. Note that the ROM mark: Ve 114 and the encryption key information 120 are not necessarily stored in the lead-in area 102 but may be stored in the data area 101.

  The encryption key information 120 is a key for generating a key to be applied to the decryption process of the encrypted content 111 stored in the data storage area 101 of the information recording medium, like the unit key generation information: Vu 112 and the ROM mark: Ve 114 described above. It consists of key information (key generation information).

  That is, as a key to be applied to the decryption process of the encrypted content 111, for example, a media key set as a key corresponding to the content stored in the information recording medium: RKB which is an encryption key block necessary for obtaining Km (Renewal Key Block) 121 and an encrypted disk key EKm (Kd) 122 encrypted by applying a disk key: Kd as a key applied to the decryption process of the encrypted content 111 and applying a media key: Km. Information. Note that EKa (b) indicates data obtained by encrypting data: b with a key: Ka.

  An RKB (Renewal Key Block) 121 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of a broadcast encryption method, and has a valid license for executing reproduction of an information recording medium This is an encryption key block in which the media key: Km can be acquired by a decryption process using a device key distributed to an information processing apparatus as a user device. By changing the configuration data of the encryption key block: RKB, it becomes possible to select user devices that can acquire the media key: Km.

  When the management center determines that a specific user device or playback application is illegal, the configuration of the RKB can be changed to make it impossible to acquire the media key: Km by the unauthorized device. Note that a user device or a reproduction application determined to be unauthorized is registered in the management center as a revoke device. The management center maintains a revocation list in which identification information of the revoked user device or playback application is listed and updates it appropriately. The user can obtain revoke information including the latest revocation list via an information recording medium or a network.

  The revocation information 113 shown in FIG. 5 is information including a revocation list that lists identification information of revoked user devices or playback applications. For example, the user device can determine whether or not the device that outputs the content is an unauthorized device by verifying whether the device identifier (ID) input from the device is recorded in the revoke list. If the unauthorized device is on the revoke list, a process for stopping the output of the content is performed.

  Next, details of the recording configuration of the encrypted content 111 stored in the information recording medium 100 will be described with reference to FIGS. FIG. 6A shows a data recording configuration stored in the information recording medium. 18-byte user control data (UCD: User Control Data) and 2048-byte user data (User Data) including actual AV content data and the like are configured as one sector data.

  As shown in FIG. 6B, for example, 6144 bytes of data for 3 sectors of user data are set as one unit (1 AU: Aligned Unit) as a block encryption processing unit, that is, as a block. The 6144-byte data corresponds to 32 TS (transport stream) packets. The setting unit of the block is not limited to the method of making data of 6144 bytes for 3 sectors, and various settings such as a method of setting 2048 bytes of data for 1 sector as one encryption processing unit, that is, a block are possible. is there.

  As shown in FIG. 6C, user data storing copy control information CCI (Copy Control Information) corresponding to content is encrypted and recorded in units of 2K (2048) bytes.

  The 18-byte user control data (User Control Data) is removed from the encryption target, and only the user data is encrypted and recorded.

  FIG. 7 shows the configuration of one sector data. One sector data includes 18-byte user control data (UCD) and 2048-byte user data (User Data).

  User control data (UCD: User Control Data) is also called a sector header, and a sector unit of output control information (Output Control Information) 151 is recorded in a part thereof.

  The output control information 151 includes transfer control information of corresponding sector data (user data), for example, a bus protection flag (Bus Protection flag) which is control information of output from a drive loaded with an information recording medium to an information processing apparatus such as a host (PC). Flag).

  FIG. 8 shows a detailed configuration of the output control information 151 recorded in user control data (UCD). The output control information 151 is recorded in 1-byte (8-bit) data of user control data (UCD).

Bits 6 to 0 are reserved areas,
One bit of bit 7 is set as a bus protection flag. A bus protection flag is used as information for determining whether or not to control the content read from the information recording medium. Specifically, for example,
Bus protection flag (Bus Protection Flag) = 1: Output restriction and bus encryption are set. Bus protection flag (Bus Protection Flag) = 0: Output restriction is not set. Note that bus encryption is an encryption process executed when transferring content between the drive and the host, and details will be described later.

[2. Content recording and playback process]
Next, recording and playback processing of content stored in the above-described information recording medium will be described.

  First, a basic content reproduction processing example will be described. There are two modes for reproducing the content stored in the information recording medium. The first mode is a mode in which an information recording medium is mounted and the device itself that reads data from the information recording medium executes reproduction processing, and the second mode executes data reading from the information recording medium. And a playback processing device such as a host (PC) that executes playback processing are configured as separate devices, the drive device and the playback processing device are connected by a data transfer bus, and data transfer is performed via the connection bus. Is a mode in which the reproduction process is performed.

  First, a processing sequence in which a device that loads an information recording medium and reads data from the information recording medium itself executes a reproduction process will be described with reference to FIG.

  The drive / playback device 300 sets the information recording medium 200 storing the encrypted content 206, executes various encryption processes such as data reading, key generation, and content decryption, and outputs the content.

  In the information recording medium 200, various types of information described above with reference to FIG. 5, that is, revocation information (Revocation information for AKE) 201 including a revocation list as an unauthorized device list, and a media key: Km are stored. RKB 202 as an encryption key block, disk key: Kd encrypted with media key: Km, disk key: EKm (Kd) 203, ROM mark: Ve204, unit key generation information: Vu205, encrypted content 206 are stored ing.

  Processing of the drive / playback apparatus 300 will be described. In step S 101, the drive / playback apparatus 300 applies a device key: Kdev 301 stored in the apparatus in advance to execute a decryption process of the RKB 202 as an encryption key block, and acquires a media key: Km from the RKB 202. . Note that the media key: Km can be acquired from the RKB 202 only for devices that are permitted to use the content, and as described above, the device key of the device revoked as an unauthorized device cannot decrypt the RKB, and the media Key: Km cannot be acquired.

  If the acquisition of the media key: Km is successful in step S101, next, the decryption of the encrypted disk key: EKm (Kd) 203 acquired from the information recording medium 200 by applying the acquired media key: Km in step S102. The process is executed, and the disk key: Kd is acquired.

  Next, in step S103, a key generation process based on the acquired disk key: Kd and the ROM mark: Ve 204 acquired from the information recording medium 200, for example, a key generation process according to the AES encryption algorithm is executed, and the embedded key: Ke is set. Generate.

  Details of the key generation processing according to the AES encryption algorithm will be described with reference to FIG. As shown in FIG. 10, in the key generation according to the AES encryption algorithm, an AES encryption process in which an encryption key is applied to an input value is executed in an AES encryption processing block 311 and an exclusive OR of the output and the input value is executed. (XOR) A process for outputting the operation result. In step S103 of FIG. 9, a key generation process is executed with the input value as the ROM mark: Ve204 acquired from the information recording medium 200 and the applied key as the disk key: Kd, and the embedded key: Ke as the output value is set. obtain.

  Next, in step S104, a key generation process based on the acquired embedded key: Ke and the unit key generation information: Vu 205 acquired from the information recording medium 200 is executed to generate a unit key: Ku. This key generation process is also executed as a key generation process according to the AES encryption algorithm described with reference to FIG. The Vu 205 can define individual values for individual units of a plurality of units by the file “Unit_Key_Gen_Value.inf”. Here, the description for one of the units will be continued.

  Next, in step S105, decryption processing of the encrypted content 206 to which the generated unit key Ku is applied is executed, and the content is output.

  Details of the decryption processing of the encrypted content 206 to which the unit key Ku is applied in step S105 will be described with reference to FIG.

  The encrypted content 206 is stored in the information recording medium 200 after being encrypted in units of blocks of a predetermined data unit. As shown in FIG. 11, for example, sector data of 6144 bytes is encrypted for each block of 16 bytes.

  The procedure of the decoding process will be described. First, the first 16-byte data is obtained from 6144-byte sector data, and the AES key generation processing block [AES_G] 321 executes key generation processing according to the AES encryption algorithm. This is the same as the processing described above with reference to FIG. The output of the AES key generation processing block 321 is a block key: Kb, and the decryption processing of the next 16-byte data is executed in the AES decryption processing block [AES_D] 322 by applying this block key: Kb.

  In the AES decryption processing block [AES_D] 322, an exclusive OR (XOR) result of the second 16-byte data of the sector data and the initial value: IVa is input, and the AES encryption algorithm using the block key: Kb is applied. The decoding process is executed to obtain the decoded data of 16-byte block data, and the input value is applied to the decoding of the next block. Thereafter, it is possible to obtain decoded sector data 323 by repeatedly executing the same processing. The initial value IVa is a preset constant. IVa may be set as a value that can be acquired from user control data or user data corresponding to sector data, for example.

  In step S105 of FIG. 9, the unit key: Ku is applied in this way, the decryption process is performed in units of blocks, and the decrypted content is output.

  As described above, when information reading from an information recording medium and reproduction processing are executed in one device, there is little possibility of content leakage, and there is little possibility of problems such as content copyright infringement. . However, as described above with reference to FIGS. 2 to 4, various problems occur in the configuration in which content is output from a drive loaded with an information recording medium to a device such as a PC via a bus. Can do.

  In the configuration of the present invention, even in a configuration in which content is output from a drive loaded with such an information recording medium to a device such as a PC via a bus, secure data transfer is realized and unauthorized use of the content can be prevented. . Hereinafter, details of a reproduction process that involves transferring a content by connecting a drive and a reproduction device including an information processing apparatus such as a PC via a bus will be described.

  Referring to FIG. 12 and subsequent figures, the disc manufacturing entity processing for executing data recording processing on the information recording medium, and the content stored in the information recording medium are read by the drive and transferred to a host such as a PC for executing a playback application for playback. Details of the processing to be performed will be described.

  First, with reference to FIG. 12, the process of the disc manufacturing entity, that is, the process of recording the content on the information recording medium will be described. FIG. 12 shows the disc manufacturing entity 350, the information recording medium 200, the drive 400, and the playback processing device 500 from the left.

  As described above with reference to FIG. 9, the information recording medium 200 includes various information shown in FIG. 5, that is, revocation information (Revocation information AKE) 201 including a revocation list as an unauthorized device list, media Key: RKB 202 as an encryption key block storing Km, disk key: encrypted disk key Kd encrypted with media key: Km: EKm (Kd) 203, ROM mark: Ve204, unit key generation information: Vu205, encryption Stored content 206 is stored.

  It is the disc manufacturing entity 350 that performs these information storage processes. The disc manufacturing entity 350 records revoke information 351 as information received from a management center (not shown) on the information recording medium 200.

  Further, in step S151, an RKB is generated and recorded on the information recording medium 200 as an encryption key block composed of encrypted data that can acquire the media key: Km353 by the decryption process using the device key [Kdev] 352 that has not been revoked. To do. In step S152, an encrypted disk key: EKm (Kd) obtained by encrypting the disk key: Kd354 with the media key: Km is generated and recorded on the information recording medium 200. Further, unit key generation information: Vu 355 and ROM mark: Ve 358 are recorded.

  Further, in step S153, calculation processing of the disc key: Kd354 and the application attribute value corresponding to a legitimate application having the content reproduction right set for each content stored in the information recording medium, specifically, the application ID 357 In step S154, an AES key generation process (see FIG. 10) based on the calculation result and the ROM mark: Ve358 is executed to generate an embedded key: Ke. Note that various kinds of arithmetic processing such as exclusive OR (XOR) performance and hash calculation can be applied to the arithmetic processing in step S153. An example of the arithmetic processing will be described later with reference to FIG.

  In this example, it is assumed that content divided into n units as n playback right categories is stored in the information recording medium, and valid playback applications corresponding to the respective units are application IDs of APPID1 to APPIDn. Shall have. In this case, n embedded keys: Ke1 to Ken are obtained by AES key generation processing (see FIG. 10) of n exclusive OR results of each application ID 1 to n and ROM mark: Ve358 and embedded key: Ke. Generate. However, when one unit stored in the information recording medium is allowed to be reproduced by a plurality of applications, for example, for one unit A, two or more application attribute values, that is, applications A plurality of embedded keys may be generated corresponding to one unit by associating IDs.

  Next, in step S155, n unit keys Ku1 to Kun are generated by AES key generation processing (see FIG. 10) based on each of n embedded keys: Ke1 to Ken and unit key generation information: Vu205. To do. These are unit keys corresponding to each unit recorded on the information recording medium 200.

  Next, in step S156, encryption processing is executed by sequentially applying the unit key (any one of Ku1 to Kun) corresponding to the unit to which the content belongs to the content belonging to each unit, and the information recording medium 200 is encrypted. Recorded as content 206. In the encryption process, encryption is performed in units of blocks of predetermined data units and stored in the information recording medium 200. For example, block encryption in the AES-ECBC mode is performed, and recording is performed in units of 6144-byte sector data composed of 16-byte block encrypted data as described above with reference to FIG.

  In this way, the encrypted content 206 with the unit key generated based on the application ID of the legitimate playback application is recorded on the information recording medium 200.

  Next, processing for reproducing the encrypted content 206 recorded on the information recording medium 200 will be described with reference to FIGS. 12 and 13, it is assumed that the reproduction processing apparatus 500 is executing data processing by an application in which application ID = j as an application attribute value is set. The application with application ID = j is a valid reproduction application corresponding to the unit j including the encrypted content stored in the information recording medium 200. FIG. 12 is a diagram schematically showing only the processing related to the application ID in the processing of the drive 400 and the playback processing apparatus (application) 500, and FIG. 13 shows the overall processing.

  Processing of the drive 400 and the playback processing device (application) 500 will be described with reference to FIG. FIG. 13 shows an information recording medium 200, a drive device 400 that sets the information recording medium 200 and executes data reading from the information recording medium 200, and inputs other data from the drive device 400 through the connection bus. 4 shows processing of a playback processing device 500 such as a PC that is a host device that executes content playback processing in accordance with an application program (application ID = j). Note that the bus connecting the drive device 400 and the reproduction processing device 500 is a connection bus configured by, for example, ATAPI-BUS. A USB or other connection bus may be used.

  As described above, the information recording medium 200 includes revocation information (Revocation info AKE) 201 including a revocation list as an unauthorized device list, an RKB 202 as an encryption key block storing a media key: Km, and a disk key. : Encrypted disk key: EKm (Kd) 203, ROM mark: Ve204, unit key generation information: Vu205, and encrypted content 206 are stored. The encrypted content 206 is content encrypted with the unit key generated by applying the application ID as described above.

  The drive device 400 includes a management center public key [Kp_kic] 401 according to the public key cryptosystem, a drive-compatible private key [Ks_drive] 402 according to the public key cryptosystem, and a drive-compliant public key according to the public key cryptosystem. A public key certificate [Cert_drive] 403 storing a key and a device key [Kdev] 404 are stored.

  On the other hand, the reproduction processing apparatus 500 as a host that executes the content reproduction application includes a management center public key [Kp_kic] 501 according to the public key cryptosystem, and an application secret key [Ks_host] according to the public key cryptosystem corresponding to the application. 502, an application public key certificate [Cert_host] 503 storing a public key according to the public key encryption method corresponding to the application is stored.

  Details of the public key certificate [Cert_drive] 403 corresponding to the drive and the public key certificate [Cert_host] 503 corresponding to the host application will be described with reference to FIG.

  FIG. 14A shows the data configuration of the public key certificate [Cert_drive] corresponding to the drive, and FIG. 14B shows the data configuration of the public key certificate [Cert_host] corresponding to the host application.

  The data structure of the drive-compatible public key certificate [Cert_drive] is the same as that of a conventional public key certificate, and includes a certificate type, a certificate identifier, a public key, and signature data.

  In the public key certificate [Cert_host] corresponding to the host application, in addition to the certificate type, certificate identifier, public key, and signature data, an application ID [AppID] 512 as an application attribute value is set as additional data.

  The application ID [AppID] 512 stored in the public key certificate corresponding to the host application is, for example, 16-bit information, and is identification information of the application in which the public key certificate is set. For example, in the case of a public key certificate set for an HD movie playback application according to a specific codec, an application ID is stored as identification information that can be identified as an HD movie playback application according to a specific codec. If it is a public key certificate set for a specific game playback application, an application ID is stored as identification information that can be identified as a specific game playback application. Since the application ID is a signature target, it is difficult to tamper with it, and only a host application to which a public key certificate is given through mutual authentication can be used.

  This application ID is data corresponding to the application ID 357 (see FIG. 12) as an application attribute value applied to generation of a key applied to content encryption by the disc manufacturing entity 350 described above with reference to FIG. It is.

  Returning to FIG. 13, a processing sequence in which the drive device 400 transfers data such as content acquired from the information recording medium to the reproduction processing device (host) 500 via the connection bus and reproduces the data will be described.

  First, in steps S201 and S301, mutual authentication and key exchange (AKE: Authentication and Key Exchange) processing is executed between the host application of the drive device 400 and the playback processing device (host) 500. A detailed sequence of mutual authentication and key exchange (AKE: Authentication and Key Exchange) processing will be described with reference to FIG. This processing can be executed by applying, for example, mutual authentication using a public key algorithm defined in ISO / IEC 9798-3, or a key generation processing method using a public key algorithm defined in ISO / IEC 11770-3. is there. An example of a method that has been put into practical use as a mutual authentication method using a public key is a method described in DTCP (Digital Transmission Content Protection) Specification Volume 1 (Informational Version).

  The processing sequence shown in FIG. 15 will be described. In step S401, the host application transmits the challenge data [C_host] generated by the random number generation process and the public key certificate [Cert_Host] to the drive. The public key certificate [Cert_Host] is a public key certificate shown in FIG. 14B, and is a public key certificate in which information on security level and application ID is stored.

  Upon receiving this data, the drive side verifies the validity of the public key certificate [Cert_Host] by the signature verification process of the public key certificate [Cert_Host]. The signature verification process is executed by applying the public key [Kp_kic] 401 (see FIG. 13) of the management center held by the drive.

  When the validity of the public key certificate [Cert_Host] is verified, the application ID is acquired from the public key certificate [Cert_Host], and the revocation confirmation is based on the revocation list included in the revocation information 201 acquired from the information recording medium. Execute.

  If the validity of the public key certificate [Cert_Host] is not confirmed, or if it is found that the host application has been revoked based on the application ID, an error message is notified and the process ends. To do. Subsequent content, output, and playback processes are suspended.

  When the validity of the public key certificate [Cert_Host] is confirmed and it is confirmed that the host application is a valid application that has not been revoked, the drive is generated by the random number generation process for the host application in step S402. The challenge data [C_drive] and the public key certificate [Cert_drive] on the drive side are transmitted.

  On the host application side, signature verification of the public key certificate [Cert_drive] on the drive side is executed. The signature verification process is executed by applying the management center public key [Kp_kic] 501 (see FIG. 13) held on the host side.

  If the validity of the public key certificate [Cert_drive] has not been confirmed, an error message notification or the like is executed, and the process ends. Subsequent content, output, and playback processes are suspended.

  When the validity of the public key certificate [Cert_drive] is confirmed, the host application performs an operation based on the challenge data [C_drive] received from the drive, calculates the parameter [A_host], and newly generates a random number Along with [R_host], it is transmitted to the drive (step S403).

  On the other hand, the drive executes a calculation based on the challenge data [C_host] received from the host application, calculates the parameter [A_drive], and transmits it to the host application together with the newly generated random number [R_drive] (step S404).

  By this processing, both the drive and the host application share the random numbers [R_host], [R_drive], parameters [A_host], and [A_drive]. Both the drive and the host application share these shared data. Based on this, a common session key Ks is generated (step S405).

  In step S406, the drive further calculates the hash calculated as data for falsification verification of the concatenated data to the concatenated data: [Kbus ‖ SEQ] with the bus key: Kbus generated based on the random number and the sequence number of the bus key: SEQ. Data obtained by encrypting the value [hash (KbusｈSEQ)] using the session key: Ks: EKs [(Kbus‖SEQ), hash (Kbus‖SEQ)] is transmitted to the host application. In FIG. 13, the processing in step S406 corresponds to the bus key generation processing (Generate_Kbus) in step S206 and the bus key encryption processing (AES_E) using the session key: Ks in step S207.

  The bus key: Kbus is a key used as an encryption key for transfer processing of encrypted content from the drive to the host via the connection bus, and is generated based on a random number in the drive. For example, a random number is generated in the first mutual authentication after detecting the insertion of the disk, and the same value may be used until the disk is ejected or the power is stopped. For example, the bus key may be switched to a different bus key for each mutual authentication. . In each of these mutual authentications, a sequence number corresponding to each bus key transfer is associated for the purpose of preventing the replacement of the bus key.

  Returning to FIG. 13, the processing sequence in which the drive device 400 transfers data such as content acquired from the information recording medium to the playback processing device (host) 500 via the connection bus and continues playback will be continued.

  When the mutual authentication and key exchange (AKE) with the playback processing device (host) 500 is completed, the drive device 400 applies the device key: Kdev 404 held in the drive, and is read from the information recording medium 200 in step S202. The decryption process of the RKB 202 as the encryption key block is executed, and the media key: Km is acquired from the RKB 202. Note that the media key: Km can be acquired from the RKB 202 only for devices that are permitted to use the content, and as described above, the device key of the device revoked as an unauthorized device cannot decrypt the RKB, and the media Key: Km cannot be acquired.

  If acquisition of the media key: Km is successful in step S202, next, decryption of the encrypted disk key: EKm (Kd) 203 acquired from the information recording medium 200 by applying the acquired media key: Km in step S203. The process is executed, and the disk key: Kd is acquired.

  Next, in step S204, the acquired disk key: Kd and the application ID (APPIDj acquired from the public key certificate corresponding to the application acquired from the reproduction processing device (host) 500 in the mutual authentication processing previously executed in step S201. ) And a key generation process based on the calculation result and the ROM mark Ve 204 acquired from the information recording medium 200, for example, a key generation process according to the AES encryption algorithm to execute an application (APPIDj) A corresponding embedded key: Kej is generated. The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  A specific example of the calculation process of the disk key: Kd and application ID (APPIDj) executed in step S204 will be described with reference to FIG. FIG. 16A shows an example of exclusive OR operation, and FIG. 16B shows an example of hash operation processing. In the exclusive OR operation example of FIG. 16A, an exclusive OR operation between the application ID (APPIDj) and the disk key: Kd or an exclusive OR operation processing procedure between the application ID (APPIDj) and the ROM mark: Ve is performed. It is a flowchart to explain. A calculation processing configuration between the application ID (APPIDj) and the ROM mark: Ve will be described later.

In the exclusive OR operation example of FIG. 16 (a), the input value in the case of processing using the disc key is
2-byte application ID (APPIDj)
16-byte disc key: Kd
It is.
In step S451, a 2-byte application ID (APPIDj) byte extension process is executed. For example, as shown in FIG. 16C, eight 2-byte application IDs (APPIDj) are concatenated to generate 16-byte data. Arbitrary data processing can be applied as long as the processing can expand 2 byte data to 16 byte data.

  In step S452, an exclusive OR operation is performed on the extended application ID (APPIDj) and the 16-byte disk key: Kd to obtain an output value (16-byte data).

  FIG. 16B shows an example of hash calculation processing. Also in the hash calculation processing example of FIG. 16B, the hash calculation processing procedure of the application ID (APPIDj) and the disk key: Kd or the application ID (APPIDj) and the ROM mark: Ve is described. . A calculation processing configuration between the application ID (APPIDj) and the ROM mark: Ve will be described later.

In the case of processing using a disk key in the hash calculation processing example of FIG.
2-byte application ID (APPIDj)
16-byte disc key: Kd
It is.
In step S461, a 2-byte application ID (APPIDj) byte extension process is executed. For example, as shown in FIG. 16C, eight 2-byte application IDs (APPIDj) are concatenated to generate 16-byte data. Arbitrary data processing can be applied as long as the processing can expand 2 byte data to 16 byte data.

  Next, in step S462, key generation processing is executed according to the AES encryption algorithm with the extended application ID (APPIDj) and the 16-byte disk key: Kd as inputs, and an output value (16-byte data) is obtained. obtain. The key generation process according to the AES encryption algorithm is the process described above with reference to FIG.

  Returning to FIG. 13, the processing sequence in which the drive device 400 transfers data such as content acquired from the information recording medium to the playback processing device (host) 500 via the connection bus and continues playback will be continued.

  In step S204, based on the disk key: Kd and the application ID (APPIDj), for example, the above-described operation such as exclusive OR or hash operation is executed, and further, the operation result and the ROM acquired from the information recording medium 200 are obtained. A key generation process based on the mark: Ve 204, for example, a key generation process in accordance with the AES encryption algorithm is executed to generate an embedded key: Kej corresponding to the application (APPIDj). Here, the generated embedded key: Kej corresponding to the application (APPIDj) corresponds to the embedded key: Ke generating step in the disc manufacturing entity 350 described with reference to FIG. 12, that is, the embedded key generated in step S154. .

  If the application ID used by the disc manufacturing entity 350 in the embedded key generation step in step S154 is APPIDj, the drive 400 in FIG. 13 uses the application-compatible public key certificate acquired from the playback processing device (host) 500. The embedded key corresponding to the application (APPIDj) generated based on the acquired application ID (APPIDj): Kej matches the embedded key used in the disk manufacturing entity 350, but the application ID used by the disk manufacturing entity 350 is APPIDj. If not, the embedded key corresponding to the application (APPIDj) generated by the drive: Kej is the disk manufacturing entity 35. But the Embedded keys that do not apply to the content encryption.

  In step S205, the drive encrypts the embedded key: Kej with the session key: Ks generated in the previous mutual authentication and key exchange process (AKE) and transmits the encrypted key to the reproduction processing apparatus (host) 500 via the connection bus. To do.

  The processing in step S206 and step S207 corresponds to the processing in step S406 of the mutual authentication and key exchange processing (AKE) described above with reference to FIG. 15, and generates a bus key: Kbus based on a random number (step S206), and data generated by encrypting the data including the session key: Ks and the bus key: Kbus (step S207) is transmitted to the reproduction processing apparatus (host) 500 via the connection bus. As described above with reference to FIG. 15, the transmission data includes the bus key: Kbus generated based on the random number and the sequence number of the bus key: SEQ: [Kbus］ SEQ], Data obtained by encrypting a hash value [hash (Kbus‖SEQ)] calculated as falsification verification data using a session key: Ks: EKs [(Kbus‖SEQ), hash (Kbus‖SEQ)].

  Further, in step S208, the drive apparatus 400 reproduces the output control information included in the user control data (UCD) of the encrypted content 206 read from the information recording medium 200 and the mutual authentication and key exchange process (AKE) process. Output control based on the storage data of the public key certificate of the playback processing device (host) acquired from the processing device (host) 500 is executed. In step S209, the encrypted content 206 is changed to the bus key: Kbus according to the control mode. The generated encrypted data is output to the reproduction processing apparatus (host) 500 via the connection bus.

  The encrypted content 350 read from the information recording medium 200 is, for example, encrypted data that has been scrambled, and the drive re-encrypts the scrambled data using the bus key: Kbus and outputs it to the host side. To do. By executing data output by re-encryption processing using this bus key: Kbus, only the host-side authenticated application that holds the bus key: Kbus can decrypt using the bus key: Kbus. Thus, the encrypted content 350 can be acquired by the decryption process.

  That is, as described above with reference to FIG. 4, content detour acquisition by switching applications on the PC (host) side that inputs content and wire transfer data on the connection bus between the drive and the host are wiretapped. Even if content acquisition is performed, the acquired content is data encrypted by the bus key: Kbus, and the bus key: Kbus is held only by a specific application that has been authenticated with the drive. Yes, the input content cannot be decrypted unless the specific application is applied. Only the CSS scramble cancellation program cannot execute decryption of data encrypted by the bus key: Kbus, and it is possible to prevent unauthorized use of content.

  An encryption processing mode of the encrypted content 206 to which the bus key: Kbus is applied will be described with reference to FIG. The encryption process of the encrypted content 206 to which the bus key: Kbus is applied is executed by a block encryption process to which the AES-CBC mode is applied, for example, as shown in FIG.

  The drive device 400 executes processing for encrypting encrypted content read from the information recording medium 200 in units of a predetermined data block (16 bytes) by applying the bus key: Kbus generated in the drive.

  First, the first 16-byte data is acquired from 2048-byte sector data 550 that is the configuration data of the encrypted content read from the information recording medium 200, and the exclusive OR (XOR) result with the initial value: IVb is obtained as the AES cipher. The data is input to the processing unit [AES_E] 551 and encryption processing according to the AES encryption algorithm to which the bus key: Kbus is applied is executed to generate encrypted data of 16-byte block data. Initial value: IVb is a preset constant. The IVb may be acquired from user control data (UCD) corresponding to the sector data 550, for example.

  Further, this generated data is applied as an input value applied to encryption of the next block. Thereafter, exclusive OR (XOR) and AES encryption processing is repeatedly executed for each 16-byte block data to generate encrypted sector data 552 using a bus key, and this data is transferred to a connection bus such as ATAPI-BUS. To the application on the reproduction processing apparatus (host) 500 side. The playback application on the playback processing device (host) 500 side decrypts the input encrypted data and performs playback processing.

  Returning to FIG. 13, the processing sequence executed by the playback application on the playback processing apparatus (host) 500 side will be described. The playback application of the playback processing device (host) 500 first executes mutual authentication and key exchange (AKE) with the drive device 400 in step S301 as described above, and acquires a session key: Ks.

  Next, in step S302, for the session key input from the drive via the connection bus: the application key embedded in the application ID = j encrypted by Ks: Kej, ie, [EKs (Kej)] The decryption process using the key: Ks is executed to obtain the application-compatible embedded key: Kej. In the key exchange (AKE), since the application ID stored in the public key certificate is confirmed not to be falsified by the signature confirmation of the public key certificate, only an appropriate reproduction application sets the application-compatible embedded key: Kej. Can be acquired.

  Furthermore, in step S303, AES key generation processing (see FIG. 10) in which the application-compatible embedded key: Kej is applied to the unit key generation information: Vu input from the drive via the connection bus is executed, and the application-compatible unit key is executed. : Generate Kuj.

  The application-corresponding unit key: Kuj generated here corresponds to the unit key: Ku generating step in the disc manufacturing entity 350 described with reference to FIG. 12, that is, the unit key generated in step S155.

  When the disk manufacturing entity 350 uses the embedded key Ke used in the unit key generation step in step S155 to which application ID = APPIDj is applied, the host application in FIG. 13 generates the application corresponding unit generated in step S303. Key: The same as Kuj, and this unit key enables content decryption in step S307. However, if the disc manufacturing entity 350 does not apply the application ID = APPIDj used in the unit key generation step in step S155, the host application in FIG. 13 corresponds to the application generated in step S303. The unit key: Kuj is different from the unit key applied to the encryption process of the encrypted content stored in the information recording medium 200, and the content decryption in step S307 becomes impossible.

  The description of application processing on the playback processing apparatus (host) 500 side will be continued. In step S304, the application on the playback processing apparatus (host) 500 side performs a session with respect to the session key: Kbus encrypted with the session key: Ks input from the drive via the connection bus, that is, [EKs (Kbus)]. The decryption process using the key: Ks is executed to obtain the bus key: Kbus.

  As described above with reference to FIG. 15, the data including the bus key: Kbus transmitted from the drive includes the bus key: Kbus and the concatenated data with the sequence number of the bus key: SEQ: [Kbus‖SEQ]. Data obtained by encrypting the hash value [hash (KbusＫSEQ)] calculated as falsification verification data of the concatenated data using the session key: Ks: EKs [(Kbus‖SEQ), hash (Kbus‖SEQ) ].

  In step S304, the application of the playback processing device (host) 500 decrypts the data: EKs [(Kbus‖SEQ), hash (Kbus‖SEQ)] with the session key: Ks, and the bus key: Kbus and the sequence number of the bus key: Concatenated data with SEQ: [Kbus‖SEQ] and a hash value [hash (Kbus‖SEQ)] calculated as falsification verification data of the connected data are acquired.

  Next, in step S305, a hash value of the concatenated data: [Kbus‖SEQ] is calculated, and the hash value [hash (KbusｂSEQ)] included in the input data from the drive is compared. If the two hash values match, it is determined that the concatenated data: [Kbus‖SEQ] has not been tampered with, and the content decryption process using the bus key: Kbus in step S306 is followed.

  In step S306, decryption processing of the encrypted content re-encrypted with the bus key: Kbus input from the drive device 400 is executed.

  Details of the decryption processing of the encrypted content re-encrypted by the bus key: Kbus will be described with reference to FIG. The decryption process of the encrypted content to which the bus key: Kbus is applied is executed by a block decryption process to which the AES-CBC mode is applied, for example, as shown in FIG.

  The application of the playback processing device (host) 500 applies the bus key: Kbus input from the drive to the encrypted content input from the drive device 400 via the connection bus, and in a predetermined data block unit (16 bytes). A process of decoding is executed.

  First, the first 16-byte data is acquired from the 2048-byte sector data 370 that is the configuration data of the encrypted content input from the drive device 400 via the connection bus, is input to the AES decryption processing unit [AES_D] 371, and the bus key : A decryption process according to the AES encryption algorithm to which Kbus is applied is executed, and an exclusive OR (XOR) operation with the initial value: IVb is executed to obtain a decryption result. Initial value: IVb is a preset constant. The IVb may be acquired from user control data (UCD) corresponding to the sector data 370, for example.

  Further, the decoding result data in units of 16 bytes is applied as an input value applied to the decoding process for the next block. Thereafter, the AES decryption process and exclusive OR (XOR) are repeatedly executed for each 16-byte block data in the same manner, and the sector data decrypted by the bus key, that is, the data state stored in the information recording medium 200 As a result, encrypted (scrambled) sector data 372 is obtained.

  Further, the host application of the playback processing apparatus (host) 500 applies the unit key: Kuj corresponding to the application in step S307 shown in FIG. 13 to encrypt the encrypted content as the data state stored in the information recording medium 200. Perform decryption processing.

  This decoding process will be described with reference to FIG. The encrypted content is encrypted in block units of predetermined data units and stored in the information recording medium 200. As shown in FIG. 19, for example, 6144-byte sector data is encrypted for each 16-byte block.

  The procedure of the decoding process will be described. First, the first 16-byte data is acquired from 6144-byte sector data, and the AES key generation processing block [AES_G] 581 executes key generation processing according to the AES encryption algorithm. This executes the AES key generation process described above with reference to FIG. 10 using the application-compatible unit key Kuj as an input key and the leading 16-byte data as an input value. The output of the AES key generation processing block 321 is a block key: Kb, and the decryption processing of the next 16-byte data is executed in the AES decryption processing block [AES_D] 582 by applying this block key: Kb.

  In the AES decryption processing block [AES_D] 582, an exclusive OR (XOR) result between the second 16-byte data of the sector data and the initial value: IVa is input, and an AES encryption algorithm using the block key: Kb is applied. The decoding process is executed to obtain the decoded data of 16-byte block data, and the input value is applied to the decoding of the next block. Thereafter, it is possible to obtain decoded sector data 323 by repeatedly executing the same processing. The initial value IVa is a preset constant. IVa may be set as a value that can be acquired from user control data or user data corresponding to sector data, for example.

  In step S105 of FIG. 9, the unit key: Ku is applied as described above, the block-unit decryption process is executed, and the content 520 composed of the decrypted sector data 583 is output.

  Through the above processing, the host application of the playback processing apparatus (host) 500 acquires the decrypted content 520, performs output processing on an output unit such as a speaker and a display, and executes content playback.

  As described above, in the configuration of the present invention, a key (embedded key) to which ID information of a legitimate application having the right to reproduce recorded content is applied as key generation information applied to encryption of content recorded on the information recording medium. When the content is output from the drive to the host application, the application ID acquired from the public key certificate acquired by the drive from the host application is applied, and the same calculation and encryption processing as executed when recording the content are performed. Since it is configured to generate and provide a key (embedded key) to be applied to the decryption of the content and provide it to the host application, the application ID applied at the time of recording the content and being executed on the host (playback processing device) side The ID of the application matches Only if, it is possible to successfully decode the content, content decryption by the application with a different ID becomes impossible, thereby preventing the content use by unauthorized application.

  Next, with reference to FIG. 20 and FIG. 21, the processing sequence of each of the drive and the host in the content reproduction processing will be described. First, a sequence for controlling content output from the drive to the host will be described with reference to FIG.

  Each step of the flow of FIG. 20 will be described. First, in step S511, insertion of an information recording medium (disc) into the drive is detected, and in step S512, activation of a host application that executes content reproduction processing on the host connected to the bus is detected. If these are detected, the process proceeds to step S513, waits for a mutual authentication request from the host side, and receives the mutual authentication request. In step S514, mutual authentication and key exchange (in accordance with the public key cryptosystem) AKE) process is executed. At this point, the drive receives a public key certificate (see FIG. 14B) in which the application ID is registered from the host application.

  When it is confirmed in step S515 that the mutual authentication and key exchange (AKE) processing is completed, the process proceeds to step S516, and the drive registers the public key certificate registered with the application ID received from the host application (FIG. 14B). The embedded key [Kej] corresponding to the application is generated by calculation and encryption processing to which the application ID is applied. This process corresponds to the process of step S204 in FIG.

  In step S517, when a transfer request for the application-compatible embedded key [Kej] is received from the host application side, in step S518, the application-compatible embedded key [Kej] is encrypted with the session key: Ks and transmitted. This process corresponds to the process in step S205 of FIG.

  Next, in step S519, the drive determines whether or not to generate the first bus key: Kbus after inserting the disc. If the first bus key: Kbus is generated, the drive determines in step S520 that the bus key: Kbus: Generation processing of a random number R corresponding to Kb is executed, and this generated random number R is set as a bus key: Kb. This process corresponds to the process of step S206 in FIG. The bus key: Kb is associated with a sequence number to prevent the bus key from being replaced.

  When a bus key transfer request is received from the host side in step S521, the bus key: Kb is transferred to the host side in step S522. This process corresponds to the process of step S207 in FIG. This bus key transfer is a process corresponding to the final step S406 of the mutual authentication and key exchange (AKE) process of FIG. 15, and the drive is connected to the bus key: Kbus and the bus key sequence number: SEQ: [Kbus. ‖SEQ] and data obtained by encrypting the hash value [hash (Kbus と し て SEQ)] calculated as falsification verification data of this concatenated data using the session key: Ks: EKs [(Kbus‖SEQ), hash ( Kbus‖SEQ)] is generated and transmitted to the host side.

  Next, in step S523, it is confirmed that there is no new mutual authentication request. In step S524, it is confirmed that the information recording medium is not ejected. In step S525, a content acquisition request on the host side is displayed. That is, it waits until a sector data read request is made.

  If there is a new mutual authentication request in step S523, the process returns to step S514 to execute mutual authentication and key exchange (AKE) processing, and generate a new session key and transmit a bus key. The bus key generated at this time is the bus key with the sequence number: 2, and is the same as the previously generated bus key (sequence number 1).

  If it is determined in step S524 that the disk has been ejected from the drive, the process returns to step S511, the initial state is set, and all data such as the generated bus key and session key are reset, that is, erased.

  In step S525, when there is a sector data read request from the host side, in step S522, the drive reads output control information from the sector header (user control data) corresponding to the sector data to be read, and [Bus protection flag: BPF] is determined. This process corresponds to the process of step S208 in FIG.

Bus protection flag: BPF, as described above with reference to FIG.
BPF = 1: Output is limited, bus encryption is present,
BPF = 0: No output limit,
Setting information.

  If it is determined in step S526 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [1], the process proceeds to step S527. The sector data read from the information recording medium is encrypted with the bus key: Kbus and output to the host side in step S528. Note that the sector data encryption processing in step S527 is executed, for example, as encryption processing using the AES-CBC mode described above with reference to FIG.

  If it is determined in step S522 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [0], step S527 is skipped. In step S528, the content read from the information recording medium is directly output to the host without executing the encryption process using the bus key: Kbus of the sector data read from the information recording medium. The read content is, for example, a playlist or file system information.

  In this way, the drive acquires the application ID from the public key certificate received from the application at the time of mutual authentication with the host application, and the application-compatible embedded key: Kej is obtained by the calculation and encryption processing to which the application ID is applied. Execute the process to output for. Further, the drive uses a bus key based on whether the BPF is [0] or [1] in the output control information of the sector header (user control data) corresponding to the sector data to be read from the information recording medium. The necessity of encryption is determined, and if the data requires encryption using a bus key, the output content is encrypted using the bus key and output.

  Next, processing on the host side will be described with reference to FIG. In step S551, the playback application is activated, and in step S552, when a notification that the disc has been inserted into the drive is received, mutual authentication with the drive and session key sharing processing are executed in step S553.

  In the mutual authentication in step S553, an application-compatible public key certificate (see FIG. 14B) storing the application ID is provided to the drive. In step S554, when it is confirmed that the mutual authentication and key exchange (AKE) process is completed, the process proceeds to step S555, and the host requests the application-compatible embedded key: Kej from the drive. Application-compatible embedded key: Kej is driven by an operation based on application ID = j, disk key: Kd, and ROM mark: Ve acquired from the information recording medium, and key generation processing, for example, key generation processing according to the AES encryption algorithm The key is generated by (1), encrypted by the session key Ks, and transmitted to the host.

  When the encrypted application-compatible embedded key: Kej is received from the drive in step S556, decryption is executed by applying the session key Ks in step S557, and the application-compatible embedded key: Kej is obtained. Further, in step S558, the host requests the drive to transfer unit key generation information: Vu, which is a recording seed (REC SEED) as information necessary for generating a key to be applied to the decryption process of the encrypted content. When the unit key generation information: Vu is received in S559, the application compatible unit key: Kuj is generated based on the application compatible embedded key: Kej and the unit key generation information: Vu in step S560. This process corresponds to the process of step S303 in FIG.

  Next, in step S561, the host outputs a bus key: Kbus transmission request to the drive. In step S562, the host acquires the bus key: Kbus encrypted by the session key: Ks input via the connection bus. Then, the decryption process applying the session key: Ks is executed to obtain the bus key: Kbus. This process corresponds to the process in step S305 in FIG.

  Next, when it is determined that reading of sector data is to be performed according to a user instruction or the like after confirming that the playback software of the PC has not been completed (S564) and the disk is not ejected (S565) (S566: Yes) ) Outputs a sector data transfer request to the drive in step S567.

  When sector data is received from the drive (S568) and the data is encrypted data (S569: Yes), decryption processing of the encrypted content encrypted by the bus key: Kbus is executed in step S570.

  The decryption process of the encrypted content encrypted with the bus key: Kbus is executed by, for example, a block decryption process using the AES-CBC mode as described above with reference to FIG.

  Further, in step S571, the host executes the decryption process of the encrypted content by applying the application corresponding unit key: Kuj. This decoding process is executed as the process described above with reference to FIG. Through the above processing, the host application (application ID = j) having a valid content usage right can acquire the decrypted content and execute the content reproduction.

  As described above, according to the configuration of the present invention, the application ID of the application having a valid content usage right is applied as the key generation information applied to the encryption of the content stored in the information recording medium. When transferring content to the host application, the drive acquires an application ID from the public key certificate received from the application at the time of mutual authentication, and generates an embedded key: Kej corresponding to the application by calculation and encryption processing using the application ID. Thus, only the application having a valid content usage right can acquire the correct embedded key: Kej, and the content can be used.

  The public key certificate provided to the drive by an application other than the legitimate application stores a different application ID, and the embedded key generated by applying this ID is different from the embedded key applied when content is recorded on the disc. As a result, the content cannot be decrypted, and unauthorized use of the content is prevented.

[3. Other Examples]
Next, another embodiment of the present invention will be described with reference to FIG. FIG. 22 is a diagram for explaining the configuration and processing of the disc manufacturing entity 350, the information recording medium 200, the drive 400, and the playback processing apparatus (host application) 500, as in FIG.

  A difference from the processing of FIG. 12 is a generation process of an application-compatible embedded key: Kej by calculation using the application ID 357 in the disk manufacturing entity 350 and encryption processing.

  In the embodiment of FIG. 22, the disc manufacturing entity 350, in step S171, includes an application ID 357 (AppID1 to n) corresponding to a legitimate application having a content reproduction right set for each content stored in the information recording medium, Arithmetic processing with the ROM mark: Ve 358, for example, various operations such as exclusive OR operation and hash operation described with reference to FIG. 16 are executed. In step S 172, AES based on the operation result and the disk key: Kd 354 A key generation process (see FIG. 10) is executed to generate application-compatible embedded keys: Ke1 to Ken. Note that the operation in step S153 is not limited to exclusive OR operation or hash operation, and other operation processing may be applied.

  Hereinafter, generation of application-compatible embedded keys: Ku1-Kun based on application-compatible embedded keys: Ku1-Kun in step S155, content encryption processing using unit keys in step S156, and recording of encrypted content are the same as the processing in FIG. It is.

  Further, the generation processing of the application-compatible embedded key: Kej to which the application ID is applied in the drive 400 is different from the processing configuration of FIG. 12 in that the same processing as the disc manufacturing entity processing described above is executed in step S204. ing.

  In step S204, the drive 400 performs an application ID (APPIDj) acquired from the public key certificate corresponding to the application acquired from the reproduction processing apparatus (host) 500 and the ROM mark read from the information recording medium 200 in the mutual authentication process: Ve204. For example, various operations such as an exclusive OR operation and a hash operation described with reference to FIG. 16 are executed, and the operation result and the encrypted disk key [Em (Kd) obtained from the information recording medium 200 are processed. ], A key generation process based on the disk key: Kd acquired by the decryption process (S203), for example, a key generation process according to the AES encryption algorithm is executed to generate an embedded key: Kej corresponding to the application (APPIDj). The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  Here, the generated embedded key: Kej corresponding to the application (APPIDj) corresponds to the embedded key generated in the disk manufacturing entity 350 in the Ke generating process.

  An application (APPIDj) compatible embedded key: Kej generated by the drive 400 based on an application ID (APPIDj) acquired from an application compatible public key certificate acquired from the playback processing device (host) 500 is stored in the disk manufacturing entity 350. Only when the application ID used in the generation of the embedded key is APPIDj, the playback processing apparatus that matches the embedded key: Ke generated by the disc manufacturing entity 350 and receives the application (APPIDj) -compatible embedded key: Kej from the drive 400 The 500 applications include an application (APPIDj) corresponding to an application (APPIDj) that is applied to decrypting content based on Kej. Dj) corresponding unit key: kuj can generate an application (APPIDj) corresponding unit key: kuj successful content decoded in the applied decoding process (step S307).

  If the application ID used in the generation of the embedded key is not APPIDj, the disk manufacturing entity 350 applies the application (APPIDj) -compatible embedded key generated by the drive: Kej-based unit key: Kuj. Even if the decryption process (step S307) is executed, the content decryption is not successful and the content cannot be used. In this way, only a legitimate content use application can successfully decrypt the content and use the content.

  Next, referring to FIG. 23 and FIG. 24, a value corresponding to one-to-one and an application ID corresponding value are set in the application ID instead of the application ID itself, and the application and the encryption process are performed by applying the application ID corresponding value. A processing configuration for generating a corresponding embedded key will be described.

  FIG. 23 is a diagram corresponding to the configuration of FIG. 12 described above, and is a diagram for explaining the configuration and processing of the disc manufacturing entity 350, the information recording medium 200, the drive 400, and the playback processing apparatus (host application) 500. .

  12 is different from the process of FIG. 12 in that in the disk manufacturing entity 350, a value corresponding to the application ID, not the application ID itself, and a value corresponding to the application ID: Vaid1 to Vaidn are set as application attribute values. : Calculation based on Vaid1 to Vaidn and encryption processing are executed to generate an application-compatible embedded key: Kej.

  As the application ID corresponding value data 359, for example, the disk manufacturing entity 350 or the content management center generates values corresponding to the application IDs: Valid1 to Vaidn, and applies them. In step S181, the disc manufacturing entity 350 determines the disc ID: Kd354 and the application ID corresponding to the application ID corresponding to the legitimate application having the content reproduction right set for each content stored in the information recording medium. Corresponding value: arithmetic processing with Vaid1 to Vaidn, for example, various arithmetic operations such as exclusive OR operation and hash operation described with reference to FIG. 16 are executed, and in step S182, the arithmetic result and the ROM mark: Ve358 are Based on the AES key generation process (see FIG. 10), application-compatible embedded keys: Ke1 to Ken are generated. Note that the operation in step S181 is not limited to exclusive OR operation or hash operation, and other operation processing may be applied.

  In the following step S155, application-compatible embedded keys: generation of application-compatible unit keys: Ku1-Kun based on Ke1 to Ken, content encryption processing using unit keys and recording of encrypted content in step S156 are the same as the processing of FIG. It is.

  The disc manufacturing entity 350 further stores application ID correspondence value data 359, that is, application ID correspondence value data 359 including a correspondence table between each application ID and application ID correspondence value in the information recording medium 200.

  Next, processing of the drive 400 will be described. In step S204a, the drive 400 first searches the application ID corresponding value data 207 read from the information recording medium 200 based on the application ID acquired from the public key certificate received from the reproduction processing apparatus (host application) 500. Then, an application ID corresponding value corresponding to the application ID of the reproduction processing apparatus (host application) 500 is extracted.

  If the application ID corresponding value corresponding to the application ID of the reproduction processing device (host application) 500 is not found in the search processing in step S204a, the application of the reproduction processing device (host application) 500 is authorized to use the content. The drive 400 determines that the application is not a valid application, and outputs an error message to the host 500.

  Only when an application ID corresponding value corresponding to the application ID of the playback processing device (host application) 500 is found in the search processing in step S204a, the process proceeds to the generation processing of the application corresponding embedded key: Kej in step S204b.

  In step S204b, the application key corresponds to the application ID of the reproduction processing apparatus (host application) 500 extracted by searching the disk key: Kd acquired in step S203 and the application ID corresponding value data 207 read from the information recording medium 200. Value: Calculation processing with Vaidj, for example, various operations such as exclusive OR operation and hash calculation described with reference to FIG. 16 are executed, and the calculation result and ROM mark: Ve 204 acquired from the information recording medium 200 are A key generation process based on, for example, a key generation process according to the AES encryption algorithm is executed to generate an embedded key: Kej corresponding to the application (APPIDj). The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  The following process is the same as the process described in FIG. In this processing example, the drive can know in advance whether or not the host application is a valid application by the search process in step S204a. If the host application is not a valid application, the drive executes an embedded key generation process corresponding to the application. It is possible to end the processing without doing this. Also, by canceling the processing at this point, there is no need to execute encrypted content reading, bus key generation processing, content transfer processing, etc., and there is a possibility of content leakage due to content reading processing or transfer Can be reduced, and safety can be further improved.

  FIG. 24 is a processing configuration in which values corresponding to one-to-one and application IDs corresponding to application IDs: Valid1 to Vaidn are applied to application IDs instead of application IDs, as in FIG. It is the structure corresponding to the process of FIG. 22 which demonstrated the production | generation process of the embedded key by the calculated | required calculation and encryption process previously.

  In the embodiment of FIG. 24, the disc manufacturing entity 350, in step S191, corresponds to the application ID corresponding to the legitimate application having the content reproduction right set for each content stored in the information recording medium: Vaid1 to n. And the ROM mark: Ve358, for example, various operations such as exclusive OR operation and hash operation described with reference to FIG. 16 are executed. In step S192, the operation result and the disk key: Kd354 are An AES key generation process (see FIG. 10) is executed to generate embedded keys corresponding to applications: Ke1 to Ken. Note that the calculation in step S191 is not limited to exclusive OR calculation or hash calculation, and other calculation processing may be applied.

  Hereinafter, generation of application-compatible embedded keys: Ku1 to Kun based on application-specific embedded keys: Ke1 to Ken in step S155, content encryption processing using unit keys in step S156, and recording of encrypted content are the same as the processing in FIG. It is.

  The disc manufacturing entity 350 further stores application ID correspondence value data 359, that is, application ID correspondence value data 359 including a correspondence table between each application ID and application ID correspondence value in the information recording medium 200.

  In the generation process of the application-compatible embedded key: Kej to which the application ID-compatible value is applied in the drive 400, first, based on the application ID acquired from the public key certificate received from the playback processing apparatus (host application) 500 in step S204a. Then, the application ID corresponding value data 207 read from the information recording medium 200 is searched, and the application ID corresponding value corresponding to the application ID of the reproduction processing apparatus (host application) 500 is extracted.

  If the application ID corresponding value corresponding to the application ID of the reproduction processing device (host application) 500 is not found in the search processing in step S204a, the application of the reproduction processing device (host application) 500 is authorized to use the content. The drive 400 determines that the application is not a valid application, and outputs an error message to the host 500.

  Only when an application ID corresponding value corresponding to the application ID of the playback processing device (host application) 500 is found in the search processing in step S204a, the process proceeds to the generation processing of the application corresponding embedded key: Kej in step S204b.

  In step S204b, the drive 400 reads from the information recording medium 200 the application ID corresponding value: Vaidj corresponding to the application ID of the reproduction processing apparatus (host application) 500 extracted from the application ID corresponding value data 207 of the information recording medium 200. ROM mark: Performs arithmetic processing with Ve 204, for example, various arithmetic operations such as exclusive OR operation and hash operation described with reference to FIG. 16, and the operation result and the encrypted disk key [ Em (Kd)] key generation process based on the disk key: Kd acquired by the decryption process (S203), for example, a key generation process according to the AES encryption algorithm is executed, and an embedded key: Kej corresponding to the application (APPIDj) is obtained. Generate . The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  Here, the generated embedded key: Kej corresponding to the application (APPIDj) corresponds to the embedded key generated in the disk manufacturing entity 350 in the Ke generating process.

  The following process is the same as the process described in FIG. In this processing example, as in the configuration of FIG. 23, the drive can know in advance whether or not the host application is a valid application by the search processing in step S204a. The processing can be terminated without executing the embedded key generation processing. Also, by canceling the processing at this point, there is no need to execute encrypted content reading, bus key generation processing, content transfer processing, etc., and there is a possibility of content leakage due to content reading processing or transfer Can be reduced, and safety can be further improved.

  Next, with reference to FIG. 25 to FIG. 28, the processing of the drive and the reproduction processing as the host when the application ID corresponding values: Vaid 1 to Vaidn described with reference to FIG. 23 and FIG. 24 are applied to the generation of the embedded key Details of the processing of the apparatus will be described.

  First, details of the drive processing will be described with reference to FIGS. First, in step S611, insertion of an information recording medium (disc) into the drive is detected, and in step S612, activation of a host application that executes content reproduction processing on the host connected to the bus is detected. If these are detected, the process proceeds to step S613, waits for a mutual authentication request from the host side, and receives the mutual authentication request. In step S614, mutual authentication and key exchange (in accordance with the public key cryptosystem) AKE) process is executed. At this point, the drive receives a public key certificate (see FIG. 14B) in which the application ID is registered from the host application.

  When the completion of mutual authentication and key exchange (AKE) processing is confirmed in step S615, the process proceeds to step S616, and the drive executes search processing for application ID corresponding value data read from the information recording medium, and from the host application. An application ID corresponding value corresponding to the application ID extracted from the received public key certificate (see FIG. 14B) is extracted.

  In step S617, when a transfer request for the application-compatible embedded key [Kej] is received from the host application side, in step S618, it is determined whether or not the search of the application ID corresponding value data read from the information recording medium has been successful. If the application fails, that is, if the application ID correspondence value corresponding to the application ID extracted from the public key certificate received from the host application (see FIG. 14B) is not found, the application is not a valid application. The process proceeds to step S624, and an error message is transferred to the host.

  Further, in step S625, if there is a request for mutual authentication again due to, for example, application switching, the processing subsequent to the mutual authentication processing in step S614 and subsequent steps is executed again. Further, if the disc is ejected in step S626, the process returns to the initial state in step S611.

  On the other hand, if the application ID corresponding value data read from the information recording medium is successfully retrieved in step S618, the process proceeds to step S619, and the drive applies the corresponding value: Vaidj corresponding to the application ID received from the host application. An embedded key [Kej] corresponding to an application is generated by calculation and encryption processing, encrypted with a session key: Ks, and transmitted.

  Next, in step S620, the drive determines whether or not to generate the first bus key: Kbus after inserting the disc. If the first bus key: Kbus is generated, the drive determines in step S621 that the bus key: Generation processing of a random number R corresponding to Kb is executed, and this generated random number R is set as a bus key: Kb.

  When a bus key transfer request is received from the host side in step S622, the bus key: Kb is transferred to the host side in step S623. The bus key transfer is a process corresponding to the final step S406 of the mutual authentication and key exchange (AKE) process of FIG. 15, and the drive is connected to the bus key: Kbus and the sequence number: SEQ of the bus key: [Kbus. ‖SEQ] and the hash value [hash (Kbus‖SEQ)] calculated as falsification verification data of this concatenated data are encrypted using the session key: Ks: EKs [(Kbus‖SEQ), hash ( Kbus‖SEQ)] is generated and transmitted to the host side.

  Next, in step S631 shown in FIG. 26, it is confirmed that there is no new mutual authentication request. In step S632, it is confirmed that the information recording medium is not ejected. In step S633, content acquisition on the host side is performed. Wait until a request, that is, a sector data read request is made.

  If there is a new mutual authentication request in step S631, the flow returns to step S614 to execute mutual authentication and key exchange (AKE) processing, and generate a new session key and transmit a bus key. The bus key generated at this time is the bus key with the sequence number: 2, and is the same as the previously generated bus key (sequence number 1).

  If it is determined in step S632 that the disk has been ejected from the drive, the process returns to step S611 to set the initial state, and all data such as the generated bus key and session key are reset, that is, erased.

  In step S633, when there is a sector data read request from the host side, in step S634, the drive reads the output control information from the sector header (user control data) corresponding to the sector data to be read, and the [bus protection flag: BPF] is determined.

Bus protection flag: BPF, as described above with reference to FIG.
BPF = 1: Output is limited, bus encryption is present,
BPF = 0: No output limit,
Setting information.

  If it is determined in step S634 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [1], the process proceeds to step S635. The sector data read from the information recording medium is encrypted with the bus key: Kbus, and is output to the host in step S636. The sector data encryption process in step S635 is executed as an encryption process to which the AES-CBC mode described above with reference to FIG. 17 is applied, for example.

  If it is determined in step S634 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [0], step S635 is skipped. In step S636, the content read from the information recording medium is directly output to the host without executing the encryption process using the bus key: Kbus of the sector data read from the information recording medium. The read content is, for example, a playlist or file system information.

  In this way, the drive acquires the application ID from the public key certificate received from the application at the time of mutual authentication with the host application, and the application-compatible embedded key: Kej is obtained by the calculation and encryption processing to which the application ID is applied. Execute the process to output for Further, the drive uses a bus key based on whether the BPF is [0] or [1] in the output control information of the sector header (user control data) corresponding to the sector data to be read from the information recording medium. The necessity of encryption is determined, and if the data requires encryption using a bus key, the output content is encrypted using the bus key and output.

  Next, processing on the host side will be described with reference to FIGS. In step S651, the playback application is activated, and when a notification that a disc has been inserted into the drive is received in step S652, mutual authentication with the drive and session key sharing processing are executed in step S653.

  In the mutual authentication in step S653, an application-compatible public key certificate (see FIG. 14B) storing the application ID is provided to the drive. If it is confirmed in step S654 that the mutual authentication and key exchange (AKE) processing is completed, the process proceeds to step S655, and the host requests the application-compatible embedded key: Kej from the drive. An application-compatible embedded key: Kej is an application ID-corresponding value: Vaidj, a disk key: Kd, and a calculation and key generation process based on a ROM mark: Ve acquired from an information recording medium, for example, a key generation process according to an AES encryption algorithm Generated by the drive, encrypted with the session key Ks, and transmitted to the host.

  In step S656, it is determined whether or not the encrypted application-compatible embedded key: Kej has been successfully received from the drive. If the application-compatible embedded key: Kej cannot be acquired, it is determined whether or not an error message is acquired in step S657. If the error message is acquired, it is determined that the application is not authorized to use the content. Then, the process proceeds to step S679 shown in FIG. 28, and returns to the initial state after the application ends, or the disk is ejected in step S680, and the process returns to step S652.

  In step S656, if the encrypted application-compatible embedded key: Kej is successfully received from the drive, the process proceeds to step S658 to execute decryption by applying the session key Ks to obtain the application-compatible embedded key: Kej. .

  Next, in step S659, the host requests the drive to transfer unit key generation information: Vu which is a recording seed (REC SEED) as information necessary for generating a key to be applied to the decryption process of the encrypted content. When the unit key generation information: Vu is received in step S660, an application compatible unit key: Kuj is generated based on the application compatible embedded key: Kej and the unit key generation information: Vu in step S661.

  Next, in step S662, the host outputs a bus key: Kbus transmission request to the drive. In step S663, the host acquires the bus key: Kbus encrypted by the session key: Ks input via the connection bus. Then, the decryption process applying the session key: Ks is executed to obtain the bus key: Kbus.

  Next, in step S671 in FIG. 28, after confirming that the PC playback software has not been completed and the disc is not ejected (S672), it is determined that the sector data is to be read according to a user instruction or the like. (S673: Yes) outputs a sector data transfer request to the drive in step S674.

  When sector data is received from the drive (S675: Yes) and the data is encrypted data (S676: Yes), decryption processing of the encrypted content encrypted by the bus key: Kbus is executed in step S677.

  The decryption process of the encrypted content encrypted with the bus key: Kbus is executed by, for example, a block decryption process using the AES-CBC mode as described above with reference to FIG.

  Further, in step S678, the host executes the decryption process of the encrypted content by applying the application corresponding unit key: Kuj. This decoding process is executed as the process described above with reference to FIG. Through the above processing, the host application (application ID = j) having a valid content usage right can acquire the decrypted content and execute the content reproduction.

  The configuration described with reference to FIG. 23 to FIG. 28 is a configuration in which an application ID corresponding value corresponding to one-to-one is set in the application ID instead of the application ID itself, and this application ID corresponding value is stored in the information recording medium 200. An example was explained. Next, a configuration and processing example in which the application ID itself is stored in the information recording medium 200 will be described with reference to FIG.

  FIG. 29 is a diagram for explaining the configuration and processing of the disk manufacturing entity 350, the information recording medium 200, the drive 400, and the playback processing apparatus (host application) 500. This corresponds to FIG. 23 illustrating the configuration example in which the application ID correspondence value is set.

  23 is different from the configuration of FIG. 23 in that in the disk manufacturing entity 350, the application ID itself is set as an application attribute value, calculation and encryption processing based on the application ID itself is executed, and an application-compatible embedded key: Kej is generated. The application ID is recorded on the information recording medium 200.

  In step S181, the disc manufacturing entity 350 performs arithmetic processing of the disc key: Kd354 and an application ID 360 corresponding to a legitimate application having a content reproduction right set for each content stored in the information recording medium, for example, FIG. Various operations such as an exclusive OR operation and a hash operation described with reference to FIG. 10 are executed, and in step S182, an AES key generation process (see FIG. 10) based on the operation result and the ROM mark: Ve358 is executed. Application-compatible embedded keys: Ke1 to Ken are generated. Note that the operation in step S181 is not limited to exclusive OR operation or hash operation, and other operation processing may be applied.

  In the following step S155, application-compatible embedded keys: generation of application-compatible unit keys: Ku1-Kun based on Ke1 to Ken, content encryption processing using unit keys and recording of encrypted content in step S156 are the same as the processing of FIG. It is.

  The disc manufacturing entity 350 further stores the application ID 360 in the information recording medium 200.

  Next, processing of the drive 400 will be described. First, in step S204a, the drive 400 searches the application ID data 208 read from the information recording medium 200 based on the application ID acquired from the public key certificate received from the reproduction processing apparatus (host application) 500. Then, the application ID corresponding to the application ID of the reproduction processing apparatus (host application) 500 is extracted.

  If the application ID corresponding to the application ID of the playback processing device (host application) 500 is not found in the search processing in step S204a, the application of the playback processing device (host application) 500 is a legitimate application having the right to use the content. The drive 400 outputs an error message to the host 500.

  Only when the application ID corresponding to the application ID of the reproduction processing apparatus (host application) 500 is found in the search processing in step S204a, the process proceeds to the generation processing of the application corresponding embedded key: Kej in step S204b.

  In step S204b, the disk key: Kd acquired in step S203, and the application ID: AppIDj corresponding to the application ID of the playback processing device (host application) 500 extracted by searching the application ID data 208 read from the information recording medium 200, , For example, various operations such as exclusive OR operation and hash operation described with reference to FIG. 16, and a key generation process based on the operation result and the ROM mark Ve 204 acquired from the information recording medium 200 For example, a key generation process according to the AES encryption algorithm is executed to generate an embedded key: Kej corresponding to the application (APPIDj). The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  The following process is the same as the process described in FIG. In this processing example, the drive can know in advance whether or not the host application is a valid application by the search process in step S204a. If the host application is not a valid application, the drive executes an embedded key generation process corresponding to the application. It is possible to end the processing without doing this. Also, by canceling the processing at this point, there is no need to execute encrypted content reading, bus key generation processing, content transfer processing, etc., and there is a possibility of content leakage due to content reading processing or transfer Can be reduced, and safety can be further improved.

  FIG. 30 is a processing configuration to which application IDs: AppID1 to AppIDn are applied, as in FIG. 29, and is a configuration for performing processing of applying an application ID: AppID1 to AppIDn and processing for generating an embedded key by encryption processing.

  In the embodiment of FIG. 30, the disc manufacturing entity 350, in step S191, includes application IDs: AppIDs 1 to n corresponding to legitimate applications having content reproduction rights set for each content stored in the information recording medium, and ROM Mark: Calculation processing with Ve 358, for example, various calculations such as exclusive OR calculation and hash calculation described with reference to FIG. 16, and in step S192, an AES key based on the calculation result and disk key: Kd354 The generation process (see FIG. 10) is executed to generate application-compatible embedded keys: Ke1 to Ken. Note that the calculation in step S191 is not limited to exclusive OR calculation or hash calculation, and other calculation processing may be applied.

  Hereinafter, generation of application-compatible embedded keys: Ku1 to Kun based on application-specific embedded keys: Ke1 to Ken in step S155, content encryption processing using unit keys in step S156, and recording of encrypted content are the same as the processing in FIG. It is.

  The disc manufacturing entity 350 further stores application ID data 360 in the information recording medium 200.

  In the generation process of the application-compatible embedded key: Kej to which the application ID is applied in the drive 400, first, in step S204a, based on the application ID acquired from the public key certificate received from the playback processing device (host application) 500, The application ID data 208 read from the information recording medium 200 is searched, and the application ID corresponding to the application ID of the reproduction processing apparatus (host application) 500 is extracted.

  If the application ID corresponding to the application ID of the playback processing device (host application) 500 is not found in the search processing in step S204a, the application of the playback processing device (host application) 500 is a legitimate application having the right to use the content. The drive 400 outputs an error message to the host 500.

  Only when the application ID corresponding to the application ID of the reproduction processing apparatus (host application) 500 is found in the search processing in step S204a, the process proceeds to the generation processing of the application corresponding embedded key: Kej in step S204b.

  In step S204b, the drive 400 reads out the application ID: AppIDj corresponding to the application ID of the reproduction processing device (host application) 500 extracted from the application ID data 208 of the information recording medium 200, and the ROM mark read from the information recording medium 200: Ve204. For example, various operations such as an exclusive OR operation and a hash operation described with reference to FIG. 16 are executed, and the operation result and the encrypted disk key [Em (Kd) obtained from the information recording medium 200 are processed. ], A key generation process based on the disk key: Kd acquired by the decryption process (S203), for example, a key generation process according to the AES encryption algorithm is executed to generate an embedded key: Kej corresponding to the application (APPIDj). The key generation process according to the AES encryption algorithm is as described above with reference to FIG.

  Here, the generated embedded key: Kej corresponding to the application (APPIDj) corresponds to the embedded key generated in the disk manufacturing entity 350 in the Ke generating process.

  The following process is the same as the process described in FIG. In this processing example, as in the configuration of FIG. 29, the drive can know in advance whether or not the host application is a valid application by the search processing in step S204a. The processing can be terminated without executing the embedded key generation processing. Also, by canceling the processing at this point, there is no need to execute encrypted content reading, bus key generation processing, content transfer processing, etc., and there is a possibility of content leakage due to content reading processing or transfer Can be reduced, and safety can be further improved.

  Next, referring to FIG. 31 to FIG. 34, the processing of the drive and the reproduction processing apparatus as the host when the application IDs: AppID1 to AppIDn described with reference to FIG. 29 and FIG. Details of the processing will be described.

  First, details of the drive processing will be described with reference to FIGS. 31 and 32. FIG. First, in step S711, insertion of an information recording medium (disc) into the drive is detected, and in step S712, activation of a host application that executes content reproduction processing on the host connected to the bus is detected. If these are detected, the process proceeds to step S713, waits for a mutual authentication request from the host side, and receives the mutual authentication request. In step S714, mutual authentication and key exchange (in accordance with the public key cryptosystem) AKE) process is executed. At this point, the drive receives a public key certificate (see FIG. 14B) in which the application ID is registered from the host application.

  When it is confirmed in step S715 that the mutual authentication and key exchange (AKE) process is completed, the process proceeds to step S716, and the drive executes the search process for the application ID data read from the information recording medium and receives it from the host application. An application ID corresponding to the application ID extracted from the public key certificate (see FIG. 14B) is extracted.

  In step S717, when a transfer request for the application-compatible embedded key [Kej] is received from the host application side, in step S718, it is determined whether or not the retrieval of the application ID data read from the information recording medium has been successful, and has failed. If the application ID corresponding to the application ID: AppIDj extracted from the public key certificate (see FIG. 14B) received from the host application is not found, it is determined that the application is not a valid application. In step S724, an error message is transferred to the host.

  Further, in step S725, when there is a request for mutual authentication again due to, for example, application switching, the processing subsequent to the mutual authentication processing in step S714 and subsequent steps is executed again. Furthermore, if the disc is ejected in step S726, the process returns to the initial state in step S711.

  On the other hand, if the search of the application ID data read from the information recording medium is successful in step S718, the process proceeds to step S719, and the drive responds to the application by calculation and encryption processing using the application ID: AppIDj received from the host application. Embedded key [Kej] is generated, encrypted with the session key: Ks, and transmitted.

  Next, in step S720, the drive determines whether or not to generate the first bus key: Kbus after inserting the disk. If the first bus key: Kbus is generated, the drive determines in step S721 that the bus key: Generation processing of a random number R corresponding to Kb is executed, and this generated random number R is set as a bus key: Kb.

  When a bus key transfer request is received from the host side in step S722, the bus key: Kb is transferred to the host side in step S723. This bus key transfer is a process corresponding to the final step S406 of the mutual authentication and key exchange (AKE) process of FIG. 15, and the drive is connected to the bus key: Kbus and the bus key sequence number: SEQ: [Kbus. ‖SEQ] and data obtained by encrypting the hash value [hash (Kbus と し て SEQ)] calculated as falsification verification data of this concatenated data using the session key: Ks: EKs [(Kbus‖SEQ), hash ( Kbus‖SEQ)] is generated and transmitted to the host side.

  Next, in step S731 shown in FIG. 32, it is confirmed that there is no new mutual authentication request. In step S732, it is confirmed that the information recording medium is not ejected. In step S733, content acquisition on the host side is performed. Wait until a request, that is, a sector data read request is made.

  If there is a new mutual authentication request in step S731, the process returns to step S714 to execute mutual authentication and key exchange (AKE) processing, and generate a new session key and transmit a bus key. The bus key generated at this time is the bus key with the sequence number: 2, and is the same as the previously generated bus key (sequence number 1).

  If it is determined in step S732 that the disk has been ejected from the drive, the process returns to step S711, the initial state is set, and all data such as the generated bus key and session key are reset, that is, erased.

  If there is a sector data read request from the host side in step S733, the drive reads output control information from the sector header (user control data) corresponding to the sector data to be read in step S734, and [Bus protection flag: BPF] is determined.

Bus protection flag: BPF, as described above with reference to FIG.
BPF = 1: Output is limited, bus encryption is present,
BPF = 0: No output limit,
Setting information.

  If it is determined in step S734 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [1], the process proceeds to step S735. The sector data read from the information recording medium is encrypted with the bus key: Kbus, and is output to the host in step S736. Note that the sector data encryption processing in step S735 is executed, for example, as encryption processing using the AES-CBC mode described above with reference to FIG.

  If it is determined in step S734 that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [0], step S735 is skipped. In step S736, the content read from the information recording medium is directly output to the host without executing the encryption process using the bus key: Kbus of the sector data read from the information recording medium. The read content is, for example, a playlist or file system information.

  In this way, the drive acquires the application ID from the public key certificate received from the application at the time of mutual authentication with the host application, and the application-compatible embedded key: Kej is obtained by the calculation and encryption processing to which the application ID is applied. Execute the process to output for. Further, the drive uses a bus key based on whether the BPF is [0] or [1] in the output control information of the sector header (user control data) corresponding to the sector data to be read from the information recording medium. The necessity of encryption is determined, and if the data requires encryption using a bus key, the output content is encrypted using the bus key and output.

  Next, processing on the host side will be described with reference to FIGS. In step S751, the playback application is started, and in step S752, a notification that a disc has been inserted into the drive is received. In step S753, mutual authentication with the drive and session key sharing processing are executed.

  In the mutual authentication in step S753, an application-compatible public key certificate (see FIG. 14B) storing the application ID is provided to the drive. If it is confirmed in step S754 that the mutual authentication and key exchange (AKE) processing is completed, the process proceeds to step S755, and the host requests the application-compatible embedded key: Kej from the drive. Application-compatible embedded key: Kej is driven by calculation and key generation processing based on application ID: AppIDj, disk key: Kd, and ROM mark: Ve acquired from the information recording medium, for example, key generation processing according to the AES encryption algorithm The key is generated by (1), encrypted by the session key Ks, and transmitted to the host.

  In step S756, it is determined whether or not the encrypted application-compatible embedded key: Kej has been successfully received from the drive. If the embedded key corresponding to the application: Kej cannot be acquired, it is determined whether or not an error message is acquired in step S757. If the error message is acquired, it is determined that the application is not authorized to use the content. Then, the process proceeds to step S779 shown in FIG. 34, and returns to the initial state after the application ends, or the disk is ejected in step S780, and the process returns to step S752.

  If the encrypted application-compatible embedded key: Kej is successfully received from the drive in step S756, the process proceeds to step S758, where the session key Ks is applied to perform decryption, and the application-compatible embedded key: Kej is obtained. .

  Next, in step S759, the host requests the drive to transfer unit key generation information: Vu which is a recording seed (REC SEED) as information necessary for generating a key to be applied to the decryption process of the encrypted content. When the unit key generation information: Vu is received in step S760, the application compatible unit key: Kuj is generated based on the application compatible embedded key: Kej and the unit key generation information: Vu in step S761.

  Next, in step S762, the host outputs a bus key: Kbus transmission request to the drive. In step S763, the host acquires the bus key: Kbus encrypted by the session key: Ks input via the connection bus. Then, the decryption process applying the session key: Ks is executed to obtain the bus key: Kbus.

  Next, in step S771 in FIG. 34, after confirming that the PC playback software has not been completed and the disc has not been ejected (S772), it is determined to read out sector data according to a user instruction or the like. (S773: Yes) outputs a sector data transfer request to the drive in step S774.

  When sector data is received from the drive (S775: Yes) and the data is encrypted data (S776: Yes), decryption processing of the encrypted content encrypted by the bus key: Kbus is executed in step S777.

  The decryption process of the encrypted content encrypted with the bus key: Kbus is executed by, for example, a block decryption process using the AES-CBC mode as described above with reference to FIG.

  Further, in step S778, the host executes the decryption process of the encrypted content by applying the application corresponding unit key: Kuj. This decoding process is executed as the process described above with reference to FIG. Through the above processing, the host application (application ID = j) having a valid content usage right can acquire the decrypted content and execute the content reproduction.

  The configuration example described with reference to FIGS. 29 to 34 is a configuration in which the application ID itself is stored in the information recording medium 200, and the drive collates with the ID acquired from the public key certificate received from the host. In addition, the processing is reduced as compared with the configuration using the application ID corresponding value, and the amount of data recorded on the information recording medium can be reduced.

  As described above, according to the configuration of the present invention, the corresponding value Vaidj of the application ID of an application having a valid content usage right is applied as the key generation information applied to the encryption of the content stored in the information recording medium. Before the content is transferred from the drive to the host application, the drive acquires the application ID from the public key certificate received from the application at the time of mutual authentication, and the application ID read from the information recording medium based on the application ID Since the corresponding value data search process is executed to determine the presence or absence of the corresponding value Vaij, if the corresponding value Vaij is not found, it may be determined in advance that the application is not an application having a valid content usage right. OK Next, with an error notification to the host application can be outputted, it is possible to further reduce the possibility of enabling the now content leakage may terminate the process without performing any read or transfer of the content.

[4. Configuration of Reproduction Processing Device, Information Processing Device, and Drive Device]
Next, with reference to FIG. 35 and FIG. 36, a description will be given of a configuration example of a reproduction processing device that performs reproduction processing of content stored on an information recording medium and a drive device that reads and outputs content stored on an information recording medium. .

  First, with reference to FIG. 35, the configuration of a playback processing apparatus that performs playback processing of content stored on an information recording medium will be described. The reproduction processing apparatus 600 is a CPU 670 that executes data processing according to various programs such as an OS, a content reproduction application program, and a mutual authentication processing program, a ROM 660 as a storage area for programs, parameters, and the like, a memory 680, and digital signals. Input / output I / F 610, analog signal input / output I / F 640 having an A / D and D / A converter 641, MPEG codec 630 for performing MPEG data encoding and decoding, TS (Transport Stream) TS / PS processing means 620 for executing PS (Program Stream) processing, encryption processing means 650 for executing various encryption processing such as mutual authentication and decryption processing of encrypted content, a recording medium 691 such as a hard disk, and a recording medium 691 Drive, input / output of data recording / playback signal Has a drive 690 for performing, each block is connected to the bus 601.

  The reproduction processing apparatus (host) 600 is connected to the drive by a connection bus such as ATAPI-BUS, for example, and the content encrypted by the above-described bus key is input from the digital signal input / output I / F 610, as necessary. The encryption processing unit 650 executes, for example, decryption processing in the AES-CBC mode described with reference to FIG.

  The program for executing the content reproduction process is stored in, for example, the ROM 660, and the memory 680 is used as a parameter, data storage, and work area as needed during the program execution process.

  The ROM 660 or the recording medium 691 stores a public key certificate corresponding to the application described above with reference to FIG. 14, that is, a public key certificate in which an application ID is recorded. Furthermore, a secret key corresponding to the application and a public key of the management center are stored. If a plurality of host applications are held, the corresponding private key and public key certificate are stored.

  This reproduction processing apparatus can also be applied as an information recording processing apparatus capable of performing an information recording process on the information recording medium 691. For example, the reproduction processing apparatus can be applied to the disc manufacturing entity described with reference to FIGS. The present invention can also be applied as an information processing apparatus that executes a corresponding process, that is, a data recording process for an information recording medium. In this case, the memory 680 stores information held by the disk manufacturing entity.

  Next, with reference to FIG. 36, a description will be given of the configuration of a drive device that reads content stored on an information recording medium and outputs it to a playback processing device (host). The drive device 700 executes data processing in accordance with various programs such as a content reading, transfer processing program, and mutual authentication processing program, a ROM 705 as a storage area for programs, parameters, and the like, a memory 706, and inputs and outputs digital signals. Input / output I / F 703, mutual authentication, bus key generation, encryption processing means 704 for performing various encryption processing such as output data encryption processing, driving of information recording medium 708 such as DVD, Blu-ray disc, data recording / reproduction It has a recording medium I / F 707 for inputting and outputting signals, and each block is connected to a bus 701.

  The drive 700 is connected to a reproduction processing apparatus (host) via a connection bus such as ATAPI-BUS, for example, and re-encrypts encrypted (scrambled) content stored in the information recording medium 708 with a bus key: Kbus. Output from / F703. The encryption of the content to which the bus key: Kbus is applied is executed by the encryption processing means 704, for example, in the AES-CBC mode described with reference to FIG.

  The ROM 705 or the memory 706 stores the management center public key, the private key corresponding to the drive, the public key certificate corresponding to the drive, and the encryption key block RKB described above with reference to FIG. The device key for application: Kdev is stored. In addition, a program and the like for executing content reading, acquisition, and mutual authentication processing are stored.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the configuration of the present invention, the application attribute value is acquired based on the application ID acquired from the application-compatible public key certificate set corresponding to the host application executed in the playback processing device. And generating a cryptographic key by data processing including arithmetic processing using the acquired application attribute value, and outputting the generated cryptographic key and encrypted content that can be decrypted by applying the cryptographic key to the host application. Therefore, it is possible to obtain a correct encryption key applicable to content decryption only in an application having a legitimate content usage right associated with a specific application attribute value, and content reproduction is permitted. Application attribute value mapping Content decoding by other applications not, it is possible to eliminate the use.

  In the configuration of the present invention, ID information of a legitimate application having the right to reproduce recorded content or application attribute values such as an application ID corresponding value is applied as key generation information applied to encryption of content to be recorded on the information recording medium. When the content is output from the drive to the host application, the application attribute value acquired based on the application ID acquired from the public key certificate acquired from the host application by the drive is applied, and executed when recording the content. Since the key is applied to the decryption of the content and is generated and provided to the host application, the application ID applied at the time of recording the content and the host (playback processing device) side execute it. Only if the ID of the application of the match, will be successfully decoded content, content decryption by the application with a different ID becomes impossible, thereby preventing the content use by unauthorized application.

  Further, according to the configuration of the present invention, in the configuration example in which the application ID corresponding value data corresponding to the application ID is recorded on the information recording medium, the drive is valid for the host application by the search process based on the application ID corresponding value data. Whether or not the application is an application can be known in advance, and if the application is not valid, the process can be terminated without executing the generation process of the encryption key corresponding to the application. Also, by canceling the processing at this point, there is no need to read out the encrypted content from the information recording medium or the content transfer processing, and content leakage due to the content read processing or transfer is possible. The safety can be reduced and the safety can be further improved.

It is a figure explaining the reproduction | regeneration sequence of the conventional information recording medium storage content. It is a figure explaining the reproduction | regeneration sequence of the drive output content in the conventional reproduction | regeneration processing apparatus. It is a flowchart explaining the content output sequence from a drive. It is a figure explaining the example of the unauthorized use of the content in the processing structure accompanied by the content transfer between the conventional host drives. It is a figure explaining the storage data of the information recording medium of this invention. It is a figure explaining the structure of the storage data of the information recording medium of this invention. It is a figure explaining the structure of the sector data and sector header as storage data of the information recording medium of this invention. It is a figure explaining the detail of the output control information recorded on the sector header of the information recording medium of this invention. It is a figure explaining the processing sequence of the reproducing | regenerating apparatus which performs the reading of the content stored in an information recording medium, and reproduction | regeneration. It is a figure explaining the key generation process according to the AES encryption algorithm performed in reproduction | regeneration of the storage content of an information recording medium. It is a figure explaining the data decoding process according to the AES encryption algorithm performed in reproduction | regeneration of the storage content of an information recording medium. It is a figure explaining various data recording processes including the content with respect to an information recording medium, and the reproduction sequence (example 1) accompanied by the content transfer performed in a drive device and a reproduction processing apparatus. It is a figure explaining the reproduction | regeneration sequence accompanied by the content transfer performed in the drive device and reproduction | regeneration processing apparatus of this invention. It is a figure explaining the data structure of the public key certificate stored in a drive device and a reproduction | regeneration processing apparatus. It is a figure explaining the mutual authentication and key exchange (AKE) processing sequence performed between a drive device and a reproduction | regeneration processing apparatus. It is a flowchart explaining the calculation processing procedure of application ID (APPIDj) and disk key: Kd, or application ID (APPIDj) and ROM mark: Ve. It is a figure explaining the encryption processing structure based on the bus key: Kbus of the content performed with a drive device. It is a figure explaining the decoding process structure based on the bus key: Kbus of the content performed with a reproduction | regeneration processing apparatus. It is a figure explaining the decoding process structure based on the application corresponding | compatible unit key: Kuj of the content performed with a reproduction | regeneration processing apparatus. 10 is a flowchart for explaining a processing sequence executed by a drive in a reproduction process accompanied by content transfer from the drive to the host. FIG. 10 is a flowchart for explaining a processing sequence executed by the host in a reproduction process accompanied by content transfer from the drive to the host. FIG. It is a figure explaining the reproduction | regeneration sequence (example 2) accompanied by the various data recording processes containing the content with respect to an information recording medium, and the content transfer performed in a drive device and a reproduction | regeneration processing apparatus. It is a figure explaining the reproduction | regeneration sequence (example 3) accompanied by the various data recording processes containing the content with respect to an information recording medium, and the content transfer performed in a drive device and a reproduction | regeneration processing apparatus. It is a figure explaining the reproduction | regeneration sequence (example 4) accompanied by the various data recording processes containing the content with respect to an information recording medium, and the content transfer performed in a drive device and a reproduction | regeneration processing apparatus. FIG. 10 is a flowchart for explaining a processing sequence executed by a drive in a reproduction process accompanied by content transfer from the drive to the host when application ID correspondence value: Vaidj is applied. FIG. 10 is a flowchart for explaining a processing sequence executed by a drive in a reproduction process accompanied by content transfer from the drive to the host when application ID correspondence value: Vaidj is applied. FIG. 10 is a flowchart illustrating a processing sequence executed by a host in a reproduction process accompanied by content transfer from a drive to a host when application ID correspondence value: Vaidj is applied. FIG. 10 is a flowchart illustrating a processing sequence executed by a host in a reproduction process accompanied by content transfer from a drive to a host when application ID correspondence value: Vaidj is applied. It is a figure explaining the reproduction | regeneration sequence (example 5) accompanied by the various data recording processes containing the content with respect to an information recording medium, and the content transfer performed in a drive device and a reproduction | regeneration processing apparatus. It is a figure explaining the reproduction | regeneration sequence (example 6) accompanied by the various data recording processes containing the content with respect to an information recording medium, and the content transfer performed in a drive device and a reproduction | regeneration processing apparatus. 10 is a flowchart for explaining a processing sequence executed by a drive in a reproduction process accompanied by content transfer from a drive to a host in a configuration in which an application ID is recorded on an information recording medium. 10 is a flowchart for explaining a processing sequence executed by a drive in a reproduction process accompanied by content transfer from a drive to a host in a configuration in which an application ID is recorded on an information recording medium. FIG. 10 is a flowchart for explaining a processing sequence executed by a host in a reproduction process accompanied by content transfer from a drive to a host in a configuration in which an application ID is recorded on an information recording medium. FIG. 10 is a flowchart illustrating a processing sequence executed by a host in a reproduction process accompanied by content transfer from a drive to a host in a configuration in which an application ID is recorded on an information recording medium. It is a figure which shows the structural example of the reproduction | regeneration processing apparatus of this invention, and information processing apparatus. It is a figure which shows the structural example of the drive apparatus of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Information recording medium 11 Encrypted disc key 12 Encrypted title key 13 Scrambled MPEG data 20 Playback equipment 25 Audio / video data 30 Drive 40 Player application 45 Audio / video data 50 Drive 60 Playback processing device (host)
DESCRIPTION OF SYMBOLS 100 Information recording medium 101 User data area 102 Lead-in area 111 Encrypted content 112 Unit key generation information 113 Revocation information 114 ROM mark 120 Encryption key information 121 Encryption key block (RKB)
122 Encryption disk key 151 Output control information 200 Information recording medium 201 Revocation information 202 Encryption key block (RKB)
203 Encryption Disk Key 204 ROM Mark 205 Unit Key Generation Information 206 Encrypted Content 207 Application ID Corresponding Value Data 208 Application ID Data 300 Drive / Playback Device 301 Device Key 311 AES Encryption Processing Unit 321 AES Key Generation Processing Block 322 AES Decryption Processing Block 323 Decryption sector data 351 Revocation information 352 Device key 353 Media key 354 Disc key 355 Unit key generation value 356 Content 357 Application ID
358 ROM mark 359 Application ID corresponding value data 360 Application ID
400 Drive 402 Private key 403 Public key certificate 404 Device key 500 Host 502 Private key 503 Public key certificate 512 Application ID
520 Content 550 Sector data 551 AES encryption processing unit 552 Encrypted sector data by bus key 570 Encrypted sector data by bus key 571 AES decryption processing unit 572 Encrypted (scrambled) sector data 581 AES key generation processing block 582 AES decryption processing block 583 Decryption Sector data 600 Playback processing device 601 Bus 610 I / O I / F
620 TS / PS processing means 630 MPEG codec 640 I / O I / F
641 A / D, D / A converter 650 Encryption processing means 660 ROM
670 CPU
680 Memory 690 Drive 691 Recording medium 700 Drive device 701 Bus 702 CPU
703 I / O I / F
704 Cryptographic processing means 705 ROM
706 Memory 707 Recording medium I / F
708 Information recording medium

Claims (36)

A drive device that reads and outputs data from an information recording medium,
A recording medium interface for mounting an information recording medium and executing data reading;
An input / output interface for performing communication with a reproduction processing apparatus that executes a host application as a data reproduction program;
A data processing unit that executes output control of read data from the information recording medium to the reproduction processing device,
The data processing unit
An application attribute value set corresponding to the host application is acquired, an encryption key is generated by data processing including calculation processing to which the application attribute value is applied, and the generated encryption key and decryption are performed by applying the encryption key A drive device having a configuration for outputting possible encrypted content to a reproduction processing device. The data processing unit
An application ID recorded in an application public key certificate that is a public key certificate set corresponding to the host application is acquired, and the application ID corresponding value corresponding to the application ID or the application ID is set as the application attribute value. The drive apparatus according to claim 1, wherein the drive apparatus is configured to execute the encryption key generation process. The data processing unit
By obtaining an application ID recorded in an application public key certificate that is a public key certificate set in correspondence with the host application, and by retrieving the application ID or application ID corresponding value data read from the information recording medium, The application ID or application ID corresponding value corresponding to the application ID is acquired, the acquired application ID or application ID corresponding value is applied as the application attribute value, and the encryption key generation process is executed. The drive device according to claim 1. The data processing unit
If the application ID or application ID corresponding value read from the information recording medium cannot be obtained by the search processing of the application ID or application ID corresponding value data, the reproduction processing apparatus that executes the host application 4. The drive device according to claim 3, wherein the error notification process is executed. The data processing unit
A mutual authentication process between the drive device and the host application is executed, and in the mutual authentication process, an application public key certificate that is a public key certificate set corresponding to the host application is acquired, and the acquired application release is acquired After confirming the validity by signature verification of the key certificate, the application ID is obtained from the application public key certificate, and the application ID or an application ID corresponding value corresponding to the application ID is applied as the application attribute value. The drive apparatus according to claim 1, wherein the drive apparatus is provided.   2. The drive device according to claim 1, wherein the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data that can be acquired from an information recording medium.   Data processing including arithmetic processing to which the application attribute value is applied includes arithmetic processing with data obtainable from an information recording medium, and encryption key generation by cryptographic processing between the arithmetic processing result and data obtainable from the information recording medium The drive apparatus according to claim 1, wherein the drive apparatus includes a process. The data processing unit
2. The configuration according to claim 1, wherein a process for determining whether or not to execute an encryption process based on the encryption key is performed according to a value of an output control flag included in read data from the information recording medium. Drive device. A reproduction processing device for inputting information recording medium storage data from a drive device on which an information recording medium is mounted and executing reproduction processing,
A data processing unit that executes a host application as a data reproduction program;
A storage unit storing a certificate recording an application ID corresponding to the host application;
An input / output interface for performing communication with the drive device;
The data processing unit
A certificate in which the application ID is recorded is output to the drive device, the application ID or an encryption key generated by applying an application ID corresponding value is input in the drive device, and input data from the drive device A reproduction processing apparatus characterized in that data reproduction is performed by executing a decryption process to which the encryption key is applied. The certificate is a public key certificate;
The data processing unit
The reproduction processing apparatus according to claim 9, wherein a mutual authentication process with the drive device is executed, and the public key certificate is output to the drive device during the mutual authentication process. An information processing apparatus that performs content recording processing on an information recording medium,
An encryption key is generated by data processing including calculation processing that applies application attribute values set for applications with content playback rights, and content encryption is performed by applying the generated encryption key. An information processing apparatus having a configuration for executing processing for recording encrypted content in an information recording medium.   The application attribute value is an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the application, or an application ID corresponding value corresponding to the application ID. Item 12. The information processing apparatus according to Item 11.   The information processing apparatus according to claim 11, wherein the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data recorded on an information recording medium.   The data processing including the arithmetic processing to which the application attribute value is applied includes arithmetic processing with the recording data of the information recording medium, and encryption key generation processing by cryptographic processing between the arithmetic processing result and the recording data of the information recording medium The information processing apparatus according to claim 11, wherein the information processing apparatus is an information processing apparatus. An information recording medium,
It has a configuration in which encrypted content encrypted by an encryption key generated by a data process including a calculation process using an application attribute value set corresponding to an application having a content reproduction right is stored. Information recording medium.   16. The information recording medium according to claim 15, wherein the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data to be recorded on the information recording medium.   The data processing including the calculation processing to which the application attribute value is applied includes calculation processing with the recording data of the information recording medium, and encryption key generation processing by cryptographic processing between the calculation processing result and the recording data of the information recording medium. The information recording medium according to claim 15. The information recording medium further includes:
The information recording medium according to claim 15, wherein the information recording medium is configured to store application ID data. The information recording medium further includes:
16. The information recording medium according to claim 15, wherein correspondence data between an application ID and an application ID correspondence value is stored. An information processing method in a drive device that executes data reading from an information recording medium and output processing to a reproduction processing device,
An application attribute value acquisition step for acquiring an application attribute value set corresponding to a host application executed in the reproduction processing device;
An encryption key generation step of generating an encryption key by data processing including calculation processing to which the application attribute value is applied;
Outputting the generated encryption key and encrypted content that can be decrypted by application of the encryption key to a reproduction processing device;
An information processing method characterized by comprising: The information processing method further includes:
An application ID recorded in an application public key certificate that is a public key certificate set corresponding to the host application is acquired, and the application ID corresponding value corresponding to the application ID or the application ID is set as the application attribute value. 21. The information processing method according to claim 20, further comprising a step of executing the encryption key generation process. The information processing method further includes:
By obtaining an application ID recorded in an application public key certificate that is a public key certificate set in correspondence with the host application, and by retrieving the application ID or application ID corresponding value data read from the information recording medium, Including a step of acquiring an application ID or an application ID corresponding value corresponding to the application ID, applying the acquired application ID or an application ID corresponding value as the application attribute value, and executing the encryption key generation process. The information processing method according to claim 20. The information processing method further includes:
If the application ID or application ID corresponding value read from the information recording medium cannot be obtained by the search processing of the application ID or application ID corresponding value data, the reproduction processing apparatus that executes the host application The information processing method according to claim 22, further comprising a step of executing an error notification process. The information processing method further includes:
A mutual authentication process between the drive device and the host application is executed, and in the mutual authentication process, an application public key certificate that is a public key certificate set corresponding to the host application is acquired, and the acquired application release is acquired After confirming the validity by signature verification of the key certificate, obtaining an application ID from the application public key certificate, and applying the application ID or an application ID corresponding value corresponding to the application ID as the application attribute value The information processing method according to claim 20, further comprising:   21. The information processing method according to claim 20, wherein the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data obtainable from an information recording medium.   Data processing including arithmetic processing to which the application attribute value is applied includes arithmetic processing with data obtainable from an information recording medium, and encryption key generation by cryptographic processing between the arithmetic processing result and data obtainable from the information recording medium The information processing method according to claim 20, further comprising a process. The information processing method further includes:
21. The method according to claim 20, further comprising a step of determining whether or not to execute an encryption process based on the encryption key according to a value of an output control flag included in read data from the information recording medium. Information processing method. An information processing method in a reproduction processing device for inputting information recording medium storage data from a drive device equipped with an information recording medium and executing reproduction processing,
A certificate output step of outputting a certificate recording the application ID to the drive device;
An encryption key input step of inputting an encryption key generated by applying the application ID or an application ID corresponding value in the drive device;
A decryption step of executing decryption processing applying the encryption key to input data from the drive device;
An information processing method characterized by comprising: The certificate is a public key certificate;
The certificate output step includes:
29. The information processing method according to claim 28, wherein the information processing method is a step of executing mutual authentication processing with the drive device and outputting the public key certificate to the drive device at the time of the mutual authentication processing. An information processing method for executing content recording processing on an information recording medium,
Generating an encryption key by data processing including calculation processing applying application attribute values set corresponding to an application having content playback rights;
Performing the process of encrypting the content by applying the generated encryption key and recording the generated encrypted content on the information recording medium;
An information processing method characterized by comprising:   The application attribute value is an application ID recorded in an application public key certificate that is a public key certificate set corresponding to the application, or an application ID corresponding value corresponding to the application ID. Item 30. The information processing method according to Item 30.   31. The information processing method according to claim 30, wherein the calculation process to which the application attribute value is applied is an exclusive OR calculation process or a hash calculation process with data recorded on an information recording medium.   The data processing including the calculation processing to which the application attribute value is applied includes calculation processing with the recording data of the information recording medium, and encryption key generation processing by cryptographic processing between the calculation processing result and the recording data of the information recording medium. The information processing method according to claim 30. A computer program that executes data reading from an information recording medium and output processing to a reproduction processing device,
An application attribute value acquisition step for acquiring an application attribute value set corresponding to a host application executed in the reproduction processing device;
An encryption key generation step of generating an encryption key by data processing including calculation processing to which the application attribute value is applied;
Outputting the generated encryption key and encrypted content that can be decrypted by application of the encryption key to a reproduction processing device;
A computer program characterized by comprising: A computer program for inputting information recording medium storage data from a drive device equipped with the information recording medium and executing reproduction processing,
A certificate output step of outputting a certificate recording the application ID to the drive device;
An encryption key input step of inputting an encryption key generated by applying the application ID or an application ID corresponding value in the drive device;
A decryption step of executing decryption processing applying the encryption key to input data from the drive device;
A computer program characterized by comprising: A computer program for executing content recording processing on an information recording medium,
Generating an encryption key by data processing including calculation processing applying application attribute values set corresponding to an application having content playback rights;
Performing the process of encrypting the content by applying the generated encryption key and recording the generated encrypted content on the information recording medium;
A computer program characterized by comprising:

Images