JP2007172653A - Information reproduction device and secure module - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance the security of an information reproduction device having an open architecture. <P>SOLUTION: A secure module 11 is configured to inhibit internally stored information from being referred externally. A memory 10 can be externally referred. A decryption means 10a is mounted on the memory 10 to decrypt information with a predetermined key. A key supply means 11a is mounted on the secure module 11 to supply the key to the decryption means 10a. A verification means 11c is mounted on the secure module 11 to supply predetermined information to the decryption means 10a and refer to resultantly returned information for verifying the decryption means 10a. A key supply stop means 11b is mounted on the secure module 11 to stop the key supply by the key supply means 11a if the verification of the verification means 11c fails. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information reproducing apparatus and a secure module, and more particularly to an information reproducing apparatus that reproduces information transmitted by a transmission medium or information stored in a recording medium, and information stored in the information medium or recording medium transmitted by the transmission medium. The present invention relates to a secure module that is detachably mounted on an information reproducing apparatus that reproduces information that is being reproduced, and that performs processing related to security when information is reproduced.

  In recent years, broadband Internet and digital broadcasting are becoming widespread, and rights protection techniques for ensuring the security of distributed content (mainly digital AV content) are being highlighted. Among these, personal computers (PCs) are open architectures, and basically anyone can take a peek, so it is difficult to realize safety.

  On the other hand, personal computers are the main gateway of broadband Internet. If security can be guaranteed there, digital AV contents can be distributed over the entire Internet.

  Conventionally, rights protection on software of personal computers has been mainly performed by concealing algorithms that ensure safety and obfuscation that makes it difficult to analyze the algorithms. However, once the software on the personal computer is mounted on the main memory, it is easy to copy, and the rights protection algorithm can be analyzed by analyzing the copied result over time. It is considered to be a rights protection system that is very worried about safety, and it is difficult to adopt it considering the damage caused by analysis once by a highly public system such as broadcasting.

  FIG. 10 is a diagram illustrating a configuration example of a conventional system using a personal computer. As shown in this figure, the conventional system includes a personal computer 50, a network 51, a speaker 52, a display device 53, and an input device 54.

  The personal computer 50 includes a CPU (Central Processing Unit) 50a, a ROM (Read Only Memory) 50b, a RAM (Random Access Memory) 50c, an HDD (Hard Disk Drive) 50d, an MB (Multimedia Board) 50f, and an I / F (Interface). 50g, 50h, and the bus 50i, the information downloaded via the network 51 is decoded and output to the speaker 52 and the display device 53.

Here, the CPU 50a executes various arithmetic processes according to a program stored in the HDD 50d and controls each part of the apparatus.
The ROM 50b stores basic programs and data executed by the CPU 50a.

The RAM 50c temporarily stores programs and data to be executed when the CPU 50a executes various arithmetic processes.
The HDD 50d stores programs executed by the CPU 50a, data, and the like.

  The MB 50f decodes the encoded audio data and image data supplied from the CPU 50a, generates the original audio signal and image signal, and outputs them to the speaker 52 and the display device 53.

The I / F 50g is an interface for transmitting and receiving information via the network 51, and executes protocol conversion and data format conversion.
The I / F 50 h converts the data supplied from the input device 54 into data in the internal format of the personal computer 50.

  The bus 50i connects the CPU 50a, the ROM 50b, the RAM 50c, the HDD 50d, the MB 50f, and the I / Fs 50g and 50h to each other, and enables information exchange between them.

The network 51 is constituted by the Internet, for example, and transmits / receives information to / from a server connected on the network.
The speaker 52 converts the audio signal supplied from the MB 50f into a corresponding audio and outputs it.

The display device 53 includes, for example, a CRT (Cathode Ray Tube) monitor or a liquid crystal monitor, and displays the image signal supplied from the MB 50f as an image.
The input device 54 is configured by, for example, a mouse or a keyboard, and generates and outputs information corresponding to a user operation.

FIG. 11 is a diagram showing a flow of information in the personal computer 50 shown in FIG.
As shown in this figure, the HDD 50d stores basic software, a decryption key group, and encrypted content. Here, the basic software is software for performing processing for decrypting the encrypted content, and is obfuscated in order to prevent it from being decrypted by a malicious user. Here, obfuscation means that the following processing is performed.

Before obfuscation X = X + Y
After obfuscation X = X * 2 + 1 + Y * 2-1
X = X ÷ 2
That is, the calculation result is the same before and after obfuscation, but it is difficult to analyze the algorithm after obfuscation.

  The decryption key group is a plurality of keys for decrypting the cipher applied to the encrypted content, and is secretly scrambled to prevent it from being easily obtained by a malicious user. Is stored in a location.

Encrypted content is content that has undergone encryption processing, and is composed of, for example, images, sound, computer data, and the like.
When the reproduction of the encrypted content is started, the following processing is executed.

(1) The obfuscated basic software is read from the HDD 50d and mounted on the RAM 50c.
(2) After that, the read basic software is stored in a secret place as necessary, and a secret-scrambled decryption key is read from the HDD 50d. For example, the decryption key is divided into 3 to 5 locations and stored in a secret storage location, and further processed so that a target key cannot be obtained unless a secret calculation or the like is performed.

(3) The encrypted content is read and the cipher is decrypted with the decryption key.
(4) Subsequently, when the decrypted content is compressed, decompression processing (MPEG decompression processing for video content, MPEG audio decompression processing for audio content, etc.) is executed and obtained. After the data is stored in the image buffer and the audio buffer on the RAM 50c, the data is output to the MB 50f.

  (5) The MB 50f performs a D / A conversion process on the supplied audio data, executes a drawing process according to the image data, outputs the obtained audio signal to the speaker 52, and outputs the image signal to the display device 53. Output.

  However, in such a process, since the basic software is mounted on the RAM 50c of the personal computer 50, there is a risk of being decrypted or copied by a malicious user. Even if all the basic software and other data stored in the HDD 50d are encrypted, if the software for decrypting the encryption exists somewhere in the personal computer 50, the software is analyzed to identify the key storage location. If this is done, the basic software is analyzed and the right protection algorithm is revealed.

  In a highly public network such as broadcasting, it is desirable to have a processing method in which content cannot be easily deciphered even if the algorithm is known. In current digital television receivers mainly hardware, encryption such as MULTI2 and DES (Data Encryption Standard) is performed. These algorithms are known, but unless the “decryption key” is known, the content cannot be decrypted.

  However, the “decryption key” is built in the hardware and cannot be read out on the software. Furthermore, since the decryption circuit and the content processing circuit (MPEG video decompression and MPEG audio decompression) are also configured by hardware, it is extremely difficult to look into the processing contents. For this reason, hardware-based digital broadcast receivers are considered safe, and such systems are actually being commercialized. Japanese Perfect TV (trademark) and US DirecTV (trademark) are good examples of such receivers.

  On the other hand, in the software processing, the “decryption key”, “decryption circuit”, and “content processing circuit (MPEG video decompression or MPEG audio decompression)” are software. However, since it is mounted on the RAM 50c on the personal computer 50 which can be easily read, there is a problem that analysis and peeping are easily performed.

  The present invention has been made in view of such circumstances, and information reproduction that enables safe software processing by adding minimum hardware to a device having an open architecture such as a personal computer. An object is to provide an apparatus and such a secure module.

  In the present invention, in order to solve the above problems, in an information reproducing apparatus for reproducing information transmitted by a transmission medium or information stored in a recording medium, the information stored in the information reproducing apparatus can be referred to from the outside. A secure module having an incapable structure, a memory that can be referred to from the outside, and the information reproducing apparatus that is transferred from the secure module and mounted on the memory when the information reproducing apparatus is activated and applied to the information An encryption process canceling means for canceling the encryption process using a predetermined key; a key supply means mounted on the secure module for supplying the key to the encryption process canceling means; and on the secure module And the predetermined information is supplied to the encryption processing release means, and the information returned as a result is referred to, and the encryption The validity verification means for verifying the validity of the processing cancellation means, and mounted on the secure module, and if the validity is not recognized by the validity verification means, the key supply means stops the key supply And an information reproducing apparatus characterized by comprising a key supply stopping means.

  Here, the secure module has a structure in which information stored inside cannot be referred to from the outside. The memory has a structure that can be referred to from the outside. The encryption processing release means is transferred from the secure module onto the memory and mounted with the activation of the information reproducing apparatus, and releases the encryption processing applied to the information using a predetermined key. The key supply unit is mounted on the secure module and supplies a key to the encryption processing release unit. The validity verification unit is mounted on the secure module, supplies predetermined information to the encryption processing cancellation unit, refers to information returned as a result, and verifies the validity of the encryption processing cancellation unit . The key supply stop unit is mounted on the secure module, and stops the key supply by the key supply unit when the validity verification unit does not recognize the validity.

  In order to solve the above problems, the present invention is detachably mounted in an information reproducing apparatus that reproduces information transmitted by a transmission medium or information stored in a recording medium, and security when reproducing information. In the secure module that executes processing related to, the information reproducing device is mounted by being transferred from the secure module onto the memory in association with the memory that can be referred to from the outside and the activation of the information reproducing device, Encryption processing cancellation means for canceling the encryption processing applied to the information using a predetermined key, and the secure module is mounted on the secure module, and the encryption processing cancellation means And a key supply means for supplying the key to the encryption module and the encryption processing release means. It is mounted on the secure module and legitimacy verification means that verifies the legitimacy of the encryption processing cancellation means by referring to the information that is returned as a result, and is legitimate by the legitimacy verification means If it is not recognized, there is provided a secure module comprising key supply stop means for stopping key supply by the key supply means.

  Here, in the information reproducing apparatus, the memory has a configuration that can be referred to from the outside. The encryption processing release means is installed by being transferred from the secure module onto the memory and mounted with the activation of the information reproducing apparatus, and releases the encryption processing applied to the information using a predetermined key. On the other hand, in the secure module, the key supply means is mounted on the secure module and supplies the key to the encryption processing release means. The validity verification unit is mounted on the secure module, supplies predetermined information to the encryption processing cancellation unit, refers to information returned as a result, and verifies the validity of the encryption processing cancellation unit . The key supply stop unit is mounted on the secure module, and stops the key supply by the key supply unit when it is not recognized as valid by the validity verification unit.

  In the present invention, since the descrambling means is transferred from the secure module and mounted on the memory when the information reproducing apparatus is activated, the descrambling means is not resident on the memory, A secure information reproducing apparatus can be realized.

  In addition, according to the present invention, it is possible to provide a security module that can enhance the safety of the system while having a minimum configuration when mounted on an information reproducing apparatus.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a principle diagram illustrating the operating principle of the present invention. As shown in this figure, the information reproducing apparatus of the present invention includes a memory 10, a secure module 11, an HDD 12, and an MB 13.

Here, the memory 10 is constituted by, for example, a RAM, and is mounted with an encryption processing releasing unit 10a realized by software.
The secure module 11 is configured by a PC card, for example. Since the secure module 11 has a TRM (Tamper Resistant Module) structure, it is possible to prevent peeping from the outside and prevent internal data from being tampered with.

The secure module 11 includes a key supply unit 11a, a key supply stop unit 11b, and a validity verification unit 11c.
Here, the key supply unit 11a supplies a key for releasing the encryption to the encryption process release unit 10a.

The validity verification unit 11c supplies predetermined information to the encryption processing cancellation unit 10a, refers to information returned as a result, and verifies the validity of the encryption processing cancellation unit 10a.
When the validity verification means 11c does not recognize that the encryption processing release means 10a is valid, the key supply by the key supply means 11a is stopped.

  The MB 13 acquires the content that has been decrypted by the encryption processing canceling means 10 a mounted on the memory 10, converts it into an audio signal and an image signal, and supplies them to the speaker and the display device.

Next, the operation of the above principle diagram will be described.
The secure module 11 is a detachable module. For example, the secure module 11 can be attached to the information reproducing apparatus main body in a state where the key supply unit 11a, the key supply stop unit 11b, and the validity verification unit 11c are mounted.

  The encryption processing release means 10a mounted in the memory 10 is stored in advance in the secure module 11, and is transferred to the memory 10 at the time of startup, or stored in an encrypted state in the HDD 12, The data is transferred to the memory 10 at the time of activation, and the encryption process is canceled using the key stored in the secure module 11 there.

  When reproduction is started in such a state, first, the validity verification unit 11c supplies secret information to the encryption processing release unit 10a. The encryption process releasing means 10a obtains predetermined information by acquiring secret information and applying predetermined processing to the secret information. Then, the obtained information is supplied to the validity verification means 11c.

  The validity verification unit 11c refers to the information returned from the encryption processing cancellation unit 10a and verifies the validity of the encryption processing cancellation unit 10a. As a result, if the encryption processing release means 10a is recognized as valid, a key for releasing the encryption is supplied from the key supply means 11a to the encryption processing release means 10a.

On the other hand, if the encryption processing release unit 10a is not recognized as valid, the key supply stop unit 11b stops the key supply from the key supply unit 11a to the encryption process release unit 10a.
When the validity of the encryption processing cancellation unit 10a is confirmed, the encryption processing cancellation unit 10a encrypts the encrypted content 12a read from the HDD 12 using the key supplied from the key supply unit 11a. Release and supply to MB13.

  The MB 13 converts the audio data and image data included in the decrypted content supplied from the encryption processing cancellation unit 10a into an audio signal and an image signal, respectively, and a speaker (not shown) and a display device To supply.

  Even after the reproduction process is started, the validity verification unit 11c of the secure module 11 supplies secret information to the encryption process release unit 10a at a predetermined cycle, and verifies the information as a response thereto. The encryption processing release means 10a is prevented from being illegally copied or tampered with.

  As described above, in the information reproducing apparatus of the present invention, the secure module 11 that cannot be seen from the outside is provided, and the validity of the encryption processing release means 10a installed in the memory 10 is verified from this point. However, since the key is supplied when the validity is confirmed, security can be improved by adding a minimum amount of hardware even in a personal computer adopting an open architecture. It becomes possible.

  Further, since the validity verification means 11c periodically verifies the validity of the encryption processing cancellation means 10a, the encryption processing cancellation means 10a installed in the memory 10 is illegally analyzed and impersonated. It becomes possible to prevent the occurrence of tampering.

Next, an embodiment of the present invention will be described.
FIG. 2 is a diagram showing a configuration example of the embodiment of the present invention. As shown in this figure, the system including the information reproducing apparatus of the present invention is constituted by a personal computer (information reproducing apparatus) 50, a network 51, a speaker 52, a display device 53, and an input device 54.

  The personal computer 50 includes a CPU 50a, ROM 50b, RAM 50c, HDD 50d, secure module 50e, MB 50f, I / F (Interface) 50g, 50h, and a bus 50i. 52 and the display device 53.

Here, the CPU 50a executes various arithmetic processes according to a program stored in the HDD 50d and controls each part of the apparatus.
The ROM 50b stores basic programs and data executed by the CPU 50a.

The RAM 50c temporarily stores programs and data to be executed when the CPU 50a executes various arithmetic processes.
The HDD 50d stores programs executed by the CPU 50a, data, and the like.

  The secure module 50e is configured by, for example, PC-CARD and stores information for confirming the validity of the user. Note that since the secure module 50e has a TRM structure, it is possible to prevent peeping from the outside and prevent falsification of internal data.

  The MB 50f decodes the encoded audio data and image data supplied from the CPU 50a, generates the original audio signal and image signal, and outputs them to the speaker 52 and the display device 53.

The I / F 50g is an interface for transmitting and receiving information via the network 51, and executes protocol conversion and data format conversion.
The I / F 50 h converts the data supplied from the input device 54 into data in the internal format of the personal computer 50.

  The bus 50i connects the CPU 50a, the ROM 50b, the RAM 50c, the HDD 50d, the secure module 50e, the MB 50f, and the I / Fs 50g and 50h to each other, and enables data exchange between them.

The network 51 is constituted by the Internet, for example, and transmits / receives information to / from a content server connected on the network.
The speaker 52 converts the audio signal supplied from the MB 50f into a corresponding audio and outputs it.

The display device 53 includes, for example, a CRT monitor or a liquid crystal monitor, and displays the image signal supplied from the MB 50f as an image.
The input device 54 is configured by, for example, a mouse or a keyboard, and generates and outputs information corresponding to a user operation.

FIG. 3 is a diagram showing a flow of information in the embodiment shown in FIG.
As shown in this figure, the HDD 50d stores an encryption / decryption key group, an encryption software group, an encryption protocol group, and encrypted content.

Here, the encryption / decryption key group is a set of keys for releasing encryption of the encrypted content.
The encryption software group is a set of basic software for releasing encryption.

The encryption protocol group is a set of protocols inserted into the basic software for decrypting the cipher and for verifying the validity of the basic software.
Encrypted content is encrypted content, and is composed of encrypted audio data and image data, for example.

On the other hand, the secure module 50e includes a master key group, transmission / reply reception software, and other software.
Here, the master key group is a set of encrypted keys for decrypting the encrypted content.

The transmission / reply reception software exchanges information with the transmission reception / reply software installed on the RAM 50c, and verifies its validity.
The other software includes, for example, software for changing the initial value of the protocol, encryption / decryption key decryption software for decrypting the encryption encryption key, arbitrary encryption software, and arbitrary encryption protocol decryption Encryption protocol decryption software, optional protocol embedded software for incorporating arbitrary protocols, software download software for downloading software, encrypted content decryption software for decrypting encrypted content, and re-encrypting content Content re-encryption software, content decryption key transmission software for transmitting content decryption key, and re-encrypted content transmission software for transmitting re-encrypted content Yes.

  The RAM 50c stores secure software, and the secure software includes basic software. Basic software includes transmission / reception / reply software, memory area changing software, content decryption key reception software, re-encrypted content decryption software, content processing software, and decoded image content output software.

Here, the transmission reception / reply software receives the transmission from the secure module 50e and returns an appropriate response.
The memory area changing software receives the transmission from the secure module 50e and uses the data necessary for concealment (decryption key, decrypted MPEG video / audio content, MPEG video / audio decompressed information storage area, etc.) Change the area.

The content decryption key receiving software receives a key for decrypting the content.
The re-encrypted content decryption software receives a key for decrypting the content re-encrypted in the secure module 50e.

The content processing software is composed of MPEG video expansion software, MPEG audio expansion software, and the like.
The decoded image content output software outputs the image content obtained by the content processing software to the MB 50f.

In MB50f, D / A conversion processing or the like is performed on audio information, and drawing processing or the like is performed on image information.
Next, the outline of the operation of the embodiment of the present invention will be described below.

  In the present embodiment, the basic mechanism for protecting the right is as follows. That is, the secure software is loaded into the RAM 50c every time from the secure module 50e. The loaded secure software has a protocol for transmitting / receiving a secret number for confirming the safety of the secure software, and the safety is confirmed by communicating in real time.

At that time, the following measures are taken to prevent copying the secure software and analyzing the secret number for safety confirmation.
(1) A timer is provided in the secure module 50e, and if the transmission / reception interval is too long, it is assumed that there is a possibility of secure software tampering, and measures such as stopping the provision of the decryption key from the secure module 50e are taken.

  (2) Also, in order to prevent copying of the secure software and impersonation, if the same secret number is returned twice, take measures such as stopping the provision of the decryption key from the secure module 50e. Take.

  (3) Further, the secure software itself is replaced every time, for example, at intervals of about one hour. For this purpose, a plurality (in fact, innumerable) of secure software is prepared in the secure module 50e or the HDD 50d, and different secure software is loaded each time. The functions of the secure software are the same, but the protocol for confirming safety and the secret number are changed every time. With such a configuration, even if the secure software is analyzed once, for example, the contents of the secure software are different every time, so that the analysis becomes substantially impossible. Basically, it is considered impossible to analyze the secure software in one hour and tamper with the calculation result so that it is output to a file. Therefore, sufficient safety can be ensured.

  The contents of the secure software can be changed relatively easily by changing only the transmission and reception protocols, for example. Further, the change can be easily realized only by changing the initial variable in the protocol.

For example, by using a program for generating a secret number as described below, it is possible to realize a transmission / reception function for safety confirmation.
X = X + Y * Z * X
Here, X is a secret number, and Y and Z are initial variables for generating a secret number. An infinite number of safety confirmation protocols can be generated by arbitrarily changing the values of X, Y, and Z. Assuming X = 1, Y = 3, and Z = 5, X changes as follows.

X = 1, 16, 16 + 16 × 15,...
Of course, the above is only an example, and in such a simple method, even if the initial value is changed, the contents may be analyzed via the PCI bus to which the RAM 50c is connected. Another formula may be superimposed on the above formula. Also, if processing such as forcibly converting to another value when X reaches a certain value from a special list, safety can be maintained even if the basic expression leaks.

Furthermore, even if this equation is found by analyzing the software, for example, if the secure software itself is changed every hour, the analysis becomes very difficult.
Next, the specific operation of the above embodiment will be described. The operation of this system is as follows.

(1) When viewing predetermined content, the user turns on the power, operates the input device 54, and clicks a predetermined icon displayed on the display device 53.
(2) Then, the secure module 50e is activated, and one is randomly read from a plurality of encryption basic software in the HDD 50d.

(3) Next, the basic encryption software is decrypted with the decryption key and decryption software in the secure module 50e.
(4) Next, one or more appropriate ones are randomly read from the plurality of encryption protocols, and decrypted by the decryption key and decryption software in the secure module 50e.

(5) Insert one or more protocols after decryption into the basic software after decryption to create secure software.
(6) Initializing each initial value of one or more protocols.

  (7) Load (download) the initialized secure software into the RAM 50c, and start the secure software. When the secure software is loaded and activated, the secure module 50e refers to the timer in the secure module 50e, and the secret number is secured without taking too much time (to prevent impersonation of the secure software). Confirm that it is transmitted from the software according to the communication protocol.

(8) The secure module 50e transmits a return secret number.
(9) The secure module 50e waits for a secret number to be returned.
(10) The secure module 50e refers to the built-in timer, and if it takes more than a certain amount of time to return the secret number, the secure software is considered to have been tampered with and an error signal is passed to the secure software. Stop. Further, even when the same secret number is continuously returned, the secure software may be regarded as falsified, and an error signal may be passed to the secure software to stop the operation.

(11) On the other hand, when there is a normal reply within a certain time, the secure module 50e considers that the operation of the secure software is normal.
(12) The secure module 50e reads the encrypted content from the HDD 50d and decrypts it using the decryption key.

(13) The secure module 50e re-encrypts the decrypted content.
(14) The secure module 50e transmits the re-encrypted content to secure software.

(15) The secure module 50e further confirms the safety of the secure software with another protocol, and then transmits the re-encrypted content decryption key to the secure software.
(16) The secure module 50e repeats the processes (8) to (16) until the reproduction of the content ends or an instruction to end is given from the user.

On the other hand, the secure software executes the following processing.
(1) The secure software receives a re-encrypted content and a key for decrypting the re-encrypted content from the secure module 50e through transmission and reception of a secret number.

(2) The secure software decrypts the content using the received re-encrypted content decryption key.
(3) The secure software stores the result of the decryption after performing a simple scramble such as an exclusive OR operation on the secret memory area determined by the transmission / reception of the secret number or the like. Note that the memory area of the storage destination is constantly changed to prevent information leakage. Further, if the register used by the secure software is changed each time, it is possible to prevent the internal operation from being analyzed through the register. Furthermore, when transmitting and receiving a secret number, by setting an interrupt prohibition flag, interrupts of other software can be prohibited and internal operations can be prevented from being analyzed by the interrupt. In addition to the “transmission / reception of secret numbers”, the interrupt prohibition flag can be used in this way at any place where analysis is required to be difficult.

  (4) If the stored decrypted content is MPEG-compressed image data, the secure software performs MPEG video expansion processing as follows. If it is MPEG compressed audio data, MPEG audio expansion processing is performed. If the content is another content such as data broadcasting or caption information, it is transferred to another processing routine corresponding to the content.

  (5) When the processed content is, for example, MPEG image data, the secure software stores the processing result in a buffer area on the RAM 50c. If stored in a fixed area on the RAM 50c, there is a possibility of peeping, so the storage address is stored in a constantly changing address set by communication with the secure module 50e. In addition to changing the storage address, for example, it is also possible to adopt a scramble method that changes constantly, which is set by communication with the secure module 50e at the time of storage.

  (6) The stored MPEG video decoding result is transferred to the MB 50f via the AGP bus or the like by DMA (Dynamic Memory Access) transfer or the like, A / D conversion processing is performed in the MB 50f and converted into a format that can be reproduced on a monitor or the like. Displayed. In the case of audio data, basically, the same processing is performed and transferred to the speaker for reproduction.

  According to the above embodiment, since the validity of the basic software mounted on the RAM 50c is verified by the secure module 50e having the TRM configuration, the safety of the system having the open architecture is improved. Is possible.

In addition, since the protocol for verifying the validity is changed at a predetermined period, it is possible to ensure safety even when the basic software is looked into.
Next, a second embodiment of the present invention will be described.

  FIG. 4 is a diagram illustrating a configuration example of the second embodiment of the present invention. As shown in this figure, the second embodiment of the present invention is characterized in that the information stored in the HDD 50d is reduced and the right protection information is stored in the memory area of the secure module 50e instead.

In this example, only the encrypted digital AV content or the like is stored in the HDD 50d.
On the other hand, the secure module 50e includes (1) a master key group that is a set of encrypted keys for decrypting encrypted content, (2) software for changing an initial value of a calculation formula for secret numbers in each protocol, ( 3) Software group, (4) Protocol group, (5) Software that embeds arbitrary protocol in secure software, (6) Software that downloads arbitrary protocol embedded circuit secure software to RAM 50c, (7) Transmission / reception reception to secure software In addition, there is software for confirming the safety of secure software, and (8) software for transmitting a content decryption key. In addition, a timer (not shown) is provided, and the reception period after transmission is measured. When a predetermined period or more has passed, transmission of the content decryption key to the secure software is stopped.

  The RAM 50c stores secure software, and the secure software includes basic software. The basic software includes the following software. That is, the basic software includes (1) software for receiving basic software, (2) transmission / reception / reply software, (3) memory area changing software for changing the memory area, and (4) content decryption key. Content decryption key reception software for receiving (5), encrypted content decryption software for decrypting encrypted content, (6) content processing software, and (7) decoded image content output software.

  The secure module 50e, the HDD 50d, and the RAM 50c are connected to each other via a general-purpose PCI bus to exchange information. The RAM 50c and the MB 50f are connected to each other via a local bus such as an AGP bus (unlike a general-purpose bus). .

Next, the operation of the above embodiment will be described.
The operation of this system is as follows.
(1) When the user wants to view the digital broadcast on the PC screen, the user clicks the digital broadcast reception icon displayed on the display device 53 after turning on the power.

(2) The secure module 50e is activated, and one is randomly read from a plurality of basic software in the module.
(3) Next, the secure module 50e randomly reads one or more appropriate ones from a plurality of protocols, inserts one or more protocols into the basic software, and creates secure software.

(4) The secure module 50e initializes initial values on one or more protocols.
(5) The secure module 50e loads (downloads) the initialized secure software into the RAM 50c, and activates the secure software.

  (6) When the secure software is loaded and activated, the secure module 50e refers to a timer in the secure module, and when a predetermined time (a short time to prevent impersonation of the secure software) elapses, the secret number is Confirm that it is transmitted from the secure software according to the communication protocol.

(7) The secure module 50e generates and transmits a return secret number.
(8) The secure module 50e waits for a secret number to be returned.
(9) The secure module 50e refers to the timer, and if it takes more than a certain time to return the secret number, the secure module 50e considers that the secure software may have been tampered with and sends an error signal to the secure software Stop operation.

  (11) On the other hand, when a normal reply is returned within a certain time, the secure module 50e considers that the operation of the secure software is normal, and further confirms the security of the secure software with another protocol, and then encrypts Send the content decryption key to secure software.

(12) Thereafter, the secure module 50e repeats the processes (8) to (12).
On the other hand, the secure software on the RAM 50c executes the following processing.

(1) Receive encrypted content from the HDD 50d through transmission and reception of a secret number with the secure module.
(2) The secure software receives a key for decrypting the encrypted content from the secure module 50e.

(3) The secure software decrypts the received content using the received key.
(4) The secure software scrambles the result of decryption with, for example, exclusive OR, and stores the result in a secret memory address determined by transmission / reception of a secret number or the like. Note that it is desirable that the memory address of the storage destination is not fixed, but is changed every time it is stored.

  (5) In the secure software, the decrypted content is subjected to MPEG image expansion processing as follows if it is MPEG-compressed image data. For MPEG compressed audio data, MPEG audio expansion processing is performed. In addition, other contents such as data broadcasting and caption information are transferred to another processing routine corresponding to the contents.

  (6) The secure software transfers the processed content to the buffer area of the RAM 50c, for example, in the case of MPEG image data. In addition, since there is a possibility of peeping when stored in a fixed address in the RAM 50c, the storage address is stored in an address (address that always changes) set when transmitting / receiving with the secure module 50e. The content may be scrambled based on a method set in communication with the secure module at the time of storage.

  (7) The secure software transfers the stored MPEG image data to the MB 50 f via the AGP bus or the like by DMA transfer or the like, performs A / D conversion by the MB 50 f, and converts it into a format that can be reproduced by the display device 53.

(9) The secure software also decodes the audio data by the same processing as that of the above-described image data, transfers it to the speaker 52, and reproduces it.
As described above, in the second embodiment of the present invention, information such as a master key is also stored in the secure module 50e, so that it is compared with the first embodiment stored in the HDD 50d. Security can be further improved.

Next, a third embodiment of the present invention will be described.
FIG. 5 is a diagram illustrating a configuration example of the third embodiment of the present invention. As shown in this figure, in the third embodiment of the present invention, compared to the embodiment shown in FIG. 3, scramble processing software is added to the RAM 50c, and descrambling software is added to the MB 50f. Has been. Other configurations are the same as those in FIG.

Here, the scramble processing software performs a predetermined scramble process on the content subjected to the MPEG decoding process or the like.
On the other hand, the descrambling processing software performs descrambling processing on the content scrambled in the RAM 50c, and reproduces the original information.

Next, the operation of the above embodiment will be briefly described.
In the HDD 50d and the secure module 50e, after the key is transmitted and received by the same processing as described above, the basic software is downloaded onto the RAM 50c and mounted therein.

  The RAM 50c receives the encrypted content via the secure module 50e by the downloaded basic software and releases the encryption. Then, the scramble processing software performs a predetermined scramble process on the decrypted content and transmits it to the MB 50f.

  The MB 50f receives the scrambled content transmitted from the RAM 50c, and the corresponding descrambling software performs descrambling processing to reproduce the original content data.

  If the obtained content data is an audio signal, it is converted to an analog signal by D / A conversion processing and output to the speaker 52. If the obtained content data is image data, the image is rendered by the rendering process, converted into a video signal, and output to the display device 53.

According to the embodiment as described above, it is possible to prevent an act of illegally extracting content data supplied from the RAM 50c to the MB 50f.
Next, a fourth embodiment of the present invention will be described.

  FIG. 6 is a diagram illustrating a configuration example of the fourth exemplary embodiment of the present invention. In the embodiment shown in this figure, compared with the case shown in FIG. 5, communication protocol transmission software is added to the secure module 50e, and communication protocol reception software is added to the MB 50f. The rest is the same as in FIG.

  The communication protocol transmission software stored in the RAM 50c transmits a scramble method for content data and information (communication protocol information) indicating the output order of the content data to the MB 50f.

The communication protocol reception software stored in the MB 50f receives the communication protocol information sent from the communication protocol transmission software and supplies it to the corresponding part inside the apparatus.
Next, the operation of the above embodiment will be briefly described.

When the reproduction of the content data is started, the communication protocol transmission software of the secure module 50e transmits communication protocol information to the MB 50f.
The MB 50f that has received the communication protocol information extracts the descrambling software included in this information and information indicating the output order of the contents. Then, the order of the content data is rearranged according to the extracted information, and descrambling processing is performed.

  By the way, the communication protocol information is transmitted at a predetermined time interval, for example, and the descrambling method and the output order are changed each time transmission is performed. Therefore, even when the malicious user analyzes the scramble processing software existing on the RAM 50c, since different scramble processing is performed at the next timing, unauthorized use can be prevented.

Next, a configuration example of the fifth embodiment of the present invention will be described.
FIG. 7 is a diagram showing a configuration example of the fifth embodiment of the present invention. As shown in this figure, the fifth embodiment of the present invention is a configuration example of a digital broadcast receiver.

  Here, the digital broadcast receiver 70 shown in FIG. 7 includes a digital tuner 70a, a MULTI2 decryption unit 70b, a B-CAS (BS Conditional Access Systems) card 70c, a license generation unit 70d, a re-encryption processing unit 70e, an HDD 70f, An MPEG decoder 70g, an encryption / decryption unit 70h, a graphic processing unit 70i, a reproduction license unit 70j, an analog copyright protection unit 70k, and a digital copyright protection unit 70l are configured. A parabolic antenna 71 is connected to the outside.

Here, the digital tuner 70a converts the radio wave from the satellite captured by the parabolic antenna 71 into an electrical signal (digital signal) and outputs it.
The MULTI2 encryption decrypting unit 70b decrypts the MULTI2 encryption applied to the digital signal output from the digital tuner 70a, decrypts it to the original data, and outputs it.

The B-CAS card 70c is a plastic card with a built-in IC chip, and stores information for guaranteeing the legitimacy of the user.
The license generation unit 70d generates license information necessary for re-encryption and supplies the license information to the re-encryption processing unit 70e.

The re-encryption processing unit 70e re-encrypts the digital signal supplied from the MULTI2 decryption unit 70b and supplies it to the HDD 70f.
The HDD 70f stores the data supplied from the re-encryption processing unit 70e in a predetermined area.

The encryption / decryption unit 70h decrypts the encryption applied to the data read from the HDD 70f and generates the original data.
The MPEG decoder 70g performs MPEG decoding processing on the data supplied from the encryption / decryption unit 70h to generate image data and audio data.

The graphic processing unit 70i performs a drawing process based on the image data output from the MPEG decoder 70g, converts it to the original image signal, and outputs it.
The reproduction license unit 70j supplies license information when the encryption / decryption unit 70h decrypts the encryption.

The analog copyright protection unit 70k superimposes and outputs a copy prevention signal on an image signal as an analog signal.
The digital copyright protection unit 70l encrypts and outputs an image signal as a digital signal.

  In this embodiment, the function blocks (the license generation unit 70d, the re-encryption processing unit 70e, and the reproduction license unit 70j) indicated by bold lines are configured by TRM and refer to internal information. It is a structure that can not be.

Further, the connection between the functional blocks and the connection indicated by a broken line is a connection in which external connection is prohibited for the purpose of protecting the right.
Next, the operation of the above embodiment will be described.

The radio wave from the satellite captured by the parabolic antenna 71 is supplied to the digital tuner 70a, where it is converted into an MPEG-TS digital stream and output.
In the MPEG-TS stream, a plurality of pieces of information are time-multiplexed after being subjected to MULTI2 encryption, and the MULTI2 decryption unit 70b refers to license information such as an encryption key supplied from the B-CAS card 70c. Then, the program (specific digital AV content) selected by the viewer in the MPEG-TS digital stream is decoded.

The re-encryption processing unit 70e refers to the license information supplied from the license generation unit 70d, re-encrypts the AV content, and stores it in a predetermined area of the HDD 70f.
When the encrypted digital AV content stored in the HDD 70f is reproduced, the encryption / decryption unit 70h acquires license information for decrypting the encryption from the reproduction license unit 70j, executes the decryption process of the encryption, AV content is generated.

  The MPEG decoder 70g performs MPEG decoding on the AV content decrypted by the encryption / decryption unit 70h, reproduces the original image data, and supplies it to the graphic processing unit 70i.

  The graphic processing unit 70i executes graphic processing such as drawing processing based on the image data supplied from the MPEG decoder 70g, and generates an image signal. Then, the obtained image signal is supplied to the analog copyright protection unit 70k and the digital copyright protection unit 70l.

The analog copyright protection unit 70k superimposes a signal for preventing unauthorized copying on a predetermined portion of the image signal supplied from the graphic processing unit 70i, and outputs the signal to the monitor.
The digital copyright protection unit 70l performs an encryption process on the image signal supplied from the graphic processing unit 70i and outputs it to the monitor.

  By the way, in the above embodiment, as described above, the functional blocks (the license generation unit 70d, the re-encryption processing unit 70e, and the reproduction license unit 70j) indicated by bold lines have a TRM structure. Therefore, as shown in FIG. 1, functions corresponding to the key supply means 11a, the key supply stop means 11b, and the validity verification means 11c are provided for these functional blocks, and the validity is determined at predetermined time intervals. If the verification and the validity cannot be confirmed, the supply of the key is stopped, so that the content received by the malicious user can be prevented from being used illegally.

  Next, a sixth embodiment of the present invention will be described. FIG. 8 is a diagram showing a configuration example of the sixth embodiment of the present invention. As shown in the figure, the sixth embodiment of the present invention includes a digital tuner 80a, a MULTI2 decryption unit 80b, a B-CAS card 80c, a re-encryption license generation unit 80d, an HDD 80e, a soft decryption reproduction license unit. 80f, soft MPEG decoder 80g, soft AAC (Advanced Audio Coding) decoder 80h, graphic processing unit 80i, audio processing unit 80j, and HDCP (High-bandwidth Digital Content Protection) LSI 80k. A parabolic antenna 81 is connected to the outside.

Here, the digital tuner 80a converts the radio wave from the satellite captured by the parabolic antenna 81 into an electric signal (digital signal) and outputs it.
The MULTI2 encryption decrypting unit 80b decrypts the MULTI2 encryption applied to the digital signal output from the digital tuner 80a, decrypts it to the original data, and outputs it.

The B-CAS card 80c is a plastic card with a built-in IC chip, and stores information for guaranteeing the legitimacy of the user.
The re-encrypted license generation unit 80d generates license information necessary for re-encryption and executes re-encryption processing.

The HDD 80e stores the data supplied from the re-encryption license generation unit 80d in a predetermined area.
The soft encryption / decryption / reproduction license unit 80f generates a reproduction license, decrypts the encryption applied to the data read from the HDD 80e according to the reproduction license, and generates the original data.

The soft MPEG decoder 80g performs MPEG decoding on the AV content supplied from the soft encryption / decryption reproduction license unit 80f to generate image data.
The soft AAC decoder 80h decodes the audio signal and generates and outputs the original audio data.

  The graphic processing unit 80i performs graphic processing on the image data supplied from the soft MPEG decoder 80g and outputs the obtained image signal to the HDCP LSI 80k.

The HDCP LSI 80k performs HDCP processing on the image signal supplied from the graphic processing unit 80i and outputs it.
The audio processing unit 80j performs D / A conversion on the audio data output from the soft AAC decoder 80h and outputs the audio data.

  In the above embodiment, the functional blocks (B-CAS card 80c, re-encrypted license generation unit 80d, soft encryption / decryption reproduction license unit 80f) indicated by bold lines are constituted by TRM and include internal information. The structure cannot be referred to.

The software encryption / decryption / reproduction license unit 80f, the software MPEG decoder 80g, and the software AAC decoder 80h are configured by software.
Therefore, the portion configured by the TRM is the secure module 11 shown in FIG. 1 and the portion configured by the software is associated with the memory 10 shown in FIG. Similarly, it is possible to prevent content received by a malicious user from being used illegally.

  Next, a seventh embodiment of the present invention will be described. FIG. 9 is a diagram showing a configuration example of the seventh embodiment of the present invention. As shown in this figure, the seventh embodiment of the present invention includes a digital tuner 90a, a MULTI2 decryption unit 90b, a B-CAS card 90c, a re-encryption license generation unit 90d, an HDD 90e, a soft decryption reproduction license unit. 90f, soft MPEG decoder 90g, soft AAC decoder 90h, graphic processor 90i, audio processor 90j, and HDCP LSI 90k. A parabolic antenna 91 is connected to the outside. In this embodiment, the MULTI2 decryption unit 90b, the re-encryption license generation unit 90d, the soft encryption / decryption reproduction license unit 90f, the soft MPEG decoder 90g, the soft AAC decoder 90h, the graphic processing unit 90i, and the audio processing unit 90j is enclosed in the LSI.

Here, the digital tuner 90a converts the radio wave from the satellite captured by the parabolic antenna 91 into a corresponding electric signal (digital signal) and outputs it.
The MULTI2 decryption unit 90b decrypts the MULTI2 cipher applied to the digital signal output from the digital tuner 90a, decrypts it to the original data, and outputs it.

The B-CAS card 90c is a plastic card with an IC chip built in, and stores information for guaranteeing the legitimacy of the user.
The re-encryption license generation unit 90d generates license information necessary for re-encryption and executes the re-encryption processing unit.

The HDD 90e stores the data supplied from the re-encryption license generation unit 90d in a predetermined area.
The soft encryption / decryption reproduction license unit 90f generates a reproduction license, decrypts the encryption applied to the data read from the HDD 90e according to the reproduction license, and generates the original data.

The soft MPEG decoder 90g performs MPEG decoding processing on the AV content supplied from the soft encryption / decryption reproduction license unit 90f to generate image data.
The soft AAC decoder 90h decodes the audio signal, generates the original audio data, and outputs it.

  The graphic processing unit 90i performs graphic processing on the image data supplied from the soft MPEG decoder 90g and outputs the obtained image signal to the HDCP LSI 90k.

The HDCP LSI 90k performs HDCP processing on the image signal supplied from the graphic processing unit 90i and outputs the image signal.
The audio processing unit 90j performs D / A conversion on the audio data output from the software AAC decoder 90h and outputs the result.

  In the above embodiment, the soft encryption / decryption / reproduction license unit 90f, the soft MPEG decoder 90g, and the soft AAC decoder 90h are configured by software.

  Accordingly, the portion constituted by the LSI is the secure module 11 shown in FIG. 1, and the portion constituted by the software is associated with the memory 10 shown in FIG. Similarly, it is possible to prevent content received by a malicious user from being used illegally.

Furthermore, in the present embodiment, since the part constituted by software is also enclosed in the LSI, security can be further improved.
It should be noted that the block diagrams shown in the above embodiments are merely examples, and it goes without saying that the present invention is not limited to such a case.

Further, in the above embodiment, it goes without saying that a part constituted by software can be appropriately replaced by hardware.
(Supplementary note 1) In an information reproducing apparatus for reproducing information transmitted through a transmission medium or information stored in a recording medium,
A secure module having a structure in which information stored inside cannot be referred to from outside;
Memory that can be referenced from outside,
An encryption processing release unit which is mounted on the memory and releases the encryption processing applied to the information using a predetermined key;
A key supply unit mounted on the secure module and configured to supply the key to the encryption processing release unit;
Validity verification implemented on the secure module, supplying predetermined information to the encryption processing cancellation means, referring to information returned as a result, and verifying the validity of the encryption processing cancellation means Means,
A key supply stopping unit that is mounted on the secure module and stops supply of a key by the key supply unit when the validity is not recognized by the validity verification unit;
An information reproducing apparatus comprising:

  (Supplementary note 2) Information according to supplementary note 1, wherein the validity verification unit changes an initial value of the predetermined information supplied to the encryption processing cancellation unit each time the apparatus is activated. Playback device.

  (Additional remark 3) The said correctness verification means has two or more protocols for verifying the correctness of the said encryption process cancellation | release means, The said protocol is changed with a predetermined period, The additional description 1 characterized by the above-mentioned. Information playback device.

  (Supplementary note 4) The key supply unit stops the supply of the key because the validity cannot be confirmed when there is no response from the encryption processing release unit for a predetermined time or more. The information reproducing apparatus described.

  (Supplementary Note 5) The key supply means stops the supply of the key because the correctness cannot be confirmed when the same response is continuously made from the encryption processing release means. 1. An information reproducing apparatus according to 1.

  (Supplementary Note 6) The plurality of means mounted on the memory or the secure module is recorded in advance in a recording medium in an encrypted state, and is decrypted as necessary. The information reproducing apparatus according to appendix 1, wherein the information reproducing apparatus is mounted on a secure module.

(Supplementary note 7) The information reproducing apparatus according to supplementary note 1, wherein the encryption processing release unit mounted on the memory has a different implementation form each time it is mounted on the memory.
(Supplementary note 8) The information reproducing apparatus according to supplementary note 7, wherein the realization form is an area on a mounted memory.

(Supplementary note 9) The information reproducing apparatus according to supplementary note 7, wherein the realization form is a memory area to be used.
(Supplementary note 10) The information reproducing apparatus according to supplementary note 7, wherein the realization form is a type of a register to be used.

(Supplementary Note 11) Output means for outputting information decrypted by the encryption processing canceling means to the outside,
An encryption unit that re-encrypts the information decrypted by the encryption processing cancellation unit when the information is supplied to the output unit;
The information reproducing apparatus according to appendix 1, further comprising:

(Supplementary note 12) The information reproducing apparatus according to supplementary note 11, wherein the encryption unit performs encryption by selecting a predetermined protocol from a plurality of encryption protocols.
(Additional remark 13) The said reproducing | regenerating means is implement | achieved by mounting the program stored in the said secure module on the said memory, The information reproducing apparatus of Additional remark 12 characterized by the above-mentioned.

  (Supplementary note 14) The information reproducing apparatus according to supplementary note 1, wherein the plurality of means mounted on the memory sets an interrupt prohibition flag at the time of execution, and prohibits another program from being interrupted.

  (Supplementary note 15) The information reproducing apparatus according to supplementary note 1, wherein when the program stored in the secure module is mounted on the memory, different encryption is performed each time and the program is supplied to the memory.

(Supplementary note 16) The information reproducing apparatus according to supplementary note 1, wherein the secure module is configured by a detachable device.
(Supplementary Note 17) In a secure module that is detachably mounted on an information reproducing device that reproduces information transmitted by a transmission medium or information stored in a recording medium, and executes processing related to security when reproducing information,
The information reproducing apparatus includes:
Memory that can be referenced from outside,
An encryption process releasing means mounted on the memory and releasing the encryption process applied to the information using a predetermined key;
The secure module is
A key supply unit mounted on the secure module and configured to supply the key to the encryption processing release unit;
Validity verification implemented on the secure module, supplying predetermined information to the encryption processing cancellation means, referring to information returned as a result, and verifying the validity of the encryption processing cancellation means Means,
A key supply stopping unit that is mounted on the secure module and stops supply of a key by the key supply unit if it is not recognized as valid by the validity verification unit;
A secure module comprising:

It is a principle figure explaining the principle of operation of the present invention. It is a figure which shows the structural example of embodiment of this invention. It is a figure which shows the flow of the information in embodiment shown in FIG. It is a figure which shows the flow of the information in the 2nd Embodiment of this invention. It is a figure which shows the flow of the information in the 3rd Embodiment of this invention. It is a figure which shows the flow of the information in the 4th Embodiment of this invention. It is a figure which shows the structural example of the 5th Embodiment of this invention. It is a figure which shows the structural example of the 6th Embodiment of this invention. It is a figure which shows the structural example of the 7th Embodiment of this invention. It is a figure which shows the structural example of the conventional system using a personal computer. It is a figure which shows the flow of the information in the personal computer shown in FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Memory 10a Encryption process cancellation | release means 11 Secure module 11a Key supply means 11b Key supply stop means 11c Validity verification means 12 HDD
12a Encrypted content 50 Personal computer 50a CPU
50b ROM
50c RAM
50d HDD
50e secure module 50f MB
50g, 50h I / F
50i bus 51 network 52 speaker 53 display device 54 input device 70 digital broadcast receiver 70a digital tuner 70b MULTI2 decryption unit 70c B-CAS card 70d license generation unit 70e re-encryption processing unit 70f HDD
70g MPEG decoder 70h Encryption / decryption unit 70i Graphic processing unit 70j Playback license unit 70k Analog copyright protection unit 70l Digital copyright protection unit 71 Parabolic antenna 80 Digital broadcast receiver 80a Digital tuner 80b MULTI2 encryption / decryption unit 80c B-CAS card 80d Re Encryption license generator 80e HDD
80f Soft encryption / decryption reproduction license part 80g Soft MPEG decoder 80h Soft AAC decoder 80i Graphic processing part 80j Audio processing part 80k HDCP LSI
81 Parabolic antenna 90 Digital broadcast receiver 90a Digital tuner 90b MULTI2 decryption unit 90c B-CAS card 90d Re-encrypted license generation unit 90e HDD
90f Soft encryption / decryption reproduction license part 90g Soft MPEG decoder 90h Soft AAC decoder 90i Graphic processing part 90j Audio processing part 90k HDCP LSI
91 Parabolic antenna

Claims (10)

In an information reproducing apparatus for reproducing information transmitted by a transmission medium or information stored in a recording medium,
A secure module having a structure in which information stored inside cannot be referred to from outside;
Memory that can be referenced from outside,
An encryption process releasing unit that is installed by being transferred from the secure module on the memory in association with the activation of the information reproducing apparatus, and that releases the encryption process applied to the information using a predetermined key;
A key supply unit mounted on the secure module and configured to supply the key to the encryption processing release unit;
Validity verification implemented on the secure module, supplying predetermined information to the encryption processing cancellation means, referring to information returned as a result, and verifying the validity of the encryption processing cancellation means Means,
A key supply stopping unit that is mounted on the secure module and stops supply of a key by the key supply unit when the validity is not recognized by the validity verification unit;
An information reproducing apparatus comprising:   2. The information reproducing apparatus according to claim 1, wherein the validity verifying unit changes an initial value of the predetermined information supplied to the encryption processing releasing unit every time the apparatus is activated.   2. The information reproduction according to claim 1, wherein the validity verification unit has a plurality of protocols for verifying the validity of the encryption processing release unit, and changes the protocol at a predetermined cycle. apparatus.   2. The information according to claim 1, wherein the key supply unit stops supply of the key because the validity cannot be confirmed when there is no response from the encryption processing release unit for a predetermined time or more. Playback device.   The plurality of means mounted on the memory or the secure module is recorded in advance in a recording medium in an encrypted state, and the encryption is released as necessary, and the memory or the secure module is stored on the memory or the secure module. The information reproducing apparatus according to claim 1, wherein the information reproducing apparatus is mounted.   2. The information reproducing apparatus according to claim 1, wherein the encryption processing release means mounted on the memory has different processing contents each time it is mounted on the memory. Output means for outputting the information decrypted by the encryption processing releasing means to the outside;
An encryption unit that re-encrypts the information decrypted by the encryption processing cancellation unit when the information is supplied to the output unit;
The information reproducing apparatus according to claim 1, further comprising:   8. The information reproducing apparatus according to claim 7, wherein the encryption unit performs encryption by selecting a predetermined protocol from a plurality of encryption protocols.   The information reproducing apparatus according to claim 1, wherein the secure module is configured by a detachable device. In a secure module that is detachably mounted in an information reproducing apparatus that reproduces information transmitted by a transmission medium or information stored in a recording medium, and executes processing related to security when reproducing information,
The information reproducing apparatus includes:
Memory that can be referenced from outside,
An encryption process releasing unit that is transferred and mounted on the memory from the secure module in response to the activation of the information reproducing apparatus, and that releases an encryption process applied to the information using a predetermined key; Have
The secure module is
A key supply unit mounted on the secure module and configured to supply the key to the encryption processing release unit;
Validity verification implemented on the secure module, supplying predetermined information to the encryption processing cancellation means, referring to information returned as a result, and verifying the validity of the encryption processing cancellation means Means,
A key supply stopping unit that is mounted on the secure module and stops supply of a key by the key supply unit when the validity is not recognized by the validity verification unit;
A secure module comprising:

Images