JP2006345555A - Recording medium, information reproducing device and information reproducing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information reproducing device capable of reproducing data, without providing any special data reading means, from an information recording medium having a data structure for realizing robust copyright protection for surely preventing contents recorded on the information recording medium from being illegally copied. <P>SOLUTION: An information recording medium includes a lead-in area wherein control information is recorded, and a data recording area wherein user data are recorded. A part of key information is recorded in the lead-in area. Scrambled data and the key information are recorded in the data recording area. The scrambled data are descrambled based on the key information. Inter-authentication key information is further recorded in the lead-in area and between a reading device for reading the scrambled data and a decode device including a descramble circuit for descrambling the scrambled data, mutual authentication is performed. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information reproducing apparatus for reproducing information from an information recording medium including program data, audio information, and video information.

Known information recording media for program data, audio information, and video information include a floppy (registered trademark) disk and a CD-ROM (Compact Disk-Read Only Memory). In particular, CD-ROMs are widely used for distributing various software because they have a large capacity of 600 MB or more and production costs are reduced.

On the other hand, with the recent increase in the speed of personal computers, the demand for outputting video and audio data (hereinafter referred to as AV data) on the personal computer is rapidly increasing. For example, applications that record and distribute digital data files that have been subjected to data compression using a video compression method called MPEG1 (Moving Picture Experts Group) on a CD-ROM or the like are increasing. However, since the MPEG1 system generally compresses video data with a large capacity using a high compression rate, video degradation is also significant. Therefore, it is unsuitable for applications requiring high-quality images such as movies.

  Therefore, in recent years, development has been carried out to record high-quality video data on an optical disk having a large capacity close to 5 GB by using a more advanced video compression method called MPEG2. The optical disk called DVD (Digital Video Disk) is capable of recording high-quality digital AV data of 2 hours or more by taking advantage of its large capacity, and is highly expected as a next-generation AV data recording medium. . On the other hand, a DVD can be played back on a personal computer by a DVD drive connected to a personal computer to play the DVD, and a CD-ROM can be used as a distribution medium for computer software. It is expected as an information recording medium to replace

However, if a DVD drive as a peripheral device of a personal computer is put on the market, digital data recorded on the DVD is output to the personal computer and can be easily copied to a rewritable medium such as a hard disk or an MO (Magneto Optical Disk). Is possible. If copying of digital AV data as described above can be performed easily, problems such as illegal copying of AV data recorded on a DVD without permission of the author, or alteration and distribution of the data may occur. It becomes extremely difficult to protect the author's rights. This not only has a detrimental effect on the author of the data, but also takes measures such as setting the price in consideration of copying the author and not manufacturing the disc in fear of falsification of the data. If taken, there may be a penalty for the user. Hereinafter, the above problem is referred to as a first problem.

  On the other hand, various uses of the information recording medium on which AV data is recorded can be considered. Among these applications, there are also applications in which it becomes a problem that the information recording medium can be reproduced by any reproduction device. In such applications, a reproduction device that can be reproduced and a reproduction device that cannot be reproduced. It can be divided into two. For example, a disc that is generally called a karaoke disc and in which video data including lyrics is recorded in accordance with the music to be played back is a disc that is used personally in a general household (hereinafter referred to as a consumer disc). And discs (hereinafter referred to as business discs) that are used in facilities where users can enjoy a karaoke by paying a fixed fee. Because commercial disks are manufactured on the assumption that they are delivered in large quantities to a limited number of users, they are supplied at a low price, whereas consumer disks are sold at a relatively high price for individual sales. ing.

  However, when the business disk and the consumer disk have the same format, the business disk may be sold at low cost in the general market for consumer use. This hinders the distribution of consumer discs at a reasonable price in the market, which is disadvantageous for disc manufacturers and users who purchase regular consumer discs. Therefore, in such an application, it is desirable to be able to separate a playback device that can be played back on a consumer disc and a commercial disc. As another example, there is a case where a disc on which contents having ethical problems are recorded is reproduced. Criteria for determining whether there are ethical issues vary from country to country. Therefore, there are cases where a disc to be played in one country is not desired to be played in another country. Therefore, it is necessary to have a mechanism that allows discs with ethical problems to be played only in specific countries where their sale is permitted. As described above, there is a problem in that a playback device that can be played back and a playback device that cannot be played back cannot be divided according to the use of the disc. Hereinafter, this problem is referred to as a second problem.

  As one means for solving the above two problems, there is a method of scrambling (or encrypting) and recording data to be recorded on an information recording disk. That is, for the first problem, during the copy operation in the personal computer, the scrambled data is returned based on a certain key, and the copy operation is prevented by not returning the descramble key. Yes (the copy operation is performed, but the descramble cannot be performed, so the copy operation does not make sense).

  Also, with respect to the second problem, it is possible to classify a device that can be descrambled and a device that cannot be descrambled by creating a disk that has been scrambled differently depending on the contents of the disk. As described above, scrambling (or encryption) of recorded data is effective for the above two problems, but how to specify a method or key for descrambling data becomes a problem.

  As a first conventional example for encrypting a data area, the CD-ROM in FIG. 3 of Japanese Patent Laid-Open No. 7-249264 records an encryption key in a main data area of a sector different from the encrypted data sector. A scheme has been proposed. In this conventional example, data encrypted at the time of recording and its encryption key are recorded on a CD-ROM, and at the time of reproduction, the encryption data is decrypted after an instruction for reading the encryption key is issued from the personal computer to the reproduction device. Thus, data reproduction is realized. This method has an advantage that the encryption key can be easily changed.

As a second conventional example, as shown in FIG. 3 of Japanese Patent Laid-Open No. 7-85574, a method of recording an encryption key in an area of a disk that is not scanned by an optical head of a reproducing apparatus has been proposed. In this conventional example, in order to prevent the encryption key from being read from a general personal computer, the encryption key is not copied in the copy operation, and an illegal copy operation does not make sense.
JP 7-249264 A Japanese Patent Laid-Open No. 7-85574

  However, since the encryption key of the first conventional method is recorded in the main data area of the sector, the encryption key used at the time of recording on the disk can be easily read from a general personal computer. Therefore, since the user can read the encryption key and the encrypted data, there is a high risk that the encryption will be decrypted.

  In the second conventional method, in order to record the encryption key in an area where the optical head of the reproducing apparatus does not scan, in order to read out the encryption key, in addition to the reading means for reading out the data from the data recording area, There arises a problem that a reading means is required.

  The present invention provides a special data reading means from an information recording medium having a data structure for realizing strong copyright protection that surely prevents contents recorded on the information recording medium from being illegally copied. It is an object of the present invention to provide an information reproducing apparatus capable of reproducing data without any problem and solving the problems 1 and 2.

  The information reproducing apparatus according to the present invention provides the scrambled user from an information recording medium in which scrambled user data is recorded in a user recording area and a part of key information is arranged in a lead-in area where access by the user is restricted. An information reproducing apparatus for reproducing data, wherein the information recording medium further includes a single disc key information by each of a plurality of master key information distributed to devices permitted to reproduce the information recording medium, Including first key information including a plurality of encrypted disk keys generated by encryption, second key information used for descrambling the scrambled user data, and mutual authentication information. Further, from the information recording medium, the scrambled user data, the first key information, and the second key information For the decoding apparatus, comprising: a reading circuit that reads the mutual authentication information; and including a descrambling circuit that descrambles the scrambled user data based on the first key information and the second key information. An authentication circuit that performs mutual authentication based on the mutual authentication information, and the authentication circuit transmits the scrambled user data when the key information arranged in the lead-in area is subject to the mutual authentication. Transmission to the decoding device is permitted.

  According to the above configuration, the mutual authentication process is performed before the scrambled data is transmitted from the DVD drive or the like to the decoding device via the communication path of the personal computer. Mutual authentication processing mutually confirms that the other party is legitimate. As a result, information related to the key is not leaked from the communication path, and security is improved.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(First embodiment)
FIG. 1 shows a data structure of an information recording medium according to the present invention. Hereinafter, a disk will be described as an example of the information recording medium. However, the information recording medium according to the present invention is not limited to a disc, and may be any information recording medium.

  In general, an information recording area in which some information is recorded on a disc is roughly divided into a lead-in area in which control information is mainly recorded and a data recording area in which user data is recorded. In general, the data recording area is divided into units called sectors. Here, the disc playback apparatus can directly access the lead-in area, but a device other than the disk playback apparatus (for example, a personal computer) cannot directly access the lead-in area.

  Each sector is recorded with a header area in which a sector ID (Identifier) for identifying the sector is recorded, a user data area in which user data is recorded, and a code for correcting a read error during reproduction. ECC (Error Correction Code) area. In the present embodiment, it is assumed that user data recorded in the user data area in the sector has been scrambled. Therefore, in order for the information reproducing apparatus to correctly reproduce user data from the disc of FIG. 1, it is necessary to know the scramble processing method applied to the user data.

  Information for determining a scramble processing method applied to user data (hereinafter referred to as “scramble information” in this specification) is recorded at a predetermined position in the lead-in area of the disc in FIG. The information reproducing apparatus reads an area where the scramble information is recorded, interprets the scramble information, and performs a descrambling process on the user data according to the scramble information. This makes it possible to correctly reproduce user data.

  Here, an example of a generally known scramble processing method will be described with reference to FIG.

  FIG. 9A shows that one sector includes a sector ID area, a 2048-byte user data area, and an ECC area. Data byte sequences D0, D1,..., D2047 are recorded in the user data area. Data byte sequences D0, D1,..., D2047 are to be recorded (before scramble processing) D'0, D'1,..., D'2047 and random number sequences S0, S1,. .., obtained by logical operation with S2047. For example, the logical operation can be an exclusive OR. Here, it is assumed that the random number series S0, S1,..., S2047 are uniquely determined with respect to a given initial value.

  In order to obtain initial values of the random number sequences S0, S1,..., S2047, as shown in FIG. 9B based on a predetermined bit string in the sector (for example, 3 bits at a predetermined position in the sector ID area). A table is referenced. For example, when 3 bits at a predetermined position in the sector ID area are (0, 0, 1), the initial value is obtained as 100Fh from the table, and the random number sequence B0, B1,..., B2047 (S0, S1). ,..., Corresponding to S2047) is uniquely determined.

  As a method of generating random number sequences S0, S1,..., S2047 from given initial values, for example, a method using a shift register as shown in FIG.

  As the scramble processing method, other methods such as exchanging predetermined bits in the user data byte string can be used. Hereinafter, description will be made using the scramble processing method described in FIG.

  FIG. 2 shows the structure of scramble information recorded at a predetermined position in the lead-in area of the disc shown in FIG.

  As shown in FIG. 2A, in this example, the scramble information is an identifier that designates a table for obtaining an initial value of a random number sequence used for the scramble process. Note that information for specifying a scramble processing method other than that table is defined in advance.

  For example, the fact that the content of the scramble information is (1, 0) indicates that the table 2 is used for the scramble process among the four tables shown in FIG. 2B defined in advance. The information reproducing apparatus has a memory for storing the four tables in FIG. 2B, and switches the table used for the descrambling process according to the scramble information. Thereby, it becomes possible to correctly execute the descrambling process on the user data.

FIG. 3 shows another data structure of the disc according to the present invention. The lead-in area of the disk shown in FIG. 3, the initial value table is recorded directly. In the data recording area of the disc, user data that has been scrambled by a random number sequence generated using the initial value table is recorded. Here, it is assumed that other parameters of the scramble processing method shown in FIG. 3 are uniquely determined in advance.

  The information reproducing apparatus reads the initial value table recorded in the lead-in area of the disc and interprets the initial value table. Thereafter, the information reproducing apparatus sets a descrambling process procedure according to the initial value table, and descrambles the user data according to the descrambling process procedure. Thereby, the scrambled user data can be correctly reproduced.

  In addition, the reproduction of a disc by an information reproducing apparatus having only a specific descrambling procedure is limited to the case where the initial value table of the disc and the initial value table of the information reproducing apparatus match, and in other cases Cannot be played correctly.

  In the above-described embodiment, the method of changing the initial value table of the random number sequence in the scramble processing method shown in FIG. 9 is shown. However, it is not necessary to use the scramble processing method shown in FIG. 9, and it is possible to use a completely different scramble processing method. In the scramble processing method shown in FIG. 9, there are various parameters that can be changed in addition to the initial value table (for example, how to take a bit string for referring to the initial value table and the configuration of a shift register that generates random numbers). It is also possible to give an identifier to each changeable parameter or combination.

  As described above, according to the information recording medium of the present invention, it is possible to change the scramble processing method in accordance with the application and copying permission / denial. As a result, it is possible to prevent illegal reproduction (for example, reproduction of a commercial disk by a consumer disk reproduction device) and unauthorized copying.

(Second Embodiment)
FIG. 4 shows the configuration of the information reproducing apparatus according to the present invention. The information reproducing apparatus includes a host computer 1 and a disk reproducing apparatus 2 that reproduces data recorded on the disk 3.

The host computer 1 includes an interface unit (I / F unit) 4, an AV decoder 6 that decodes video information into a displayable format, a video board 8 that sends video information to a display device 7, a CPU 10, a DRAM ( And an internal memory 11 such as a Dynamic Random Access Memory. The video board 8, the CPU 10, and the internal memory 11 are connected to each other via the bus 9. The output of the video board 8 is connected to a display device (output device) 7. The hard disk drive 12 is connected to the interface unit 4.

  The disk playback device 2 includes an interface unit 5, a data playback unit 13 including a mechanism for reading data from the disk 3, a signal processing circuit, a control circuit, and the like, and a microprocessor 14 that controls the disk playback device 2. Yes.

  The host computer 1 and the disk playback device 2 are connected via interface units 4 and 5. For example, the interface units 4 and 5 can be connected by an existing interface such as SCSI (Small Computer System Interface) or ATAPI (AT Attachment Packet Interface) or an interface defined uniquely.

  The disc playback device 2 reads the scramble information recorded in the lead-in area of the disc 3 when the disc playback device 2 is reset or when the disc 3 is replaced, interprets the scramble information, and reverses the scramble information according to the scramble information. The scramble processing procedure is set in the data reproducing unit 13.

  In order to display the user data recorded in the data recording area of the disc 3 on the output device 7, the host computer 1 sends a playback-only command (hereinafter referred to as a PlayAV command) to the disc playback device 2 via the interface units 4 and 5. Issued). In response to the PlayAV command, the disc playback apparatus 2 transmits user data that has been descrambled according to the scramble information to the host computer 1.

  The interface unit 4 of the host computer 1 uses the PlayAV command to send user data received from the disc playback apparatus 2 only to the AV decoder 6 without sending it to the data bus 9. Therefore, it is impossible to record user data obtained using the PlayAV command on a rewritable medium such as the hard disk drive 12 connected to the host computer 1.

  When it is necessary to record user data recorded in the data recording area of the disk 3 in the hard disk 12 or the internal memory 11, the host computer 1 issues a data read command (hereinafter referred to as a Read command). In response to the Read command, the disc playback device 2 determines whether or not copying of the disc 3 is permitted based on scramble information held in advance.

  The disc playback apparatus 2 operates differently depending on whether or not the scramble method specified by the scramble information is a type for which copying is permitted.

  If the disc playback device 2 determines that copying of the disc 3 is permitted, the correct user who performed the descrambling process according to the scramble information read from the lead-in area of the disc 3 during the start-up operation of the disc playback device 2 Data is transmitted to the host computer 1. On the other hand, when the disc reproducing apparatus 2 determines that copying of the disc 3 is prohibited, it transmits erroneous user data subjected to a descrambling process different from the scramble information to the host computer 1. Alternatively, by performing error processing or the like, the disk reproducing device 2 may not return correct data to the host computer 1. In this way, illegal duplication can be prevented.

There are various methods for obtaining information (copy permission information) indicating whether or not copying of the disk 3 is permitted. For example, when the copy permission information is recorded in a predetermined area of the disc 3, the disk reproducing device 2 may read the copy permission information from the predetermined area of the disk 3. Alternatively, when the scramble processing method is limited according to the copy permission information, the copy permission information can be specified by the read scramble information.
Alternatively, the copy permission information can be represented by a part of the scramble information.

  For example, when the scramble information is composed of a plurality of bits, the copy permission information may be represented by one bit among the plurality of bits. As described above, the scramble information can be used to clearly distinguish between a scramble system applied to data permitted to be copied and a scramble system applied to data prohibited from being copied. Therefore, it is possible to determine whether or not copying is permitted by reading the scramble information from the disk 3. Hereinafter, description will be made assuming that the copy permission information is represented by a part of the scramble information.

  FIG. 5 shows another configuration of the information reproducing apparatus according to the present invention. In the information reproducing apparatus of FIG. 5, the AV decoder 6 and the interface unit 4 which are independent in the host computer 1 of FIG. 4 are integrated. Other configurations are the same as those of the information reproducing apparatus in FIG.

  When the PlayAV command is issued from the host computer 1, user data subjected to the descrambling process according to the scramble information is transmitted from the disc playback device 2 to the host computer 1. The user data is AV-decoded by the AV decoder 6 and then directly input to the video board 8. Other operations are the same as those of the information reproducing apparatus according to the embodiment described with reference to FIG.

  FIG. 6 shows another configuration of the information reproducing apparatus according to the present invention. The information reproducing apparatus in FIG. 6 includes an interface unit 4b integrated with the AV decoder 6, and an interface unit 4a independent of the interface unit 4b. Other configurations are the same as those of the information reproducing apparatus of FIG.

  Only the PlayAV command is issued from the interface unit 4b in the AV decoder 6. On the other hand, the Read command is issued from the interface unit 4a independent of the interface unit 4b. Other operations are the same as those of the information reproducing apparatus according to the embodiment described with reference to FIG.

  FIG. 7 shows another configuration of the information reproducing apparatus according to the present invention. In the information reproducing apparatus of FIG. 7, an AV decoder 6 for converting data into a displayable format is built in the disk reproducing apparatus 2. Therefore, it is not necessary to connect the disk playback device 2 to the host computer 1.

  The operation of the information reproducing apparatus having this configuration will be described below. In the disk reproducing apparatus 2 of FIG. 7, the microprocessor 14 reads out the scramble information from the disk shown in FIG. 1, interprets the scramble information, and performs a descrambling process on the user data according to the scramble information. The user data subjected to the descrambling process is sent to the AV decoder. The user data is AV-decoded by the AV decoder 6 and output to the output device 7. In this way, the user data recorded on the disc 3 can be reproduced.

  However, when scramble information that is not preferable to be reproduced by the disc reproducing apparatus 2 is recorded on the disc 3, the disc reproducing apparatus 2 may not perform correct reproduction. For example, assume that the disk 3 is a business disk used for karaoke. In this case, when the disc 3 is mounted on a consumer disc playback device, it is possible to prevent the consumer disc playback device from reproducing the data recorded on the disc 3. This is because the consumer disc player can determine from the scramble information recorded on the disc 3 whether or not the scramble processing method is not used for a consumer disc. In this way, by limiting the scramble processing methods that can be used in accordance with the use of the disc 3, it is determined whether or not the disc playback device 2 should play back the data recorded on the disc 3 based on the scramble information. It becomes possible.

  Further, by manufacturing a disc on which data scrambled by a scramble processing method not corresponding to the descrambling process is manufactured for a disc playback apparatus capable of performing only a specific descrambling process, the disc playback apparatus Can be prohibited from reproducing the data recorded on the disc.

  FIG. 8 shows the configuration of the information reproducing apparatus according to the present invention. The information reproducing apparatus includes a host computer 1 and a disk reproducing apparatus 11. The host computer 1 is not shown in FIG. The configuration of the host computer 1 is the same as the configuration of the host computer 1 shown in FIGS.

The disk playback device 11 includes an interface unit (I / F unit) 5, a data playback unit 13 that reads data recorded on the disk 3, a microprocessor 14 that controls the disk playback device 11, and a descrambling circuit unit 15. A demodulation / error correction unit 16 and a ROM (Read Only Memory) 17 for storing a program executed by the microprocessor 14.
And a data processing RAM (Random Access Memory) 20. The interface unit 5, the data reproduction unit 13, the microprocessor 14, the descrambling circuit unit 15, the demodulation / error correction unit 16, and the data processing RAM 20 are connected to each other via an internal data bus 19. Yes. The descrambling circuit unit 15 includes an initial value table storage memory 18.

  The microprocessor 14 reads scramble information from the disk 3 and interprets the scramble information when the power is turned on or the disk 3 is replaced.

  When the disk 3 has the data structure shown in FIG. 2, the microprocessor 14 selects one initial value table from a plurality of initial value tables stored in advance in the ROM 17 according to the contents of the scramble information. The microprocessor 14 stores the selected initial value table in the initial value table storage memory 18 in the descrambling circuit unit 15. The initial value table storage memory 18 may be a RAM, for example. Alternatively, when the initial value table storage memory 18 is a ROM, a plurality of initial value tables may be stored in the ROM in advance.

  When the host computer 1 issues a PlayAV command, the PlayAV command is input to the microprocessor 14 via the interface unit 5 of the disc playback apparatus 2. In response to the PlayAV command, the microprocessor 14 instructs the descrambling circuit unit 15 to perform descrambling processing on the scrambled user data. The descrambling circuit unit 15 performs descrambling processing according to the initial value table stored in the initial value table storage memory 18. The data subjected to the descrambling process is transmitted to the host computer 1 via the interface unit 5. In this way, data recorded on the disk 3 can be reproduced.

  On the other hand, when the host computer 1 issues a Read command, the Read command is input to the microprocessor 14 via the interface unit 5 of the disc playback apparatus 11. At this time, the microprocessor 14 determines from the scramble information read in advance from the disk 3 whether or not the scramble method is permitted for copying. When the microprocessor 14 determines that copying is prohibited, the microprocessor 14 sets an initial value table different from the initial value table corresponding to the scramble information in the descrambling circuit unit 15. Alternatively, the microprocessor 14 may return an error to the host computer 1 without setting the initial value table in the descrambling circuit unit 15. In this way, it is possible to prevent the data recorded on the disk 3 from being reproduced.

  If the microprocessor 14 determines that copying is permitted from the scramble information and the disk 3 has the data structure shown in FIG. 3, the microprocessor 14 starts from the lead-in area of the disk 3 with an initial value. The table is read, and the initial value table is stored in the initial value table storage memory 18 in the descrambling circuit unit 15. The initial value table storage memory 18 is a writable memory (for example, RAM). The other processes are the same as those in the case where the disk 3 has the data structure shown in FIG.

  As described above, according to the information reproducing apparatus of the present invention, the descrambling processing method can be changed according to the scramble information recorded on the information recording medium. This makes it possible to correctly reproduce data scrambled by a plurality of different scramble processing methods.

  Further, according to the information reproducing apparatus of the present invention, it is possible to determine whether or not the information reproducing apparatus should reproduce the data recorded on the information recording medium according to the scramble information recorded on the information recording medium. As a result, illegal copying can be prevented and the copyright of data recorded on the information recording medium can be protected.

(Third embodiment)
FIG. 10A shows the data structure of the information recording medium according to the present invention. An information recording area in which some data on the information recording medium is recorded includes a lead-in area, a data recording area, and a lead-out area. Information required for the information reproducing apparatus to reproduce the information recording medium is recorded in the lead-in area. Data such as program data and AV data mainly useful for the user are recorded in the data recording area.

FIG. 10B shows the data structure of the control data area recorded in the lead-in area. The control data area includes a physical information sector and a scramble information sector. In the physical information sector, physical information of the disk such as a disk diameter, a disk structure, and a recording density is recorded. In the scramble information sector, information such as a scramble method applied to the data recorded in the data recording area of the information recording medium is recorded. The scramble information sector is referred to in order for the information reproducing apparatus to perform a descrambling process. The detailed contents of the scramble information sector will be described later with reference to the drawings.
FIG. 10C shows the data structure of the volume / file management area. In the present embodiment, the data structure of the volume / file management area conforms to the international standard ISO 9660 (International Standard Organization 9660). This international standard ISO9660 is adopted in CD-ROM (Compact Disc-Read Only Memory).

  The volume / file management area includes a volume descriptor, a path table, and a directory record.

  In the volume descriptor, information such as the size of the volume space, the recording position information of the path table, the recording position information of the directory record, and the disc creation date and time are recorded. In the path table, a table in which paths of all directories existing on the information recording medium are associated with recording position information is recorded. In the directory record, information such as an identifier (generally a directory name or file name) of each directory or file, data recording position information, file size, attribute, and the like is recorded.

  FIG. 10D shows a more detailed data structure of the directory record. In the root directory directory record, attributes and identifiers of the root directory, creation date and time, and the like are recorded. In addition, directory recording position information is recorded in the root directory directory record (first sector). Similar information is also recorded in the root directory directory record (second sector). Also, the file A directory record records the recording position information, data length, file identifier information, copyright management identifier, etc. of the file A data. Thus, the plurality of directories have a hierarchical structure.

  The root directory is a directory located at the top of the hierarchical structure. These details will be described later with reference to the drawings.

  In the data recording area, scrambled files and unscrambled files are recorded. For example, the scramble file A and the scramble file C are files that are scrambled, and the non-scramble file B is a file that is not scrambled. The file that stores the AV data that is subject to copyright protection is preferably a scrambled file.

FIG. 10E shows the data structure of the scramble file A. File A is divided into a plurality of sectors continuous from sector n. The data stored in each of the plurality of sectors is scrambled. Hereinafter, in this specification, a sector that stores scrambled data is referred to as a “scramble sector”.

  FIG. 10 (f) shows the data structure of the unscrambled file B. The file B is divided into a plurality of sectors continuous from the sector m. The data stored in each of the plurality of sectors is not scrambled. Hereinafter, in this specification, a sector that stores data that has not been scrambled is referred to as a “non-scrambled sector”.

FIGS. 11A to 11C show the data structure of the directory record in the volume / file management area. The directory record includes a directory record length, file recording position information, a file data length, a file identifier, and copyright management information.
The directory record length is information indicating the size of the directory record of the file (or directory). The file recording position information is information indicating the start position of a sector (hereinafter referred to as an extent) in which file data is recorded.

  The file data length is information indicating the number of sectors constituting the file. The file identifier is identification information (file name) for identifying the file. The copyright management information is information relating to the copyright management of the file.

  The copyright management information includes a scramble flag area and a scramble method area. In the scramble flag area, a flag indicating whether or not the file data has been scrambled is recorded. If the file data is scrambled, a flag having a value of 1 is recorded in the scramble flag area, and if the file data is not scrambled, a flag having a value of 0 is scrambled. Recorded in the flag area. Therefore, by referring to the scramble flag area, it is possible to determine whether or not the file data is scrambled. In the scramble method area, an identifier indicating a scramble processing method applied to file data is recorded. Therefore, the scramble processing method applied to the data can be determined for each file by referring to the scramble method region.

  Hereinafter, an example of the scramble method will be described with reference to FIGS. The scramble system identifier corresponding to this scramble system is set to 1.

  FIG. 11D shows the data structure of the scramble information sector recorded in the control data area of the lead-in area. The scramble information sector includes a sector header area and a main data area.

  The sector header area of the scramble information sector includes an address area in which an identifier for identifying the sector by the information reproducing apparatus and information for specifying a scramble system applied to the information recording area (as described above, In this example, the scrambling method area is recorded as 1) and the information reproducing apparatus determines whether or not the data to be copyright protected can be sent to a device that requests the reproduction data to be transferred. And a mutual authentication key area in which a mutual authentication key used for authentication processing (hereinafter referred to as mutual authentication processing) is recorded. This mutual authentication process will be described in detail later.

  In the main data area of the scramble information sector, a table is recorded for determining a random number sequence to be used in the scramble process from the scramble key. Therefore, the information reproducing apparatus can perform the descrambling process only by using the table recorded in the scramble information sector and the key for scramble. However, the initial value for determining the random number series is hereinafter referred to as preset data.

  FIG. 11E shows the data structure of the scramble sector in the data recording area.

  The sector header area of the scramble sector includes an address area, a scramble flag area in which a flag for identifying whether or not the main data area of the sector has been subjected to scramble processing, a key used for scramble (hereinafter referred to as a seed key) A seed key area in which information for identifying the use of the file is recorded, and a use identification information area in which information for identifying the use of the file is recorded. In the scramble flag area, 1 indicating that the scramble process is performed is recorded, and in the seed key area, a key used for the descramble process of the main data area is recorded. In the use identification information area, information on the use of recorded data for business use, consumer use, etc. is recorded, and information indicating reproduction restrictions when the use of the information reproducing apparatus is different from the use identification information. It is recorded. In the main data area, scrambled data determined by the scramble method specified by the scramble information sector in the lead-in area and the seed key in the sector header area of the scramble sector are recorded. In other words, preset data is determined by referring to the scramble information sector table based on the value recorded in the seed key area, and scramble / descramble processing can be performed using a random number sequence determined by the preset data. In the following description, it is assumed that the seed key is the same for each file.

  On the other hand, the sector header of a non-scrambled sector includes an address area and a scramble flag area. In the scramble flag area, 0 indicating that the main data area of the sector has not been scrambled is recorded. Therefore, the information reproducing apparatus can easily recognize that it is not necessary to perform the descrambling process by detecting that the value of the scramble flag area is 0.

  Next, an example of the scramble method will be described with reference to FIG.

12A is scrambled by performing a logical operation with an 8-bit random number sequence Sj generated based on an initial value of an 8-bit data sequence Dj (j is an integer from 0 to 2047). The data SDj is obtained. That is, 15 bits of preset data determined by the scramble information sector recorded in the lead-in area and the seed key of the sector header area of each sector are set in the shift register 301, and the most significant bit r14 is set while shifting in the upper bit direction. A random number sequence Sj is generated by putting the exclusive OR of bit r10 into bit 0. Here, every time one bit is shifted, the bit at the bit position r0 is input to the logical operation block 302, and an 8-bit numerical value input to the logical operation block 302 by eight shifts is Sj. The scrambled data SDj is obtained by a logical operation (for example, exclusive OR) of Sj obtained as described above and 8-bit recording data Dj. Assuming that the size of main data in one sector is 2048 bytes, scramble processing for one sector can be performed by repeating the above operation 2048 times from SD0 to SD2047.

  FIGS. 12B and 12C show conversion from a scramble information sector to a table for determining preset data. In the scramble information sector shown in FIG. 12B, four entries of the table are recorded, and each entry consists of a set of a seed key and preset data. If these sets are tabulated, a table as shown in FIG. 12C is obtained. For example, if the seed key recorded in the sector header is 01b (b means binary), 0077h (h means hexadecimal) is used as preset data in the shift register of FIG. By setting the initial value to 301 and performing the above-described shift operation and logical operation, the scramble / descramble process can be performed.

  As described above, the information recording medium of the present embodiment can be scrambled in units of files, and has information on whether or not scramble is performed as copyright management information in the file management area. By having a sector unit in the scramble flag area of the sector header, it is possible to recognize the presence or absence of scramble processing in a device that can only recognize main data, such as a personal computer, and to recognize main data like an optical disk drive. It is possible to recognize the presence or absence of the scramble processing even in a device that is not present. Therefore, even when data is reproduced by an optical disk drive connected to a personal computer, it is possible to determine whether or not both are data subject to copyright protection.

  In addition, since the information recording medium of the present embodiment can perform different scramble processing for each file by changing the seed key, even if the scramble method of one scramble file is decrypted by fraudulent acts It is possible to prevent descrambling of other scrambled files by the scrambled method, and it is possible to improve security in performing copyright protection processing.

  In addition, when the information recording medium of this embodiment is used for copyright protection, the scramble information sector in which scramble information essential for descrambling is recorded cannot be read from a device such as a personal computer. Since it exists in the lead-in area, it is highly effective in preventing an attempt to illegally read scramble information. Further, since the lead-in area can be reproduced by the same reproducing means as the data recording area, it is not necessary to newly provide a special reproducing means.

In addition, since the information such as the seed key, scramble flag, and application identification information recorded in the sector unit is recorded in the sector header area that cannot be read from a device such as a personal computer, the above lead-in area Similar to recording scramble information, there is an effect of preventing an act of trying to read the information illegally.
In addition, since the application identification information is recorded in the sector header area, it is possible to determine whether the playback apparatus should perform playback or prohibit playback according to the contents of the recorded data. Therefore, for example, by recording different identifiers in this area for the commercial disk and the consumer disk, it is possible to prevent the commercial disk from being played back by the consumer playback device.
Also, by recording the mutual authentication key used for the mutual authentication process, it is possible to change the data sent and received by the playback device in the mutual authentication operation for each mutual authentication key, and illegally decrypt the processing method of the mutual authentication process. There is an effect to prevent that. Accordingly, it is possible to prevent an act of performing an illegal copy operation on a magnetic disk drive or the like by improperly performing mutual authentication processing.

  In this embodiment, the volume file structure is based on the international standard ISO9660. However, it is needless to say that the volume file structure is not limited to this as long as it has information as described in the present invention. .

  In this embodiment, the scrambling method uses a logical operation of random numbers and data. However, the present invention is not limited to this as long as the scrambling method has a table and a seed key for referring to the table as in this embodiment. Needless to say.

  In the present embodiment, a table for determining preset data is recorded in the lead-in area. However, the parameters for determining the table are not limited to this, and only one of a plurality of known tables is used. An identifier for specifying one table may be recorded.

  In this embodiment, an information recording area for use identification is secured as a use identification information area in the sector header area of the scrambled sector. Needless to say, it may be classified.

  In the present embodiment, the scramble sector has been subjected to the scramble process on all 2048 bytes of the main data area. However, even if the scramble process is not performed on the entire main data area, a predetermined one is determined. The scramble process may be performed only on the part area.

(Fourth embodiment)
Next, another data structure of the information recording medium according to the present invention will be described. The data structure of the information recording medium is the same as that of the information recording medium shown in FIG. Here, only differences from the data structure shown in FIG. 10 will be described.

  FIGS. 13A to 13C show the data structure of directory records recorded in the volume / file management area. In the scramble method area in the copyright management information of the directory record, 2 indicating the scramble method described in the present embodiment is recorded.

FIG. 13E shows the data structure of the scramble sector. The sector header area of the scramble sector includes an address area, a scramble flag area, a media CGMS (Copy Generation Management System) data area, an encrypted original CGMS data area, an encrypted title key area, and an encryption use identification information area. including.

  In the scramble flag area, 1 indicating that scramble processing has been performed is recorded.

  Copy permission information of the information recording medium is recorded in the media CGMS data area. In the encrypted original CGMS data area, when the data of this sector is copied from another medium, copy permission information of the most original data is recorded. Here, the media CGMS data represents data copy permission information of the information recording medium. The media CGMS data is updated during the copy operation. The original CGMS data represents copy permission information at the time of disc creation.

  Since the original CGMS data is encrypted, it is copied as it is during the copy operation. Table 1 shows definitions of media CGMS data and original CGMS data.

From (Table 1), for example, if the media CGMS data is 11b and the original CGMS data is 10b, the data in that sector is originally in a copy-permitted state (media CGMS data and original CGMS data are In both cases, it should be determined that the media CGMS data has been changed to 11b, which means copy prohibition, because one copy operation has already been performed. Hereinafter, the media CGMS data and the original CGMS data are collectively referred to as CGMS control information.

  In the encrypted title key area, a key for descrambling the scramble process applied to the main data area is recorded.

  In the encrypted usage identification information area, identification information for specifying the usage is encrypted and recorded. However, the encrypted original CGMS data area, the encrypted title key area, and the encryption use identification information area are all subjected to encryption processing, and information cannot be obtained only by reading the sector header area. These encrypted data are encrypted using an encrypted disk key recorded in the sector header area of the lead-in area of the information recording medium. Therefore, in order to decrypt the encrypted information in the header area of the scramble information sector, the encrypted disk key is required.

  FIG. 13D shows the data structure of the scramble information sector. In the following explanation, in order to clearly distinguish between encrypted data and data obtained by decrypting the cipher, the encrypted data is represented by a name with “encryption” and the data obtained by decrypting the cipher. Is represented by a name with “decryption”. For example, data obtained by encrypting the title key is referred to as “encrypted title key”, and data obtained by decrypting the encrypted title key is referred to as “decrypted title key”.

  The scramble information sector is recorded in the control data area of the lead-in area.

  In the sector header area of the scramble information sector, 2 indicating that the scramble system is the scramble system of the present system is recorded. In the mutual authentication key area, a mutual authentication key used for mutual authentication processing for determining whether to send descrambled data is recorded. The mutual authentication key will be described in detail in an embodiment of the information reproducing apparatus described later.

  In the main data area of the scramble information sector, the encrypted original CGMS data of the scramble sector, the encrypted title key, and the encrypted disk key for decrypting the encryption use identification information are recorded. However, the encrypted disk key is further encrypted, and a key for decrypting the encrypted disk key (hereinafter referred to as a master key) is provided by the information reproducing apparatus.

  In the main data area of the scramble information sector, an encrypted disk key 1, an encrypted disk key 2,... And a plurality of encrypted disk keys are recorded. The encrypted disk key 1 is a master key 1 and is encrypted. The encrypted disk key 2 is a master key 2 and is encrypted by a corresponding master key. Here, the encrypted disk key 1, the encrypted disk key 2,... Are obtained by encrypting the same disk key information with different master keys. Therefore, when one information reproducing apparatus A has the master key 1 inside and another information reproducing apparatus B has the master key 2 inside, the information reproducing apparatus A has the encrypted disk key 1 The information reproducing apparatus B can decrypt the encrypted disk key 2 and obtain a decrypted disk key having the same contents.

  FIG. 13F shows the data structure of a non-scrambled sector. 0 is recorded in the scramble sector flag area. The data recorded in the main data area is not scrambled. This indicates that data access similar to that of a conventional information recording disk is possible.

  As described above, the information recording medium of the present embodiment can reproduce data with the same access as before when reproducing non-scrambled sectors. On the other hand, in order to reproduce a scrambled sector, an information reproducing apparatus having a master key reads out the scrambled information sector in the lead-in area, decrypts the encrypted disk key with the master key, and further uses the decrypted disk key. Data can be reproduced by decrypting the encrypted title key in the sector header of the scramble sector and performing descrambling processing of the scrambled data using the decrypted title key.

  Hereinafter, as an example of the scramble system, a case where the scramble system described in the third embodiment is used will be described. In the third embodiment, the preset data is generated using the conversion table. However, in the information recording medium of the present embodiment, if the initial value for generating a random number is encrypted and recorded in the encrypted title key area, Data can be easily scrambled using the shift register 301 and the logical operation block 302 shown in FIG. That is, the decrypted title key is used as the initial value of the shift register 302, the random number sequence Sj is generated by repeating the shift, and the scramble processing is possible by performing the logical operation with the data sequence Dj. In addition, data can be descrambled using the shift register 301 shown in FIG.

As described above, the information recording medium of the present embodiment can be scrambled in units of files, and has information on whether or not the scramble is performed as copyright management information in the file management area. In addition, by providing the sector header in the scramble flag area of the sector header, it is possible to recognize the presence or absence of the scramble processing in a device that can only recognize the main data, such as a personal computer, and the main data like the optical disk drive can be recognized. It is possible to recognize the presence / absence of scramble processing even in a device that cannot be used. Therefore, even when data is reproduced by an optical disk drive connected to a personal computer, it is possible to determine whether or not both are data subject to copyright protection.
In addition, since the information recording medium of the present embodiment can perform different scramble processing for each file by changing the title key, even if the scramble method of one scramble file is decrypted by an illegal act, It is possible to prevent other scrambled files from being descrambled by the decrypted scramble method, and it is possible to improve security in performing copyright protection processing.

  In addition, when the information recording medium of this embodiment is used for copyright protection, the scramble information sector in which scramble information essential for descrambling is recorded cannot be read from a device such as a personal computer. Since it exists in the lead-in area, it is highly effective in preventing an attempt to illegally read scramble information. Further, since the lead-in area can be reproduced by the same reproducing means as the data recording area, it is not necessary to newly provide a special reproducing means.

In addition, since the scramble flag, CGMS control information, encrypted title key, and encryption usage identification information recorded in units of sectors are recorded in a sector header area that cannot be read from a device such as a personal computer, Similar to recording scramble information in the lead-in area, there is an effect of preventing an act of illegally trying to read information in the sector header.

  In addition, since the application identification information is recorded in the sector header area, it is possible to determine whether the playback apparatus should perform playback or prohibit playback according to the contents of the recorded data. Therefore, for example, by recording different identifiers in this area for the commercial disk and the consumer disk, it is possible to prevent the commercial disk from being played back by the consumer playback device.

  Also, by recording the mutual authentication key used for the mutual authentication process, it is possible to change the data sent and received by the playback device in the mutual authentication operation for each mutual authentication key, and illegally decrypt the processing method of the mutual authentication process. There is an effect to prevent that. Accordingly, it is possible to prevent an act of performing an illegal copy operation on a magnetic disk drive or the like by improperly performing mutual authentication processing.

  In addition, the information recording medium of this embodiment is a hierarchical encryption / scramble that encrypts main data of a scramble sector with a title key, encrypts the title key with a disc key, and encrypts the disc key with a master key. Since the processing is performed, even if the main data of the scrambled sector is illegally copied, there is an effect of preventing the descrambling, so that the illegal copy can be made meaningless.

  In addition, since CGMS control information is recorded, it is determined whether an illegal copy or a regular copy is made even when a file is copied from the information recording medium of the present embodiment to another rewritable medium. Make it possible.

  In this embodiment, an example is shown in which the scramble process is performed by a logical operation of a random number and data with the title key as an initial value, but the scramble method is not limited to this, and the data is scrambled according to the specified key. Needless to say, any other scramble method may be used.

The volume file structure of the present embodiment has been described based on ISO9660, which is an international standard. However, the volume file structure can record copyright management information equivalent to the contents described in the present embodiment. Needless to say, this is not a limitation.
In the present embodiment, all data in the sector is scrambled in the scramble sector. However, even if the entire main data in the sector is not scrambled, only a part of the main data may be scrambled. Needless to say.

  In this embodiment, scramble processing is performed on all sectors constituting the file in the scramble file, but scramble processing may be performed only on some sectors of the scramble file. Needless to say.

  In this embodiment, the CGMS control information uses only three types: copy once only, copy prohibition, and copy permission. However, it is easy to copy twice and three times by expanding the allocated bits. Needless to say, information such as copy permission can be recorded.

  Note that the scramble method of main data described in the present embodiment is an example, and the method is not limited to this as long as it is a scramble method based on certain key information (title key in the present embodiment).

(Fifth embodiment)
Hereinafter, an information reproducing apparatus for reproducing an information recording medium according to the present invention will be described with reference to the drawings. Unless otherwise specified, it is assumed that the information reproducing apparatus is an apparatus capable of reproducing in common with the third and fourth embodiments of the information recording medium according to the present invention. Therefore, in the following, the operation when reproducing the fourth embodiment of the information recording medium will be described as an example. The encrypted title key area is the seed key area, and the encrypted disk key of the scramble information sector is the preset data conversion table. By replacing each, the third embodiment of the information recording medium can be processed in the same way.

FIG. 14 is a block diagram showing the configuration of the information reproducing apparatus 500 according to the present invention.
The information reproducing apparatus 500 decompresses the compressed digital AV data, a main processor 501, a bus interface circuit 503, a main memory 504, a SCSI control card 506 for controlling a protocol defined by SCSI (Small Computer System Interface). An AV decoder card 507 that converts the data into analog AV data and outputs it, an optical disk drive 509 that reproduces the information recording medium according to the present invention, and a hard disk drive 510.

The main processor 501, the bus interface circuit 503, and the main memory 504 are connected to each other via the processor bus 502. The bus interface circuit 503, the SCSI control card 506, and the AV decoder card 507 are connected to each other via a system bus 505. The SCSI control card 506, the optical disk drive 509, and the hard disk drive 510 are connected to each other via a SCSI bus.
Next, an AV file playback operation by the information playback apparatus 500 will be described.
When an optical disk is loaded in the optical disk drive 509, the main processor 501 reads the volume / file management area of the optical disk via the SCSI control card 506 and stores it in the main memory 504 (hereinafter referred to as the stored volume / file management area). Is called file management information).

  The main processor 501 performs processing (hereinafter referred to as mutual authentication processing) for determining whether or not each other device is a device having a copyright protection function between the AV decoder card 507 and the optical disc drive 509. If an error is detected from any device during the process, the mutual authentication process is considered to have failed, and the following process is stopped. On the other hand, when the mutual authentication process is normally completed, the optical disk drive 509 transfers the encrypted disk key of the loaded disk to the AV decoder card. At this time, the optical disk drive 509 sends out an encrypted disk key that has been encrypted based on a key (hereinafter referred to as a bus key) generated during the mutual authentication process when the encrypted disk key is output. The AV decoder card 507 internally holds the received encrypted disk key after decrypting it with the bus key.

  Thereafter, when playing back a file recorded on the optical disc, the main processor 501 refers to the scramble flag of the copyright management information in the file management information stored in the main memory 504 in advance, and the file to be played is scrambled. It is determined whether or not. As a result of the determination, if it is determined that the file to be reproduced is an unscrambled file, the optical disc drive 509 receives a reproduction command from the main processor 501 via the SCSI control card 506 and transfers unscrambled data. On the other hand, if the main processor 501 determines that the file is a scrambled file from the scramble flag of the file management information, the mutual authentication process between the optical disc drive 509 and the AV decoder card 507 is executed again.

  If the main processor 501 detects an error during the mutual authentication process, the main processor 501 stops the process without performing the reproduction process. On the other hand, if the mutual authentication process is normally completed, the optical disc drive 509 returns an encrypted title key and is transferred to the AV decoder card 507 by the main processor 501 prior to data reproduction. At this time, the optical disc drive 509 transfers the encrypted title key encrypted with the bus key held in advance. Also, the AV decoder card 507 internally stores the received encrypted title key after decrypting it with the bus key.

Thereafter, the optical disk drive 509 sends scrambled data read from the loaded disk, and the microprocessor 501 transfers the scrambled data to the AV decoder card 507. The AV decoder card 507 descrambles the received scrambled data using the title key already stored therein, converts it into analog AV data, and outputs it as an analog signal from the video output and audio output. As described above, the information reproducing apparatus 500 can reproduce the information recording medium of the present invention.
Regarding the copy operation of the scramble file from the optical disk drive 509 to the hard disk drive 510, the mutual authentication process ends in error because the hard disk drive 510 cannot execute the mutual authentication process. Therefore, the processing is stopped before the optical disk drive 509 sends data to the SCSI bus, and the copy operation is not executed.

  Also, it is assumed that a program for illegally copying the scrambled file read by the optical disk drive 509 to the hard disk drive 510 is loaded into the main memory 504, and the scrambled data transferred after the mutual authentication process is terminated normally in some form. Is copied to the hard disk drive 510, the scrambled data is copied to the hard disk drive 510. However, in order to reproduce the data copied to the hard disk drive 510, mutual authentication processing between the hard disk 510 and the AV decoder card 507 is required again. In this case, the hard disk drive 510 has no means for generating a bus key. In addition, the scrambled file on the hard disk 510 cannot be reproduced by the AV decoder card 507.

  Therefore, even if an illegal copy is made, the copy operation can be made meaningless, and as a result, a copyright protection mechanism can be realized.

  Hereinafter, more detailed configurations and operations of the optical disc drive 509 and the AV decoder card 507, which are components of the information reproducing apparatus 500, will be described with reference to FIGS. 15 and 16, respectively.

FIG. 15 is a block diagram showing the configuration of the optical disc drive 509. As shown in FIG. The configuration will be described below. Reference numeral 600 denotes a SCSI control circuit, reference numeral 601 denotes a decoder authentication circuit for performing mutual authentication processing with the AV decoder, reference numeral 602 denotes a microcontroller for controlling the entire optical disc drive, and reference numeral 603 denotes a program ROM storing an operation program of the microcontroller. 604 is a control bus for transmitting control data, and 605 is an ECC (ErrorCorrection used at the time of error correction processing for correcting a read error at the time of data reproduction.
Code) processing memory, 606 reads data from the optical disk 607, binarizes,
A data reproduction circuit for performing demodulation, error correction processing, etc., 607 is an information recording medium according to the present invention, and an optical disc having the data structure shown in the third embodiment or the fourth embodiment, Each is shown.

  Next, regarding the operation of the optical disc drive 509, the operations at the time of mutual authentication processing and data reproduction will be described.

  The optical disk drive 509 that has received the mutual authentication processing request by the SCSI control circuit 600 controls the decoder authentication circuit 601 to execute the mutual authentication processing determined. Since this protocol is described in detail later, it is omitted here.

  In the mutual authentication processing protocol, if the microcontroller 602 detects any error, it reports an error from the SCSI control circuit 600 and stops the mutual authentication processing and the subsequent key information transfer operation. When the mutual authentication process is normally completed, the decoder authentication circuit 601 stores a bus key determined during the mutual authentication process.

  If the mutual authentication process is performed at the time of disk replacement or reset, an encrypted disk key read request is issued to the optical disk drive 509 following the mutual authentication process. At this time, the optical disc drive 509 controls the data reproduction circuit 606 to read the encrypted disc key information from the optical disc 607 and further performs encryption using the bus key already held by the decoder authentication circuit 601. The encrypted disk key is sent from the SCSI control circuit 600. On the other hand, in the case of mutual authentication processing at the time of playing the scrambled file, the optical disc drive 509 receives a read command for the encrypted title key following the normal end of the mutual authentication processing. At this time, the optical disc drive 509 controls the data reproduction circuit 606 to read the encrypted title key information from the optical disc 607, and further, the encrypted data using the bus key already held by the decoder authentication circuit 601 is obtained. It is transmitted from the SCSI control circuit 600.

  The optical disk drive 509 sends the scrambled data read from the optical disk 607 from the SCSI control circuit 600 in response to a file data reproduction request issued thereafter. This is the end of the description of the optical disk drive 509.

  The optical disk drive 509 of the present embodiment reproduces the encrypted disk key area of the optical disk 607 after receiving the encrypted disk key transfer request. However, the optical disk drive 509 reads it when the optical disk 607 is loaded and holds it internally. Needless to say, you can do it.

Next, the configuration and operation of the AV decoder board will be described with reference to FIG.
FIG. 16 is a block diagram showing the configuration of the AV decoder card 507. The components will be described below. Reference numeral 700 denotes a system interface circuit that controls transmission and reception of information with the system bus, 701 denotes a drive authentication circuit that performs mutual authentication processing with the optical disk drive 509, 702 denotes a microcontroller that controls the entire AV decoder card 507, and 703 denotes a microcontroller. 702, a control bus for transmitting control information, 705, a descrambling circuit for descrambling scrambled data, 706, decompressing the compressed digital AV data and analog Reference numeral 707 denotes an audio / video decoder circuit which is an operation memory used by the audio / video decoder circuit 706 for data conversion.
Next, the operation of the AV decoder card 507 will be described with respect to mutual authentication processing and scramble file playback.

  First, at the time of mutual authentication processing at the time of reset or media exchange, the microcontroller 702 controls the drive authentication circuit 701 to execute mutual authentication processing with the optical disc drive 509 according to a predetermined protocol. If the drive authentication circuit 701 detects any error during the mutual authentication process, the error is reported via the system interface circuit 700 and the process is terminated. On the other hand, when the mutual authentication process is normally completed, the drive authentication circuit 701 internally holds the bus key determined by the mutual authentication process.

  Further, the AV decoder card 507 receives the encrypted disk key from the system interface circuit 700. Here, since the received encrypted disk key is encrypted using the bus key in the optical disk drive 509, the AV decoder card 507 is decrypted with the bus key already held in the drive authentication circuit 701 and then descrambled in the circuit 705. Forward to. The descramble circuit 705 stores the received encrypted disk key therein.

  On the other hand, when the scrambled file is reproduced, the mutual authentication process with the optical disc drive 509 is executed again before the file is reproduced. Again, if an error occurs in the mutual authentication process, the mutual authentication process and the subsequent file reproduction operation are stopped. When the mutual authentication process ends normally without error, the AV decoder card 507 receives the encrypted title key via the system interface circuit 700. Since the encrypted title key is further encrypted using the bus key in the optical disc drive 509, the encrypted title key is decrypted by the bus key held in the drive authentication circuit 701 and transferred to the descrambling circuit 705. The descrambling circuit 705 stores the received encrypted title key internally.

  Thereafter, the scrambled data of the scramble file received from the system interface circuit 700 is transferred as it is to the descrambling circuit 705, descrambled based on the already held title key, and transferred to the audio / video decoding circuit 706. Is converted into an analog AV signal and output.

  As described above, according to the information reproducing apparatus 500 of the present embodiment, the internal optical disk drive 509 has the decoder authentication circuit 601 and the AV decoder card 507 has the drive authentication circuit 701. The key information is not sent to the target device to be copied. Therefore, even if the data of the scramble file is illegally copied, the copy data can be made meaningless by not sending the key information for executing the descrambling. Therefore, there is an effect of protecting the copyright of the file.

  Also, according to the information reproducing apparatus of the present embodiment, since the AV decoder card 507 has the descrambling circuit 705 that performs descrambling processing according to the key information, the scrambled data is descrambled and reproduced. It is possible.

  In the present embodiment, the bus to which the optical disk drive 509 is connected is a SCSI bus. However, the reproduction data can be transferred according to a predetermined protocol, but not limited to this, ATAPI (ATAttachment Packet Interface) or IEEE 1394 (Institute) It goes without saying that the bus may conform to the Electrical of Electronics and Electronics Engineers 1394).

  In the present embodiment, the function of the decoder authentication circuit 601 and the function of the drive authentication circuit 701 may be realized by software executed by the microcontrollers 602 and 702.

(Sixth embodiment)
Next, an information reproducing apparatus 800 according to the present invention will be described.

FIG. 17 is a block diagram showing the configuration of the information reproducing apparatus 800 according to the present invention.
The configuration of the information reproducing apparatus 800 is the same as that of the information reproducing apparatus 500 shown in FIG. 14 except that the AV decoder card 801 has a built-in SCSI control circuit for performing communication according to the SCSI system. Therefore, the same reference numerals are given to the same components, and the description thereof is omitted.

  Next, the operation of the information reproducing apparatus 800 will be described.

  Since the AV decoder card 801 with built-in SCSI control circuit has a built-in SCSI control circuit, when the main processor 501 issues a scrambled file playback request for the optical disk drive 509, the AV decoder card 801 with built-in SCSI control circuit and the optical disk drive Mutual authentication processing is directly executed with the client 509. That is, the AV decoder card 801 with built-in SCSI control circuit issues a command sequence for mutual authentication to the optical disk drive 509, and the optical disk drive 509 responds to the command to perform mutual authentication processing.

  Similarly, in the data reproduction operation, it is the AV decoder card 801 with a built-in SCSI control circuit that makes a reproduction request to the optical disk drive 509, not the main processor 501. Therefore, the data read by the optical disk drive 509 is directly input to the AV decoder card 801 with a built-in SCSI control circuit, converted into an analog AV signal and output.

  FIG. 18 is a block diagram showing a configuration of an AV decoder card 801 with a built-in SCSI control circuit. Only the differences from the configuration of the AV decoder card 507 shown in FIG. 16 will be described below.

  Reference numeral 900 denotes a SCSI control circuit that controls transmission and reception with the SCSI bus, and reference numeral 901 denotes a program ROM that stores a program executed by the microcontroller.

  When a scrambled file playback request is input to the system interface circuit 700, the microcontroller 702 controls the drive authentication circuit 701 and the SCS1 control circuit 900 to execute mutual authentication processing with the optical disk drive 509. At this time, in the mutual authentication protocol, a command is directly issued from the SCSI control circuit 900 to the optical disc drive 509. The microcontroller 702 controls the drive authentication circuit 701 in accordance with the mutual authentication protocol to perform mutual authentication processing. When the above mutual authentication process ends with an error, the microcontroller 702 controls the system interface circuit 700 to report the error to the main processor 501 and end the process. On the other hand, when the mutual authentication process is normally completed, the scrambled file data is directly received from the optical disk drive 509 by the SCSI control circuit 900, and the descrambled data by the descramble circuit 705 is converted into an analog AV by the audio / video decoder circuit 706. Convert to signal and output. As described above, similar to the information reproducing apparatus of the fifth embodiment, it is possible to reproduce the AV data while preventing the copying operation infringing the copyright of the data recorded on the information recording medium of the present invention. Become.

  As described above, in the information reproducing apparatus 800 of this embodiment, in addition to the features of the information reproducing apparatus of the fifth embodiment, the optical disk drive 509 and the AV decoder card 801 with a built-in SCSI control circuit directly In order to perform transmission / reception, the security against the unauthorized decryption of the mutual authentication method and the key information and the unauthorized copying operation by software is improved.

  Although the information recording medium to be reproduced has been described using the fourth embodiment of the information recording medium according to the present invention, the same processing is performed in the third embodiment of the information recording medium according to the present invention. It is possible to replace the encrypted disc key with the conversion table information of the scramble information sector using the encrypted title key in the description as a seed key.

  In the present embodiment, the bus to which the optical disc drive 509 is connected is a SCSI bus. However, the reproduction data can be transferred according to a predetermined protocol, and an interface such as ATAPI or IEEE1394 may be used. .

(Seventh embodiment)
Next, the information reproducing apparatus 1000 according to the present invention will be described.

  FIG. 19 is a block diagram showing the configuration of the information reproducing apparatus 1000 according to the present invention. The information reproducing apparatus 1000 is an optical disc player. The constituent elements of the information reproducing apparatus 1000 are the same as the constituent elements of the information reproducing apparatus of FIG. 14 or the constituent elements of the information reproducing apparatus of FIG. Therefore, the same reference numerals are given to the same components, and the description thereof is omitted. Further, here, description will be made based on the fourth embodiment of the information recording medium of the present invention.

  When the optical disk player 1000 is reset or inserted, the microcontroller 702 controls the data reproduction circuit 606 to read the scramble information sector in the lead-in area of the optical disk. The encrypted disk key information read from the scramble information sector is transferred to the descramble circuit 705 and held internally.

  On the other hand, when playing back the scramble file recorded on the optical disc 607, the microcontroller 702 controls the data playback circuit 606 to read the encrypted title key from the sector header area of the scramble file to be played back, and to the descramble circuit 705. Forward. The descrambling circuit 705 stores the received title key therein and determines use identification information. When the descrambling circuit 705 determines that the reproduction is prohibited as a result of determining the use identification information, the descrambling circuit 705 reports the occurrence of an error to the microcontroller 702. On the other hand, when the descrambling circuit 705 determines that playback is permitted, the data playback circuit 606 reads the data of the scramble file and transfers the read scrambled data to the descrambling circuit 705. The descrambling circuit 705 descrambles the scrambled data using the disc key and title key stored in advance, and transfers them to the audio / video decoder circuit 706. The audio / video decoder circuit 706 converts the received data into an analog AV signal, and outputs audio / video.

  As described above, the optical disc player 1000 can descramble and reproduce the scrambled data. However, unlike the fifth and sixth embodiments of the information reproducing apparatus according to the present invention, the optical disc player 1000 performs video reproduction without executing mutual authentication processing. In this embodiment, since the reproduced data is directly input to the audio / video decoder circuit 706, the copying operation to another rewritable medium such as a hard disk drive is not possible on the way. This is because the authentication process is unnecessary. Therefore, in the configuration of the present embodiment, copyright protection is possible even when there is no component that performs mutual authentication processing. Further, since the optical disc player 1000 determines the use identification information at the time of reproduction, it is possible to prevent the reproduction of the use data for which reproduction is prohibited.

  Hereinafter, further detailed configurations and operations of the decoder authentication circuit 601, the drive authentication circuit 701, and the descramble circuit 705 used in the fifth and sixth embodiments of the information reproducing apparatus according to the present invention will be described. Will be explained. However, the configuration described below is common to the fifth embodiment, the sixth embodiment, and the seventh embodiment of the information reproducing apparatus of the present invention.

  First, the configuration and operation of the descrambling circuit 705 will be described with reference to the drawings. However, since the descrambling circuit 705 is deeply related to the scramble system, the configuration differs between when reproducing the third embodiment of the information recording medium of the present invention and when reproducing the fourth embodiment. Become. Therefore, in the following, a descrambling circuit for reproducing the third embodiment of the information recording medium of the present invention will be reproduced using FIGS. 20 and 21 to reproduce the fourth embodiment of the information recording medium of the present invention. The descrambling circuit for this purpose will be described independently with reference to FIGS.

  FIG. 20 is a block diagram showing a configuration of a descrambling circuit 1106 for reproducing the third embodiment of the information recording medium of the present invention. Hereinafter, each component will be described. Reference numeral 1100 denotes an I / O control circuit for communicating with the control bus 704, reference numeral 1101 denotes a selector for switching an output destination block in accordance with the contents of input data, and reference numeral 1102 refers to use identification information of a reproduction file. A use identification circuit for determining whether or not reproduction is permitted; 1103, a conversion table storage circuit for storing a conversion table for generating preset data for the random number generation circuit 1104 from the seed key; A random number generation circuit 1105 generates a random number based on preset data output from the conversion table storage circuit 1103, and 1105 performs a logical operation between the random number generated by the random number generation circuit 1104 and the scrambled data input from the selector 1101. Main data descrambling circuits that perform descrambling Shows.

Next, the operation of the descrambling circuit 1106 will be described.
First, when the scramble information sector recorded in the lead-in area is read after the mutual authentication process is normally completed, the scramble information sector read setting is made to the selector 1101 via the I / O control circuit 1100, and the selector 1101 is output to Is set in the conversion table storage circuit 1103. The input read data is input to the conversion table storage circuit 1103 via the selector 1101, and is stored as a conversion table for determining preset data to be an initial value for random number generation.

  On the other hand, when reproducing a scrambled file, mutual authentication processing is performed prior to data reproduction. Usage identification information in the sector header area received after the mutual authentication processing ends normally is stored in the usage identification circuit 1102, and a seed key is stored in the conversion table. Each is input to the circuit 1103. The application identification circuit 1102 has information on application identification information permitted to be reproduced inside, and compares it with the inputted application identification information to identify whether or not reproduction is permitted. Report to the O control circuit 1100 and the main data descrambling circuit 1105. On the other hand, the conversion table storage circuit 1103 that has received the seed key outputs preset data corresponding to the seed key to the random number generation circuit 1104 based on the received seed key. The random number generation circuit 1104 generates a random number sequence based on the received preset data and outputs it to the main data descrambling circuit 1105. When the main data of the scramble sector is input subsequent to the sector header area, the output destination of the selector 1101 is switched to the main data descramble circuit 1105. Thereafter, the main data descrambling circuit 1105 performs a descrambling process by performing a logical operation of the main data input from the selector 1101 and the random number sequence input from the random number generation circuit 1104, and the descrambled data is obtained. The data is output to the audio video decoder circuit 706.

  A more detailed description of the above operation will be given below with reference to FIG.

  FIG. 21 is a flowchart for explaining the descrambling process contents when the descrambling circuit 1106 reproduces the information recording medium of the third embodiment of the present invention. Each processing step will be described below.

  (S1200) The output destination of the selector 1101 is switched to the conversion table storage circuit 1103, and the conversion table read from the scramble information sector in the lead-in area of the information recording medium is stored in the conversion table storage circuit 1103.

  (S1201) The output destination of the selector 1101 is switched to the I / O control circuit 1100, and the scramble flag in the sector header received prior to the reproduction of the scramble file is returned to the microcontroller 702. The microcontroller 702 determines whether or not the scramble flag is 1, and returns a determination result to the I / O control circuit 1100. If it is determined that the scramble flag is 1 (S1202), if it is determined that it is 0, the function of the main data descramble circuit 1105 is stopped and the process branches to (S1206).

  (S1202) The output destination of the selector 1101 is switched to the application identification circuit 1102, and the application identification information in the sector header received prior to the reproduction of the scramble file is transferred. The application identification circuit 1102 compares the received application identification information with the reproduction permission information held therein, and determines whether or not the file is permitted to be reproduced. If it is determined that reproduction is prohibited (S1203), the process branches to (S1204) if it is determined that reproduction is permitted.

  (S1203) If it is determined in the above processing step (S1202) that the file is a reproduction-prohibited file, an error is reported to the microcontroller 702 via the I / O control circuit 1100 in this step and the processing is terminated.

  (S1204) The conversion table storage circuit 1103 receives the seed key read from the sector header of the scrambled file to be reproduced, generates preset data from the seed key and the conversion table, and outputs the preset data to the random number generation circuit 1104.

  (S1205) The output destination of the selector 1101 is switched to the main data descramble circuit 1105, and the main data of the scramble file input to the main data descramble circuit 1105 is transferred. On the other hand, the random number generation circuit 1104 generates a random number series based on the preset data input from the conversion table storage circuit 1103 and outputs the random number series to the main data descrambling circuit 1105. The main data descrambling circuit 1105 executes a descrambling process by performing a logical operation on the input main data and a random number sequence.

  (S1206) The main data descrambling circuit 1105 outputs the data after descrambling when descrambling is executed and the data input from the selector 1101 to the audio / video decoder circuit 706 as it is when the descrambling function is stopped.

  As described above, the descrambling circuit 1106 includes the application identification circuit, thereby selectively reproducing the file having the application identification information prohibited from reproduction and the file having the application identification information permitted to reproduce. Is possible.

  In addition, since a selector for separating the scramble identification flag is provided inside, it is possible to separate only the scramble flag and determine whether or not to descramble. An information recording medium having a high-security scramble system that can determine a conversion table for converting into preset data in units of discs and can determine a seed key in units of files, and cannot be played back unless both of the two data are present. Can be played.

  FIG. 22 is a block diagram showing a configuration of a descrambling circuit 1308 for reproducing the fourth embodiment of the information recording medium of the present invention. Hereinafter, each component will be described. 1300 is an I / O control circuit for communicating with the control bus 704, 1301 is a selector that switches an output destination block according to the contents of input data, and 1302 is an encryption disk key input , A disk key decryption circuit for decrypting the encrypted disk key; 1303, a master key storage unit for storing a master key used in decryption of the encrypted disk key in hardware; and 1304, a disk key decryption circuit 1302. 1305 is a sector header decryption circuit that receives the disk key decrypted in step S1 and decrypts the encryption unit in the sector header, 1305 is input from the selector and the medium identification information and the original CGMS data decrypted by the sector header decryption circuit 1304 1306 is a CGMS inspection circuit for confirming the consistency of the media CGMS data. A usage identification circuit 1307 that receives the usage identification information decrypted by the header decryption circuit 1304 and determines whether reproduction is permitted or not, 1307 is based on the title key input from the sector header decryption circuit 1304 and is sent from the selector 1301. A main data descrambling circuit for descrambling input main data is shown.

The operation of the descrambling circuit 1308 will be described below.
First, when the scramble information sector recorded in the lead-in area is read after the mutual authentication process is normally completed, the output destination of the selector 1301 is set in the disk key decryption circuit 1302 via the I / O control circuit 1300, and the input The read data thus read is input to the disk key decryption circuit 1302 via the selector 1301. The disk key decryption circuit 1302 decrypts the disk key based on the master key input from the master key storage unit 1303 and stores it in the disk key decryption circuit 1302.

  On the other hand, when reproducing a scrambled file, mutual authentication processing is performed prior to data reproduction, and when the mutual authentication processing ends normally, the sector header of the scrambled file to be reproduced is input to the selector 1301. The selector 1301 selects the output destination for each content of the sector header, sets the scramble flag to the microcontroller 702 via the I / O control circuit 1300, the media CGMS data to the CGMS check circuit 1306, the encrypted original CGMS data and the encryption The application identification information and the encrypted title key (hereinafter collectively referred to as an encrypted sector header) are output to the sector header decryption circuit 1304. The sector header decryption circuit 1304 receives the disk key from the disk key decryption circuit 1302, decrypts the encrypted sector header based on the disk key, and transmits the original CGMS data to the CGMS inspection circuit 1305 and the use identification information to the use identification circuit 1306. The title key is output to the main data descramble circuit 1307, respectively. The CGMS inspection circuit 1305 receives the media CGMS data input from the selector 1301 and the original CGMS input from the sector header decoding circuit 1304, and determines whether or not the reproduction is permitted. At this time, the determination criteria of the CGMS inspection circuit 1305 are shown in Table 2. (However, the meanings indicated by the media CGMS data and the original CGMS data shall be in accordance with the description of the information recording medium of the fourth embodiment of the present invention.)

In Table 2, when the CGMS determination information indicates 1, it is reported to the main data descrambling circuit 1307 and the microcontroller 702 that playback is possible. On the other hand, if the CGMS determination information is 0, an error is reported to the main data descrambling circuit 1307 and the microcontroller 702 as an invalid value indicating that there is a possibility that illegal copying or the like has been performed. For example, in (Table 2), when the medium identification information is 0 indicating a rewritable medium, the media CGMS data is 11 indicating that copying is prohibited, and the original CGMS data is 10 indicating that copying only once is permitted. In this case, it is considered that a file whose copy is permitted only once has already been copied to the rewritable medium once and only the media CGMS data is changed to 11 so that the copy is prohibited. It has become. On the other hand, if a file that is permitted to copy only once as described above is illegally copied, both the media CGMS data and the original CGMS data become 10, which means that copying is permitted only once. In this case, the CGMS determination information is 0 which means that reproduction is prohibited. On the other hand, the usage identification circuit 1306 has usage identification information that is permitted to be reproduced, and compares the information with the usage identification information input from the sector header decoding circuit 1304 to reproduce the scrambled file. It is determined whether or not the use is permitted. If the usage identification information is not permitted to be reproduced, an error is reported to the microcontroller 702 and the main data descrambling circuit 1307. When reproducing the data of the scramble file, the output destination of the selector 1301 is switched to the main data descrambling circuit 1307, and the read data input is transferred to the main data descrambling circuit 1307. The main data descrambling circuit 1307 receives the title key from the sector header decoding circuit 1304, performs descrambling processing of the scrambled data based on the received title key, and outputs it to the audio / video decoder circuit 706.

  As described above, the descrambling circuit 1308 decrypts the encrypted disk key and the encrypted title key. If the title key is permitted to be reproduced, the descrambling circuit 1308 performs the descrambling process of the main data, The digital AV data is output to the audio / video decoder circuit 706.

  Next, the operation of the scramble file playback process in the descrambling circuit 1308 will be described with reference to the flowchart of FIG. The processing contents of each step are shown below.

  (S1400) When the encrypted disk key information of the lead-in area is input to the read data, the output destination of the selector 1301 is set to the disk key decryption circuit 1302, and the encrypted disk key is transferred to the disk key decryption circuit 1302. The disk key decryption circuit 1302 receives the master key from the master key storage unit 1303, decrypts the encrypted disk key, and outputs the decrypted disk key to the sector header decryption circuit 1304.

  (S1401) The selector 1301 separates the scramble flag from the sector header of the scrambled file read prior to reproduction and transfers it to the microcontroller 702 via the I / O control circuit 1300. The microcontroller 702 determines whether or not the scramble flag is 1. If the determination result is 1, the process branches to (S1402), and if it is not 1, the process branches to (S1407).

  (S1402) The selector 1301 separates the encrypted sector header from the sector header of the scrambled file read prior to reproduction and transfers it to the sector header decryption circuit 1304. The sector header decryption circuit 1304 decrypts the received encrypted sector header based on the disk key received from the disk key decryption circuit 1302 in advance, separates the contents for each content, and sends the original CGMS data to the CGMS inspection circuit 1305. Separate identification information is output to the application identification circuit 1306, and the title key is output to the main data descrambling circuit 1307.

  (S1403) The CGMS inspection circuit 1305 corresponds to (Table 2) from the medium identification information received from the microcontroller 702, the media CGMS data received from the selector 1301, and the original CGMS data received from the sector header decoding circuit 1304. Outputs CGMS judgment information. However, in Table 2, when the CGMS determination information is 1, it is reported to the I / O control circuit 1300 and the main data descramble circuit 1307 that the CGMS control information is normal.

  (S1404) When the CGMS determination result is 0, the CGMS inspection circuit 1305 is used. When the use identification information is a use for which reproduction is prohibited, the use identification circuit 1306 is replaced with the I / O control circuit 1300 and the main. An error is reported to the data descrambling circuit 1307, and the reproduction process is terminated.

  (S1405) The application identification circuit 1306 determines the application identification information received from the sector header decoding circuit 1304, and if reproduction is permitted, the I / O control circuit 1300 and the main data descramble circuit 1307 are permitted to reproduce. Report that it is a file.

  (S1406) Upon receiving the main data of the scramble file as read data, the selector 1301 sets the output destination to the main data descramble circuit 1307 and transfers the main data. The main data descrambling circuit 1307 executes descrambling processing of the input main data based on the title key received from the sector header decryption circuit 1304.

  (S1407) The main data descrambling circuit 1307 outputs the main data after descrambling when the descrambling process is executed, or the data input from the selector 1301 as it is when the descrambling process is not executed. Output to video decoder circuit 706.

As described above, the descrambling circuit 1308 includes the application identification circuit, and thereby selectively reproduces the file having the application identification information prohibited from reproduction and the file having the identification information as permitted to be reproduced. It is possible.

  In addition, since a selector for separating the scramble identification flag is provided inside, it is possible to separate only the scramble flag and determine whether or not to descramble. In addition, even in the case of a hierarchically encrypted / scrambled high security disc as in the fourth embodiment of the information recording medium of the present invention, a disc key decryption circuit, a sector header decryption circuit, a main data descrambler When the circuits operate in cooperation, processing can be performed in the same manner as when descrambling is not performed.

  Further, by having the CGMS inspection circuit 1305, it is possible to detect illegally copied data and to prevent reproduction of illegally copied data. In addition, it is possible to manage the copy generation, ie, how many times the data is copied, and the work of the information recording medium on which the software that allows the copy operation only for a predetermined number of times is recorded. It has a mechanism to protect rights.

  FIG. 24 is a block diagram showing a detailed configuration of the decoder authentication circuit 601 in the optical disc drive 509. Hereinafter, each component will be described. Reference numeral 1500 denotes an I / O control circuit that performs input / output control for communication with the microcontroller 602. Reference numeral 1501 denotes a random number generation circuit that generates a random number based on a time variable key input from the I / O control circuit 1500. 1502 is a function input fk (denoted as R1 in FIG. 24) determined from a second input (denoted as R1 in FIG. 24) by determining a function fk by a first input (denoted as k in FIG. 24) for determining the function. A function fk (R1) generation circuit that calculates and outputs R1), and 1503 calculates and outputs a function gk (R2) from k and R2, and also outputs decoder response data input from the 1 / O control circuit 1500. The function gk (R2) generation / comparison circuit 1504 performs a comparison with the function gk (R2) generation / comparison circuit 1503 and the function fk (R1) generation circuit 1502 based on the two function values output from the bus. 1505 is a bus key generation circuit for generating a key. The bus encryption circuit for encrypting the data output from the data reproduction circuit 606 in accordance with a bus key output from the generation circuit 1504, respectively.

  Hereinafter, the operation of the decoder authentication circuit 601 will be described.

  When the optical disk drive 509 is reset or the disk is replaced, the microcontroller 602 obtains the mutual authentication key k read from the sector header area of the scramble information sector in the lead-in area of the disk via the I / O control circuit 1500 and functions fk (R1). The values are preset in the generation circuit 1502 and the function gk (R2) generation / comparison circuit 1503.

The function fk (R1) generation circuit 1502 internally holds the mutual authentication key k, and calculates a function value fk (R1) when a random value R1 is input during the subsequent mutual authentication processing, thereby generating a bus key. The data is output to the circuit 1504 and the I / O control circuit 1500.
The bus key generation circuit 1504 stores the input function value fk (R1) internally. Subsequently, when a time-varying key for generating a random number is input from the microcontroller 602 via the I / O control circuit 1500, the random-number generating circuit 1501 generates a random number R2 based on the time-varying key to generate an I / O The data is returned to the O control circuit 1500 and output to the function gk (R2) generation / comparison circuit 1503.

  The function gk (R2) generation / comparison circuit 1503 that has received the random number R2 calculates the function value gk (R2) from the mutual authentication key k and the random number value R2 held in advance and holds them internally. Further, the function gk (R2) generation / comparison circuit 1503 receives the decoder response data from the I / O control circuit 1500 and compares it with the function value gk (R2) calculated internally. As a result of the comparison, if the value of gk (R2) does not match the decoder response data, it reports to the microcontroller 602 that an error has occurred in the mutual authentication process via the I / O control circuit 1500. If the mutual authentication processing fails, processing such as transfer of the encrypted disk key and encrypted title key following the mutual authentication processing is stopped.

  On the other hand, if the two values of gk (R2) and decoder response data match, it is determined that the mutual authentication process has been completed normally, and the function value gk (R2) is output to the bus key generation circuit 1504. At this time, the bus key generation circuit 1504 generates the bus key based on the two function values fk (R1) and gk (R2) only when the function values fk (R1) and gk (R2) are normally input. Is output to the bus encryption circuit 1505.

  The bus encryption circuit 1505 receives a control signal (hereinafter referred to as a mode control signal) for switching the mode from the microcontroller 602 via the I / O control circuit 1500, and the mode is the disc key reproduction mode, or In the title key reproduction mode, the encryption disk key or the encrypted title key input from the data reproduction circuit 606 is subjected to predetermined encryption based on the bus key input in advance, and the SCSI control circuit 600 Output to.

  On the other hand, when actual file data is transmitted after the encrypted title key is transmitted, the mode control signal is switched to the data reproduction mode, and the bus encryption circuit 1505 does not perform the bus encryption, and the data reproduction circuit 606 does not perform the bus encryption. The output data is output to the SCSI control circuit 600 as it is.

  As described above, the decoder authentication circuit 601 performs the function value calculation determined by the mutual authentication key in the mutual authentication process, and normally ends the mutual authentication process only when it matches the function value sent from the decoder. Further, in the reproduction operation, when the encrypted disk key and the encrypted title key are transferred, a process of transmitting the key information further encrypted using the bus key generated in the mutual authentication process is performed.

Next, the configuration and operation of the drive authentication circuit 701 on the AV decoder card 507 and the SCSI decoder built-in AV decoder card 801 will be described with reference to the drawings.
FIG. 25 is a block diagram showing the configuration of the drive authentication circuit 701. As shown in FIG. Hereinafter, each component will be described. Reference numeral 1600 denotes an I / O control circuit for transmitting and receiving control signals to and from the microcontroller 702. Reference numeral 1601 denotes a random key R1 received from the I / O control circuit 1600 and generating a random number R1, and the I / O control circuit 1600 The random number generation circuit 1602 is input to the function fk (R1) generation / comparison circuit 1603 and the constant k input from the function fk (R1) generation / comparison circuit 1603 and the I / O control circuit 1600. A function gk (R2) generation circuit for calculating a function gk (R2) based on a random number R2 to be generated, and a function fk (1603) for k from 1 to n based on a random number R1 input from a random number generation circuit 1601 A function fk (R1) generating / comparing circuit for calculating the value of R1) and comparing it with the drive response data input from the I / O control circuit 1600, and 1604 from the function gk (R2) generating circuit 1602 Output function value and A bus key generation circuit that generates a bus key from a function value output from the number fk (R1) generation / comparison circuit 1603. Each circuit is shown.

  Next, the operation of the drive authentication circuit 701 will be described.

  First, at the start of the mutual authentication process, the drive authentication circuit 701 receives a time-varying key for generating a random number from the microcontroller 702 via the I / O control circuit 1600, and a random number is generated by the random number generation circuit 1601.

The random number generation circuit 1601 outputs the generated random number R1 to the function fk (R1) generation / comparison circuit 1603 and the microcontroller 702. Thereafter, the function fk (R1) generation / comparison circuit 1603
Receives the drive response data from the microcontroller 702, calculates the functions f1 (R1), f2 (R1), f3 (R1)... Using the internally stored random number R1 as an argument, Find k such that fk (R1) matches. At this time, if k that matches the drive response data cannot be obtained even if all the held function calculations are performed, the function fk (R1) generation / comparison circuit 1603 generates an error as an authentication result. The data is returned to the microcontroller 702 via the O control circuit 1600.

On the other hand, if k is found such that the drive response data and fk (R1) match, normal termination is returned as the authentication result to the microcontroller 702, and k is returned to the function gk (R2) generation circuit 16.
The function value fk (R1) is output to the bus key generation circuit 1604. When the value k is normally found, the drive authentication circuit 701 receives the random number R2 from the microcontroller 702 and inputs it to the function gk (R2) generation circuit 1602. The function gk (R2) generation circuit 1602 calculates a function gk (R1) from the value k received in advance from the function fk (R1) generation / comparison circuit 1603 and the input random number R2, and calculates the calculated function value to the microcontroller. 702 and the bus key generation circuit 1604.

  The bus key generation circuit 1604 generates a bus key based on the two function values fk (R1) and gk (R2) received in advance, and outputs them to the bus decryption circuit 1605. On the other hand, when the function value gk (R2) sent to the microcontroller 702 is normally authenticated by the optical disc drive 509, the microcontroller 702 switches the mode control signal and changes the mode of the bus decryption circuit 1605 to the disc key reproduction. Switch to the mode or title key playback mode, and use the decryption processing function.

  At this time, the data (encrypted disk key or encrypted title key) input from the SCSI control circuit 900 or the system interface circuit 700 is decrypted by the bus key held in advance in the bus decryption circuit 1605. However, only the bus cipher with the bus key is decrypted by the bus decryption circuit 1605, and the encrypted disc key encrypted with the master key and the encrypted title key encrypted with the disc key are encrypted. The data is output to the descrambling circuit 705 as it is.

  After that, when the reproduction data of the scramble file is input from the SCSI control circuit 900 or the system interface circuit 700, the bus decoding circuit 1605 is switched to the data reproduction mode by the mode control signal from the microcontroller 702, and the bus key The data is transferred as it is to the descrambling circuit 705 without performing the decryption process according to. As described above, the drive authentication circuit 701 calculates a plurality of function values from internally generated random numbers, authenticates the drive when one of them matches the drive response data, and receives the random number. Mutual authentication processing is executed in which the optical disc drive 509 is authenticated by calculating and returning an internal function value.

  Also in the reproduction operation, when the encrypted disk key and the encrypted title key are received, the decryption process is performed using the bus key generated in the mutual authentication process.

  Next, a protocol for mutual authentication processing executed in the fifth and sixth embodiments of the information reproducing apparatus of the present invention will be described with reference to the drawings.

  FIG. 26 is a flowchart for explaining a mutual authentication process between the optical disk drive 509 and the AV decoder card 507 or the AV decoder card 801 with a built-in SCSI control circuit.

  The mutual authentication process is appropriately executed when the apparatus is reset, the disk is replaced, and when it is confirmed from the file management information that the file to be read is a scrambled file. Hereinafter, each processing step will be described. However, the AV decoder card 507 or the SCSI decoder built-in AV decoder card 801 is hereinafter simply referred to as an AV decoder. Hereinafter, a command on the SCSI protocol is referred to as a device command.

  (S1700) The AV decoder generates a random number R1 based on a time-varying key that changes with time generated using a timer or the like.

(S1701) The optical disk drive receives the random number R1 generated by the AV decoder by the device command “Send R1”. At this time, the optical disk drive reads the mutual authentication key from the sector header area of the scramble information sector in the lead-in area if the mutual authentication key k of the loaded disk has not yet been stored.

  (S1702) If the optical disk drive detects any error during the process of step (S1701) and reports an error, the process branches to step (S1713), and if the process ends normally, the process branches to step (S1703).

(S1703) The optical disk drive receives the device command “Report fk (R1)” and determines the value of the function fk (R1) based on the random number R1 received in advance and the value of the mutual authentication key k read from the disk. The calculation result is returned to the AV decoder. If any error occurs in the above processing, the optical disk drive reports an error as the command processing result.

(S1704) If an error occurs during the processing of the device command “Report fk (R1)” and the command processing result is an error, the process branches to step (S1713). If the processing result is normal end, step (S1705). Branch to.

  (S1705) The AV decoder calculates a function value fi (R1) for i (i is a positive integer) from 1 to n (n is a positive integer) using a function value generation circuit held therein. Then, the calculated value of fi (R1) is compared with the value of fk (R1) returned from the optical disk drive in (S1703). If the AV decoder detects a value of i such that fi (R1) = fk (R1), it internally holds that value.

(S1706) In the processing step (S1705), if the AV decoder cannot detect i such that fi (R1) = fk (R1), the process branches to step (S1713). Branch to S1707).

(S1707) The optical disc drive receives the device command “Report R2” command, generates a random number based on a time-varying key that changes with time by an internal random number generation mechanism, and transfers it to the AV decoder. If the optical disk drive detects any error in this step, report the error.

(S1708) In the step (S1707), if any error occurs in the “Report R2” command execution process, the process branches to step (S1713), and if the process ends normally, the process branches to step (S1709).

(S1709) The AV decoder, which has received the random number R2 generated by the optical disc drive in response to the “Report R2” command in (S1708), uses the internal function calculation circuit to store the constant k (= i already stored in step (S1705). ) And the function value gk (R2) based on the random value R2 received from the optical disk drive in step (S1707).

(S1710) The AV decoder that has calculated the function value gk (R2) executes the device command “Send gk (R2)” and transfers the function value calculated in step (S1709) to the optical disc drive. The optical disk drive that has received the function value gk (R2) calculates gk (R2) by using the mutual authentication key k and the random value R2 in the function calculation circuit included therein. Thereafter, the optical disk drive compares the function value gk (R2) received from the AV decoder with gk (R2) calculated by the internal calculation circuit, and if they match, reports the normal end as the processing result. On the other hand, if an error occurs during command processing, or if the received function value does not match the internally calculated function value, an error is reported as the command processing result.

(S1711) If the command processing result is an error in step (S1710), the process branches to step (S1713).
Branch to.

  (S1712) The AV decoder generates a bus key BK using a bus key generation circuit held therein based on the two function values fk (R1) and gk (R2) acquired during the mutual authentication process. To do. Similarly, the optical disk drive also generates a bus key BK from the two function values acquired during the mutual authentication process, using a bus key generation circuit held inside. (Here, the optical disk drive and the AV decoder are in mutual authentication processing, and the generated bus key BK is the same).

  (S1713) If an error occurs during the execution of the device command, the mutual authentication process is canceled together with the error report in this step.

  By performing the mutual authentication process as described above, the key information can be transferred after the optical disk drive confirms that the data is not transferred to a device that performs unauthorized copying. There is a concealment effect. Therefore, there is an effect of preventing illegal decoding of the scramble system.

  In addition, since the AV decoder can confirm that the device that receives the data is not the device that transfers the illegally copied data, the decryption of the key information and the descrambling of the data can be performed, thereby preventing reproduction of the illegally copied data. There is an effect to.

  In addition, since different bus keys are generated every time mutual authentication processing is performed, it is possible to prevent unauthorized reading of key information and to prevent unauthorized decryption of the encryption / scramble system.

  Further, since different functions are used for the mutual authentication when the optical disk drive authenticates the AV decoder and when the AV decoder authenticates the optical disk drive, mutual authentication is performed for the purpose of performing the mutual authentication operation illegally. Security against the act of trying to decipher the method of authentication operation is high.

  Also, in the mutual authentication process, since the time variable key generated by each of the optical disc drive and AV decoder is used, different random values are generated each time the mutual authentication process is executed, different function values are transferred, and different Since the bus key is generated, the security against the act of deciphering the mutual authentication operation method for the purpose of performing the mutual authentication operation illegally is high.

  Further, by using the mutual authentication key recorded on the information recording medium for the mutual authentication process, security against the act of trying to decipher the mutual authentication operation method for the purpose of illegally executing the mutual authentication operation is high.

  In the above description, the fourth embodiment of the information recording medium of the present invention has been described as an example of the information recording medium. However, the same processing applies to the third embodiment of the information recording medium of the present invention. Is possible.

  The information recording medium of the present invention has a lead-in area and a data recording area. Based on the key information recorded in the lead-in area, the scrambled data recorded in the data recording area is descrambled. Thus, security is improved by recording the key information in the lead-in area. Since the drive device of the information recording medium can directly access the lead-in area, devices other than the drive device (for example, personal computers) cannot directly access the lead-in area. It is. Furthermore, by recording the key information in the lead-in area, there is no need to provide a dedicated reading means for reading the key information.

  Another information recording medium of the present invention has a lead-in area and a data recording area. The scrambled data is descrambled based on the first key information recorded in the lead-in area and the second key information recorded in the data recording area.

  As described above, since the key information for descrambling is duplicated, security is improved.

  According to the information reproducing apparatus of the present invention, the mutual authentication process is performed before the scrambled data is transmitted to the decoding apparatus. Mutual authentication processing mutually confirms that the other party is legitimate. This improves security.

  According to the information reproducing apparatus of the present invention, mutual authentication processing is performed between the reading device and the decoding device. When the mutual authentication process ends normally, bus key information common to the reading device and the decoding device is generated, and key information encrypted by the bus key information is transmitted from the reading device to the decoding device. As described above, after the mutual authentication process is performed, it is mutually confirmed that the other party is legitimate by further using a common bus key. This improves security.

It is a figure which shows the data structure of the information recording medium based on this invention. (A) And (b) is a figure which shows the structure of the scramble information recorded on the lead-in area | region of the information recording medium shown in FIG. It is a figure which shows the other data structure of the information recording medium based on this invention. It is a block diagram which shows the structure of the information reproduction apparatus which concerns on this invention. It is a block diagram which shows the other structure of the information reproduction apparatus which concerns on this invention. It is a block diagram which shows the other structure of the information reproduction apparatus which concerns on this invention. It is a block diagram which shows the other structure of the information reproduction apparatus which concerns on this invention. It is a block diagram which shows the other structure of the information reproduction apparatus which concerns on this invention. (A)-(c) is a figure for demonstrating an example of the scramble processing method. (A)-(f) is a figure which shows the data structure of the information recording medium based on this invention. (A)-(c) is a figure which shows the data structure of the directory record in a volume file management area | region. (D) is a figure which shows the data structure of a scramble information sector. (E) is a figure which shows the data structure of a scramble sector. (F) is a figure which shows the data structure of a non-scramble sector. (A)-(c) is a figure for demonstrating an example of a scramble system. (A)-(c) is a figure which shows the data structure of the directory record in a volume file management area | region. (D) is a figure which shows the data structure of a scramble information sector. (E) is a figure which shows the data structure of a scramble sector. (F) is a figure which shows the data structure of a non-scramble sector. It is a block diagram which shows the structure of the information reproduction apparatus 500 which concerns on this invention. 3 is a block diagram showing a configuration of an optical disc drive 509 included in the information reproducing apparatus 500. FIG. 3 is a block diagram showing a configuration of an AV decoding card 507 included in the information reproducing apparatus 500. FIG. It is a block diagram which shows the structure of the information reproduction apparatus 800 which concerns on this invention. 3 is a block diagram showing a configuration of an AV decode card 801 with a built-in SCSI control circuit included in the information reproducing apparatus 800. FIG. 1 is a block diagram showing a configuration of an information reproducing apparatus (optical disc player) 1000 according to the present invention. 2 is a block diagram showing a configuration of a descrambling circuit 1106. FIG. 10 is a flowchart showing a procedure of descrambling processing executed by a descrambling circuit 1106. 3 is a block diagram showing a configuration of a descrambling circuit 1308. FIG. 10 is a flowchart showing a procedure of descrambling processing executed by a descrambling circuit 1308. 6 is a block diagram showing a configuration of a decoder authentication circuit 601. FIG. 3 is a block diagram showing a configuration of a drive authentication circuit 701. FIG. 10 is a flowchart for explaining mutual authentication processing between the optical disk drive 509 and the AV decoder card 507 or the AV decoder card 801 with a built-in SCSI control circuit.

Claims (1)

An information reproducing apparatus for reproducing scrambled user data from an information recording medium in which user data scrambled in a user recording area is recorded and part of key information is arranged in a lead-in area where access by a user is restricted There,
The information recording medium further includes a plurality of encrypted disks generated by encrypting a single disk key information with each of a plurality of master key information distributed to devices permitted to reproduce the information recording medium. First key information including a key, second key information used for descrambling the scrambled user data, and mutual authentication information,
And a reading circuit for reading the scrambled user data, the first key information, the second key information, and the mutual authentication information from the information recording medium,
An authentication circuit that performs mutual authentication based on the mutual authentication information for the decoding device including a descrambling circuit that descrambles the scrambled user data based on the first key information and the second key information With
The authentication circuit, when transmitting the scrambled user data, permits transmission of key information arranged in the lead-in area to the decoding device on the condition of the mutual authentication. Playback device.