JP2006050355A - Data reproducing apparatus, data reproducing method and data reproducing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data reproducing apparatus capable of utilizing an application that is verified, using an invalidated certificate even if the electronic certificate is invalidated by private key leakage. <P>SOLUTION: Even if an electronic certificate is invalidated, a hash value of the certificate paired with an application identifier stored on an update disk is compared with a hash value computed from a certificate on a content disk to guarantee that the application is not a malicious application, thereby safely carrying out the application on the disk. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an apparatus for verifying a digital signature calculated from an application program using an electronic certificate, and relates to application recovery after the electronic certificate is revoked.

2. Description of the Related Art Conventionally, in the distribution of electronic data using a certification infrastructure system such as PKI (Public Key Infrastructure), there is a case where it is referred to as a certification authority (CA, Certificate Authority (hereinafter, “CA”). Non-patent document 1))) issues an electronic certificate.
The content provider creates data, for example, the above-mentioned electronic certificate for authenticating the application, attaches it to a portable storage medium, and distributes it to the user.

The certificate authority also generates certificate revocation information such as CRL (Certificate Revocation List), which records information on electronic certificates that have become invalid as certificates due to leakage (theft or loss) of private keys. To do.
This is because if the content provider's private key thief distributes a malicious application to the user using the stolen private key, the user executes the malicious application and causes an illegal operation in the device. This is because there is a risk of being lost.

As shown in Non-Patent Document 1, a person who verifies the validity of an electronic certificate using CRL usually downloads the CRL issued by the certification authority to the terminal device. Thus, the state of the electronic certificate to be verified is searched from the CRL stored locally, and the validity of the electronic certificate is verified.
The CRL stores information “next update date / time”, and if the current date / time is earlier than the “next update date / time”, the CRL currently stored in the terminal device is the latest one, and is used. After that, since the CRL currently stored in the terminal device is not the latest, the certificate authority that issued the CRL is accessed and the latest CRL is downloaded.

However, if the private key is leaked (stolen, lost, etc.), the certification authority needs to immediately revoke the electronic certificate. Therefore, in an emergency, the CRL may be updated irregularly. Become.
If the CRL is updated irregularly, the terminal device cannot detect it. Therefore, an old CRL is used, and there is a risk that an electronic certificate that is originally invalid is treated as valid.

Patent Document 1 discloses a technique in which a client can always obtain the latest CRL by a server that receives and publishes certificate revocation information from a certificate authority. With this technology, it is possible to quickly obtain a CRL, make it impossible to use an application, and avoid the risk of treating a revoked electronic certificate as a valid electronic certificate.
Japanese Patent Application No. 2002-213955 http: // www. ipa. go. jp / security / pki

However, when a certificate is revoked, there is a problem that the application cannot always be used.
An object of the present invention is to make available data (application) recorded on a regular disk depending on the reason for revocation even when a certificate distributed on a recording medium such as a disk is revoked.

  In order to solve the above problems, a data reproducing apparatus according to the present invention is a data reproducing apparatus that confirms the authenticity of data recorded on a portable recording medium based on a certificate chain and reproduces the data. Storage means for preliminarily storing data verification information for verifying that the data is legitimate data, certificate revocation information indicating that the certificate has been revoked together with the reason thereof, and First determination means for determining whether or not at least one certificate has been revoked by the certificate revocation information together with the reason, and data recorded on the portable recording medium based on the data verification information Second determination means for determining whether or not the data is legitimate, and second determination means when the first determination means determines that the reason for revocation is a secret key leak as affirmative When it is determined affirmative Te, it is set to be provided with reproduction means for reproducing the data.

Whether or not the data to be reproduced is legitimate data even if the certificate that authenticates the authenticity of the data recorded on the portable storage medium is revoked due to "leakage". Can be verified based on the data verification information, and when it is determined that the data is legitimate, the data can be reproduced, that is, used or executed.
The storage means further stores in advance a root certificate of the certificate chain recorded on the recording medium, and the root certificate of the certificate chain recorded on the recording medium is stored in the storage means. Preliminary determination means for determining whether or not there is provided, and when the determination by the preliminary determination means is affirmative, the determination by the first determination means and the second determination means is performed.

As a result, it is possible to verify the validity of the root certificate of the certification chain that authenticates the credibility of the data recorded on the portable storage medium.
Further, the data verification information of the storage means is obtained by reading and storing the hash value of each certificate of the certificate chain recorded on another portable recording medium, and the hash value stored in the storage means And whether the certificate of the data recorded on the recording medium is a legitimate certificate based on whether or not the hash value of each certificate of the certificate chain recorded on the recording medium is equal It is said.

As a result, the hash value of the certificate recorded on another portable recording medium is read and stored in advance as data verification information, and whether or not the data certificate recorded on the portable recording medium is a legitimate certificate. Can be verified. Since the certificate is authentic, it can be confirmed that the data is authentic.
Further, the data verification information of the storage means is obtained by reading and storing a hash value of data recorded on another portable recording medium, and the hash value of the data stored in the storage means and the recording medium. Whether or not the data recorded on the recording medium is regular data is determined based on whether or not the hash value of the recorded data is equal.

As a result, the hash value of the data recorded on another portable recording medium is read and stored in advance as data verification information, and it is possible to verify whether the data recorded on the portable recording medium is authentic.
Further, the data verification information of the storage means is obtained by receiving and storing hash value information of each certificate of the certificate chain through a network. The hash value stored in the storage means and the recording medium are stored in the storage medium. Whether or not the certificate of the data recorded on the recording medium is a certificate of regular data is determined based on whether or not the hash value of each certificate in the recorded certificate chain is equal.

As a result, the hash value of the certificate is read through the network and stored in advance as data verification information, so that it is possible to verify whether or not the data certificate recorded on the portable recording medium is a legitimate certificate. Since the certificate is authentic, it can be confirmed that the data is authentic.
Further, the data verification information of the storage means is obtained by receiving and storing the hash value information of the data through a network, and the hash value stored in the storage means and the hash of the data recorded in the recording medium Whether or not the data recorded on the recording medium is regular data is determined based on whether or not the values are equal.

As a result, the hash value of the data is read through the network and stored in advance as data verification information, so that it is possible to verify whether the data recorded on the portable recording medium is authentic.
In order to solve the above problems, a data reproducing apparatus of the present invention is a data reproducing apparatus that confirms the authentication of the reliability of data recorded on a portable recording medium based on a certificate chain and reproduces the data. Storage means for preliminarily storing the substitute data of the data and certificate revocation information indicating that the certificate has been revoked together with the reason thereof, and at least one certificate in the certificate chain is the certificate. A determination unit that determines whether or not the revocation information has been revoked together with the reason thereof, and a replaying unit that reproduces the substitute data when the revocation reason is determined to be affirmative due to leakage of the secret key. . With the above configuration, even when a certificate for authenticating the authenticity of data recorded on a portable storage medium is revoked for the reason of "leakage", the substitute data for the data is stored in advance. When it is determined that the data is regular, the substitute data can be reproduced, that is, used or executed.

Further, the data recorded on the recording medium is an application, and the reproduction means executes the application. As a result, the application recorded in the portable storage medium can be executed as described above.
In order to solve the above problems, a data reproduction method of the present invention is a data reproduction method for confirming the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data. A storage area for preliminarily storing in the storage area data verification information for verifying that the data is legitimate data, and certificate revocation information indicating that the certificate has been revoked together with the reason, and a certificate A first determination step of determining whether or not at least one certificate in the chain has been revoked by the certificate revocation information together with the reason, and recording on the portable recording medium based on the data verification information In the second determination step for determining whether or not the obtained data is legitimate data, and in the first determination step, it is determined as affirmative that the reason for revocation is leakage of the secret key. If the, when it is judged affirmative at second determination step, and to having a reproduction step of reproducing the data.

Whether or not the data to be reproduced is legitimate data even when the certificate for authenticating the authenticity of the data recorded on the portable storage medium is revoked due to "leakage" by the above control method Can be verified based on the data verification information, and when it is determined that the data is regular, the data can be reproduced, that is, used or executed.
In order to solve the above problems, a data reproduction program according to the present invention confirms the authentication of the reliability of data recorded on a portable recording medium based on a certificate chain, and a data reproduction apparatus for reproducing the data, A recording step for pre-recording in the storage area data verification information for verifying that the data is legitimate data and certificate revocation information indicating that the certificate has been revoked together with the reason thereof, and a certificate chain A first determination step for determining whether or not at least one of the certificates has been revoked by the certificate revocation information together with the reason, and recorded on the portable recording medium based on the data verification information In the second determination step for determining whether or not the data is legitimate data, and in the first determination step, it is determined that the reason for the revocation is a secret key leak. If it is, when it is determined affirmative in the second determination step, to perform a reproduction step of reproducing the data. Whether the data to be reproduced is legitimate data even when the certificate for authenticating the authenticity of the data recorded on the portable storage medium is revoked due to "leakage" by the above data reproduction program Since it can be verified based on the data verification information, the data can be reproduced, that is, used or executed when it is determined to be regular data. In order to solve the above problems, a data reproduction method of the present invention is a data reproduction method for confirming the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data. A record step for pre-recording in the storage area data for substituting the data and certificate revocation information indicating that the certificate has been revoked together with the reason, and at least one certificate in the certificate chain A determination step for determining whether or not the certificate is revoked by the certificate revocation information together with the reason, and a reproduction step for reproducing the substitute data when the revocation reason is determined to be affirmative as a leakage of a secret key. To have.

Even if a certificate for authenticating the credibility of data recorded on a portable storage medium is revoked due to “leakage” by the above control method, the substitute data of the data is stored in advance. Therefore, when it is determined that the data is regular, the substitute data can be reproduced, that is, used or executed.
In order to solve the above problems, a data reproduction program according to the present invention confirms the authentication of the reliability of data recorded on a portable recording medium based on a certificate chain, and a data reproduction apparatus for reproducing the data, A recording step of pre-recording in the storage area data for substituting the data and certificate revocation information indicating that the certificate has been revoked together with the reason, and at least one certificate in the certificate chain is the certificate A determination step for determining whether or not the revocation information has been revoked together with the reason thereof, and a reproduction step for reproducing the substitute data when the revocation reason is determined to be affirmative as a secret key leak .

  Even if a certificate for authenticating the authenticity of data recorded on a portable storage medium is invalidated due to "leakage" by the data reproduction program, the substitute data for the data is stored in advance. Therefore, when it is determined that the data is regular, the substitute data can be reproduced, that is, used or executed.

Embodiments of the present invention will be described below with reference to the drawings.
(Embodiment 1)
Embodiments of a data reproducing apparatus according to the present invention will be described with reference to the drawings.
FIG. 1 shows a disk reproducing apparatus as an example of a data reproducing apparatus according to Embodiment 1 of the present invention (which can also be applied to a disk recording / reproducing apparatus having a recording function, but in this embodiment, a disk reproducing apparatus is taken as an example. It is a block diagram which shows the structure of description. Although the present invention can be applied to a disk recording / reproducing apparatus having a recording function, the present embodiment will be described by taking the disk reproducing apparatus as an example.

In FIG. 1, the disc playback apparatus 100 includes a storage unit 101, a disc input unit 111, an execution request receiving unit 112, a module management unit 113, a certificate management unit 114, and an application execution unit 115. , Certificate DB 102, revocation certificate DB 103, and application update information DB 104.
The disc playback apparatus 100 accepts insertion of a portable storage medium, for example, an optical disc (hereinafter simply referred to as “disc”). The contents of the application or the update information of the application are recorded on the disk 102 and distributed by the content provider 103. The certificate authority 104 authenticates the information distributed by the content provider 103 and notifies the content provider of the authentication information in response to a request from the content provider 103 before the distribution. The disc 102 also includes the authentication information.

Information recorded on the disk 102 will be described first, and then each component and operation of the disk reproducing apparatus 100 will be described in order.
Either content or update information is recorded on the disc. The disc on which the content is recorded is called a content disc, and the disc on which update information is recorded is called an update disc.

First, the content disc will be described, and then the update disc will be described.
FIG. 2 is a diagram showing a content disc.
The content disk 202 includes an application 203, signature information 204, a certificate 205, application management information 206, and a disk identifier 207. In general, the content disc 202 is created by a content provider.

The application 203 is an application program that is executed on the disc playback apparatus 100 in response to an execution request from the user.
In the present embodiment, the distribution data of the content disc 202 is described using an application program as an example, but the type of content is not limited, and may be text data, video data, audio data, or video data. .

The application 203 includes one or more application files. The application 203 can be used only when it is signed with the content provider's private key and the validity is successfully confirmed using the corresponding public key.
The signature information 204 includes a signature value obtained by encrypting the application 203 with the content provider's private key. It is assumed that the signature value is a signature of the hash value of the application 203. The signature information 204 includes an algorithm for obtaining the hash value.

The certificate 205 is a certificate of an application by the certificate authority 20 and includes a public key for decrypting the signature value of the signature information 204.
FIG. 3 is a diagram showing the configuration of the certificate 205.
As shown in FIG. 3, the certificate 205 includes a plurality of certificate chains (also referred to as certificate paths). The certificate chain is X. Having a certificate conforming to the 509 standard; 509 expresses a general configuration of the certificate chain configured in the block 509.

  The certificate chain includes a root certificate 301, an intermediate certificate 302, and a leaf certificate 303. In these cases, the owner (upper certificate authority) of the root certificate 301 issues the root certificate 301 and the intermediate certificate 302, and the owner (lower certificate authority) of the intermediate certificate 302 issues the leaf certificate 303. , In a chain relationship. In the example shown in the figure, the intermediate certificate guarantees the validity of the leaf certificate indicating that the application has not been tampered with, and the root certificate guarantees the validity of the intermediate certificate. The validity of this root certificate is the root certificate stored in advance in the certificate DB of the disc playback device. The validity of this root certificate is verified by examining the root certificate information and the root certificate derived from the chain relationship. Judgment can be made.

  X. adopted in this embodiment. 509 is a certificate expression format defined by the International Telecommunication Union-Telecommunication sector (ITU-T), and is widely used as a de facto standard in each field of information communication. Although only three certificates are illustrated in FIG. 3, there may be no intermediate certificate or a plurality of certificates. However, when there are a plurality of intermediate certificates, the intermediate certificates must be linked to each other.

FIG. 5 is a configuration diagram of a certificate such as a root certificate 301 compliant with 509. Here, only attributes necessary for the description of the present embodiment are shown.
In FIG. 4, a certificate 400 includes an attribute area 401 and a signature value 402. The attribute area 401 further includes a serial number 411, a signature algorithm 412, a current update date and time 413, a next update date and time 414, an issuer name 415, and a subject. Name 416, public key 417, and the like.

  The serial number 411 is a number for identifying the certificate, the signature algorithm 412 is the algorithm used to calculate the signature value 402 from the information in the attribute area 401, and the current update date and time 413 is the valid start date and time of the certificate. The next update date and time 414 is the valid expiration date and time, the issuer name 415 is the name of the certification authority that is the name of the institution issuing this certificate, the subject name 416 is the owner name of the certificate, and the public key 417 is the subject The public key of the person name 416 and the signature value 402 respectively represent values signed by the private key of the certificate issuer (encryption result of applying the signature algorithm 412). Note that public key cryptosystems are widely used in electronic commerce and the like, using public keys and private keys. In the public key cryptosystem, the ciphertext is decrypted using a key different from the key used when encrypting the equal part. The encryption key and the decryption key are different, and it is impossible to infer the encryption key from the decryption key even if the decryption key is made public. In the case of the above signature value, the encryption key corresponds to the secret key, and the decryption key corresponds to the public key. Typical examples of public key cryptosystems include RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Standard).

Returning to FIG. 2, the application management information 206 is application management information for controlling the life cycle of the application 203. The disc playback apparatus 100 uses the information of the application management information 105 to determine an application to be executed or to check information necessary for execution.
FIG. 5 is a diagram showing an example of the application management information 105.

The application management information 105 includes items of an application identifier 501, control information 502, an acquisition destination identifier 503, and an application name 504.
The application identifier 501 is a symbol that identifies an application. Depending on the specific value of the application identifier 501, it may be possible to determine whether the validity of the application should be confirmed. For example, if the value of the application identifier 501 is in the range of 0x0 to 0x3fff, it is not necessary to confirm the validity. If the value of the application identifier 501 is 0x4000 to 0x7fff, authentication may be performed. A column 502 is application control information. The control information includes “autostart”, “present”, “kill”, etc. “autostart” means that the disc playback apparatus 10 automatically executes this application immediately, and “present” does not automatically execute. "Kill" means to stop the application. The acquisition destination identifier 503 indicates the acquisition destination of the application. For example, 1 is acquired from the disk, 2 is the HD area in the disk playback apparatus 10, and 3 is acquired from the network. The application name 504 is the name of an application. In the case of a Java application name, the end is jar. This is a case where a unit of one application is expressed by a jar file. At the time of execution, the class file associated with the file name of the jar file may be activated. In FIG. 5, one application is described.

Although only four items are defined for an application, more information may be defined. The control information 502 and the acquisition destination identifier 503 shown in FIG. 5 are described as examples only, and are not necessarily included as the application management information 105.
The disc identifier 106 is a disc identifier for determining whether the disc is the content disc 202 or the update disc when the disc reproducing apparatus 100 recognizes the disc. The disk identifier 106 may determine the type of disk based on a specific value.

For example, if the disc identifier value is in the range of 0x0 to 0x3fff, the content disc 202 may be used, and if it is in the range of 0x4000 to 0x7fff, the update disc may be used.
In the present embodiment, the content disk 202 and the update disk are separated from each other, but a single disk having both functions may be used. At this time, a different value may be assigned to the disc having both functions of the content disc 202 and the update disc, such as 0x8000 to 0x9000.

In FIG. 2, it is assumed that there are one application 203, signature information 204, and certificate 205 in the content disk 202, but a plurality of each may be provided.
Next, the update disk will be described.
The update disc 602 is created when the certificate of the content disc 202 distributed in advance by the content provider is revoked by the content provider.

FIG. 6 is a diagram illustrating an example of the data configuration of the update disk.
The update information 600 recorded on the update disk 602 includes certificate update information 603, application update information 604, application update signature information 605, certificate 606, and disk identifier 607.
The certificate update information 603 stores either a CRL or a certificate update message for updating a certificate DB managed by the disc playback apparatus 100. The CRL information is recorded in a revocation certificate DB 103 in the storage unit 101 described later.

The certificate update information 603 stores either CRL or a certificate DB update message managed by the disc playback apparatus 100. The CRL information is recorded in a revocation certificate DB 103 in the storage unit 101 described later.
FIG. 7 is a configuration diagram of the CRL when the certificate update information 603 is CRL. Here, only attributes necessary for explaining the present invention are listed. The CRL includes an attribute area 701, a signature algorithm 702, and a signature value 703. The attribute area 701 further includes an issuer name 711, a current update date and time 712, a next update date and time 713, a revocation certificate list 714, and a revocation reason 715.

  The issuer name 711 indicates the issuer of the CRL, the current update date / time 712 indicates the validity start date / time of the CRL, the next update date / time 713 indicates the validity expiration date / time of the CRL, and the revocation certificate list 714 has expired one or more. The reason for invalidation 715 of the serial number of the certificate describes reasons such as “leakage” and “expiration”. Further, if the reason for revocation is known by using data other than the reason for revocation in the CRL, such as making it possible to determine “expired” from the current renewal date 712 and the next renewal date 713, it is not necessary to provide the revocation reason 715 in particular. .

The signature algorithm 702 is an algorithm that makes the information in the attribute area 701 an encryption target, and the signature value 703 is a value obtained by encrypting the encryption target with the secret key of the CRL provider (certification authority).
Returning to FIG. 6, the application update information 604 is information used when the certificate of the application on the content disk 202 that has been requested to be revoked. The application update information 604 refers to application verification information, which is recorded in the application update information 104 and is referred to when there is a request for using an invalid certificate application.

The application update information 604 has three patterns.
FIG. 8 is a diagram showing an example of the configuration of application update information 604A, which is the first pattern of application update information 604. As shown in FIG.
The first pattern of application update information 604A includes an application identifier 801, a certificate hash value 802, and a hash algorithm 803.

The application identifier 801 is an application identification symbol. The certificate hash value 802 is a hash value calculated from the certificate of the content disc 202. The hash algorithm 803 is an algorithm used for calculating a hash value.
When the certificate on the content disk 202 has been revoked, the disk playback device 100 refers to the application update information 604A, and the hash value of the application certificate indicated by the application identifier of the application that requested execution and the certificate The hash value 802 is compared. By including the hash value of the certificate in the application update information 604A, when attempting to execute a spoofed application created using the secret key of the certificate authority that was stolen, the hash of the certificate of the application update information 604A The comparison result between the value and the hash value of the certificate of the content disc 202 does not match. In the example of FIG. 8, only three items are defined for the application, but information such as the validity period of the certificate hash value may be added.

The second pattern of application update information has a hash value of the application instead of the certificate hash value 802 shown in FIG.
FIG. 9 is a diagram showing an example of the second pattern of application update information 604B. The second pattern of application update information 604B includes an application identifier 901, an application hash value 902, and a hash algorithm 803.

The application hash value 902 is a hash value calculated from the application 203 included when the content provider creates the content disc 202 containing the application with the application identifier. The hash algorithm 902 is an algorithm used for calculating the hash value.
If the disc playback apparatus 100 determines that the certificate on the content disc 202 is not valid, it refers to the application update information 604B and uses the hash value of the application indicated by the application identifier of the application that has requested execution.

By including the application hash value in the application update information 604B, when attempting to execute a spoofed application created using the secret key of the stolen certification authority, the application hash value of the content disc 202 The comparison result with the application hash value 802 does not match.
The third pattern of application update information includes an application identifier and a substitute application. Here, the substitute application is a substitute application for the application on the content disc 202 and is executed instead of executing the application on the content disc 202.

FIG. 10 is a diagram showing an example of the configuration of the third pattern of the application update information 604C.
The third pattern of application update information 604C includes an application identifier 801 and an application 802.
The application name 802 indicates the file name of the application. Although not shown, an application file corresponding to the application name 802 is attached to the application update information 604C.

  If the disc playback apparatus 100 determines that the certificate on the content disc 202 is not valid, the disc playback apparatus 100 refers to the application update information 604C and corresponds to the application (that is, the application name) corresponding to the application identifier 1001 of the application that has requested execution. Application file corresponding to 1002). In FIG. 10, only two items are defined, but an expiration date of the application may be added.

By including the application itself in the application update information 604, even when the certificate is determined to be invalid, the application file corresponding to the application name 1002 can be executed as a substitute for the application 203 on the content disc 202.
Returning to FIG. 6, the application update signature information 605 includes a signature value obtained by signing the application with the content provider's private key.

FIG. 11 is a diagram showing an example of the configuration of the application update signature information 605.
The application update signature information 605 includes an application identifier 1101 and a signature value 1102.
The signature value 1102 is a value obtained by signing the application of the application update information 604 with the content provider's private key.

Returning to FIG. 6 again, the certificate 606 includes a public key for decrypting the application update signature information 605 and has the same configuration as the certificate 205.
The disk identifier 607 is an identifier indicating that the disk is the update disk 602.
One update disk 602 may include both certificate update information 603 and application update information, but an update disk 602a (not shown) in which certificate management information is recorded and an update disk 602b in which application update information is recorded. It is also possible to distribute to users (not shown).

Furthermore, in the present embodiment, the content disk 202 and the update disk 602 are described independently, but a single disk having both functions may be used.
Next, the configuration of the disk reproducing apparatus of the present invention will be described with reference to FIG.
The storage unit 101 includes a certificate DB 102, a revocation certificate DB 103, and an application update information DB 104, which are databases (DBs) storing application revocation information and information necessary to continuously execute the application even if revocation occurs. Remember. The storage unit 101 is mounted in a storage area having tamper resistance in the disc playback apparatus 100.

  The certificate DB 102 is a part that stores certificates for checking the validity of the certificate 205 (FIG. 2) and the certificate 606 (FIG. 6). The certificate to be stored here consists of the root certificate 301 of FIG. 3 and is referred to by the certificate management unit 114. When the certificate is recorded in the certificate update information 603 of the update disk 602, the certificate is stored. Registered and updated based on the certificate.

The revocation certificate DB 103 stores certificate revocation information. When the CRL is recorded in the certificate update information 603 of the update disk 602 by the certificate management unit 114,
Registration and updating are performed by the certificate management unit 114 based on the CRL.
The revocation certificate DB 103 is also referred to by the certificate management unit 114 and is used for checking the validity of the certificate 205 and the certificate 606.

  An example of the configuration of the revocation certificate DB 103 is shown in FIG. In FIG. 12, the revocation certificate DB 103 includes items of an issuer name 1201, a serial number 1202, a revocation date 1203, and a revocation reason 1204. Here, the serial number 1202 describes the serial number 411 (FIG. 4) of the certificate 400. The revocation date 1203 indicates the date and time when the certificate has been revoked, and the revocation reason 1204 describes that of the revocation reason 715 (FIG. 7).

  The application update information DB 104 stores information that is referred to for checking whether or not the application 203 on the content disk 202 that has been requested to execute can be continuously executed. Information similar to the application update information 604 of the update disk 602 is recorded in the application update information DB 104. The update information includes three pieces of application update information 604A, 604B, and 604C as described with reference to FIGS. The patterns 800, 900, and 1000 contain 1, 2, and 3 information, respectively.

The disc input unit 111 reads the electronic data on the disc inserted into the disc playback apparatus 100 and notifies the module management unit 113 of it.
The execution request reception unit 112 receives an application execution request from the user, and notifies the module management unit 113 that there has been an execution request. Here, the application to be executed is any application described in the application management information 206 in the electronic data on the content disc 202 inserted into the disc playback apparatus 100.

The module management unit 113 receives electronic data on the disk read by the disk input unit 111. In addition, a notification of an execution request is received from the execution request receiving unit 112.
The module management unit 113 checks whether the disc in the disc input unit 111 is the content disc 202 or the update disc 602. When the disk is the update disk 602, processing related to update is performed.

When the application update information 604 is recorded on the update disk 602, the certificate management unit 114 is inquired whether the information is valid. If the information is valid, the application update information is stored in the application update information DB 104. Detailed description regarding the storage processing will be described later.
When the disc in the disc input unit 111 is the content disc 202 and the execution request reception unit 112 notifies the execution request of the application 203 on the content disc 202, the module management unit 113 validates the application 203. If the certificate is valid, the application 203 recorded in the content disc 202 is executed to the application execution unit 115. If the application is not valid, the application update information DB 104 is checked to see if a substitute application identifier for the application recorded on the content disc 202 exists. If there is, the application update information DB 104 application When the update information pattern is 3 (FIG. 10), the application indicated by the application 1002 is delivered to the application execution unit 115 to instruct execution. Further, when the pattern is 1 or 2, a spoofing check is further performed to check whether the application is a legitimate application provided by the content provider 10, and if it is not impersonating, the application execution unit 115 executes the application. Instruct.

The application execution unit 115 executes the application delivered from the module management unit 113.
Next, the operation of the disc playback apparatus in the present embodiment will be described.
FIG. 13 is a flowchart showing a processing procedure of the disc reproducing apparatus according to the embodiment of the present invention.

The module management unit 113 determines whether the inserted disc is the content disc 202 or the update disc 602 from the disc identifier 207 or the disc identifier 607 notified from the disc input unit 111 (S1301).
When the inserted disk is the update disk 602, it is checked whether or not the certificate update information 603 exists on the update disk 602 (S1302). If the certificate update information 603 exists and the certificate update information 603 is a certificate (S1303), the module management unit 113 causes the certificate management unit 114 to update the certificate DB 102, and the certificate update information 603 is updated. Update registration is performed (S1304). If the certificate update information 603 is CRL (S1305), the certificate management unit 114 is made to update the revocation certificate DB 603 (S1306). Details of the renewal certificate DB update process will be described later.

Next, the module management unit 113 checks whether or not the application update information 206 exists on the update disk 602 (S1307), and if it exists, updates the application update information DB 104 based on the application update information 206 (S1308). ).
Next, when the inserted disc is the content disc 202, it waits until an execution request for the application recorded on the content disc 202 is notified from the execution request receiving unit 112 (S1311). When the execution request receiving unit 112 receives a request for executing a specified application included in the application management information 206 recorded on the content disc 202 from the user, the execution request receiving unit 112 notifies the module management unit 113 that the execution request has been received.

  Upon receiving the notification, the module management unit 113 passes the application management information 206 recorded on the content disc 202 to the certificate management unit 114 and executes it to determine whether it is safe to execute the application. The validity of the target application is checked (S1312). Details of the application validity check process will be described later. Note that the “application” in FIG. 13 is an application, and the same applies to the following drawings.

If the application is valid (S1315), the module management unit 113 passes the designated application 504 included in the application management information 206 recorded on the content disc 202 to the application execution unit 115 to execute the application (S1326).
If it is not valid and the reason for the inefficiency is “leakage” (S1317), it is checked whether or not the same application identifier as the execution target application exists in the application update information DB 104 of the storage unit 101 (S1319). .

Here, the reason why the processing is not immediately ended in the case of “leakage” is that it may be created by the authorized content provider 10 before the certificate 205 recorded on the content disc 202 expires. Because in that case it should be feasible.
If there is an identifier of the same application in the application update information DB 104, when the update information pattern of the application is 1 or 2, an impersonation check of the application described later is performed (S1324). Details of the impersonation check will be described later.

  When it is not impersonation, the application 203 of the content disc 202 is delivered to the application execution unit 115 and executed (S1326). When the update information pattern of the application is 3, the application substitute application 1002 (the same or equivalent application as the application) recorded in the application update information 604C of the application update information DB 104 of the storage unit 101 is displayed. The application is executed by the application execution unit 115 (S1328).

FIG. 14 is a flowchart showing details of revocation certificate DB update processing (S1306 in FIG. 13).
First, the certificate management unit 114 extracts the current update date 712 and the next update date 713 from the CRL 603 received from the module management unit 113 (S1401). It is checked whether or not the current date / time is between the current update date / time 712 and the next update date / time 713 (S1402).

  When the result is negative, the certificate management unit 114 determines that the CRL itself is invalid and ends the process. When the result is affirmative, in order to verify the signature value 703 of the CRL 603, the hash value of the attribute area 701 is calculated according to the signature algorithm 702 (S1403). On the other hand, the public key 417 of the leaf certificate 303 is extracted from the certificate 606 received from the module management unit 113 (S1404), and the signature value 703 of the CRL 603 is decrypted with this public key 417 (S1405). Then, it is checked whether or not the hash value obtained in step S1403 and the decrypted value in step S1405 are equal (S1406). If they are not equal, it is determined that the CRL is invalid, and the process is terminated. If they are equal, an authentication check of the certificate chain of the certificate 606 is performed (S1407). Details of the certificate chain authentication check will be described later.

  When the certificate chain authentication fails (S1408), the certificate management unit 114 determines that the CRL is invalid and ends the process. On the other hand, if successful, the same certificate as the root certificate in the certificate 606 is searched from the certificate DB 102 (S1409). Here, if there is no matching root certificate, it is determined that the CRL is invalid, and the process ends. If a matching root certificate exists, the issuer name, serial number, and revocation date and time described in the CRL 603 are stored in the revocation certificate DB 103. In other words, the issuer name 711 of the CRL 603, each serial number described in the revocation certificate list 714, the current update date and time 712, and the reason for revocation 715 are the issuer name 1201, the serial number 1202 of the revocation certificate DB 103, and the revocation date and time 1203. , Posting to reason for revocation 1204.

FIG. 15 is a flowchart showing details of the process of updating the application update information DB (S1305 in FIG. 3).
First, the module management unit 113 receives the application update information 604 on the update disk 602 inserted into the disk input unit 111 from the disk input unit 111, and obtains the number of applications specified in the application update information DB 604 (S1501). . The following processing is performed for each application by the number of applications (S1501).

  The module management unit 113 checks whether the same application identifier exists in the application update information DB 104 of the storage unit 101 (S1504). If the module management unit 113 determines in step S1504 that the same application identifier exists in the application update information DB 104, the processing of the application ends.

If it is determined that the same application identifier does not exist in the application update information DB 104, the certificate management unit 114 is caused to perform an application validity check based on the application identifier acquired in step S1503 and the target update information ( S1504). Details of the application validity check will be described later.
When the application update information is valid (S1507), the module management unit 113 updates the application update information DB 104 by adding information related to the application in the application update information DB 604 (S1508).

This completes the description of the processing by the update disk.
FIG. 16 is a flowchart showing details of processing of validity check of application information on the application 203 or application update information 604 (S1312 in FIG. 13 and S1504 in FIG. 15) performed by the certificate management unit 114.
From the module management unit 113 to the certificate management unit 114, the designated application information of the application 203 or the application update information 604, the signature information 204 or the application update signature information 605 of the designated application, the certificate 205 or the certificate 606, Is passed.

First, the certificate management unit 114 performs a tampering check on the application (S1601). The application tampering check will be described later.
When the application is falsified (S1602), it is determined that the application 203 or the application update information 604 is not valid (S1609).

When the application is not falsified, a certificate chain authentication check of the certificate 205 or the certificate 606 is performed (S1603). Details of the certificate chain authentication check process will be described later.
If the authentication is successful, the certificate management unit 114 searches the certificate DB 102 for the same certificate as the root certificate 301 among the certificates (S1605). If the certificate DB 102 does not exist in step S1606 (S1606), the process proceeds to S1609.

If the root certificate 301 exists, each serial number 411 of each certificate in the certificate chain is extracted, and it is confirmed whether the revocation certificate DB 103 exists (S1607). If the serial number 411 exists, it is determined that the certificate of the serial number has been revoked, and the process proceeds to step S1609.
If all the serial numbers are present in the revocation certificate DB 103, it is determined that the application is valid (the application 203 or the application update information is valid), and this is notified to the module management unit 113 (S1608).

  FIG. 17 is a flowchart showing details of processing of application falsification check (S1602 in FIG. 16). Here, the check target application means either the application 203 recorded on the content disc 202 or the update information related to the designated application among the application update information 604 recorded on the content disc 602.

  First, the certificate management unit 114 extracts the leaf certificate 303 of the certificate chain of the certificate 205 or the certificate 606 (S1701), and extracts the public key 417 from the extracted leaf certificate 303 (S1702). If the specified check target application is the application 203 of the content disc 202, the hash value of the application 203 is calculated. If the check target application is the application indicated by the application update information 604, the application update information 604 is obtained. Among them, the hash values of all items of the application are calculated (S1703).

  On the other hand, using the public key 417, the signature value of the application in the signature information 204 or the application update signature information 605 is decrypted (S1703). Then, it is confirmed whether or not the hash value calculated in S1703 matches the value decrypted in step S1704 (S1705). If they match, the certificate management unit 114 determines that the information of the application 203 or the application update information 604 is not falsified (S1706), and if it does not match, the certificate management unit 114 determines that the information is falsified (S1707). .

18 to 20 are flowcharts showing the details of the processing of certificate chain authentication check (S1407 in FIG. 14 and S1603 in FIG. 16). The certificate chain authentication process in step S1604 will be described with reference to FIGS.
First, the certificate management unit 114 extracts the intermediate certificate 302 and the leaf certificate 303 from the certificate chain of the certificate (205 or 606) (S1801). The current update date 413, the next update date 414, and the issuer name 415 are extracted from the extracted leaf certificate (S1802). Among these, it is checked whether or not the certificate is valid from the current update date to the next update date (S1803). If the certificate is outside the valid period, the certificate chain authentication fails (S1809). When the certificate is valid, the subject name 416 and the public key 417 of the intermediate certificate 302 are extracted (S1804), and the subject name 416 of the intermediate certificate 302 is compared with the issuer name of the leaf certificate. Thus, it is determined whether or not they match, that is, whether or not the intermediate certificate 302 and the leaf certificate 303 are in a chain relationship (S1805).

  If the two certificates are not linked, authentication fails. If the chain relationship is established, the hash value of the attribute area 401 of the leaf certificate 303 is calculated (S1806). Further, the signature value of the leaf certificate 303 is decrypted using the public key of the intermediate certificate 302 (S1807). When step S1806 and step S1807 are completed, it is checked whether or not the hash value obtained from each matches the signature decryption value (S1808). If they do not match, authentication of the certificate chain fails (S1809).

Next, the certificate management unit 114 checks the chain relationship between the root certificate 301 and the intermediate certificate 302 and extracts the root certificate and the intermediate certificate from the certificate chain (S1901). The same processing as the check between the leaf certificate and the leaf certificate is performed on the root certificate and the intermediate certificate (S1902 to S1908).
If it is determined in S1908 that the certificates match, the certificate management unit 114 checks the root certificate alone. FIG. 20 is a flowchart of the root certificate single check.

  The current update date 413, the next update date 414, and the issuer name 415 are extracted from the root certificate extracted in step S1901 (S2001). Among these, it is determined whether or not the certificate is valid from the current update date and time 413 to the next update date and time 414 (S2002). If the certificate is outside the valid period, certificate chain authentication fails. On the other hand, if it is determined that the certificate is in a valid period, the hash value of the attribute area of the root certificate is calculated (S2004). Further, the signature value of the root certificate is decrypted using the public key of the root certificate (S2005). Then, it is determined whether or not the hash value and signature decryption value match (S2006). If they match, the certificate chain authentication is successful (S2007), and the authentication is unsuccessful (S2008).

FIG. 21 is a flowchart showing the details of processing for performing the impersonation check (S1324) of the application on the content disc 202 based on the hash value of the certificate when the application update information in the application update information DB 104 is pattern 1).
First, the module management unit 113 extracts the entire certificate 204 including the public key for decrypting the signature value of the application 203 that has requested execution from the content disk 202 (S2100).

Next, the hash value of the entire certificate 204 is calculated using the hash algorithm 803 of the application in the application update information 604A (S2102).
Next, the certificate hash value 802 of the application is extracted from the application update information DB 104 (S2103).
Next, it is checked whether the calculated hash value and the certificate hash value 802 are equal (S2104). If the hash values are equal, it is determined not to be impersonation (S2105). If the hash values are not equal, it is determined that the application is impersonating (S2106).

FIG. 22 is a flowchart showing details of processing for performing the impersonation check (S1324) of the application recorded on the content disc 202 based on the hash value of the application when the application update information in the application update information DB 104 is pattern 2.
First, the module management unit 113 extracts the signature of the application requested to be executed from the content disk 202 (S2201).

Next, decryption is performed using the certificate for the signature of the application extracted in step S2201 (S2202).
Next, the application hash value 902 of the update information of the application in the application update information DB 104 is extracted (S2203).
Next, it is checked whether or not the decrypted hash value is equal to the application hash value 902 (S2204). If the hash values are equal in step S2204, it is determined that the impersonation is not impersonation (S2205). If they are not equal, it is determined that the application is impersonating (S2206).

As described above, in the recording medium playback apparatus of the present embodiment, the certificate DB 102 and the revoked certificate DB 103 are updated based on the update disk 602, and an application that uses the revoked certificate on the content disk 202 can be safely used. It becomes possible to execute.
In this embodiment, the application update information DB 104 is updated using the update disk 602, but the application of the content disk 202 is executed when the certificate information has not yet become invalid. In this case, the information on the content disc 202 may be stored in the application update information DB 104. In this way, when an execution request for an application that has been successfully authenticated is made after the certificate becomes invalid, it is possible to confirm that the impersonation is not performed using the information in the application update information DB 104. .

(Embodiment 2)
The second embodiment of the present invention is a disc playback apparatus having a communication function in addition to the first embodiment.
FIG. 23 is a diagram showing the relationship between the disc playback apparatus according to Embodiment 2 of the present invention, the content disc 202 used by the disc playback apparatus, and a content provider connected via a network. In FIG. 23, the same elements as those in the first embodiment are assumed to be the same and the description thereof is omitted.

In FIG. 23, a network 2304 connects a disk playback device 2300 and a content provider 2303. The disc player 2300 receives the content disc 202 from the content provider 2303 and also receives a response message 2305 including application update information via the network 2304.
The content disc 202 according to the present embodiment is different from the content disc 202 according to the second embodiment in application management information 2306. The application management information 2306 will be described later.

When the disc playback apparatus 100 according to the present embodiment determines that the certificate 205 of the content disc 202 is not valid, the disc playback apparatus 100 does not update the application update information DB 104 with the update disc 602 described in the first embodiment. Instead, the update is performed through the network 2304.
FIG. 24 is a diagram showing a configuration of a disk playback device 2300 according to Embodiment 2 of the present invention.

In FIG. 24, the same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted. A communication unit 2401 is added to the disk playback device 2300.
The communication unit 2401 transmits the application request message created by the module management unit 113 to the content provider 2303, and receives an application response message as a response from the content provider. Further, the certificate update information shown in the first embodiment is received.

FIG. 25 is a flowchart showing the processing of the disc playback apparatus in the present embodiment.
In FIG. 25, processing steps that perform the same operations as those in the first embodiment are denoted by the same reference numerals, and description thereof is omitted.
When the module management unit 113 checks whether or not the same application identifier as the application identifier of the execution request exists in the application update information DB 104 in S1319, if it does not exist, the module management unit 113 displays the application management information 2306 of the content disc 202. To check whether there is an application acquisition destination (S2601 in FIG. 26).

FIG. 27 is a diagram illustrating an example of the application management information 2306.
In FIG. 27, the same elements as those shown in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted. The application acquisition destination 2701 indicates an acquisition destination acquired through the network when there is no application update information of the execution target application in the application update information DB 104 of the disc playback apparatus 100.

  The module management unit 113 ends the process when the module management unit 113 has no application acquisition destination. If there is an application acquisition destination, the module management unit 113 refers to the application management information of the content disc 202, extracts information necessary for updating, and creates an application request message for requesting application update information from the content provider. (S2801 in FIG. 28).

FIG. 29 is a diagram illustrating an example of an application request message.
The application request message 2900 includes an application identifier 2901 acquired from the application management information 2306, a return address 2902 indicating the network address of the reply destination of the application request message 2900, and a serial number 2903 of the revoked certificate.

  Returning to FIG. 28, the module management unit 113 extracts the application acquisition destination from the application management information 2306, and transmits the application request message 2900 created in step S2801 to the application acquisition destination using the communication unit 2401 (S2802). ). Upon receiving the application request message 2900, the content provider 2303 extracts the application identifier included in the application request message 2900, and as shown in FIG. 23, application update information 604 of the application indicated by the application identifier, and application update information A response message 2305 including the signature information 605 containing the signature value of the signature and the certificate 606 including the public key for decrypting the contents of the signature information is transmitted to the disc playback apparatus 2300 as a response to the application request message 2900. The content provider 2303 can know the transmission destination of the response to the application request message 2900 by referring to the return address included in the application request message 2900. In addition, when the revoked certificate serial 2903 included in the application request message 2900 is a root certificate, the content provider requests the certification authority 20 to distribute a new certificate to the disk reproducing device 2300.

Next, the communication unit 2401 receives the response of the application request message, and notifies the module management unit 113 accordingly (S2803).
Next, the module management unit 113 that has received the response of the application request message 2900 through the communication unit 2401 updates the application update information DB 104 using the response of the application request message 2900 (S2804). The application update information storage process is the same as that in step S1305 shown in the first embodiment, and a description thereof will be omitted.

  Next, the module management unit 113 that has finished updating the application update information DB 104 returns again to step S1319, and performs the same processing as when the requested application identifier is found in the application update information DB 104. As described above, by adding the communication unit 2401 to the disc playback apparatus 2300 and including the application acquisition destination 2701 in the application management information, the application update information DB 104 from the network can be updated, and the content disc 202 becomes invalid. It is possible to safely execute an application that uses the certificate.

The disc player 2300 also acquires certificate update information similar to the certificate update information 603 shown in FIG. 6 in the first embodiment through the communication unit 2401.
FIG. 30 is a diagram showing a processing flow when certificate update information is received over the network.
First, the communication unit 2401 receives the certificate update information and notifies the module management unit 113 of that (S3001).

Next, the certificate management unit 114 is made to update the certificate using the certificate update information received in step S3001 (S3002). The certificate update is an update of the certificate DB or the revoked certificate DB, and the same process as the process performed in step S1304 in FIG.
As described above, the certificate information can be updated when the certificate update information comes over the network.

Although the present invention has been described based on the above two embodiments, the present invention is of course not limited to the above embodiments. The following cases are also included in the present invention.
Although the present invention assumes a portable recording medium as an optical disk, other recording media such as a flexible disk and a memory card may be used.
In the present embodiment, data recorded on a recording medium is used as an application, and data reproduction is handled as execution of the application. However, other data such as video and audio may be reproduced.

It may be a computer program for realizing the method of the present invention using a computer system, or may be a digital signal representing the program.
The present invention may be a computer-readable recording medium that records the program or the digital signal, such as a semiconductor memory.
The present invention may be the computer program or the digital signal transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.

The present invention can be used for a data reproducing apparatus (disk reproducing apparatus, disk recording / reproducing apparatus) that can use an application to be executed even when a certificate on a recording medium such as a disk is revoked.
Provided is a data reproducing apparatus capable of using substantially legitimate content.
The present invention provides a data reproducing apparatus capable of using substantially legitimate content while protecting copyright.

It is a figure which shows the structure of Embodiment 1 of the disc reproducing | regenerating apparatus concerning this invention. It is a figure which shows an example of the data structure of the content disc which concerns on this Embodiment. It is an example of a certificate (chain) according to the present embodiment. Certificate X. according to the present embodiment. FIG. It is a figure which shows the structure of the application management information which concerns on this Embodiment. It is a figure which shows the data structure of the disk reproducing apparatus which concerns on this Embodiment, and an update disk, and an update disk. It is a figure which shows the structure of CRL based on this Embodiment. It is a figure which shows a structure at the time of mounting the application update information which concerns on this Embodiment including the hash value of a certificate. It is a figure which shows a structure at the time of mounting the application update information which concerns on this Embodiment including the hash value of an application. It is a figure which shows a structure at the time of mounting the application update information which concerns on this Embodiment including an application itself. It is a figure which shows the structure of the application update signature information which concerns on this Embodiment. It is a figure which shows the structure of the revocation certificate database which concerns on this Embodiment. It is a flowchart which shows the process of disk reproduction of this Embodiment. It is a flowchart which shows the update process of the revocation certificate database which concerns on this Embodiment. It is a flowchart which shows the preservation | save process of the application update information which concerns on this Embodiment. It is a flowchart which shows the validity check process of the certificate which concerns on this Embodiment. It is a flowchart which shows the process of the tampering confirmation which concerns on this Embodiment. It is a flowchart which shows the authentication process of the certificate chain which concerns on this Embodiment. It is a flowchart which shows the authentication process of the certificate chain which concerns on this Embodiment. It is a flowchart which shows the authentication process of the certificate chain which concerns on this Embodiment. It is a flowchart which shows the process which confirms whether the application which concerns on this Embodiment is impersonating. It is a flowchart which shows the process which confirms whether the application which concerns on this Embodiment is impersonating. FIG. 3 is a diagram showing the relationship between a disc playback apparatus and a content provider according to the present embodiment. It is a block diagram which shows the structure of the disc reproducing | regenerating apparatus concerning this Embodiment. It is a flowchart which shows the process of the disc reproducing | regenerating apparatus concerning this Embodiment. It is a flowchart which shows the process of the disc reproducing | regenerating apparatus concerning this Embodiment. It is a figure which shows the structure of the application management information which concerns on this Embodiment. It is a flowchart which shows the process of the disc reproducing | regenerating apparatus concerning this Embodiment. It is a figure which shows the structure of the application request message which concerns on this Embodiment. It is a flowchart which shows the process of the disc reproducing | regenerating apparatus concerning this Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Disc reproducing apparatus 111 Disc input part 112 Execution request reception part 113 Module management part 114 Certificate management part 115 Application execution part 101 Storage part 102 Certificate DB
103 Revocation certificate DB
104 Application update information DB
202 Content Disc 203 Application 204 Signature Information 205 Certificate 206 Application Management Information 207 Disc Identifier 300 Certificate Chain 301 Root Certificate 302 Intermediate Certificate 303 Leaf Certificate 401 X. 509 certificate attribute area 402 X. 509 Signature value area 403 Acquisition destination identifier 404 Application name 411 Serial number 412 Signature algorithm 413 Update date / time 414 Next update date / time 415 Issuer name 416 Subject name 417 Public key 501 Application identifier 502 Control information 503 Acquisition destination identifier 504 Application name 600 Update information 602 Update disk 603 Certificate update information 604 Application update information 605 Application update signature information 606 Certificate 607 Disk identifier 701 Attribute area 702 Signature algorithm 703 Signature value 711 Issuer name 712 Current update date 713 Next update date 714 Revocation certificate List 801 Application identifier 802 Certificate hash value 803 Hash algorithm 901 Application Besshi 902 application hash value 903 hash algorithm 1001 application identifier 1002 Application 1101 Application identifier 1102 signature value 2300 disk reproducing apparatus 2302 content provider 2305 updates 2304 network system 2401 communication unit

Claims (12)

A data reproduction device for confirming the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data,
Storage means for preliminarily storing data verification information for verifying that the data is legitimate data, and certificate revocation information indicating that the certificate has been revoked together with the reason;
First determination means for determining, together with the reason, whether or not at least one certificate in the certificate chain has been revoked by the certificate revocation information;
Second determination means for determining whether the data recorded on the portable recording medium is regular data based on the data verification information;
And a reproducing means for reproducing the data when the second determining means determines affirmative when the first determining means determines that the reason for revocation is a leakage of the secret key. A data reproducing apparatus. The storage means further stores in advance a root certificate of a certificate chain recorded on the recording medium,
A preliminary determination unit that determines whether or not a root certificate of a certificate chain recorded in the recording medium is stored in the storage unit;
2. The data reproducing apparatus according to claim 1, wherein when the preliminary determination means determines affirmative, the first determination means and the second determination means are determined. The data verification information of the storage means is obtained by reading and storing a hash value of each certificate of the certificate chain recorded on another portable recording medium,
The certificate of the data recorded on the recording medium depends on whether or not the hash value stored in the storage means is equal to the hash value of each certificate of the certificate chain recorded on the recording medium. 4. The data reproducing apparatus according to claim 3, wherein it is determined whether or not. The data verification information of the storage means is obtained by reading and storing a hash value of data recorded on another portable recording medium,
It is determined whether or not the data recorded on the recording medium is regular data based on whether or not the hash value of the data stored in the storage means is equal to the hash value of the data recorded on the recording medium. 4. A data reproducing apparatus according to claim 3, wherein The data verification information of the storage means is obtained by receiving and storing hash value information of each certificate of the certificate chain through a network,
The certificate of the data recorded on the recording medium depends on whether or not the hash value stored in the storage means is equal to the hash value of each certificate in the certificate chain recorded on the recording medium. 4. The data reproducing apparatus according to claim 3, wherein it is determined whether the certificate is a certificate. The data verification information of the storage means is received and stored information of the hash value of the data through a network,
Determining whether the data recorded on the recording medium is regular data based on whether the hash value stored in the storage means is equal to the hash value of the data recorded on the recording medium. 4. A data reproducing apparatus according to claim 3, wherein: A data reproduction device for confirming the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data,
Storage means for preliminarily storing substitute data for the data and certificate revocation information indicating that the certificate has been revoked together with the reason;
Determining means for determining whether at least one certificate in the certificate chain is revoked by the certificate revocation information together with the reason;
A data reproduction apparatus comprising: reproduction means for reproducing the substitute data when it is determined that the reason for revocation is a leakage of a secret key. The data recorded on the recording medium is an application,
The data reproducing apparatus according to claim 1, wherein the reproducing unit executes an application. A data reproduction method for recognizing the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data,
A storage area for preliminarily storing in the storage area data verification information for verifying that the data is legitimate data and certificate revocation information indicating that the certificate has been revoked together with the reason,
A first determination step of determining whether at least one certificate in the certificate chain is revoked by the certificate revocation information together with the reason;
A second determination step of determining whether data recorded on the portable recording medium is regular data based on the data verification information;
A reproduction step for reproducing the data when it is determined affirmative in the second determination step when it is determined affirmative in the first determination step that the reason for revocation is leakage of the secret key. Data reproduction method. Confirming the authenticity of the data recorded on the portable recording medium based on the certificate chain, the data reproducing apparatus for reproducing the data,
A recording step of pre-recording in the storage area data verification information for verifying that the data is legitimate data and certificate revocation information indicating that the certificate has been revoked together with the reason,
A first determination step of determining whether at least one certificate in the certificate chain is revoked by the certificate revocation information together with the reason;
A second determination step of determining whether data recorded on the portable recording medium is regular data based on the data verification information;
When it is determined as affirmative in the first determination step that the reason for revocation is a leakage of the secret key, and when the determination is affirmative in the second determination step, a reproduction step for reproducing the data is executed. Data playback program. A data reproduction method for recognizing the authenticity of data recorded on a portable recording medium based on a certificate chain and reproducing the data,
A recording step of pre-recording in the storage area the substitute data for the data and certificate revocation information indicating that the certificate has been revoked together with the reason;
A determination step of determining whether at least one certificate in the certificate chain is revoked by the certificate revocation information together with the reason;
A data reproduction method comprising: a reproduction step of reproducing the substitute data when it is determined affirmative that the reason for revocation is leakage of a secret key. Confirming the authenticity of the data recorded on the portable recording medium based on the certificate chain, the data reproducing apparatus for reproducing the data,
A recording step of pre-recording in the storage area the substitute data for the data and certificate revocation information indicating that the certificate has been revoked together with the reason;
A determination step of determining whether at least one certificate in the certificate chain is revoked by the certificate revocation information together with the reason;
A data reproduction program for executing a reproduction step of reproducing the substitute data when it is determined affirmative that the reason for revocation is leakage of a secret key.

Images