JP2007080458A - Information processing apparatus, information recording medium manufacturing apparatus, information recording medium, information processing method, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a configuration for preventing unauthorized use of a content code to be applied in using a content. <P>SOLUTION: Data processing is carried out according to the content code under the conditions of acquiring the content code including the program and information to be applied to use the content, performing processing for verifying a digital signature in a content code storage file at the step before performing data processing according to the acquired content code, and confirming the validity of the file. With this configuration, the content code can be prevented from being illegally executed, and the unauthorized reproduction and use of the content by unauthorized use of the content code can be prevented. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, an information recording medium manufacturing apparatus, an information recording medium, a method, and a computer program. More specifically, an information processing apparatus, an information recording medium manufacturing apparatus, an information recording medium, and a method for realizing a strict management configuration of a content code recorded on an information recording medium together with the content as a content use control program, and It relates to computer programs.

  Various software data such as audio data such as music, image data such as movies, game programs, and various application programs (hereinafter referred to as “Content”) are recorded on a recording medium such as a blue laser using a blue laser. -It can be stored as digital data on a ray disc, DVD (Digital Versatile Disc), MD (Mini Disc), or CD (Compact Disc). In particular, a Blu-ray disc using a blue laser is a disc capable of high-density recording, and can record a large volume of video content as high-quality data.

  Digital contents are stored in these various information recording media (recording media) and provided to users. A user plays back and uses content on a playback device such as a personal computer (PC) or disc player.

  Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to adopt a configuration that restricts the use of the contents, that is, permits the use of the contents only to authorized users and prevents unauthorized copying or the like. It is the target.

  According to the digital recording device and the recording medium, for example, recording and reproduction can be repeated without deteriorating images and sound, and illegally copied content is distributed via the Internet, and the content is copied to a CD-R or the like. Problems such as the distribution of so-called pirated discs and the use of copy contents stored on hard disks such as PCs have become widespread.

  A large-capacity recording medium such as a DVD or a recording medium using a blue laser that has been developed in recent years can record a large amount of data, for example, one movie to several movies as digital information on one medium. Is possible. As video information and the like can be recorded as digital information in this way, it is an increasingly important issue to prevent unauthorized copying and to protect the copyright holder. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been put into practical use.

  One technique for protecting the copyright holder by preventing unauthorized copying of content is content encryption processing. However, even if the content is encrypted, if an encryption key leaks, the content that has been decrypted illegally will flow out. As a prior art that discloses one configuration for solving such a problem, there is a configuration described in Patent Document 1. Patent Document 1 discloses a configuration in which unauthorized reproduction of content is prevented by recording part of the content replaced with dummy data.

  When reproducing the content in which the content is replaced with dummy data, it is necessary to replace the dummy data with normal content data again. This data conversion processing needs to be performed without causing leakage of normal content to the outside, and it is preferable to prevent leakage of processing information such as the arrangement position of dummy data and a conversion method.

  As described above, when playing back content, it is necessary to execute content decryption processing, data conversion processing, and the like, and an information processing apparatus or playback (player) program that intends to use the content must have a valid license. In some cases, a validity check process such as whether the received device is a program or the like is performed. Such data processing is performed by executing a content code recorded on an information recording medium together with the content as a content usage control program. An example of content use processing using a content code is described in Patent Document 1, for example.

The content code is set as a file independent of the content and is recorded on the information recording medium. Accordingly, it is possible to perform a process of moving only the content code to another information recording medium or a process of copying. If a content code is leaked, illegally distributed, and illegally used, many contents may be illegally reproduced and used, which may cause great damage.
WO2005 / 008385

  The present invention has been made in view of such circumstances, and an information processing apparatus and an information recording medium manufacturing that realize a strict management configuration of a content code recorded on an information recording medium together with the content as a content use control program It is an object to provide an apparatus, an information recording medium, a method, and a computer program. Further, for example, when a content code is created for a specific playback device and the same content code is recorded on a medium on which a plurality of different contents are recorded, It is an object to reduce the burden at the time of authoring a recording medium by facilitating the reuse of the content code that can be used in the content of the recording medium.

The first aspect of the present invention is:
An information processing apparatus that executes a reproduction process of content recorded on an information recording medium,
A data processing unit for acquiring a content code including a program or application information applied to use of recorded content of an information recording medium and executing data processing according to the acquired content code;
The data processing unit
A digital signature verification process that enables falsification verification of the entire content code included in the content code file that stores the content code is executed, and on the condition that the validity of the content code file is confirmed as a result of the verification In the information processing apparatus, the data processing according to the content code is executed.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the data processing unit is set in each file for each content code file to be used selected from a plurality of content code files recorded on the information recording medium. The signature verification processing based on the electronic signature is executed.

  Furthermore, in one embodiment of the information processing apparatus according to the present invention, the data processing unit is configured to use one content code file among content code files to be used selected from a plurality of content code files recorded on an information recording medium. The signature verification process based on the set electronic signature is executed, and the verification process different from the digital signature verification is executed for the other used content code files.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the data processing unit is configured to execute a verification process based on a hash value for the other usage content code file.

  Furthermore, in an embodiment of the information processing apparatus according to the present invention, the data processing unit executes data processing required for replacement processing of partial data of content to which a conversion table included in the content code is applied. It is the structure which carries out.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the data processing unit is a parameter that is different for each segment set as a segment area of the content recorded on the information recording medium, and is included in the conversion table. The present invention is characterized in that a process for calculating a parameter applied to restoration of an entry is executed.

Furthermore, the second aspect of the present invention provides
An information recording medium manufacturing apparatus,
Content file generation means for generating a content file storing content data to be recorded on the information recording medium;
Content code file generating means for storing a content code including a program or application information to be applied to use of content, and further generating a content code file including falsification verification data;
A recording unit that records the content file generated in the content file generation unit and the content code file generated in the content code file generation unit in an information recording medium;
An information recording medium manufacturing apparatus characterized by comprising:

  Furthermore, in one embodiment of the information recording medium manufacturing apparatus of the present invention, the tampering verification data is an electronic signature based on data including a content code included in the content code file.

  Furthermore, in one embodiment of the information recording medium manufacturing apparatus of the present invention, the tampering verification data is a hash value based on data including a content code included in the content code file.

  Furthermore, in an embodiment of the information recording medium manufacturing apparatus of the present invention, the content code file generation means executes a process of generating a plurality of content code files storing content codes classified into a plurality of different categories. The recording unit is configured to execute a process of recording a plurality of different category content code files generated by the content code file generation unit on an information recording medium.

  Furthermore, in an embodiment of the information recording medium manufacturing apparatus of the present invention, the content code file generating means generates a plurality of content code files storing content codes classified into a plurality of different categories, The present invention is characterized in that a process for generating only one file as a content code file including electronic signature data is executed.

  Furthermore, in one embodiment of the information recording medium manufacturing apparatus of the present invention, the content code file generation means is configured to generate a plurality of content code files storing content codes classified into a plurality of different categories, The present invention is characterized in that a process for generating a content code file as a file including an electronic signature of a production or provision entity of the content code included in each file is executed.

Furthermore, the third aspect of the present invention provides
An information recording medium,
A content file containing content data,
A content code file that contains a program or application information that is applied to the use of content, and further includes tamper verification data;
Are stored as storage data.

  Furthermore, in one embodiment of the information recording medium of the present invention, the tampering verification data is an electronic signature based on data including a content code included in the content code file.

  Furthermore, in one embodiment of the information recording medium of the present invention, the tampering verification data is a hash value based on data including a content code included in the content code file.

  Furthermore, in one embodiment of the information recording medium of the present invention, the content code file is composed of a plurality of content code files storing content codes classified into a plurality of different categories.

  Furthermore, in one embodiment of the information recording medium of the present invention, the content code file is composed of a plurality of content code files storing content codes classified into a plurality of different categories, and only one file is included in the files. Is a content code file including electronic signature data.

  Furthermore, in an embodiment of the information recording medium of the present invention, the content code file is composed of a plurality of content code files storing content codes classified into a plurality of different categories, and each content code file includes It is characterized in that the content code included in the file is generated or an electronic signature of the providing entity is included.

Furthermore, the fourth aspect of the present invention provides
An information processing method for executing reproduction processing of content recorded on an information recording medium,
This is a verification step of an electronic signature set in a content code file storing a program applied to the use of recorded content of an information recording medium or a content code including application information, and falsification verification of the entire content code included in the content code file is performed. A verification processing step for executing the digital signature verification processing enabled;
A code execution step for executing data processing in accordance with the content code on the condition that the content code file is verified as a result of the verification;
There is an information processing method characterized by comprising:

  Furthermore, in one embodiment of the information processing method of the present invention, the verification processing step is set in each file for each content code file to be used selected from a plurality of content code files recorded on the information recording medium. This is a step of executing signature verification processing based on the electronic signature.

  Furthermore, in one embodiment of the information processing method of the present invention, the verification processing step is performed on one content code file among content code files to be used selected from a plurality of content code files recorded on an information recording medium. The signature verification process based on the set electronic signature is executed, and the verification process different from the electronic signature verification is executed for the other used content code files.

  Furthermore, in an embodiment of the information processing method of the present invention, the verification processing step is a step of executing verification processing based on a hash value for the other usage content code file.

  Furthermore, in one embodiment of the information processing method of the present invention, the code execution step executes data processing required in connection with replacement processing of partial data of content to which a conversion table included in the content code is applied. It is a step to perform.

  Furthermore, in an embodiment of the information processing method of the present invention, the code execution step is a parameter that is different for each segment set as a segment area of the content recorded on the information recording medium, and is included in the conversion table. It is a step for executing a process for calculating a parameter applied to restoration of an entry.

Furthermore, the fifth aspect of the present invention provides
An information recording medium manufacturing method,
A content file generation step for generating a content file storing content data to be recorded on the information recording medium;
A content code file generating step for storing a content code including a program or application information to be applied to use of the content, and further generating a content code file including falsification verification data;
A recording step of recording the content file generated in the content file generation step and the content code file generated in the content code file generation step on an information recording medium;
An information recording medium manufacturing method characterized by comprising:

  Furthermore, in one embodiment of the information recording medium manufacturing method of the present invention, the tampering verification data is an electronic signature based on data including a content code included in the content code file.

  Furthermore, in one embodiment of the information recording medium manufacturing method of the present invention, the tampering verification data is a hash value based on data including a content code included in the content code file.

  Furthermore, in an embodiment of the information recording medium manufacturing method of the present invention, the content code file generation step includes a step of generating a plurality of content code files storing content codes classified into a plurality of different categories. The recording step is a step of executing a process of recording a plurality of different category content code files generated in the content code file generation step on an information recording medium.

  Furthermore, in one embodiment of the information recording medium manufacturing method of the present invention, the content code file generation step generates a plurality of content code files storing content codes classified into a plurality of different categories, A process of generating only one file as a content code file including electronic signature data is executed.

  Furthermore, in an embodiment of the information recording medium manufacturing method of the present invention, the content code file generation step is a step of generating a plurality of content code files storing content codes classified into a plurality of different categories, It is a step of executing a process of generating a content code file as a file including an electronic signature of a content code production or providing entity included in each file.

Furthermore, the sixth aspect of the present invention provides
A computer program that causes an information processing apparatus to execute reproduction processing of content recorded on an information recording medium,
This is a verification step of an electronic signature set in a content code file storing a program applied to the use of recorded content of an information recording medium or a content code including application information, and falsification verification of the entire content code included in the content code file is performed. A verification processing step for executing the digital signature verification processing enabled;
A code execution step for executing data processing in accordance with the content code on the condition that the content code file is verified as a result of the verification;
There is a computer program characterized by comprising:

  The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format to a computer system capable of executing various program codes, such as a CD, FD, or MO. It is a computer program that can be provided by a recording medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  According to the configuration of one embodiment of the present invention, a content code including a program or application information applied to use of content is acquired when executing a reproduction process of content recorded on an information recording medium, and the acquired content code Before executing the data processing according to the above, the verification process of the electronic signature set in the content code file storing the content code was executed, and as a result of the verification, the validity of the content code file was confirmed Since the data processing according to the content code is executed on the condition, the execution of the illegal content code is prevented, and the illegal reproduction and use of the content due to the unauthorized use of the content code can be prevented.

  Further, according to the configuration of one embodiment of the present invention, even when a plurality of content code files recorded on an information recording medium and used in an information processing apparatus are set, an electronic signature is set on at least one file. Since the content code can be used on condition that verification by the verification of the electronic signature is established, strict use control of the content code is realized.

Details of an information processing apparatus, an information recording medium manufacturing apparatus, an information recording medium and method, and a computer program according to the present invention will be described below with reference to the drawings. The description will be made according to the following description items.
1. 1. Outline of data stored in information recording medium and processing in drive and host 2. Content management unit (CPS unit) 3. Storage data management configuration of information recording medium 5. Data structure of content including modified data and overview of data conversion process 5. Process between playback (player) application and secure VM 6. Content reproduction processing Content code management configuration 8. Configuration of information processing apparatus 9. Information recording medium manufacturing apparatus and information recording medium

[1. Overview of data stored in information recording medium and processing in drive and host]
First, data stored in the information recording medium and an outline of processing in the drive and the host will be described. FIG. 1 shows the configuration of the information recording medium 100, the drive 120, and the host 140 in which content is stored. The host 140 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and performs processing using hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence.

  The information recording medium 100 is, for example, an information recording medium such as a Blu-ray disc, a DVD, and the like, which is a legitimate content manufactured at a disc manufacturing factory with the permission of a so-called content right holder having a copyright or distribution right. An information recording medium (ROM disk or the like) storing various contents or an information recording medium (RE disk or the like) capable of recording data. In the following embodiments, a disk-type medium will be described as an example of the information recording medium. However, the present invention can be applied to configurations using information recording media of various modes.

  As shown in FIG. 1, an information recording medium 100 includes an encrypted content 101 that has been subjected to encryption processing and partial data replacement processing, and a tree-structured key distribution method known as one aspect of the broadcast encryption method. MKB (Media Key Block) 102 as an encryption key block generated based on the content key, title key file 103 composed of data (Encrypted CPS Unit Key) encrypted title key applied to content decryption processing, etc. The license information 104 including CCI (Copy Control Information) as copy / playback control information and the content code 105 including the data processing program executed when the encrypted content 101 is used are stored.

  The content code 105 includes a conversion table (Fix-up Table) 106 in which conversion data corresponding to replacement data of a predetermined area in the content is registered. The information processing apparatus that executes the reproduction of the content extracts the conversion data recorded in the conversion table (Fix-up Table) 106 included in the content code 105 according to the data conversion processing program included in the content code 105, and Performs configuration data replacement processing.

  The content code includes information and programs for executing various processes such as a startup process and a security check process in addition to a conversion process program to which the conversion data is applied. Details of the content code will be described in detail later. Note that the information storage medium stored data example shown in the figure is an example, and the stored data is slightly different depending on the type of the disk. Hereinafter, an overview of these various types of information will be described.

(1) Encrypted content 101
Various contents are stored in the information recording medium 100. For example, it consists of an AV (Audio Visual) stream of moving image content such as HD (High Definition) movie content which is high-definition moving image data, a game program of a format defined by a specific standard, an image file, audio data, text data, etc. Content. These contents are specific AV format standard data and are stored according to a specific AV data format. Specifically, for example, it is stored as Blu-ray disc ROM standard data according to the Blu-ray disc ROM standard format.

  Furthermore, for example, a game program as service data, an image file, audio data, text data, or the like may be stored. These contents may be stored as data having a data format that does not conform to a specific AV data format.

  The content types include various contents such as music data, image data such as moving images and still images, game programs, and WEB contents, and these contents can be used only by data from the information recording medium 100. Various types of information such as content information that can be used in combination with content information, data from the information recording medium 100, and data provided from a network-connected server are included. The content stored in the information recording medium is encrypted by assigning a different key (CPS unit key or unit key (or sometimes called a title key)) to each divided content in order to realize different usage control for each divided content. And stored. A unit for assigning one unit key is called a content management unit (CPS unit). Furthermore, the content is set as broken data in which a part of the configuration data is replaced with data different from the correct content data. The correct content playback is not executed only by the decryption process. If playback is performed, the broken data is converted. Processing to replace the data registered in the table is required. These processes will be described in detail later.

(2) MKB
An MKB (Media Key Block) 102 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method. The MKB 102 can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. This is a key information block. This is an application of an information distribution method in accordance with a so-called hierarchical tree structure, which makes it possible to acquire and invalidate a media key [Km] only when the user device (information processing apparatus) has a valid license. In the revoked user device, the media key [Km] cannot be acquired.

  The management center as a license entity cannot be decrypted with a device key stored in a specific user device due to a change in the device key used for encrypting key information stored in the MKB, that is, a media key necessary for content decryption cannot be obtained. An MKB having a configuration can be generated. Accordingly, it is possible to provide an encrypted content that can be decrypted only to a device having a valid license by removing (revoking) an unauthorized device at an arbitrary timing. The content decryption process will be described later.

(3) Title Key File As described above, each content or a set of a plurality of contents is encrypted by applying an individual encryption key (title key (CPS unit key)) for content usage management. It is stored in the recording medium 100. That is, AV (Audio Visual) stream, image data such as music data, moving image, still image, game program, WEB content, etc. constituting the content are divided into units as management units for content use. It is necessary to generate a different title key and perform decryption processing. Information for generating the title key is title key data. For example, the title key is obtained by decrypting the encrypted title key with a key generated by a media key or the like. In accordance with a predetermined encryption key generation sequence to which the title key data is applied, a title key corresponding to each unit is generated and the content is decrypted.

(4) Use Permission Information The use permission information includes, for example, copy / playback control information (CCI). That is, the copy restriction information for use control corresponding to the encrypted content 101 stored in the information recording medium 100 and the reproduction restriction information. This copy / playback control information (CCI) can be set in various ways, for example, when it is set as individual CPS unit information set as a content management unit, or when it is set corresponding to a plurality of CPS units. is there.

(5) Content Code The content code 105 is data including a data processing program executed when the encrypted content 101 is used. A host that executes content reproduction sets a virtual machine (VM) that executes data conversion processing, and executes data conversion processing in accordance with the content code read from the information recording medium 100 in the virtual machine (VM). By applying the registration entry of the table (Fix-up Table) 106, data conversion processing of the partial configuration data of the content is executed.

  The encrypted content 101 stored in the information recording medium 100 is subjected to predetermined encryption, and part of the content configuration data is composed of broken data different from correct data. When reproducing the content, a data overwriting process is required to replace the broken data with conversion data that is correct content data. A table in which the conversion data is registered is a conversion table (Fix-up Table) 106. A large number of pieces of broken data are scattered and set in the content. When reproducing the content, it is necessary to replace (overwrite) the plurality of broken data with the conversion data registered in the conversion table. By applying this conversion data, for example, even when the encryption key is leaked and the content is decrypted illegally, the content cannot be reproduced by the presence of the replacement data only by decrypting the content. Unauthorized use of content can be prevented.

  The conversion table 106 includes, in addition to normal conversion data, conversion data including data that makes it possible to analyze the constituent bits of the identification information that makes it possible to identify the content playback device or content playback application. Specifically, for example, a player ID as identification data of a player (an apparatus that executes a host application) or “conversion data including an identification mark” in which identification information generated based on the player ID is recorded is included. The conversion data including the identification mark is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content.

  The content code 105 includes information and programs for executing various processes such as a startup process and a security check process in addition to the data conversion process program to which the conversion table 106 is applied. Details of the content code will be described in detail later.

  Next, configurations of the host 140 and the drive 120 and an outline of processing will be described with reference to FIG. The reproduction process of the content stored in the information recording medium 100 is executed by transferring data to the host 140 via the drive 120.

  A reproduction (player) application 150 and a secure VM 160 are set in the host 140. The reproduction (player) application 150 is a content reproduction processing unit, and executes processing such as authentication processing with a drive, content decoding, and decoding processing executed in the content reproduction processing. The secure VM 160 functions as, for example, a parameter generation unit that provides parameters to be applied in a data conversion process executed in a content reproduction process executed by a reproduction (player) application 150 that is a content reproduction processing unit. The secure VM 160 is set as a virtual machine in the host 140. A virtual machine (VM) is a virtual computer that directly interprets and executes an intermediate language, reads instruction code information in an intermediate language independent of the platform from the information recording medium 100, and interprets and executes it.

  The secure VM 160 acquires a content code 105 including a program or application information applied to use of the encrypted content 101 recorded in the information recording medium 100, executes the code according to the acquired content code 105, and performs data processing. Functions as a data processing unit.

  An information transmission or processing request between the playback (player) application 150 and the secure VM 160 includes an interrupt (INTRP) from the playback (player) application 150 to the secure VM 160, and a response (Call) from the secure VM 160 to the playback (player) application 150. It is executed by a sequence of processing. A request for calculating a parameter to be applied in the data conversion process executed in the content reproduction process and the parameter according to a sequence of an interrupt (INTRP) from the application 150 to the secure VM 160 and a response (Call) process from the secure VM 160 to the reproduction (player) application 150 Provision is made. Details of these processing sequences will be described later.

  The main processing executed by the host 140 will be described. Prior to the use of the content, mutual authentication processing is executed between the drive 120 and the host 140. After the validity of both is confirmed by the establishment of this authentication processing, the encrypted content is transferred from the drive to the host, and the host side Then, the content is decrypted, and further the data conversion processing based on the above-described conversion table is executed to reproduce the content.

  In the mutual authentication executed between the host 140 and the drive 120, refer to a revocation (invalidation) list issued by the management center indicating whether each device or application is registered as an unauthorized device or application. A process for determining validity is executed.

  The drive 120 has a memory 122 for storing a host CRL (Certificate Revocation List) storing revocation (invalidation) information of a host certificate (public key certificate). On the other hand, the host 140 has a memory 152 for storing a drive CRL (Certificate Revocation List) storing revocation (invalidation) information of a drive certificate (public key certificate). The memory is a non-volatile memory (NVRAM). For example, when the CRL read from the information recording medium 100 is a newer version, each data processing unit 121, 151 stores a new version host in the memory 122.152. Update processing for storing the CRL or the drive CRL is performed.

  The management center sequentially updates CRLs such as the host CRL and the drive CRL. That is, when a new unauthorized device is detected, an updated CRL is issued by adding a certificate ID or device ID issued to the unauthorized device as a new entry. Each CRL is assigned a version number, and can be compared with the old and new. For example, when the CRL read from the information recording medium loaded in the drive is newer than the CRL stored in the memory 122 in the drive, the drive executes a CRL update process. Similarly, the host 140 updates the drive CRL.

  In addition to the CRL update process, the data processing unit 121 of the drive 120 executes an authentication process with the host that is executed when the content is used, a data read process from the information recording medium, and a data transfer process to the host.

  The reproduction (play or application) application 150 of the host 140 is a data reproduction (or recording) application executed by an information processing apparatus such as a PC, and uses hardware of the information processing apparatus such as a PC in accordance with a predetermined data processing sequence. Perform the process.

  The host 140 includes a data processing unit 151 that performs mutual authentication processing with the drive 120, data transfer control, and the like, a decryption processing unit 153 that performs decryption processing of the encrypted content, and data based on the registration data of the conversion table 105 described above. A data conversion processing unit 154 that executes conversion processing and a decoding processing unit 155 that executes decoding (for example, MPEG decoding) processing are included.

  The data processing unit 151 executes a host-drive authentication process. In the authentication process, the drive is not a revoked drive with reference to the drive CRL stored in the memory a152 as a nonvolatile memory (NVRAM). Make sure. The host also performs an update process for storing a new version of the drive CRL in the memory a152.

  The decryption processing unit 153 applies various information stored in the memory b 156 and data read from the information recording medium 100 to generate a key to be applied to content decryption, and executes decryption processing of the encrypted content 101. To do. The data conversion processing unit 154 applies the conversion data registered in the conversion table acquired from the information recording medium 100 according to the data conversion processing program acquired from the information recording medium 100, and replaces the content configuration data (overwrite) ). The decoding processing unit 155 executes decoding (for example, MPEG decoding) processing.

  The memory b156 of the information processing apparatus 150 stores a device key: Kd, key information applied to mutual authentication processing, key information applied to decryption, and the like. The details of the content decryption process will be described later. The device key: Kd is a key applied to the MKB process described above. The MKB can acquire the media key [Km], which is a key necessary for content decryption, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license. When decrypting the encrypted content, the information processing apparatus 150 executes the MKB process by applying the device key: Kd stored in the memory b156. The details of the content decryption process will be described later.

[2. About content management unit (CPS unit)]
As described above, the content stored in the information recording medium is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. That is, the content is divided into content management units (CPS units), subjected to individual encryption processing, and individual usage management.

  When using content, it is necessary to obtain a CPS unit key (also referred to as a title key) assigned to each unit. In addition, other necessary keys, key generation information, etc. are applied in advance. Playback is performed by executing data processing based on the decoding processing sequence. A setting mode of the content management unit (CPS unit) will be described with reference to FIG.

  As shown in FIG. 2, the content has a hierarchical structure of (A) an index 210, (B) a movie object 220, (C) a playlist 230, and (D) a clip 240. When an index such as a title accessed by the playback application is specified, for example, a playback program associated with the title is specified, and a playlist that defines the playback order of contents is selected according to the program information of the specified playback program.

  The play list includes play items as reproduction target data information. The AV stream or the command as the actual content data is selectively read out by the clip information as the playback section defined by the play item included in the playlist, and the AV stream playback and command execution processing are performed. There are a large number of playlists and play items, and a playlist ID and play item ID as identification information are associated with each.

  FIG. 2 shows two CPS units. These constitute a part of the content stored in the information recording medium. Each of CPS units 1 and 271 and CPS units 2 and 272 is set as a unit including a clip including a title as an index, a movie object as a playback program file, a playlist, and an AV stream file as content actual data. CPS unit.

  The content management units (CPS units) 1 and 271 include titles 1 and 211 and titles 2 212, playback programs 221 and 222, playlists 231 and 232, clips 241 and clips 242, and these two clips 241. , 242, AV stream data files 261, 262, which are actual data of content, are at least encryption target data, and in principle are encryption keys set in association with the content management units (CPS units) 1, 271. Is set as data encrypted by applying a title key (Kt1) (also called a CPS unit key).

  The content management units (CPS units) 2, 272 include applications 1, 213, a playback program 224, a playlist 233, and a clip 243 as indexes, and an AV stream data file 263 that is actual data of the content included in the clip 243. Is encrypted by applying a title key (Kt2) that is an encryption key that is an encryption key set in association with the content management units (CPS units) 2 and 272.

  For example, in order for the user to execute an application file or content reproduction process corresponding to the content management units 1 and 271, a title key as an encryption key set in association with the content management units (CPS units) 1 and 271: It is necessary to acquire Kt1 and execute the decoding process. In order to execute the application file or content reproduction process corresponding to the content management unit 2 272, the title key: Kt 2 as an encryption key set in association with the content management unit (CPS unit) 2 272 is acquired. Therefore, it is necessary to execute the decoding process.

  FIG. 3 shows a setting configuration of the CPS unit and a corresponding example of the title key. FIG. 3 shows a correspondence between CPS unit setting units as usage management units of encrypted content stored in the information recording medium and title keys (CPS unit keys) applied to each CPS unit. It is also possible to store and set a CPS unit for subsequent data and a title key in advance. For example, the data portion 281 is an entry for subsequent data.

  There are various CPS unit setting units such as content titles, applications, data groups, and the like, and a CPS unit ID as an identifier corresponding to each CPS unit is set in the CPS unit management table.

  In FIG. 3, for example, title 1 is CPS unit 1, and when decrypting encrypted content belonging to CPS unit 1, it is necessary to generate title key Kt1 and perform decryption processing based on the generated title key Kt1. .

  As described above, the content stored in the information recording medium 100 is stored after being encrypted by being assigned a different key for each unit in order to realize different usage control for each unit. For individual usage management for each content management unit (CPS unit), usage permission information (UR: Usage Rule) for each content management unit (CPS unit) is set. As described above, the use permission information is information including, for example, copy / reproduction control information (CCI) for content, and copy restriction information and reproduction restriction information of encrypted content included in each content management unit (CPS unit). It is.

  Note that the generation of the title key requires data processing using various information stored in the information recording medium. Specific examples of these processes will be described in detail later.

[3. Information recording medium storage data management configuration]
Next, the stored data management configuration of the information recording medium will be described. When content having the hierarchical structure described with reference to FIG. 2 is stored in an information recording medium, various data or programs such as content codes are recorded as individual files. A directory configuration corresponding to each data stored in the information recording medium will be described with reference to FIG.
(A) Index 210 in FIG. 2 is an index.bdmv file in the directory shown in FIG. 4 (B) Movie object 220 in FIG. 2 is a MovieObject.bdmv file in the directory shown in FIG. 4 (C) Playlist in FIG. 230 is a file under the PLAYLIST directory in the directory shown in FIG.
(D) The clip 240 in FIG. 2 corresponds to a pair of files under the CLIPINF directory and files under the STREAM directory having the same file number in the directory shown in FIG.
(E) In addition, an AUXDATA file storing audio data and font data, a META file storing metadata, a BDOJ file storing BD-J objects, and the like are stored in the information storage medium.

  As described above, the content stored in the information recording medium is set as broken data in which part of the content data is replaced with data different from the correct content data, and correct content playback is executed only by the decryption process. In the case of reproduction, it is necessary to replace broken data with data (conversion data) registered in the conversion table. In the replacement process, the content code 105 stored in the information recording medium is applied, and the data conversion process based on the registration data of the conversion table (Fix-up Table) 106 is executed.

  The content code including this conversion table is also stored in the information recording medium as an individual file. FIG. 5 shows the directory structure in which the content code is set. FIG. 5 shows a directory structure of content codes created for the AV content having the directory structure of FIG. 4, for example.

The content code includes a conversion table as described above, and includes information and programs for executing various processes such as a start-up process and a security check process, in addition to a data conversion process program to which the conversion table is applied. These content codes are roughly divided into
(A) Content code common to all contents & all players (device or playback application) (b) Content code specific to content (c) Content code specific to player (device or playback application) (d) Content & player (device or playback) App) It is classified into each category of unique content code, and each content code has different production entity and provision entity. Therefore, it is preferable to set the content codes of these different categories as independent files from the viewpoint of, for example, file reuse.

  The content code file [00000. svm] to [00003. svm] indicates different categories of independent content code files generated by these different entities. A specific example of the content code file will be described in detail later.

  As shown in FIG. 5, the content code is set as a plurality of individual files in the BDSVM directory, and backup data as copy data is set in the BACKUP directory.

[4. Overview of content data structure including transformation data and data conversion process]
Next, the configuration of content including deformation data and an outline of data conversion processing will be described. As described above, the encrypted content 101 included in the information recording medium 100 is set as broken data in which a part of the configuration data is replaced with data different from the correct content data, and correct content reproduction is executed only by the decryption process. However, when playing back, it is necessary to replace the broken data with the conversion data registered in the conversion table.

  With reference to FIG. 6, the outline of the structure and reproduction processing of the content stored in the information recording medium will be described. The information recording medium 100 stores AV (Audio Visual) content such as a movie. These contents are encrypted and can be reproduced after being decrypted by a process using an encryption key that can be obtained only by a reproducing apparatus having a predetermined license. Specific content reproduction processing will be described later. The content stored in the information recording medium 100 has not only encryption but also a configuration in which content configuration data is replaced with modified data.

  FIG. 6 shows a configuration example of the recorded content 291 stored in the information recording medium 100. The recorded content 291 includes normal content data 292 that is not deformed and broken data 293 that is content that has been deformed and destroyed. Broken data 293 is data in which the original content is destroyed by data processing. Therefore, normal content reproduction cannot be performed by applying the content 291 including the broken data.

  In order to perform content playback, it is necessary to generate the playback content 296 by performing processing for replacing the broken data 293 included in the recorded content 291 with normal content data. Data for conversion (conversion data) as normal content data corresponding to each broken data area is converted into a conversion table (FUT (Fix-Up Table)) 106 in the content code 105 recorded in the information recording medium 100 (FIG. 1), conversion data is acquired from the conversion entry 295 registered in (1), and the process of replacing the data in the broken data area is executed to generate playback content 296 and execute playback.

  When generating the playback content 296, in addition to the process of replacing the broken data 293 with the conversion data 297 as normal content data, a part of the recorded content 291 can be identified by the content playback device or the content playback application. A process of replacing the constituent bits of the identification information (for example, player ID) with the identifier setting conversion data 298 including data that can be analyzed is performed. For example, when illegally copied content is leaked, it is possible to identify the source of illegal content by analyzing the identifier setting conversion data 298 in the leaked content.

  Note that the conversion entries as the configuration data of the conversion table including the conversion data may be distributed and recorded in a specific packet in the content configuration data. That is, the conversion data is stored in the conversion table 106 shown in FIG. 1 and is also distributed and recorded in the encrypted content 101 and is recorded in duplicate. Whether the information processing apparatus that executes content reproduction acquires the conversion data stored in the conversion table 106 and executes data replacement, or whether the distribution is recorded in the content and acquires the conversion entry to execute data replacement One of the processes is performed.

  With reference to FIG. 7, a configuration example of encrypted content 300 stored in the information recording medium 100, a content code 302 including a data conversion processing execution program and a conversion table will be described. The content codes 302-0 to n recorded on the information recording medium 100 are recorded on the information recording medium as independent file data corresponding to each content or each clip, for example. In the example shown in the figure, n + 1 content codes 302-0 to n are recorded on the information recording medium 100.

  Each content code 302-0 to n includes conversion tables 303-0 to n. In each of the conversion tables 303-0 to n, conversion data actually used as content replacement data and conversion entries 304-0 to n in which recording position information is set are recorded. In the example shown in the figure, the encrypted content 300-0 to n, the content code 302-0 to n, and the conversion table 303-0 to n are all applied with the variable [n]. It is not necessary for the number of contents 300 and content code 302 to be the same. For example, all the conversion tables corresponding to the encrypted contents 0 to n may be recorded in the content code 302-0. Thus, the encrypted content and the content code do not necessarily correspond one-on-one.

  Each conversion entry includes conversion data applied as replacement data and recording position information of the conversion data. With reference to FIG. 8, the data structure of the conversion entry recorded in the conversion table will be described.

FIG. 8 shows a data configuration example of one conversion entry (FixUpEntry) included in the conversion table block. As shown in FIG. 8, the conversion entry (FixUpEntry) includes the following data.
type_indicator: Type identifier [00: No conversion, 01b: Processing by conversion data, 10b, 11b: Processing by conversion data with identifier setting]
FM_ID_bit_position: identification bit position of the player ID corresponding to the identifier setting conversion data
relative_SPN: Conversion data application packet position (number of packets from the programmable map table (PMT) storage packet)
byte_position: Conversion data recording position in the packet
overwrite_value: Conversion data (including identifier setting conversion data)
relative_SPN_2: Second conversion data application packet position (number of packets from the PMT packet)
byte_position_2: Conversion data recording position in the packet (corresponding to the second conversion data)
overwrite_value_2: Second conversion data (including identifier setting conversion data)
It consists of these data.

  The conversion entry is set as data in which part of the content data to be replaced and conversion position information for the content of the conversion data are recorded, and the conversion entry is read from the conversion table to replace the content configuration data. Data conversion is performed by executing a content code as a conversion processing program including a processing execution instruction.

The information [type_indicator] included in the conversion entry (FixUpEntry) information shown in FIG.
(A) registration information regarding conversion data for converting broken data into legitimate content data, or
(B) registration information regarding identifier setting conversion data for embedding identification information of a playback device or a content playback application;
This is a type identifier for identifying which of the registration information items (a) and (b).

  The registration information [FM_ID_bit_position] is position information of bits to be referred for determining the processing mode in the identification information of the playback device or playback application composed of a plurality of bits. For example, in the identification information of a playback device or playback application consisting of a plurality of bits, if the bit value of the bit to be referred to for determining the processing mode is 1, the content configuration data is identified by the identifier setting conversion data registered in the conversion table. The replacement is executed, and when the bit value of the bit to be referred to is 0, the processing mode is determined such that the replacement is not executed, and the data conversion is executed.

  It is also possible to set so that conversion is executed when the reference bit is 0 and conversion is not executed when the reference bit is 1. Alternatively, the conversion data when the reference bit is 0 and the conversion data when the reference bit are 1 are set as different conversion data, and the conversion data is appropriately selected and set according to the bit value of the reference bit. Good.

  As shown in FIG. 7, conversion entries 301-0 to n are also distributed and recorded in each of the encrypted contents 300-0 to n. The encrypted content 300 is set as a stream of TS packets, and packets in which conversion entries are scattered and stored, that is, conversion entry storage packets 307a to 307d are set.

  In each conversion entry set as these distributed recording data, conversion data in the vicinity of each conversion entry storage packet is recorded. The conversion entries distributed and recorded in the encrypted content 300 and the conversion entries included in the conversion table 303 are the same, and the information processing apparatus that executes the content playback uses the content according to the specifications of the playback (player) application. Either conversion data is acquired from the conversion entry 301 recorded in a distributed manner and data replacement is executed, or conversion data is acquired from the conversion entry 304 in the conversion table 303 and data replacement is executed. Execute.

  As shown in FIG. 7, the content is divided into segments (SP segments) for each predetermined data unit. The conversion entry including each piece of conversion data is stored in the conversion table 302 after performing an operation or encryption process using a different parameter (SP: secret parameter) for each predetermined data unit (segment unit) of the content. Similarly, the conversion entry stored in the TS packet in the content is also recorded by performing an operation or encryption process to which a different parameter (SP: secret parameter) is applied for each segment).

  An information processing apparatus that executes data conversion processing as data replacement processing executed at the time of content reproduction sequentially acquires secret parameters (SP1, SP2, SP3...) Corresponding to each segment, and sets each segment position. For the conversion entry corresponding to, a calculation or encryption process to which the acquisition parameter (SPn) is applied is executed to acquire conversion data.

  A specific example of data replacement based on the conversion data will be described with reference to FIGS. 9 and 10. First, with reference to FIG. 9, an example of processing for acquiring conversion table block configuration data including conversion data distributed and recorded in content and executing data replacement will be described.

  FIG. 9A shows the content structure recorded on the information recording medium 100. Conversion entries including conversion data and recording position information are distributed and recorded in TS packets 307a to 307d shown in the figure.

  The data replacement processing sequence will be described with reference to FIG. The process shown in FIG. 9B is a process executed by the playback (player) application of the host. FIG. 9B shows a part of a TS packet sequence of content belonging to segment ID = N, N + 1 in the content configuration data.

  For example, the packet 311 including the conversion entry recorded in the segment ID = N stores the XORed conversion entry 315 as result data obtained by performing an exclusive OR operation with the secret parameter (SPx). The playback (player) application of the host that executes the data replacement process performs an exclusive OR operation with the secret parameter (SPx) 316 on the XORed conversion entry 315 to obtain the conversion entry 317, and converts the conversion entry 317. Conversion data and recording position information are obtained from the data, and a replacement process with the packets 312a, 3b at the data replacement target position is executed.

  The parameter (SPx) applied to the calculation for obtaining the conversion entry 317 is supplied from the secure VM 320. For example, in order to acquire a secret parameter (SPn) necessary for each segment of the content, the playback (player) application acquires a secret parameter ID (SP_ID) as secret parameter designation information corresponding to each segment, and acquires the secret parameter. The secret parameter calculation request including the ID notification is output as an interrupt (INTRP) request to the secure VM. The secure VM calculates a secret parameter (SPx) corresponding to SP_ID in response to a secret parameter calculation request from the playback (player) application, and provides it as a response (Call) to the playback (player) application.

  As shown in FIG. 9, when the segment is different, the parameter (SPx) applied to the calculation for acquiring the conversion entry is a different parameter. For example, one segment is set to about 10 seconds as the content playback time, and the playback (player) application receives different parameters from the secure VM for each segment of about 10 seconds, restores the conversion entry, Conversion data is acquired from the restored conversion entry, and data replacement processing is executed.

  Next, referring to FIG. 10, the conversion entry 304 in the conversion table 303 of the content code 302 stored in the information recording medium is applied instead of the conversion entries distributedly recorded in the content, and data replacement for the content is performed. An outline of the processing in the case of performing will be described.

  As shown in FIG. 9A, the content is divided into segments for each predetermined data unit. The conversion entry 304 including the conversion data recorded in the conversion table 303 is subjected to calculation or encryption processing using a different parameter (SP: secret parameter) for each predetermined data unit (segment unit) of the content.

  An information processing apparatus that executes data conversion processing as data replacement processing executed at the time of content reproduction sequentially acquires secret parameters (SP1, SP2, SP3...) Corresponding to each segment, and sets each segment position. The conversion entry including the conversion data corresponding to is subjected to an operation applying the acquisition parameter (SPn) or an encryption process to acquire the conversion data.

  The data replacement processing sequence will be described with reference to FIG. The process shown in FIG. 9B is a process executed by the playback (player) application of the host. FIG. 9B shows a part of a TS packet sequence of content belonging to segment ID = N, N + 1 in the content configuration data.

  For example, when executing data replacement for the segment ID = N, the conversion entry 304 is acquired from the conversion table 303, and the conversion entry corresponding to the segment ID = N is selected from the conversion entry 304. However, this conversion entry x315 is recorded in the conversion table 303 as an XORed conversion entry 315 as result data obtained by performing an exclusive OR operation with the segment-specific secret parameter (SPx) associated with the segment N.

  The playback (player) application of the host that executes the data replacement process performs an exclusive OR operation with the secret parameter (SPx) 316 provided from the secure VM 320 on the XORed conversion entry 315 to obtain the conversion entry 317. Then, the conversion data and the recording position information are acquired from the conversion entry 317, and the replacement processing with the packets 312a and 3b at the data replacement target position is executed.

  The parameter (SPx) applied to the calculation for obtaining the conversion entry 317 is supplied from the secure VM 320. For example, in order to acquire a secret parameter (SPn) necessary for each segment of the content, the playback (player) application acquires a secret parameter ID (SP_ID) as secret parameter designation information corresponding to each segment, and acquires the secret parameter. The secret parameter calculation request including the ID notification is output as an interrupt (INTRP) request to the secure VM. Information necessary for acquiring the secret parameter ID (SP_ID) is recorded in the conversion table 303, for example.

  The secure VM calculates a secret parameter (SPx) corresponding to SP_ID in response to a secret parameter calculation request from the playback (player) application, and provides it as a response (Call) to the playback (player) application.

  As shown in FIG. 10, when the segment is different, the parameter (SPx) applied to the calculation for acquiring the conversion entry is a different parameter. For example, one segment is set to about 10 seconds as the content playback time, and the playback (player) application receives different parameters from the secure VM for each segment of about 10 seconds, restores the conversion entry, Conversion data is acquired from the restored conversion entry, and data replacement processing is executed.

  In this way, the playback (player) application that executes content playback receives the secret parameter from the secure VM and executes the calculation for each segment, and restores the conversion entry as the configuration data of the conversion table block. Execute, acquire the restored conversion entry, and perform data replacement. In the above processing example, the exclusive OR (XOR) is exemplified as the operation to which the secret parameter is applied. However, other operation processing may be set. Moreover, it is good also as a structure which performs the encryption process etc. which applied a secret parameter.

[5, processing between playback (player) application and secure VM]
When executing the above-described processing, the playback (player) application sequentially acquires different secret parameters (SP1, SP2, SP3,...) In a certain segment unit during playback of the content. On the other hand, every time a playback segment is switched, it is necessary to obtain a secret parameter and perform data replacement.

  When executing the process of acquiring the secret parameter (SP), the playback (player) application notifies the secure VM of the secret parameter ID (SP_ID) as secret parameter designation information, and identifies the necessary SP. . The information for acquiring the secret parameter ID (SP_ID) is recorded in, for example, a conversion table, and the playback (player) application uses a segment-specific secret parameter ID (() based on the information recorded in the conversion table. SP_ID).

  The reproduction (player) application sends and receives data processing requests and responses to and from the secure VMs in the process of acquiring the secret parameter (SP). A series of processing sequences executed between the playback application and the secure VM will be described with reference to FIG.

  As described above with reference to FIG. 1, the information transmission or processing request between the playback (player) application 150 and the secure VM 160 is an interrupt (INTRP) from the playback (player) application 150 to the secure VM 160. This is executed by a response (Call) processing sequence from the secure VM 160 to the playback (player) application 150.

  The processing sequence shown in FIG. 11 is a diagram showing the types of processing executed between the playback (player) application 150 and the secure VM 160 from insertion to removal of the information recording medium on which the content is recorded.

  For example, step S11 is a media initialization process that is executed as a process when an information recording medium (Disc) is inserted. The playback (player) application 150 obtains code information necessary for the first playback process. The stored content code file (Content Code File) is loaded into the memory and the execution is started. The content code file (Content Code File) specifies the manufacturer of the playback (player) application, the model name, and the like.

  For example, the secure VM 160 determines whether or not the acquired model name is a model in which a security problem has occurred in the past. Whether or not a problem has occurred is investigated by executing the content code (ContentCode). For example, a specific value on the RAM of the information processing apparatus or an operation of a specific device is checked to check whether the state is correct. Note that the investigation program for each model may not be included in the initially loaded content code file. In this case, another necessary content code file is accessed. When the initialization process by the secure VM 160 is completed, a response (Call) is notified to the playback application 150, and the process proceeds to the next step S12.

  In step S12, a title initialization process (Title Initialize) is executed. The title is applied as the designation information of the reproduction target content, and the title corresponding to the specific reproduction target content is selected based on the designation of the user and the title initialization processing request is sent from the reproduction (player) application 150 together with the title information. The data is output to the secure VM 160.

  The secure VM 160 generates a conversion table that collects conversion data information corresponding to all clips necessary for title playback on the memory of the secure VM 160, and a memory in which the table is stored so that the playback (player) application 150 can acquire the table. Is notified to the playback (player) application 150. During the title initialization, it is possible to perform the same security check as the media initialization in step S11.

  It is executed in the title initialization process. An example of processing for generating a conversion table in which the conversion data information corresponding to all clips necessary for title reproduction is collected on the memory of the secure VM 160 will be described with reference to FIG. FIG. 12 shows a memory area (for example, 2 MB) that can be used by the secure VM 160. Here, a content code as code information included in the data conversion processing program acquired by the secure VM 160 from the information recording medium is stored. The content code includes a conversion table that has been obfuscated such as encrypted.

  When a title initialization request is input from the playback (player) application 150, the secure VM 160 decodes a conversion table in which conversion data information corresponding to all clips necessary for title playback is collected from the content code as necessary. Processing is performed, and the data is stored in the memory in a state (mask state) in which the above-described processing such as XORed is performed, and the memory storage position is notified to the reproduction (player) application 150. This notification process is executed as a response (Call) to the title initialization request (INTRP) from the playback (player) application 150.

  When the reproduction (player) application 150 receives a response (Call) to the title initialization request (INTRP) from the secure VM 160, the reproduction (player) reproduces a necessary data portion from the conversion table storage area of the secure VM 160 use memory area. Copy and store in the available memory area of the application 150. For example, a secret parameter ID (SP_ID) identification table for obtaining a secret parameter ID (SP_ID) corresponding to a segment of the content described above with reference to FIGS. Copy and store in the available memory area.

  In this copy process, the playback (player) application 150 converts the content such as the configuration data of the conversion table storing the conversion entry and the information for specifying the secret parameter ID (SP_ID) corresponding to the segment included in the conversion table. All information necessary for processing and playback processing is stored in a memory area that can be used by the playback (player) application 150.

  Returning to FIG. 11, the description of the processing sequence between the playback (player) application 150 and the secure VM 160 will be continued. Step S13 is processing corresponding to (Compute_SP) for secret parameter (SP) calculation. The playback (player) application 150 outputs an SP calculation request (INTRP) to the secure VM 160, and the secure VM 160 calculates the calculation result (SP). Is returned to the playback (player) application 150 as a response (Call). When the reproduction (player) application 150 outputs the SP calculation request (INTRP) to the secure VM 160, the reproduction (player) application 150 notifies SP_ID as SP designation information.

  The process of step S14 is a request process from the playback (player) application 150 to the secure VM 160 different from the calculation of the secret parameter. For example, request processing such as execution of security check, and when there is such a request, the secure VM 160 executes processing according to the request and plays back the processing result as a response (Call) (player) application 150. Notify For information transmission at this time, registers that can be written and read by both the playback (player) application 150 and the secure VM 160, such as a player status register and a register (PSR), are used.

  The processing in step S15 is media finalization processing when the information recording medium (Disc) is taken out, and the processing status of the content code (Content Code) is recorded in the nonvolatile memory. By this processing, it becomes possible to continue using the information of the past security check at the next disk insertion.

  As described above, the information transmission or processing request and response between the playback (player) application 150 and the secure VM 160 are performed by the playback (player) application 150 from the interruption (INTRP) to the secure VM 160 and the playback (player) from the secure VM 160. This is executed by a response (Call) process to the application 150.

[6. Content playback processing]
Next, content reproduction processing executed by the host will be described with reference to FIG. In FIG. 13, the information recording medium 330 storing the encrypted content and the information recording medium 330 are set from the left, and the drive 340 for reading data is connected to the information recording medium 330 so as to be able to perform data communication with the drive. A host 345 that executes a playback application that acquires stored content via the drive 340 and executes playback processing is shown.

  Note that the host 345 shown in FIG. 13 includes a secure VM 360 having a playback (player) application block 350 that executes content decryption, decoding, data conversion processing, and the like, and a secure VM 360 that executes secret parameter (SP) calculation processing, and the like. Blocks are shown separately.

  In the information recording medium 330, an MKB (Media Key Block) 331, a title key file 332, encrypted content 333, and a content code 334 including a conversion processing program are recorded. The encrypted content 333 is distributedly recorded in the conversion entry 335. The content code 334 includes a conversion table 336 including similar conversion entries. The host 345 holds a device key 351 applied to MKB processing.

  A processing sequence in which the host 345 shown in FIG. 13 acquires and reproduces the content stored in the information recording medium 330 via the drive 340 will be described. First, prior to reading the content stored in the information recording medium 330, the host 345 and the drive 340 perform mutual authentication in step S101. This mutual authentication is a process for confirming whether the host and the drive are valid devices or application software. Various processes can be applied as the mutual authentication processing sequence. Through the mutual authentication process, the drive 340 and the host 345 share a session key (Ks) as a common secret key.

  In step S101, mutual authentication between the host drives is performed, and after sharing the session key (Ks), the playback (player) application 350 of the host 345 reads the MKB 331 recorded on the information recording medium 330 in step S102. The media key (Km) is acquired from the MKB by executing the process of the MKB 331 to which the device key 351 obtained by the drive and stored in the memory is applied.

  As described above, the MKB (Media Key Block) 331 is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method, and is stored in a device having a valid license. This is a key information block that makes it possible to obtain a media key (Km) that is a key necessary for decrypting content only by processing (decryption) based on the device key (Kd).

  Next, in step S103, the title key file 332 read from the information recording medium 330 is decrypted by applying the media key (Km) obtained in the MKB process in step S102, and the title key (Kt) is obtained. To do. The title key file 332 stored in the information recording medium 330 is a file including data encrypted with a media key, and a title key (Kt) to be applied to content decryption can be acquired by processing using the media key. . For example, an AES encryption algorithm is applied to the decryption process in step S103.

  Next, the playback (player) application 350 of the host 345 reads the encrypted content 333 stored in the information recording medium 330 via the drive 340, stores the read content in the track buffer 352, and the buffer stored content. In step S104, decryption processing using the title key (Kt) is executed to obtain decrypted content.

  The decrypted content is stored in the plaintext TS buffer 353. (Plain TS) means a decrypted plaintext transport stream. Here, the decrypted content stored in the plaintext TS buffer 353 is content including the above-described broken data, and cannot be reproduced as it is, and it is necessary to perform predetermined data conversion (data replacement by overwriting).

  The processing example shown in FIG. 13 is a processing example in which conversion entries distributed and recorded in specific packets in the configuration data of the encrypted content are acquired, and the conversion data is extracted therefrom to perform data replacement. That is, this corresponds to the data conversion processing described above with reference to FIG.

  The conversion entry divided and recorded in the content is data in which conversion data (or identifier setting conversion data) for performing replacement processing on the decrypted content and a recording position of the conversion data are recorded.

  The secure VM 361 reads out the data conversion processing program 335 including the instruction code information from the information recording medium 330, and controls the event handler 354 and inputs the player information 355 intermittently before or during the content reproduction or output processing. Based on this, secret parameters (SP1, SP2, SP3...) Necessary for converting the conversion table recorded together with the content on the information recording medium 330 into a plaintext conversion table are generated and output. This process is performed intermittently.

  The secret parameters (SP1, SP2, SP3...) Are calculation or encryption processing parameters that are switched for each segment corresponding to a predetermined content data unit as described above. Specifically, for example, an exclusive OR (XOR) is used. ) Calculation parameter. The secure VM 361 receives parameters (SP1, SP2, SP3,...) Necessary for restoring the conversion entry that is the configuration data of the conversion table block transformed by the arithmetic processing or the encryption processing in response to a request from the playback (player) application. Executes processing to generate and output intermittently.

  In step S104, the reproduction (player) application 350 decrypts the encrypted content 333 including the conversion entry, and the conversion entry that is the configuration data of the conversion table recorded in the content by the demultiplexer processing in step S105. And the table restoration & data conversion process in step S106 is executed under the control of the real-time event handler 356. Under the control of the real-time event handler 356, the playback (player) application 350 outputs a secret parameter calculation request according to segment switching to the secure VM 361 as an interrupt (INTRP), and the secure VM 361 outputs secure parameters (SP1, SP2, SP3,. ..) Is received, decryption or calculation of the conversion table block is executed to acquire a plaintext conversion table block, and a conversion entry included in the acquired conversion table block is acquired.

The conversion entry contains conversion data, that is,
(A) Conversion data (b) Identifier setting conversion data and recording position designation information in the contents of these conversion data are recorded, and the reproduction (player) application 350 performs data conversion processing to be written at the designated position in step S106. Is executed as real-time processing in parallel with content reproduction processing or external output processing.

For example, when the parameter (SP1, SP2, SP3...) Is an exclusive OR (XOR) operation parameter with a conversion entry corresponding to a segment that is a predetermined content partial data unit, the table restoration processing in step S303 is as follows. ,
[Conversion entry 1] (XOR) [SP1],
[Conversion entry 2] (XOR) [SP2],
[Conversion entry 3] (XOR) [SP3],
::
These exclusive OR operations are executed to obtain conversion entries included in the conversion table block data. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

  In this way, the conversion entry included in the content 333 recorded on the information recording medium is stored after being subjected to an exclusive OR operation with the secret parameter (SP1, SP2, SP3...). This parameter is sequentially acquired and output by the secure VM 361.

  In the table restoration & data conversion process in step S106, the conversion data is obtained from the restored conversion entry obtained by the calculation or encryption process using the secret parameter (SP1, SP2, SP3...) And included in the content. The broken data is replaced with conversion data that is valid content configuration data, and further, a data overwriting process is performed to replace the identifier setting conversion data with partial data of the content, and the data stored in the plaintext TS buffer 353 is converted into converted data. change. The outline of this data conversion process will be described with reference to FIG.

  The encrypted content 333 stored in the information recording medium is temporarily stored in the track buffer 352 on the host side. This is the track buffer storage data 401 shown in FIG. By decryption processing on the host side, decryption of the encrypted content as the track buffer storage data 401 is executed, and decryption result data is stored in the plaintext TS buffer 353. This is the decoding result data 402 shown in FIG.

  The decryption result data 402 includes broken data 403 that is not normal content configuration data. The host data conversion processing unit executes processing for replacing the broken data 403 with converted data 404 as correct content configuration data. This replacement process is executed, for example, as a rewrite (overwrite) process of a part of the data already written in the plaintext TS buffer 353.

  Further, the data conversion process executed by the host is not only the process of replacing the broken data with the conversion data that is normal content data, but also a part of the decryption result data 402 by the identifier setting conversion data 405 as shown in FIG. Execute processing to replace configuration data.

  The identifier is data that makes it possible to analyze the constituent bits of the identification information that makes it possible to identify the content playback apparatus or the content playback application as described above. Specifically, for example, configuration information of identification information (player ID) of an information processing apparatus as a player executing a host application, or an identification mark generated based on the player ID. The identifier setting conversion data is data in which the bit value of the correct content data is slightly changed at a level that does not affect the reproduction of the content as described above.

  A large number of identifier setting conversion data 405 are set in the content, and for example, the player ID is determined by collecting and analyzing the plurality of identifier setting conversion data 405. The identifier setting conversion data 405 is data in which the constituent bits of normal content data are changed at a level that can be normally reproduced as content, and is data in which bits (identification mark constituent bits) can be determined by MPEG bitstream analysis.

  In the conversion table stored in the information recording medium, a large number of conversion data 404 and identifier setting conversion data 405 shown in FIG. 14 are registered, and the writing position information is also registered. By executing the data conversion process based on the conversion table storage information, the data stored in the plaintext TS buffer 353 is replaced with the converted data 406 shown in FIG.

  Thereafter, the converted TS (transport stream) is output to the outside via a network or the like and is played back on an external playback device. Alternatively, in step S107, conversion from the transport stream (TS) to the elementary stream (ES) is performed by processing by the demultiplexer, and further, decoding processing (step S108) is performed, and then via the display speaker. Played.

[7. Content code management configuration]
As described above, in reproducing the content recorded on the information recording medium, the content code is read from the information recording medium, the conversion table included in the content code is applied, and the conversion processing program included in the content code is applied. It is necessary to execute the process. The content code further includes programs and information applied to execution of startup processing, security check processing, and the like, and the content code is acquired and executed when using the content.

  The content code execution processing is mainly performed by a secure VM set in an information processing apparatus that executes content reproduction. The secure VM acquires a content code including a program or application information applied to use of encrypted content recorded in an information recording medium, and executes content code for executing data processing according to the acquired content code Functions as a processing unit.

  The content code is set as a file independent of the content and recorded on the information recording medium. Accordingly, it is possible to perform a process of moving only the content code to another information recording medium or a process of copying. If the content code is leaked and distributed illegally, a lot of content may be illegally played back and used, which may cause great damage. Hereinafter, a configuration for preventing such illegal use of the content code will be described.

  The types of data included in the content code 500 recorded on the information recording medium will be described with reference to FIG. As described in the above description, the content code 500 records programs and conversion tables applied to content data conversion processing. For example, the conversion table is data including conversion data as replacement data for the configuration data of each content and needs to be content-specific data. For example, the conversion processing program is set as common code information in each content. It is possible data.

  The content code includes an information processing apparatus that executes content playback processing or information or a program set corresponding to a playback (player) application executed by the information processing apparatus. For example, when used in information processing devices and playback applications of a plurality of different manufacturers, a plurality of codes corresponding to each device and each application are recorded in the content code, and each player (device or playback application) is included in the content code. The code corresponding to the player (device or playback application) is selected from the player (device or playback application) specific code to be processed.

As described above, the content code 500 includes various data. When these data are roughly classified, four classifications are possible as shown in FIG. That is,
(A) Common data 501 for all contents & all players (apparatus or playback application)
(B) Content-specific data 502
(C) Player (device or playback application) specific data 503
(D) Content & player (device or playback application) specific data 504

Hereinafter, specific data content examples of each data will be described.
(A) Common data 501 for all contents & all players (apparatus or playback application)
The common data 501 for all contents & all players (apparatus or playback application) is a data portion including information and programs that can be used in common for all contents, all information processing apparatuses and playback applications. The following information and programs are included.
(A1) Program related to the startup routine: For example, checking the initialization state of the memory, reading the data that is insufficient in the first loading, and the content recorded on the information recording medium (Disc) together are valid content A program that executes processing such as checking for
(A2) Common routine (access to external recording, etc.) program: For example, a program that can be used by the nonvolatile memory access function, and when information that can use this content code is recorded, the data can be read and used .
(A3) Player identification routine: a program for acquiring information about a device or a reproduction application that is currently performing reproduction and determining whether it is an additional security check target. If an additional check is necessary, the content code file is loaded as necessary, and then the additional check is performed.

(B) Content-specific data 502
The content specific data 502 is a data portion including information and programs specific to each content, and specifically includes, for example, the following information and programs.
(B1) Conversion table (FixUpTable) information: a conversion table including the conversion data described in the above processing example. Not only the conversion data but also information necessary for data conversion processing such as a secret (SP) parameter calculation routine is included.
(B2) Title initialization program: processing for generating a conversion table (FixUpTable), a security check performed before title reproduction, and a routine relating to a check that depends only on the content.

(C) Player (device or playback application) specific data 503
(C) Player (device or playback application) specific data 503 is a data portion including information and programs specific to an information processing device or playback application for playing back content. Specifically, for example, the following information and programs Is included.
(C1) RunNative execution part, NativeCode: Information and program for executing a function for performing discovery and improvement of a security problem by executing processing unique to a device for executing content reproduction and an application program. A process that is executed in the kernel mode in the OS of the information processing apparatus that executes the reproduction process is common. In addition, when executing this processing, the NativeCode itself includes a player-specific validity verification function (for example, a signature by a private key), and the information processing apparatus that executes content playback verifies the validity by signature verification. After execution, security problems are discovered and improved by executing these content codes.
(C2) Check routine specific to the player (device or playback application): To execute a function for checking that the player is a legitimate player (device or playback application) using information related to the hardware of the device that executes content playback Information and programs.

(D) Content & player (device or playback application) specific data 503
Content & player (device or playback application) specific data 503 is data that is specific to the content and includes information and programs that are also specific to the information processing device or playback application that plays back the content. The following information and programs are included.
(D1) Player validity check using DiscoveryRAM: A specific value on a memory (RAM) in a device that executes content playback is checked to check that the player is a valid player (device or playback application) Information and programs to perform functions During reproduction of specific content, validity is confirmed by monitoring that a specific memory is in a player-specific state. In this case, the check routine depends on both the content and the player.
(D2) DiscoveryRAM comparison data: a table storing values (target values) for comparison with actual values on the RAM in the above-mentioned (d1) player validity check using DiscoveryRAM.

  As described above, various information and programs are stored in the content code, and a device that performs content playback corresponds to the content code according to the playback content, or according to the device or the playback application. The code information to be selected is selected and various processes are executed.

As described with reference to FIG. 15, the content codes can be classified into the following four categories.
(A) Common data 501 for all contents & all players (apparatus or playback application)
(B) Content-specific data 502
(C) Player (device or playback application) specific data 503
(D) Content & player (device or playback application) specific data 504

  Each of these content codes is stored in the information recording medium as an individual file or as a single file. The content code of each category may have a different entity for producing the code. For example, (b) a content code corresponding to content-specific data is set by a studio as a content producer. In addition, (c) player (device or playback application) specific data is often generated by a playback device as a player or an entity that produces a playback application.

A sequence until content codes generated by different entities are recorded on the information recording medium will be described with reference to FIG. FIG. 16 shows configuration data of content codes corresponding to the four categories described above. That is,
(Data a) Common data 501 for all contents & all players (apparatus or playback application)
(Data b) Content specific data 502
(Data c) Player (device or playback application) specific data 503
(Data d) Content & player (device or playback application) specific data 504
These four different categories of content codes.

  These content codes are produced by different entities such as studios for creating and editing content, authoring companies, and manufacturers of players (devices or playback applications).

  When these content codes are generated, in steps S201 and S202, a signature of the creator of each content code or a providing entity is given. An electronic signature is assigned by applying an encryption key (secret key) possessed by each entity. The addition of the electronic signature is set for falsification verification and prevention of falsification of each content code. Although only two processing blocks of steps S201 and S202 are shown in the figure, the entity that generated each content code assigns a signature according to the number of content codes to be generated.

  In step S203, the management center (KIC) gives an electronic signature to the content code that is finally recorded on the information recording medium. In setting the electronic signature in the management center (KIC), the signature of each entity is verified, and it is confirmed that each content code has not been tampered with. ) Is preferably set.

  A content code file with an electronic signature of the management center (KIC) is recorded on the information recording medium. Several different setting modes can be used for setting the signature for the content code recorded on the information recording medium. Hereinafter, the data configuration of the content code recorded on the information recording medium and a signature setting example will be described with reference to FIGS.

  The example shown in FIG. 17 is a content code file [xxxx. svm] 521, 522, and 523 are examples having a common file structure, and each file includes a header 531, a content code block 532, and an electronic signature 533 as shown in a content code file 530 shown in the figure. It is set as the structure which has.

  The header 531 includes electronic signature information such as a unique ID that is unique identification information corresponding to the content code, the data size of the content code block that stores the actual data of the content code, and the type of electronic signature (such as ECDSA). It is.

  In the content code block 532, the various types of content codes described above are recorded as entity data of the content code. In this example, the electronic signature 533 is a signature of the management center. In this example, the signature of each entity other than the management center described above is set not to be included in the content code.

As described above, in the configuration in which the signature of the management center is set for all the content code files, all the content code files [xxxx. svm] is, for example,
Data capacity of 2MB + header + signature is set. 2 MB is applied to the content code block.

An information processing apparatus (user device) that uses the content code shown in FIG.
The management center's digital signature included in the content code is verified to verify whether the content code has been tampered with, and then the code is used. A specific processing sequence will be described later.

  FIG. 18 shows an example in which a signature is set for only one content code file recorded on the information recording medium, and no signature is set for other content code files. In the example shown in FIG. 18, the content code file [00000. svm] 521, the management center electronic signature 533 is set as shown in the file 530 and includes a header 531, a content code block 532, and a management center electronic signature 533. Other content code files [00001. svm] 522 or lower file 540 is not set with the electronic signature of the management center, and is set as a file 540 in which only the header 541 and the content code block 542 are stored.

  The content code file to which the electronic signature of the management center is set is a file that stores the content code that is always executed in the information processing apparatus, for example, a file in which the content code for executing the startup routine is recorded. Is preferred.

  In this configuration example, the information processing apparatus using the content code is the content code file [00000. svm] 521 is used for signature verification only. When other files are used, signature verification can be omitted. However, after verifying the validity of each content code file with no signature set by performing a tampering verification of each content code file without a signature using a method different from the verification of the electronic signature, for example, a simple method such as hash verification processing, The code is used. In this case, for example, a hash value for verification to be applied for verification is recorded and held in the content code file. These processing sequences will be described later.

As described above, in the configuration in which the signature of the management center is set to only one content code file, the content code file to which the signature is set is, for example,
The content capacity of 2MB + header + signature is set but other content code files with no signature are not given a signature, so there is no need to consider the signature verification process. The file need not be provided, and can be a file in which a content code block of an arbitrary size is set.

  Next, a setting example of a content code file that records not only the signature of the management center but also the production of each content code or the signature of the providing entity will be described with reference to FIGS.

  The example shown in FIG. 19 is a content code file [xxxx. svm] 521, 522, 523 are examples having a common file structure, and each file includes a header 551, a content code block 552, and an electronic signature 1 as shown in a content code file 550 shown in the figure. , 553 and an electronic signature 2,554.

  The header 551 includes electronic signature information such as a unique ID that is unique identification information corresponding to the content code, the data size of the content code block that stores the actual data of the content code, and the type of electronic signature (such as ECDSA). It is. In the content code block 552, the various types of content codes described above are recorded as entity data of the content code.

  The electronic signature 1,553 is not the management center but the signature of the producer or provider of the content code stored in each content code file. The electronic signature 2,554 is a signature of the management center. In this example, in this way, the signature of each entity is stored together with the signature of the management center.

An information processing apparatus (user device) that uses the content code shown in FIG.
Only the electronic signature of the management center included in the content code is verified to verify whether the content code has been tampered with, and then the code is used. Or, in addition to the verification of the electronic signature of the management center, the configuration may be such that verification of the electronic signature of each entity is executed.

  FIG. 20 shows an example in which a signature is set for only one content code file recorded on the information recording medium, and no signature is set for other content code files. In the example shown in FIG. 20, the content code file [00000. svm] 521, as shown in the file 550, an electronic signature 553 of the content code producer or providing entity and an electronic signature 554 of the management center are set, and a header 551, a content code block 552, an electronic signature 1 553 and an electronic signature 2,534, but other content code files [00001. svm] 522 and lower files 560 are not set with an electronic signature, and are set as a file 540 in which only the header 561 and the content code block 562 are stored.

  As in the example described with reference to FIG. 18, the content code file to which the electronic signature is set is always a file in which the content code for executing the startup routine is recorded. It is preferable that the file stores the content code to be executed.

  In this configuration example, the information processing apparatus using the content code is the content code file [00000. svm] 521 is used for signature verification only. When other files are used, signature verification can be omitted. However, after verifying the validity of each content code file with no signature set by performing a tampering verification of each content code file without a signature using a method different from the verification of the electronic signature, for example, a simple method such as hash verification processing, The code is used. In this case, for example, a hash value for verification to be applied for verification is recorded and held in the content code file.

  Next, a content code use processing sequence in an information processing apparatus that executes data processing using a content code will be described with reference to flowcharts shown in FIGS.

  FIG. 21 is a flowchart showing a processing sequence in the case of the content code file configuration described above with reference to FIGS. 17 and 19, that is, a file setting in which electronic signatures are recorded in all content code files. FIG. 22 is a flowchart showing a processing sequence in the case of setting the content code file described above with reference to FIGS. 18 and 20, that is, a file setting in which an electronic signature is recorded only in one content code file. .

  First, a content code usage sequence in the case of file setting in which electronic signatures are recorded in all content code files will be described with reference to the flowchart shown in FIG. This processing sequence is executed by the secure VM set in the information processing apparatus that executes content reproduction. The secure VM functions as a data processing unit that acquires a content code including a program or application information applied to use of encrypted content recorded in an information recording medium, and executes data processing according to the acquired content code. .

  First, in step S301, the data processing unit (secure VM) of the information processing apparatus using the content code uses the content code file [00000. svm] signature verification processing is executed. Content code file [00000. The verification of the electronic signature of the management center (KIC) set to svm] is executed. Specifically, for example, electronic signature verification (for example, ECDSA signature verification algorithm) using the public key of the management center (KIC) is executed.

  If it is determined in step S302 that the content code file is not valid by signature verification, the use of the content code is stopped and the process is terminated.

  If the signature verification confirms that the content code file is valid in step S302, the process proceeds to step S303, in which the content code file [00000.0000] read from the information recording medium is stored in the memory area used by the secure VM. svm], and in step S304, the content code file [00000. svm] is executed. The content code file [00000. The content code recorded in svm] is, for example, an execution code of a startup routine, and the information processing apparatus that uses the content stored in the information recording medium starts with the content code file [00000. svm] verification processing, loading processing, and code execution processing.

  Thereafter, in step S305, it is determined whether it is necessary to use a content code file that is not loaded in the secure VM application memory. If so, the process proceeds to step S306, and new content is stored in the secure VM memory. Code file [xxxx. Read command to load svm] is output to the drive.

  Next, in step S307, the content code file [xxxx. The verification of the electronic signature of the management center (KIC) set to svm] is executed. If it is determined in step S308 that the content code file is not valid by signature verification, the use of the content code is stopped and the process is terminated.

  If the signature verification confirms that the content code file is valid in step S308, the process proceeds to step S309, and the content code file [xxxx.x] read from the information recording medium is stored in the memory area used by the secure VM. svm] is loaded and executed.

  If it is determined in step S310 that the reproduction end or the title end by the user operation has not occurred, the process returns to the determination process of the necessity of using another content code and the load in step S305. In step S310, when the reproduction end by the user operation or the title end occurs, the process ends.

  Next, referring to the flowchart shown in FIG. 22, the setting of the content code file described above with reference to FIGS. 18 and 20, that is, the electronic signature is recorded in one content code file, and the other contents A content code usage sequence when the file setting is such that the electronic signature is not recorded in the code file will be described. This processing sequence is executed by the secure VM set in the information processing apparatus that executes content reproduction.

  First, in step S401, the information processing apparatus that uses the content code selects the content code file [00000. svm] signature verification processing is executed. Content code file [00000. The verification of the electronic signature of the management center (KIC) set to svm] is executed. Specifically, for example, electronic signature verification (for example, ECDSA signature verification algorithm) using the public key of the management center (KIC) is executed.

  If it is determined in step S402 that the content code file is not valid by signature verification, the use of the content code is stopped and the process is terminated.

  If it is confirmed in step S402 that the content code file is valid by the signature verification, the process proceeds to step S403, and the content code file [00000.000 read from the information recording medium is read into the memory area used by the secure VM. svm] is loaded, and in step S404, the content code file [00000. svm] is executed. The content code file [00000. The content code recorded in svm] is, for example, an execution code of a startup routine, and the information processing apparatus that uses the content stored in the information recording medium starts with the content code file [00000. svm] verification processing, loading processing, and code execution processing.

  Thereafter, in step S405, it is determined whether it is necessary to use a content code file that is not loaded in the secure VM application memory. If so, the process proceeds to step S406, and new content is stored in the secure VM memory. Code file [xxxx. Read command to load svm] is output to the drive.

  In step S407, the content code file [xxxx.x] read from the information recording medium is stored in the memory area used by the secure VM. svm].

  Next, in step S408, the content code file [xxxx. hash value based on the content code configuration data stored in [svm] is calculated, and the content code file [xxxx. The verification process of the content code file is executed by executing a collation process with the verification hash value stored in [svm]. If it is determined in step S409 that the content code file is not valid as a result of the verification, the use of the content code is stopped and the process is terminated.

  In step S409, if the verification confirms that the content code file is valid, the process proceeds to step S410, and the content code file [xxxx. svm] is executed.

  If it is determined in step S411 that the user operation has not ended reproduction or the title has ended, the process returns to step S405 to determine whether other content codes are used or loaded. In step S411, when the end of playback or the end of the title by a user operation occurs, the process ends.

  As described above, when using the content code, the information processing apparatus executes electronic signature verification or hash verification set in the content code file, confirms the validity of the content code file, and then processes the content code. Since it is configured to execute, illegal code execution is prevented.

  The content codes generated by each entity can be set as independent data files, and these content code files can be reused. In other words, there are cases where it can be commonly used for different contents and different players (devices or seisei applications). Such a content code reuse configuration will be described with reference to FIG.

In FIG. 23, for example, content code files 601 to 604 are content code files held by the respective content code production entities or providing entities,
Content and player common content code file [00000. svm] 601,
Content-specific content code file [00001. svm] 602,
Player-specific content code file [00002. svm] 603,
Content, player-specific content code file [00003. svm] 604,
These content code files are shown.

  These content code files 601 to 604 are given an electronic signature by each content code production entity or providing entity and stored in each entity.

  When producing an information recording medium in which new content is recorded, each entity can reuse these content code files 601 to 604 already used in other content recording information recording media.

  As described above with reference to FIG. 16, these are provided to the management center, and an electronic signature is set and stored in the information recording medium 610 in the management center. The content code recorded on the information recording medium 610 is given an electronic signature by the management center (KIC) and a unique ID set by the management center. The content code 620 recorded on the information recording medium 610 includes a conversion table 621 as shown in the figure. As a specific directory structure, as shown in a directory structure 630, a content code generated by each entity is individually set.

  As described above, the content code can be reused corresponding to various contents, and an information recording medium is appropriately combined with a content code that needs to be changed according to each content and a reusable content code. Will be recorded.

[8. Configuration of information processing apparatus]
Next, a hardware configuration example of an information processing apparatus that executes the above-described playback (player) application and secure VM processing will be described with reference to FIG. The information processing apparatus 800 includes an OS, a content reproduction or recording application program, a mutual authentication process, various processes associated with content reproduction, for example, a CPU 809 that executes data processing according to various programs including the above-described data conversion process, etc. ROM 808 as a storage area for parameters, memory 810, input / output I / F 802 for inputting / outputting digital signals, input / output I / F 804 for inputting / outputting analog signals, A / D, D / A converter 805, MPEG MPEG codec 803 that performs data encoding / decoding processing, TS / PS processing means 806 that executes TS (Transport Stream) / PS (Program Stream) processing, various authentication processing such as mutual authentication and decryption processing of encrypted content Cryptographic processing means 807 to execute, hard disk Which recording medium 812, the drive of the recording medium 812 has a drive 811 for performing input and output of data recording and reproducing signals, each block being connected to a bus 801.

  The information processing apparatus (host) 800 is connected to the drive by a connection bus such as ATAPI-BUS. A conversion table, content, and the like are input / output via the digital signal input / output I / F 802. The encryption process and the decryption process are executed by the encryption processing unit 807 by applying, for example, an AES algorithm.

  Note that a program for executing content reproduction or recording processing is stored in, for example, the ROM 808, and a memory 810 is used as a parameter, data storage, and work area as needed during execution of the program.

  The ROM 808 or the recording medium 812 stores, for example, a management center public key, a host-compatible secret key, a host-compatible public key certificate, and a drive CRL as a revocation list.

  For content playback or external output, apply a data conversion processing program obtained from an information recording medium to decrypt encrypted content, restore conversion tables, write conversion data based on conversion table storage data, etc. The processing according to each processing sequence of the processing example described in the above is executed.

[9. Information recording medium manufacturing apparatus and information recording medium]
Next, an information recording medium manufacturing apparatus and an information recording medium will be described. That is, an information recording medium manufacturing apparatus, method, and information recording medium applied in the above-described content reproduction process will be described.

  The information recording medium manufacturing apparatus is an apparatus that manufactures the information recording medium 100 that stores the recording data described above with reference to FIG. As shown in FIG. 25, the information recording medium manufacturing apparatus includes a content file generating unit 901 that generates a content file storing content data to be recorded on the information recording medium, and a content including a program or application information applied to the use of the content. Content code file generating means 902 for storing a code and further generating a content code file including tampering verification data, a content file generated by the content file generating means 901, and a content code file generated by the content code file generating means 902 Is recorded on the information recording medium.

  The content code file generation unit 902 converts the electronic signature based on the data including the content code included in the content code file or the data including the content code included in the content code file as the tampering verification data stored in the content code file. Generate a file containing the hash value based on it.

  The content code file generation unit 902 generates a plurality of content code files storing content codes classified into a plurality of different categories. For example, the four categories described above with reference to FIG. The recording unit 903 executes processing for recording the content code files of the plurality of different categories on the information recording medium.

  In addition, when generating a plurality of content code files storing content codes classified into a plurality of different categories, the content code file generating unit 902 generates a file in which an electronic signature is stored in all the files in the generated file. Alternatively, a process of generating only one file as a content code file including electronic signature data is executed. The file structure has been described above with reference to FIGS.

  Also, the electronic signature recorded in the file generated by the content code file generating means 902 is only the electronic signature of the management center (KIC), or the electronic signature of the management center and the production or provision entity of the content code included in each file. Includes an electronic signature.

  Such an information recording medium 910 generated by the information recording medium manufacturing apparatus records various data described with reference to FIG. 1 and others. Specifically, a content file storing at least content data, a content code including a program or application information applied to use of the content, and a content code file including tampering verification data are stored.

  The tampering verification data included in the content code file is an electronic signature or a hash value based on data including the content code included in the content code file. Further, as described above with reference to FIG. 15, the content code file is composed of a plurality of content code files storing content codes classified into a plurality of different categories.

  Further, the content code file recorded on the information recording medium is composed of a plurality of content code files storing content codes classified into a plurality of different categories, and has been described with reference to FIGS. As described above, only one file among a plurality of recording files is set as a content code file including electronic signature data, or all files include an electronic signature.

  Further, as described above with reference to FIGS. 19 and 20, the content code file may include an electronic signature of the production or provision entity of the content code included in each file.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the configuration of the embodiment of the present invention, the content code including the program or the application information applied to the use of the content when the reproduction process of the content recorded on the information recording medium is executed. In the stage before executing the data processing according to the acquired content code, the verification process of the electronic signature set in the content code file storing the content code is executed, and as a result of the verification, the content code file Since it is configured to execute data processing according to the content code on the condition that the validity is confirmed, execution of unauthorized content code is prevented, and unauthorized reproduction and use of content due to unauthorized use of content code are prevented. It becomes possible to do.

  Further, according to the configuration of one embodiment of the present invention, even when a plurality of content code files recorded on an information recording medium and used in an information processing apparatus are set, an electronic signature is set on at least one file. Since the content code can be used on condition that verification by the verification of the electronic signature is established, strict use control of the content code is realized.

It is a figure explaining the structure and process of the storage data of an information recording medium, a drive apparatus, and information processing apparatus. It is a figure explaining the example of a setting of the content management unit set with respect to the storage content of an information recording medium. It is a figure explaining a response | compatibility with the content management unit and unit key set with respect to the storage content of an information recording medium. It is a figure which shows the directory structure of the content, management data, etc. which are recorded on an information recording medium. It is a figure which shows the directory structure of the content code recorded on an information recording medium. It is a figure explaining the data recorded on the information recording medium, and the data conversion process required in content reproduction. It is a figure explaining the detail of the content stored in an information recording medium, and a conversion table. It is a figure which shows the data structure of the conversion entry contained in a conversion table. It is a figure explaining the data conversion process which applied the conversion entry in the TS packet which comprises a content. It is a figure explaining the data conversion process to which the conversion entry in a conversion table is applied. It is a figure explaining the processing sequence performed between a reproduction | regeneration (player) application and secure VM. It is a figure explaining the copy process of the conversion table performed in the title initialization process in the process sequence between a reproduction | regeneration (player) application and secure VM. It is a figure explaining the process example of a content reproduction process. It is a figure explaining the data conversion process performed in the case of content reproduction. It is a figure explaining the detail of the content code recorded on an information recording medium. It is a figure explaining the detail of the production | generation of a content code recorded on an information recording medium, and a recording process. It is a figure explaining the data structural example of the content code file recorded on an information recording medium. It is a figure explaining the data structural example of the content code file recorded on an information recording medium. It is a figure explaining the data structural example of the content code file recorded on an information recording medium. It is a figure explaining the data structural example of the content code file recorded on an information recording medium. It is a figure which shows the flowchart explaining the utilization sequence of the content code recorded on the information recording medium. It is a figure which shows the flowchart explaining the utilization sequence of the content code recorded on the information recording medium. It is a figure explaining the usage example of a content code. FIG. 25 is a diagram for describing an example hardware configuration of an information processing device. It is a block diagram explaining the structure of an information recording medium manufacturing apparatus.

Explanation of symbols

100 Information recording medium 101 Encrypted content 102 MKB
103 Title Key File 104 License Information 105 Content Code 106 Conversion Table 120 Drive 121 Data Processing Unit 122 Memory 140 Host 150 Playback (Player Application)
151 Data processing unit 152 Memory a
153 Decoding processing unit 154 Data conversion processing unit 155 Decoding processing unit 156 Memory b
160 Secure VM
210 Index 220 Movie object 230 Playlist 240 Clip 261, 262, 263 AV stream 271, 272 Content management unit (CPS unit)
281 Data portion 291 Recorded content 292 Content data 293 Broken data 295 Conversion entry 296 Playback content 297 Conversion data 298 Identifier setting conversion data 300 Encrypted content 301 Conversion entry 302 Content code 303 Conversion table 304 Conversion entry 307 TS packet 308, 309 TS packet 311 to 314 packet 315 XORed conversion entry 316 secret parameter 317 conversion entry 320 secure VM
330 Information recording medium 331 MKB
332 Title key file 333 Encrypted content 334 Conversion table 335 Data conversion processing program 340 Drive 345 Host 350 Playback (player) application 351 Device key 352 Track buffer 353 Plain text TS buffer 354 Event handler 355 Player information 356 Real-time event handler 360 Secure VM block 361 Secure VM
401 Track buffer storage data 402 Decoding result data 403 Broken data 404 Conversion data 405 Identifier setting conversion data 406 Conversion processed data 500 Content code 501 to 504 Content code configuration data 521 to 523 Content code file 530 Content code file 531 Header 532 Content code Block 533 Electronic signature 540 Content code file 541 Header 542 Content code block 550 Content code file 551 Header 552 Content code block 553 Electronic signature 554 Electronic signature 560 Content code file 561 Header 562 Content code block 601-604 Content code file 610 Information recording medium 621 Content code 622 Conversion table 801 Bus 802 Input / output I / F
803 MPEG codec 804 I / O I / F
805 A / D, D / A converter 806 TS / PS processing means 807 Cryptographic processing means 808 ROM
809 CPU
810 Memory 811 Drive 812 Recording medium 901 Content file generation means 902 Content code file generation means 903 Recording means 910 Information recording medium

Claims (31)

An information processing apparatus that executes a reproduction process of content recorded on an information recording medium,
A data processing unit for acquiring a content code including a program or application information applied to use of recorded content of an information recording medium and executing data processing according to the acquired content code;
The data processing unit
A digital signature verification process that enables falsification verification of the entire content code included in the content code file that stores the content code is executed, and on the condition that the validity of the content code file is confirmed as a result of the verification An information processing apparatus having a configuration for executing data processing according to a content code. The data processing unit
A signature verification process based on an electronic signature set in each file is executed for each content code file to be used selected from a plurality of content code files recorded on an information recording medium. Item 4. The information processing apparatus according to Item 1. The data processing unit
Among the content code files to be used selected from the plurality of content code files recorded on the information recording medium, the signature verification processing based on the electronic signature set in one content code file is executed, and the other used content code files The information processing apparatus according to claim 1, wherein verification processing different from electronic signature verification is executed. The data processing unit
The information processing apparatus according to claim 3, wherein the other use content code file is configured to execute a verification process based on a hash value. The data processing unit
The information processing apparatus according to claim 1, wherein the information processing apparatus is configured to execute data processing necessary for replacement processing of partial data of content to which a conversion table included in the content code is applied. The data processing unit
A parameter that is different for each segment set as a segment area of content recorded in an information recording medium, and that is configured to execute a process for calculating a parameter that is applied to restoration of a conversion entry included in the conversion table The information processing apparatus according to claim 5. An information recording medium manufacturing apparatus,
Content file generation means for generating a content file storing content data to be recorded on the information recording medium;
Content code file generating means for storing a content code including a program or application information to be applied to use of content, and further generating a content code file including falsification verification data;
A recording unit that records the content file generated in the content file generation unit and the content code file generated in the content code file generation unit in an information recording medium;
An apparatus for manufacturing an information recording medium, comprising:   8. The information recording medium manufacturing apparatus according to claim 7, wherein the tampering verification data is an electronic signature based on data including a content code included in the content code file.   8. The information recording medium manufacturing apparatus according to claim 7, wherein the tampering verification data is a hash value based on data including a content code included in the content code file. The content code file generation means includes:
It is a configuration for executing a process for generating a plurality of content code files storing content codes classified into a plurality of different categories,
The recording means includes
8. The information recording medium manufacturing apparatus according to claim 7, wherein the apparatus is configured to execute a process of recording a plurality of different category content code files generated by the content code file generation unit on the information recording medium. The content code file generation means includes:
The configuration is such that a plurality of content code files storing content codes classified into a plurality of different categories are generated, and only one of the generated files is generated as a content code file including electronic signature data. The information recording medium manufacturing apparatus according to claim 10. The content code file generation means includes:
A configuration for generating a plurality of content code files storing content codes classified into a plurality of different categories,
8. The information recording medium manufacturing apparatus according to claim 7, wherein a process for generating each content code file as a file including an electronic signature of a content code production or providing entity included in each file is executed. . An information recording medium,
A content file containing content data,
A content code file that contains a program or application information that is applied to the use of content, and further includes tamper verification data;
As a storage data.   14. The information recording medium according to claim 13, wherein the tampering verification data is an electronic signature based on data including a content code included in the content code file.   14. The information recording medium according to claim 13, wherein the tampering verification data is a hash value based on data including a content code included in the content code file. The content code file is:
14. The information recording medium according to claim 13, comprising a plurality of content code files storing content codes classified into a plurality of different categories.   The content code file includes a plurality of content code files storing content codes classified into a plurality of different categories, and only one of the files is a content code file including electronic signature data. The information recording medium according to claim 16.   The content code file is composed of a plurality of content code files storing content codes classified into a plurality of different categories, and each content code file includes an electronic signature of the production or provision entity of the content code included in each file The information recording medium according to claim 13, wherein the information recording medium is included. An information processing method for executing reproduction processing of content recorded on an information recording medium,
This is a verification step of an electronic signature set in a content code file storing a program applied to the use of recorded content of an information recording medium or a content code including application information, and falsification verification of the entire content code included in the content code file is performed. A verification processing step for executing the digital signature verification processing enabled;
A code execution step for executing data processing in accordance with the content code on the condition that the content code file is verified as a result of the verification;
An information processing method characterized by comprising: The verification processing step includes:
A step of executing signature verification processing based on an electronic signature set in each file for each content code file to be used selected from a plurality of content code files recorded on an information recording medium Item 20. The information processing method according to Item 19. The verification processing step includes:
Among the content code files to be used selected from the plurality of content code files recorded on the information recording medium, the signature verification processing based on the electronic signature set in one content code file is executed, and the other used content code files 20. The information processing method according to claim 19, wherein the step is a step of executing verification processing different from electronic signature verification. The verification processing step includes:
The information processing method according to claim 21, wherein the other content code file is a step of executing a verification process based on a hash value. The code execution step includes:
The information processing method according to claim 19, wherein the information processing method is a step of executing data processing required for replacement processing of partial data of content to which a conversion table included in the content code is applied. The code execution step includes:
It is a step of executing a process of calculating a parameter that is different for each segment set as a segment area of the content recorded on the information recording medium and applied to the restoration of the conversion entry included in the conversion table. The information processing method according to claim 23. An information recording medium manufacturing method,
A content file generation step for generating a content file storing content data to be recorded on the information recording medium;
A content code file generating step for storing a content code including a program or application information to be applied to use of the content, and further generating a content code file including falsification verification data;
A recording step of recording the content file generated in the content file generation step and the content code file generated in the content code file generation step on an information recording medium;
An information recording medium manufacturing method comprising:   26. The information recording medium manufacturing method according to claim 25, wherein the falsification verification data is an electronic signature based on data including a content code included in the content code file.   26. The information recording medium manufacturing method according to claim 25, wherein the falsification verification data is a hash value based on data including a content code included in the content code file. The content code file generation step includes:
A step of generating a plurality of content code files storing content codes classified into a plurality of different categories,
The recording step includes
26. The information recording medium manufacturing method according to claim 25, wherein the information recording medium manufacturing method is a step of executing a process of recording a plurality of different category content code files generated in the content code file generation step on the information recording medium. The content code file generation step includes:
Generating a plurality of content code files storing content codes classified into a plurality of different categories, and executing a process of generating only one of the generated files as a content code file including electronic signature data An information recording medium manufacturing method according to claim 28. The content code file generation step includes:
A step of generating a plurality of content code files storing content codes classified into a plurality of different categories;
26. The method of manufacturing an information recording medium according to claim 25, wherein the content code file is a step of executing a process of generating each content code file as a file including an electronic signature of a content code production or providing entity included in each file. . A computer program that causes an information processing apparatus to execute reproduction processing of content recorded on an information recording medium,
This is a verification step of an electronic signature set in a content code file storing a program applied to the use of recorded content of an information recording medium or a content code including application information, and falsification verification of the entire content code included in the content code file is performed. A verification processing step for executing the digital signature verification processing enabled;
A code execution step for executing data processing in accordance with the content code on the condition that the content code file is verified as a result of the verification;
A computer program characterized by comprising:

Images