JP2007286938A - Information processor, information processing method, program, and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a proper content protection technology complying with equipment and a work environment. <P>SOLUTION: In the information processor, for example, a recording device 2, specific information, by which an optical disk 11 itself is specified, is recorded in a ROM area 22 of the optical disk 11 shown in a figure 2. Inside a RAM area 21, encrypted contents A obtained as a result of encryption of contents using a CKey-A are recorded in an areas 21-A, while encrypted contents B obtained as a result of encryption of the contents using a Ckey-B are recorded in an area 21-B. The CKey-A and Ckey-B individually encrypted by using a MKey based on the specific information are recorded in a specific area 31 inside a File System area 23. Therefore, this invention is applicable to a recording medium such as an optical disk and a semiconductor memory, and also applicable to a device performing processing such as recording, reproduction, and transfer on the recording medium. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information processing apparatus and method, a program, and a recording medium, and in particular, an information processing apparatus and method, a program, and a recording medium that can provide an appropriate content protection technique according to equipment and a work environment. About.

2. Description of the Related Art Conventionally, a content protection technique has been realized in which content is encrypted and recorded when the content is recorded on a medium to protect the content (for example, see Patent Document 1).
JP 2006-59466 A

  However, for example, in a device that records content on such media, the content can be uploaded to a non-linear editing device at high speed as a file, and content that is to be protected and content that is not required to be protected in one media. There may be a request that there is a mixture of content levels and that there are multiple levels of content protection. In other words, there is a conventional device that is required to have a system configuration in which the security level can be sequentially increased as equipment is updated without greatly changing the current workflow such as editing and transmission. .

  It is difficult for conventional content protection technologies to meet such requirements. In other words, it is difficult for conventional content protection technology to provide appropriate content protection according to such facilities and work environments.

  The present invention has been made in view of such a situation, and makes it possible to provide an appropriate content protection technique according to equipment and work environment.

  A first information processing apparatus according to an aspect of the present invention is an information processing apparatus that records content on a recording medium, the first encryption unit encrypting the content using a first key, A generating unit that generates a second key using specific information that can identify the recording medium itself, and a second unit that encrypts the first key using the second key generated by the generating unit. Recording means for recording the second encryption means, the content encrypted by the first encryption means, and the first key encrypted by the second encryption means on the recording medium With.

  The second encryption means encrypts information including meta information related to the content in addition to the first key, using the second key as protection information for protecting the content, and records the recording The means can further record the protection information encrypted by the second encryption means on the recording medium.

  The meta information may include information indicating an encryption algorithm employed in the first encryption unit.

  A determination unit configured to determine whether or not the content is encrypted; and the meta information includes a determination result by the determination unit, and when the determination unit determines to execute the content encryption, the meta information includes The first encryption unit encrypts the content, and the recording unit includes the content encrypted by the first encryption unit and the protection information encrypted by the second encryption unit. When the content is recorded on the recording medium and the determination unit determines that the content has not been encrypted, the first encryption unit prohibits the content from being encrypted, and the second encryption unit The metadata is encrypted as the protection information, and the recording means records the unencrypted content and the protection information encrypted by the second encryption means. It can be recorded to the body.

  The meta information may include information indicating a security level for the content.

  The recording means can record the content in a first area of the recording medium and record the first key in a second area different from the first area of the recording medium.

  The first encryption means encrypts each of the plurality of contents using the different first keys, and the recording means records the plurality of contents in the first area. Each of the first keys corresponding to each of the plurality of contents can be recorded in the second area.

  A first information processing method according to an aspect of the present invention is an information processing method of an information processing apparatus for recording content on a recording medium, wherein the content is encrypted using a first key, and the recording medium itself is stored. A second key is generated using specific information that can be specified, the first key is encrypted using the generated second key, and the encrypted content and the encrypted content are encrypted. Controlling the recording of the first key on the recording medium.

  A first program according to one aspect of the present invention is a program corresponding to the above-described first information processing method according to one aspect of the present invention.

  In one aspect of the present invention, content is recorded on a recording medium as follows. That is, the content is encrypted using a first key, and the first key is encrypted using the second key generated using specific information that can specify the recording medium itself. The encrypted content and the encrypted first key are recorded on the recording medium.

  According to a second information processing apparatus of one aspect of the present invention, there is provided identification information for identifying itself, encrypted content obtained as a result of encrypting the content using the first key, and information based on the identification information. An information processing apparatus that reproduces the content from a recording medium on which at least an encryption key obtained as a result of encrypting the first key using the key of No. 2 is recorded, the information from the recording medium A reading means for reading; a generating means for generating the second key using the specific information read by the reading means; and the reading using the second key generated by the generating means. The encryption key read by the means is decrypted, and as a result, the key decryption means for obtaining the first key and the first key obtained by the key decryption means are read by the reading means. The cipher issued It decrypts the content, and a content decryption means for obtaining a result the content.

  Information including meta information related to the content in addition to the first key is encrypted using the second key as protection information for protecting the content, and the resulting encrypted protection information is Recorded on a recording medium, and the key decryption means decrypts the encrypted protection information read by the reading means using the second key, and obtains the protection information as a result. The decrypting means can decrypt the encrypted content using the first key included in the protection information obtained by the key decrypting means.

  The meta information includes information indicating an encryption algorithm used in encrypting the content, and the content decrypting means is the meta information indicated by the meta information included in the protection information obtained by the key decrypting means. The encrypted content can be decrypted according to a decryption algorithm corresponding to the encryption algorithm.

  The recording target of the recording medium further includes unencrypted content in addition to the encrypted content, and the meta information includes information indicating whether or not the content recorded on the recording medium is encrypted, Decryption control means for controlling permission and prohibition of processing of the content decryption means based on the meta information included in the protection information obtained by the key decryption means can be further provided.

  The encrypted content is recorded in a first area of the recording medium, and the first key is recorded in a second area different from the first area of the recording medium. Access control means for controlling permission and prohibition of access to the second area can be further provided.

  According to a second information processing method of one aspect of the present invention, specific information for identifying itself, encrypted content obtained as a result of encrypting the content using the first key, and the specific information are used. An information processing method of an information processing apparatus for reproducing the content from a recording medium on which at least an encryption key obtained as a result of encrypting the first key using the generated second key is recorded. The second key is generated using the specific information read from the recording medium, and the encryption key read from the recording medium is generated using the generated second key. And using the first key obtained as a result, the encrypted content read from the recording medium is decrypted, and as a result, the content is controlled.

  The second program according to one aspect of the present invention is a program corresponding to the above-described second information processing method according to one aspect of the present invention.

  In one aspect of the present invention, specific information for identifying itself, encrypted content obtained as a result of content encryption using a first key, and second information generated using the specific information The following processing is executed for a recording medium on which at least an encryption key obtained as a result of encrypting the first key using a key is recorded. In this case, the second key is generated using the specific information read from the recording medium, and the encryption key read from the recording medium is decrypted using the second key. The encrypted content read from the recording medium is decrypted using the first key obtained as a result, and as a result, the content is obtained.

  According to a third information processing apparatus of one aspect of the present invention, there is provided identification information for identifying itself, encrypted content obtained as a result of encrypting the content using the first key, and information based on the identification information. In an information processing apparatus that reads information from a recording medium on which at least an encryption key obtained by encrypting the first key using the key of 2 is recorded and transfers the information to another apparatus, information from the recording medium Reading means for reading out, generating means for generating the second key using the specific information read out by the reading means, and using the second key generated by the generating means, Key decrypting means for decrypting the encryption key read by the reading means and obtaining the first key as a result, and key exchanging means for exchanging keys between the different device and obtaining a third key And by the key exchange means Using the obtained third key, key encryption means for encrypting the first key obtained by the key decryption means, the encrypted content read by the reading means, Transfer means for transferring each of the first key encrypted by the key encryption means to the other device.

  According to a third information processing method of one aspect of the present invention, there is provided identification information for identifying itself, encrypted content obtained as a result of encrypting the content using the first key, and identification information based on the identification information. An information processing method for an information processing apparatus that reads information from a recording medium on which at least an encryption key obtained as a result of encrypting the first key using a key 2 is recorded and transfers the information to another apparatus The second key is generated using the specific information read from the recording medium, and the encryption key read from the recording medium is generated using the generated second key. The encrypted content that is decrypted and encrypted using the third key obtained by exchanging the key with the other device and read from the recording medium Each of the encrypted first key The comprises the step of controlling to transfer to the another device.

  A third program according to one aspect of the present invention is a program corresponding to the above-described third information processing method according to one aspect of the present invention.

  In one aspect of the present invention, specific information for identifying itself, encrypted content obtained as a result of content encryption using a first key, and second information generated using the specific information The following processing is executed for a recording medium on which at least an encryption key obtained as a result of encrypting the first key using a key is recorded. That is, the second key is generated using the specific information read from the recording medium, the encryption key read from the recording medium is decrypted using the second key, The resulting first key is encrypted using a third key obtained by exchanging keys with the other device. Then, each of the encrypted content read from the recording medium and the encrypted first key is transferred to the separate device.

  The recording medium according to one aspect of the present invention includes specific information for identifying itself, encrypted content obtained as a result of encrypting the content using the first key, and a second key based on the specific information. And an encryption key obtained as a result of encrypting the first key. That is, in one aspect of the present invention, such a recording medium is provided.

  As described above, according to one aspect of the present invention, it is possible to provide content protection technology. In particular, it has become possible to provide appropriate content protection technology according to equipment and work environment.

  Embodiments of the present invention will be described below. Correspondences between the configuration requirements of the present invention and the embodiments described in the detailed description of the present invention are exemplified as follows. This description is to confirm that the embodiments supporting the present invention are described in the detailed description of the invention. Accordingly, although there are embodiments that are described in the detailed description of the invention but are not described here as embodiments corresponding to the constituent elements of the present invention, It does not mean that the embodiment does not correspond to the configuration requirements. Conversely, even if an embodiment is described here as corresponding to a configuration requirement, that means that the embodiment does not correspond to a configuration requirement other than the configuration requirement. It's not something to do.

The first information processing apparatus according to one aspect of the present invention (for example, the recording apparatus 2 in FIG. 3)
An information processing apparatus for recording content on a recording medium (for example, the optical disc 11 in FIG. 3),
A first encryption unit (for example, the content encryption unit 54 in FIG. 3) that encrypts the content using a first key (for example, the CKey generated by the CKey generation unit 55 in FIG. 3);
Generation means (for example, MKey generation unit 59 in FIG. 3) that generates a second key (for example, MKey described later) using specific information (for example, medium specific information described later) that can identify the recording medium itself;
Second encryption means for encrypting the first key using the second key generated by the generation means (for example, the protection information encryption unit 58 in FIG. 3);
Recording means for recording the content encrypted by the first encryption means and the first key encrypted by the second encryption means on the recording medium (for example, the reading section in FIG. 3) 56).

  The second encryption means protects the content with information including metadata related to the content (for example, metadata generated by the metadata generation unit 57 in FIG. 3) in addition to the first key. The protection information is encrypted using the second key, and the recording means further records the protection information encrypted by the second encryption means on the recording medium.

A decision means for deciding whether or not to execute the encryption of the content (for example, the encryption presence / absence determining unit 53 in FIG. 3);
The meta information includes a determination result by the determination unit,
When the determination unit determines to execute the content encryption, the first encryption unit encrypts the content, and the recording unit encrypts the content encrypted by the first encryption unit. And the protection information encrypted by the second encryption means is recorded on the recording medium,
When the determination unit determines that the content is not encrypted, the first encryption unit prohibits the content from being encrypted, and the second encryption unit converts the metadata into the protection information. The recording unit records the unencrypted content and the protection information encrypted by the second encryption unit on the recording medium.

  The recording means records the content in a first area (for example, the RAM area 21 in FIG. 2) of the recording medium, and a second area (for example, in FIG. 2) different from the first area of the recording medium. The first key is recorded in the copyright protection information area 31).

A first information processing method according to one aspect of the present invention (for example, the encrypted content recording process of FIG. 6) includes:
An information processing method of an information processing apparatus (for example, the recording apparatus 2 in FIG. 3) that records content on a recording medium,
The content is encrypted using the first key (for example, step S2 in FIG. 3),
A second key is generated using specific information capable of specifying the recording medium itself (for example, step S6 in FIG. 3),
Using the generated second key, the first key is encrypted (for example, step S7 in FIG. 3),
The encrypted content and the encrypted first key are recorded on the recording medium (for example, steps S4 and S8 in FIG. 3).
A step of controlling this.

The second information processing apparatus according to one aspect of the present invention (for example, the playback apparatus 3 in FIG. 4)
Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
The content is extracted from the recording medium (for example, the optical disc 11 in FIG. 4) on which at least an encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded. In the information processing apparatus to be reproduced,
Reading means for reading information from the recording medium (for example, the reading unit 101 in FIG. 4);
Generating means for generating the second key using the specific information read by the reading means (for example, the MKey generating unit 102 in FIG. 4);
Using the second key generated by the generating means, the encryption key read by the reading means is decrypted, and as a result, the first key is obtained (for example, the protection of FIG. 4). Information decoding unit 103),
Using the first key obtained by the key decrypting means, the encrypted content read by the reading means is decrypted, and as a result, content decrypting means (for example, the content decrypting unit shown in FIG. 4) And 108).

Information including meta information related to the content in addition to the first key is encrypted using the second key as protection information for protecting the content, and the resulting encrypted protection information is Recorded on a recording medium,
The key decryption means decrypts the encrypted protection information read by the reading means using the second key, and obtains the protection information as a result,
The content decryption unit decrypts the encrypted content using the first key (for example, the CKey acquired by the CKey acquisition unit 104 of FIG. 4) included in the protection information obtained by the key decryption unit. To do.

The recording target of the recording medium further includes unencrypted content in addition to the encrypted content,
The meta information includes information indicating whether or not the content recorded on the recording medium is encrypted,
Based on the meta information included in the protection information obtained by the key decryption means, a decryption control means (for example, the switching unit 106 in FIG. The determination unit 107) is further provided.

The encrypted content is recorded in a first area of the recording medium, and the first key is recorded in a second area different from the first area of the recording medium;
Access control means (for example, the read permission unit 123 and the switch 124 in FIG. 4) for controlling permission and prohibition of access to the second area by the reading means is further provided.

The second information processing method according to one aspect of the present invention (for example, the encrypted content reproduction process of FIG. 7)
Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
An information processing apparatus that reproduces the content from the recording medium on which at least an encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded (for example, FIG. 4 of the information processing method of the playback device 3),
The second key is generated using the specific information read from the recording medium (for example, step S22 in FIG. 7),
Using the generated second key, the encryption key read from the recording medium is decrypted (for example, step S26 in FIG. 7),
Using the first key obtained as a result, the encrypted content read from the recording medium is decrypted, and as a result, the content is obtained (for example, step S28 in FIG. 7).
A step of controlling this.

The third information processing apparatus according to one aspect of the present invention (for example, the playback apparatus 3 in FIG. 4)
Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
Information is read from the recording medium (for example, the optical disc 11 in FIG. 4) on which at least an encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded In an information processing apparatus that transfers to another apparatus (for example, the nonlinear editing apparatus 4 in FIG. 4),
Reading means for reading information from the recording medium (for example, the reading unit 101 in FIG. 4);
Generating means for generating the second key using the specific information read by the reading means (for example, the MKey generating unit 102 in FIG. 4);
Using the second key generated by the generating means, the encryption key read by the reading means is decrypted, and as a result, the first key is obtained (for example, the protection of FIG. 4). Information decoding unit 103),
A key exchanging unit (for example, the key exchanging unit 131 in FIG. 4) for exchanging keys with the other device to obtain a third key;
Key encryption means for encrypting the first key obtained by the key decryption means using the third key acquired by the key exchange means (for example, the protection information encryption unit 132 in FIG. 4). When,
Transfer means for transferring each of the encrypted content read by the read means and the first key encrypted by the key encryption means to the different device (for example, the transmission unit 133 in FIG. 4) And.

The third information processing method according to one aspect of the present invention (for example, transfer processing on the left playback device side in FIG. 8)
Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
The information is read from a recording medium on which at least the encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded, and another device (for example, nonlinear editing of FIG. 4) An information processing method of an information processing device (for example, the playback device 3 in FIG. 4) to be transferred to the device 4),
The second key is generated using the specific information read from the recording medium (for example, step S55 in FIG. 8),
Using the generated second key, the encryption key read from the recording medium is decrypted (for example, step S59 in FIG. 8),
The first key obtained as a result is encrypted with the third key obtained by exchanging the key with the other device (for example, step S53 in FIG. 8) (for example, step S60 in FIG. 8). ,
Each of the encrypted content read from the recording medium and the encrypted first key is transferred to the different device (for example, step S61 in FIG. 8).
A step of controlling this.

In the recording medium according to one aspect of the present invention (for example, the optical disc 11 in FIG. 2),
Identification information for identifying itself (for example, media-specific information recorded in the ROM area 22 of FIG. 2 described later),
Encrypted content obtained by encrypting the content using the first key (for example, content A to be described later recorded in the region 21-A of the RAM region 21 in FIG. 2);
An encryption key obtained as a result of encrypting the first key using the second key based on the specific information (for example, CKey-A described later recorded in the copyright protection information area 31 in FIG. 2) And are recorded.

  Embodiments of the present invention will be described below with reference to the drawings.

  In the present invention, as described above, a content protection technique is provided. Here, the content is widely generated by human creative activities. For example, movies, music, theatre, literary arts, photographs, comics, animations, computer games and other characters, figures, colors, sounds, actions or videos, or combinations thereof, or information related thereto are provided via an electronic computer. Is a content example. However, in this specification, so-called content data, that is, data generated by human creative activities that can be processed by the device, for example, electric signals, etc., is not particularly distinguished. Collectively referred to as content.

  FIG. 1 is a diagram showing a configuration example of an information processing system to which the present invention is applied.

  The information processing system in the example of FIG. 1 includes a content output device 1 to a nonlinear editing device 4, and executes various processes using the optical disc 11, such as a recording process, a playback process, a transfer process, an editing process, and the like. Can do.

  The content output device 1 is composed of, for example, a camcorder or the like, and provides content to the recording device 2.

  The recording device 2 encrypts the content provided from the content output device 1 as necessary and records it on the optical disc 11. The recording device 2 also encrypts the editing information by the nonlinear editing device 4 as necessary, and records it on the optical disc 11 as necessary. The editing information of the nonlinear editing device 4 will be described later. Details of the recording apparatus 2 will be described later with reference to FIG.

  The playback device 3 reads the content from the optical disc 11 and plays it back. At that time, if the content is encrypted, the playback device 3 plays back the decrypted encrypted content. Further, the playback device 3 transfers the content read from the optical disc 11 to the nonlinear editing device 4 as necessary. Details of the playback device 3 will be described later with reference to FIG.

  The nonlinear editing device 4 edits content recorded on the optical disc 11. At this time, the non-linear editing device 4 acquires the content recorded on the optical disc 11 via the playback device 3 as necessary. That is, the playback device 3 transfers the content read from the optical disc 11 to the nonlinear editing device 4 as necessary.

  Note that content editing can be broadly divided into two types, so-called destructive editing and non-destructive editing, but it is assumed that the non-linear editing device 4 can execute either type. In the present embodiment, when performing non-destructive editing, the non-destructive editing device 4 performs a non-destructive editing result itself and a reproduction method based on the editing result (material data included in each content, that is, video data, Editing information including, for example, the timing at which audio data and the like are reproduced, is generated as necessary and provided to the recording device 2. Hereinafter, such editing information is referred to as an edit list. In other words, in the present embodiment, the edit list created as necessary by the nonlinear editing device 4 is recorded on the optical disc 11 by the recording device 2. Therefore, the playback device 3 can also control playback of one or more contents recorded on the optical disc 11 in accordance with this edit list.

  The details of the non-linear editing device 4 will be described later with reference to FIG.

  FIG. 2 shows an example of the structure of an optical disc 11 as an embodiment of a recording medium to which the present invention is applied.

  A random access memory (RAM) area 21, a read only memory (ROM) area 22, and a file system area 23 are formed on the optical disc 11 in the example of FIG.

  Although described in random order, the ROM area 22 stores information unique to the optical disk 11, that is, information that can identify the optical disk 11 itself (hereinafter referred to as media-specific information). In the File System area 23, File information (file size, Start address, attribute, etc.) recorded in the RAM area 21 is recorded. Content is recorded in the RAM area 21 in units of files. For example, in the example of FIG. 2, the content A is recorded in the region 21-A of the RAM region 21, and the content B is recorded in the region 21-B. Further, it is assumed that the content A is encrypted and recorded by the recording device 2 (FIG. 1) using a content key (hereinafter referred to as CKey) -A. On the other hand, it is assumed that the content B is recorded by the recording device 2 after being encrypted with CKey-B.

  In this case, each of CKey-A and CKey-B is a master key (hereinafter referred to as “MKey”) generated by the recording device 2 from the media unique information written in the ROM area 22, for example, the serial number of the optical disk 11. And recorded in the specific area 31 in the File System area 23. Similarly, various pieces of information (hereinafter referred to as metadata) related to the contents A and B are also encrypted by the recording device 2 using the MKey and recorded in the specific area 31. Such CKey and metadata can be said to be information necessary for protecting the copyright and the like of the corresponding content, and will hereinafter be referred to as copyright protection information or protection information for short. With this designation, the specific area 31 is hereinafter referred to as a copyright protection information area 31.

  The reason that “etc.” is described as protecting copyright and the like is because the purpose of protecting content is not limited to protecting copyright. That is, for the sake of brevity, the following is referred to as copyright protection information. However, copyright protection information is not necessarily used only for copyright protection. For example, illegal protection defined by the Unfair Competition Prevention Act of Japan. Sometimes used to protect against competition.

  In this case, the MKey generation procedure, that is, for example, the processing procedure of steps S21 and S22 of FIG. It becomes possible.

  For example, the playback device 3 in FIG. 1 is properly licensed, and therefore, as will be described later with reference to FIGS. 4 and 7, the content recorded on the optical disk 11 is protected as if it were protected. It is possible to play as if not. On the other hand, although not shown, if the playback device is not properly licensed, the MKey cannot be generated, so that the content recorded on the optical disc 11 cannot be played back.

  Furthermore, by providing access restrictions such as passwords for rewriting to the copyright protection information area 31, it becomes possible to further strengthen the protection of the content recorded on the optical disk 11.

  Specifically, for example, even if the playback device 3 is properly licensed by adding restrictions by IP address, restrictions by personal authentication, restrictions by certificate, etc. to the copyright protection information area 31. It becomes possible to limit the reading of copyright protection information such as CKey. That is, it becomes possible for the content manager to freely set various content protection levels according to the application and to realize content protection.

  Furthermore, regarding the transfer of the file recorded on the optical disc 11, and in the present embodiment, the transfer from the playback device 3 to the nonlinear editing device 4 in FIG. 1, the content recorded in the RAM area 21 is transferred as a file at high speed. It becomes possible to do.

  In this case, since copyright protection information such as CKey is also required to reproduce the content, it is also necessary to transfer the copyright protection information. Regarding the transfer of copyright protection information, as will be described later with reference to FIG. 8, a transfer protocol such as key exchange and signal processing such as encryption / decryption of copyright protection information are involved, and high-speed transfer is difficult. Become. However, since the copyright protection information is a file size that can be ignored with respect to the file size of the content, the transfer time of the content occupies most of the transfer time and becomes dominant. Therefore, as long as content transfer is realized without intervening signal processing, high-speed file transfer can be realized. Here, the signal processing for the content means that, for example, when the content is encrypted, the decryption process is performed at the transfer source or the re-encryption process is performed at the transfer destination.

  Further, with respect to editing of the optical disc 11, that is, with respect to editing processing of the nonlinear editing device 4 in the present embodiment, the following may be performed. That is, in non-destructive editing, the copyright protection information attached to each editing material is basically the copyright protection information resulting from the editing, but there is a contradiction in the copyright protection information between the editing materials. In this case, new copyright information may be attached to the edit list. Here, the editing material means all or part of one content recorded in the RAM area 21 of the optical disc 11 in the present embodiment. On the other hand, in destructive editing, new content as an editing result is physically generated, and therefore copyright protection information corresponding to the new content may be added.

  Adopting the optical disc 11 having the structure shown in FIG. 2 as described above makes it possible to protect content appropriately according to the equipment and work environment.

  For example, appropriate content protection according to the facility and work environment in the example of FIG. 1 is achieved by adopting each of the recording device 2, the playback device 3, and the nonlinear editing device 4 each having the following functional configuration. It becomes possible. That is, hereinafter, the functional configurations of the recording device 2, the reproducing device 3, and the nonlinear editing device 4 will be individually described.

  FIG. 3 shows a functional configuration example of the recording apparatus 2.

  The recording apparatus 2 in the example of FIG. 3 is configured to include a content acquisition unit 51 through an editing information acquisition unit 60.

  However, the content acquisition unit 51 to the editing information acquisition unit 60 are classified in order to facilitate understanding of the present invention, and it is not particularly necessary to perform such classification when realizing. In other words, it is sufficient to configure the recording device 2 so as to mount each function of each functional block of the content acquisition unit 51 to the editing information acquisition unit 60, and the implementation form is not particularly limited.

  The content acquisition unit 51 acquires the content provided from the content output device 1 and provides it to the switching unit 52. Further, the content acquisition unit 51 provides various information attached to the acquired content to the metadata generation unit 57 as necessary.

  If the content format provided from the content output device 1 is not suitable for recording on the optical disc 11, the content acquisition unit 51 converts the content format into a format suitable for recording on the optical disc 11. After processing, it is provided to the switching unit 52. For example, a process of compressing and encoding using an MPEG (Moving Picture Experts Group) system is an example of a conversion process.

  Based on the control of the encryption presence / absence determination unit 53, the switching unit 52 switches the output end to either the content encryption unit 54 side or the reading unit 56 side.

  That is, the encryption presence / absence determination unit 53 determines whether to encrypt the content acquired by the content acquisition unit 51. When the encryption presence / absence determination unit 53 determines to encrypt, the output end of the switching unit 52 is switched to the content encryption unit 54 side. Then, the content acquired by the content acquisition unit 51 is provided to the content encryption unit 54 via the switching unit 52.

  On the other hand, the encryption presence / absence determination unit 53 switches the output end of the switching unit 52 to the reading unit 56 side when determining that the encryption is not performed. Then, the content acquired by the content acquisition unit 51 is provided to the reading unit 56 via the switching unit 52, more precisely to the RAM area writing unit 61 described later.

  At this time, the determination result of the encryption presence / absence determination unit 53 is also provided to the metadata generation unit 57.

  The content encryption unit 54 encrypts the content provided from the switching unit 52 using the CKey generated by the CKey generation unit 55, and the encrypted content obtained as a result is more accurately transmitted to the reading unit 56. Is provided to a RAM area writing unit 61 described later. The content encryption unit 54 also provides the metadata generation unit 57 with information necessary for decrypting the encrypted content, for example, information indicating an encryption algorithm.

  In this embodiment, as described above, different CKeys are used and encrypted for each content, so that the CKey generating unit 55 generates a new CKey every time new content is provided to the content encrypting unit 54. It is generated and provided to the content encryption unit 54, and is also provided to the protection information encryption unit 58 as one piece of copyright protection information.

  The encryption algorithm employed by the content encryption unit 54 is not particularly limited and may be arbitrary. However, it is needless to say that the encryption algorithm can use the CKey generated by the CKey generation unit 55 as the encryption key. In other words, the CKey generation unit 55 generates a CKey that is used as an encryption key in the encryption algorithm employed by the content encryption unit 54.

  Specifically, for example, when one AES (Advanced Encryption Standard) cipher of the common key cryptosystem is adopted in the content encryption unit 54, the CKey generation unit 55 is configured to use a 128-bit common key called AES Key. Is generated as Ckey and provided to the content encryption unit 54. Then, the content encryption unit 54 uses the Ckey and data called AES Input to generate data for directly encrypting the content (hereinafter referred to as AES encrypted data). Then, the content encryption unit 54 encrypts the content using the AES encrypted data, and provides the encrypted content obtained as a result to the RAM area writing unit 61 of the reading unit 56.

  At that time, the content encryption unit 54 adds various information such as AES input as supplementary information to the CKey, and the resulting data (hereinafter referred to as LEKP: Link Encryption Key Payload) is a metadata generation unit. 57. In this case, since CKey itself is included in LEKP, provision of CKey from CKey generation unit 55 to protection information encryption unit 58 can be omitted.

  Furthermore, although only one type of CKey used for encrypting one content (entire stream data) is used in the present embodiment, it may be updated as needed. That is, a plurality of types of CKey may be used for encryption of one content. However, in this case, if the CKey update timing is not known, it is impossible to decrypt the encrypted content. Therefore, various information such as Ckey update timing and IDs for identifying multiple types of Ckeys. Is also provided to the metadata generation unit 57.

  That is, when AES encryption is adopted, LEKP, Ckey update timing, IDs of a plurality of types of Ckey, and the like are provided to the metadata generation unit 57 as one piece of information indicating the encryption algorithm.

  The reading unit 56 reads and writes information with respect to the optical disc 11. In the example of FIG. 3, the reading unit 56 writes the content protection information to the RAM region writing unit 61 for writing content in the RAM region 21 (FIG. 2) and the copyright protection information region 31 (FIG. 2). The protection information area writing unit 62 and the unique information reading unit 63 for reading the media unique information from the ROM area 22 (FIG. 2) are included.

  However, the classification into the RAM area writing unit 61, the protection information area writing unit 62, and the unique information reading unit 63 is to facilitate understanding of the present invention. There is no particular need for such classification. In other words, it suffices if the reading unit 56 is configured to include the functions of the functional blocks of the RAM area writing unit 61, the protection information area writing unit 62, and the unique information reading unit 63, and the implementation form is as follows. There is no particular limitation.

  The metadata generation unit 57 generates various types of information provided from the content acquisition unit 51, the encryption presence / absence determination unit 53, or the content encryption unit 54 as metadata of the corresponding content. That is, in the present embodiment, the metadata includes information indicating whether or not the corresponding content has been encrypted, and information indicating the encryption algorithm if encrypted. Furthermore, in the present embodiment, the security level of the corresponding content may be further included in the metadata as necessary. Then, the metadata generation unit 57 provides the metadata to the protection information encryption unit 58 as one piece of copyright protection information.

  The protection information encryption unit 58 uses the MKey generation unit 59 to generate the copyright protection information provided from the CKey generation unit 55 or the metadata generation unit 57 described above or the editing information acquisition unit 60 described later. The encrypted copyright protection information obtained as a result is provided to the protection information area writing unit 62 of the reading unit 56. Then, the protection information area writing unit 62 writes the encrypted copyright protection information in the copyright protection information area 31 (FIG. 2).

  In this embodiment, as described above, the Mkey is generated based on the media specific information of the optical disc 11. That is, in the example of FIG. 3, the MKey generation unit 59 generates an MKey based on the media unique information of the optical disc 11 read by the unique information reading unit 63 and provides the MKey to the protection information encryption unit 58.

  The encryption algorithm employed by the protection information encryption unit 58 is not particularly limited and may be arbitrary. However, it is needless to say that the encryption algorithm can use the MKey generated by the MKey generation unit 59 as the encryption key. In other words, the MKey generating unit 59 generates an MKey in a form used as an encryption key in the encryption algorithm employed by the protection information encryption unit 58. Specifically, for example, the above-described AES encryption can be employed.

  The editing information acquisition unit 60 acquires editing information provided from the nonlinear editing device 4. In this embodiment, the editing information means new content and copyright protection information when the above-described destructive editing is performed, and editing when the above-described non-destructive editing is performed. Say the list. The editing information acquisition unit 60 extracts copyright protection information from the acquired editing information and provides it to the protection information encryption unit 58, and provides other information to the RAM area writing unit 61. That is, in the example of FIG. 3, editing information is also a recording target on the optical disk 11, and when the copyright information is included in the editing information, the copyright protection information is encrypted and then the copyright protection information area. 31 (FIG. 2).

  Even when the copyright protection information is transferred from the non-linear editing device 4 to the recording device 2, it may be transferred after being encrypted, similarly to the transfer from the playback device 3 to the non-linear editing device 4 described later. desirable. In order to realize this, although not shown, functions corresponding to a key exchange unit 152 and a protection information decryption unit 153 shown in FIG.

  In order to play back the content recorded on the optical disk 11 by the recording device 2 having the functional configuration described above or to transfer it to the nonlinear editing device 4, the playback device 3 has a functional configuration as shown in FIG. is doing. That is, FIG. 4 shows a functional configuration example of the playback device 3.

  The playback device 3 in the example of FIG. 4 is configured to include a reading unit 101 to a transfer processing unit 110.

  However, the classification into the reading unit 101 to the transfer processing unit 110 is made for easy understanding of the present invention, and it is not particularly necessary to perform such classification when realizing. In other words, it is sufficient to configure the playback device 3 so that the functions of the functional blocks of the reading unit 101 to the transfer processing unit 110 are mounted, and the implementation is not particularly limited.

  The reading unit 101 reads information from the optical disc 11. In the example of FIG. 4, the reading unit 101 is configured to include a unique information reading unit 121 to a RAM area reading unit 125.

  However, the classification into the unique information reading unit 121 to the RAM area reading unit 125 is to facilitate understanding of the present invention, and it is not particularly necessary to perform such classification when realizing. In other words, it suffices to configure the reading unit 101 so that each function of each functional block of the unique information reading unit 121 to the RAM area reading unit 125 is mounted, and its implementation is not particularly limited.

  The unique information reading unit 121 reads the media unique information from the ROM area 22 (FIG. 2) and provides it to the MKey generating unit 102.

  The protection information area reading unit 122 reads the copyright protection information from the copyright protection information area 31 (FIG. 2) and provides it to the protection information decryption unit 103. However, the protection information area reading unit 122 can read the copyright protection information from the copyright protection information area 31 only when the switch 124 is on. In other words, when the switch 124 is in the off state, access to the copyright protection information area 31 by the protection information area reading unit 122 is prohibited.

  The transition of the on / off state of the switch 124 is controlled by the read permission unit 123. That is, the read permission unit 123 determines whether to permit or prohibit the reading of the copyright protection information area 31 based on the above-described IP address, personal authentication, certificate, and the like. In the case where it is determined that reading is prohibited, the switch 124 is turned off. That is, in the example of FIG. 4, access restriction to the copyright protection information area 31 is performed by the read permission unit 123 and the switch 124. The switch 124 is a switch for the information transmission path in the example of FIG. 4, but is not limited to the form of the example of FIG. 4, and the protection information area reading unit 122 supplies the copyright protection information area 31 to the copyright protection information area 31. It is sufficient to have a function for switching between permitting and prohibiting access.

  The RAM area reading unit 125 reads content from the RAM area 21 (FIG. 2) and provides it to the switching unit 106.

  In this manner, various types of information are read from the optical disc 11 by the reading unit 101.

  The MKey generation unit 102 generates an MKey based on the media specific information of the optical disc 11 read by the specific information reading unit 121 and provides the MKey to the protection information decryption unit 103. That is, the MKey generating unit 102 restores the MKey used when the copyright protection information is encrypted by the recording device 2 (FIG. 3), and provides it to the protection information decrypting unit 103.

  The copyright protection information read by the protection information area reading unit 122 and provided to the protection information decryption unit 103 is encrypted. Therefore, the protection information decryption unit 103 decrypts the encrypted copyright protection information using the MKey generated by the MKey generation unit 102. That is, the protection information decryption unit 103 employs a decryption algorithm corresponding to the encryption algorithm of the protection information encryption unit 58 (FIG. 3) of the recording device 2.

  If the copyright protection information decrypted by the protection information decryption unit 103 in this way corresponds to the content to be reproduced, the CKey of the copyright protection information is a CKey acquisition unit. 104, and metadata is provided to the metadata acquisition unit 105. On the other hand, when content corresponding to the decrypted copyright protection information is transferred to the non-linear editing device 4, the copyright protection information is transferred to the transfer processing unit 110, more precisely, a protection information encryption unit 132 described later. Provided to.

  The CKey acquisition unit 104 provides the acquired CKey to the content decryption unit 108. Further, the metadata acquisition unit 105 provides the acquired metadata to the encryption presence / absence determination unit 107, the content decryption unit 108, or the content reproduction unit 109.

  Based on the control of the encryption presence / absence determination unit 107, the switching unit 106 switches the output end to either the content decryption unit 108 side or the content reproduction unit 109 side.

  That is, the encryption presence / absence determination unit 107 is read by the RAM area reading unit 125 based on the metadata provided from the metadata acquisition unit 105, that is, the determination result of the encryption presence / absence determination unit 53 of FIG. Whether or not the content is encrypted is determined. When the encryption presence / absence determination unit 107 determines that the encryption is performed, the output end of the switching unit 106 is switched to the content decryption unit 108 side. Then, the encrypted content read by the RAM area reading unit 125 is provided to the content decryption unit 108 via the switching unit 106.

  On the other hand, the encryption presence / absence determination unit 107 switches the output terminal of the switching unit 106 to the content reproduction unit 109 side when determining that the data is not encrypted. Then, the content read by the RAM area reading unit 125 is provided to the content reproduction unit 109 via the switching unit 106.

  The content decryption unit 108 decrypts the encrypted content provided from the switching unit 106 using the CKey provided from the CKey acquisition unit 104, and provides the content obtained as a result to the content reproduction unit 109.

  At that time, the content decryption unit 108 refers to the metadata provided from the metadata acquisition unit 105 as appropriate. For example, the content decryption unit 103 recognizes the encryption algorithm of the content encryption unit 54 (FIG. 3) of the recording device 2 from the metadata, and decrypts the encrypted content using the corresponding decryption algorithm.

  The content playback unit 109 plays back the content provided from the switching unit 106 or the content decryption unit 108. Here, the reproduction of content is not a narrow definition reproduction such as displaying a video on a monitor or outputting a sound from a speaker, but a broad definition including output as a video signal or an audio signal. In other words, if the display of video on a monitor is also regarded as output, the reproduction of content is to output the content in a form suitable for the output destination. In other words, the content reproduction unit 109 executes a conversion process for converting the content into a form suitable for the output destination as necessary. For example, when the content is compressed and encoded by the MPEG system, the process of decompressing and decoding by the MPEG system is an example of the conversion process.

  The transfer processing unit 110 transfers the content read by the RAM area reading unit 125 and its copyright protection information to the nonlinear editing device 4. For this reason, in the example of FIG. 4, the transfer processing unit 110 is configured to include a key exchange unit 131, a protection information encryption unit 132, and a transmission unit 133.

  The key exchange unit 131 exchanges keys with the nonlinear editing device 4 and more precisely with the key exchange unit 152 of FIG. 5 described later, and provides the key from the nonlinear editing device 4 to the protection information encryption unit 132.

  The protection information encryption unit 132 encrypts the copyright protection information provided from the protection information decryption unit 103 using the key from the key exchange unit 131, that is, the key exchanged with the non-linear editing device 4, and transmits it. Part 133 is provided.

  The encryption algorithm employed by the protection information encryption unit 132 is not particularly limited and may be arbitrary. However, it is needless to say that the encryption algorithm can use the key exchanged with the nonlinear editing device 4 as the encryption key. In other words, the key exchange unit 131 receives the encryption key in the encryption algorithm adopted by the protection information encryption unit 132 from the non-linear editing device 4 and transmits the corresponding decryption key to the non-linear editing device 4.

  Regardless of whether or not the content read by the RAM area reading unit 125 is encrypted, that is, the transmission unit 133 does not perform any signal processing to decrypt it even if it is encrypted. Transfer to the non-linear editing device 4 at high speed.

  The transmission unit 133 also transfers the encrypted copyright protection information provided from the protection information encryption unit 132 to the nonlinear editing device 4.

  In this case, if attention is paid only to the copyright protection information transfer processing, processing by the key exchange unit 131 and the protection information encryption unit 132 is required, so that processing time is required and high-speed transfer becomes difficult. . However, as seen from the entire transfer process such as transfer of content and copyright protection information thereof, as described above, the ratio of the transfer process time of copyright protection information to the entire transfer process time is very small and high speed. It can be said that the transfer has been realized.

  Details of the transfer processing of the content and its copyright protection information will be described later with reference to FIG.

  In order to edit the content transferred from the playback device 3 having the functional configuration described above and to send the editing information to the recording device 2, the nonlinear editing device 4 has a functional configuration as shown in FIG. have. That is, FIG. 5 shows a functional configuration example of the nonlinear editing device 4.

  The nonlinear editing device 4 in the example of FIG. 5 is configured to include a reception unit 151 to a transmission unit 168.

  However, the classification into the reception unit 151 to the transmission unit 168 is made for easy understanding of the present invention, and it is not particularly necessary to perform such classification when realizing. In other words, it is sufficient to configure the nonlinear editing device 4 so that the functions of the functional blocks of the reception unit 151 to the transmission unit 168 are mounted, and the implementation is not particularly limited.

  The receiving unit 151 receives the content transferred from the playback device 3 and its copyright protection information, provides the content to the content acquisition unit 156, and provides the copyright protection information to the protection information decryption unit 153.

  Further, as described above, the key exchange unit 152 exchanges keys with the key exchange unit 131 (FIG. 4) of the playback device 3, and provides the key from the playback device 3 to the protection information decryption unit 153.

  The copyright protection information received by the reception unit 151 and provided to the protection information decryption unit 153 is encrypted. Therefore, the protection information decryption unit 153 decrypts the encrypted copyright protection information provided from the reception unit 151 using the key from the key exchange unit 152, that is, the key exchanged with the playback device 3.

  Of the copyright protection information decrypted by the protection information decryption unit 153 in this way, CKey is provided to the CKey acquisition unit 154, and metadata is provided to the metadata acquisition unit 155. The CKey acquisition unit 154 provides the acquired CKey to the content decryption unit 159. Also, the metadata acquisition unit 155 provides the acquired metadata to the encryption presence / absence determination unit 158 or the content decryption unit 159.

  The content acquisition unit 156 acquires the content from the reception unit 151, that is, the content transferred from the playback device 3, and provides the content to the switching unit 157.

  Based on the control of the encryption presence / absence determination unit 158, the switching unit 157 switches the output end to one of the content decryption unit 159 side and the editing unit 160 side.

  That is, the encryption presence / absence determination unit 158 is the content transferred from the playback device 3 based on the metadata provided from the metadata acquisition unit 155, that is, the determination result of the encryption presence / absence determination unit 53 in FIG. Determines whether it is encrypted. When the encryption presence / absence determination unit 158 determines that the encryption has been performed, the output end of the switching unit 157 is switched to the content decryption unit 159 side. Then, the encrypted content transferred from the playback device 3 and received by the reception unit 151 is provided to the content decryption unit 159 via the content acquisition unit 156 and the switching unit 157.

  On the other hand, the encryption presence / absence determination unit 158 switches the output terminal of the switching unit 157 to the editing unit 160 side when determining that the data is not encrypted. Then, the encrypted content transferred from the playback device 3 and received by the reception unit 151 is provided to the editing unit 160 via the content acquisition unit 156 and the switching unit 157.

  The content decryption unit 159 decrypts the encrypted content provided from the switching unit 157 using the CKey provided from the CKey acquisition unit 154, and provides the content obtained as a result to the editing unit 160.

  At that time, the content decryption unit 159 appropriately refers to the metadata provided from the metadata acquisition unit 155. For example, the content decryption unit 159 recognizes the encryption algorithm of the content encryption unit 54 (FIG. 3) of the recording device 2 from the metadata, and decrypts the encrypted content using the corresponding decryption algorithm.

  When the editing unit 160 performs, for example, destructive editing on the content provided from the switching unit 157 or the content decryption unit 159 in accordance with a user operation, the editing unit 160 provides the content acquisition unit 161 with the new content as the editing result. To do.

  When the editing unit 160 performs non-destructive editing, for example, according to a user operation, the editing unit 160 provides an editing list as an editing result to the editing list acquisition unit 162.

  That is, the edit list acquisition unit 162 acquires an edit list as a non-destructive editing result by the editing unit 160 and provides it to the transmission unit 168.

  On the other hand, the content acquisition unit 161 acquires new content as a result of destructive editing by the editing unit 160 and provides the new content to the switching unit 163. In addition, the content acquisition unit 161 provides various information attached to the acquired content to the metadata generation unit 167 as necessary.

  Based on the control of the encryption presence / absence determination unit 164, the switching unit 163 switches the output end to either the transmission unit 168 side or the content encryption unit 165 side.

  That is, the encryption presence / absence determination unit 164 determines whether to encrypt the new content acquired by the content acquisition unit 161. When the encryption presence / absence determination unit 164 determines to encrypt, the output end of the switching unit 52 is switched to the content encryption unit 165 side. Then, the new content acquired by the content acquisition unit 161 is provided to the content encryption unit 165 via the switching unit 163.

  On the other hand, the encryption presence / absence determination unit 164 switches the output terminal of the switching unit 163 to the transmission unit 168 side when determining that the encryption is not performed. Then, the new content acquired by the content acquisition unit 161 is provided to the transmission unit 168 via the switching unit 163. At this time, the determination result of the encryption presence / absence determination unit 164 is also provided to the metadata generation unit 167.

  The content encryption unit 165 encrypts the new content provided from the switching unit 163 using the CKey generated by the CKey generation unit 166, and provides the encrypted new content obtained as a result to the transmission unit 168. .

  The content encryption unit 165 also provides the metadata generation unit 167 with information necessary for decrypting the encrypted new content, such as information indicating an encryption algorithm, as appropriate. Note that the encryption algorithm employed by the content encryption unit 165 is the same as the encryption algorithm employed by the content encryption unit 54 of FIG.

  The CKey generation unit 166 generates a CKey used for encrypting new content, provides the CKey to the content encryption unit 165, and also provides it to the transmission unit 168 as one piece of encryption protection information.

  The metadata generation unit 167 generates various types of information provided from the content acquisition unit 161, the encryption presence / absence determination unit 164, or the content encryption unit 165 as metadata of the corresponding new content. Then, the metadata generation unit 167 provides the new metadata to the transmission unit 168 as one piece of copyright protection information.

  When destructive editing is performed by the editing unit 160 in this manner, the transmission unit 168 is provided with new content as a result of the editing, and is also provided with copyright protection information for the new content. The Therefore, the transmission unit 168 transmits the new content and its copyright protection information to the recording device 2.

  Note that the copyright protection information is transferred from the nonlinear editing device 4 to the recording device 2 after being encrypted, as described above, in the same manner as the transfer from the playback device 3 to the nonlinear editing device 4. Is desirable. In order to realize this, although not shown in the figure, the function corresponding to each of the key exchange unit 131 and the protection information encryption unit 132 in FIG.

  On the other hand, when non-destructive editing is performed by the editing unit 160, an edit list as an editing result is provided from the edit list acquisition unit 162 to the transmission unit 168. Therefore, the transmission unit 168 transmits the edit list to the recording device 2. At that time, if the function corresponding to each of the key exchange unit 131 and the protection information encryption unit 132 in FIG. 4 described above is installed, the transmission unit 168 also encrypts the edit list and records it. You may transmit to the apparatus 2.

  The functional configuration example of each device (excluding the content output device 1) of the information processing system in FIG. 1 has been described above.

  Next, some typical operations among the operations of the information processing system of FIG. 1 will be described with reference to FIGS.

  FIG. 6 is a flowchart for explaining an example of a series of processing (hereinafter referred to as encrypted content recording processing) until the recording device 2 encrypts and records content on the optical disc 11.

  In step S1, the recording device 2 acquires content from the content output device 1, for example. If the recording device 2 has the functional configuration shown in FIG. 3, the process of step S <b> 1 is mainly executed by the content acquisition unit 51.

  In step S2, the recording apparatus 2 generates CKey. When the recording device 2 has the functional configuration of FIG. 3, the process of step S <b> 2 is mainly executed by the CKey generation unit 55.

  In step S3, the recording device 2 encrypts the content using the CKey. When the recording device 2 has the functional configuration of FIG. 3, the process of step S <b> 3 is mainly executed by the content encryption unit 54.

  In step S4, the recording device 2 writes the encrypted content in the RAM area 21 (FIG. 2) of the optical disc 11. When the recording device 2 has the functional configuration of FIG. 3, the process of step S <b> 4 is mainly executed by the RAM area writing unit 61.

  In step S5, the recording device 2 accesses the ROM area 22 (FIG. 2) of the optical disc 11 and reads the media specific information. When the recording device 2 has the functional configuration of FIG. 3, the process of step S <b> 5 is mainly performed by the unique information reading unit 63.

  In step S6, the recording device 2 generates an MKey based on the media specific information. When the recording device 2 has the functional configuration shown in FIG. 3, the process of step S <b> 6 is mainly executed by the MKey generation unit 59.

  In step S7, the recording apparatus 2 encrypts copyright protection information such as CKey using the MKey. When the recording device 2 has the functional configuration of FIG. 3, the process of step S <b> 7 is mainly executed by the protection information encryption unit 58.

  In step S8, the recording device 2 writes the encrypted copyright protection information in the copyright protection information area 31 (FIG. 2) of the optical disc 11. When the recording device 2 has the functional configuration shown in FIG.

  With the above processing, the encrypted content recording processing is completed.

  FIG. 7 is a flowchart for explaining an example of a series of processing (hereinafter referred to as encrypted content playback processing) until the playback device 3 decrypts and plays back the encrypted content recorded on the optical disc 11.

  In step S21, the playback device 3 accesses the ROM area 22 (FIG. 2) of the optical disc 11 and reads the media specific information. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 21 is mainly executed by the unique information reading unit 121.

  In step S22, the playback device 3 generates an MKey based on the media specific information. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 22 is mainly executed by the MKey generation unit 102.

  In step S23, the playback device 3 determines whether or not to permit access to the copyright protection information area 31 (FIG. 2) of the optical disc 11. When the playback device 3 has the functional configuration shown in FIG. 4, the process of step S <b> 23 is mainly executed by the read permission unit 123.

  If it is determined in step S23 that access to the copyright protection information area 31 is not permitted, that is, prohibited, the playback device 3 executes predetermined error processing in step S24. As a result, the encrypted content reproduction process ends.

  On the other hand, if it is determined in step S23 that access to the copyright protection information area 31 is permitted, in step S25, the playback device 3 accesses the copyright protection information area 31 to encrypt the copyright protection. Read information. When the playback device 3 has the functional configuration shown in FIG.

  In step S26, the playback device 3 decrypts the encrypted copyright protection information using the MKey generated in step S22, and as a result, obtains copyright protection information such as CKey. When the playback device 3 has the functional configuration shown in FIG. 4, the protection information decryption unit 103 mainly executes the process of step S <b> 26.

  In step S27, the playback device 3 accesses the RAM area 21 (FIG. 2) of the optical disc 11 and reads the encrypted content. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 27 is mainly executed by the RAM area reading unit 125.

  In step S28, the reproducing device 3 decrypts the encrypted content using the CKey obtained in the process of step S26. When the playback device 3 has the functional configuration shown in FIG. 4, the content decrypting unit 108 mainly executes the process of step S <b> 28.

  In step S29, the playback device 3 plays back the content. When the playback device 3 has the functional configuration of FIG. 4, the content playback unit 109 mainly executes the process of step S29.

  With the above processing, the encrypted content reproduction processing is completed.

  FIG. 8 is a flowchart for explaining an example of a series of processing (hereinafter simply referred to as transfer processing) until the encrypted content recorded on the optical disc 11 is transferred from the playback device 3 to the nonlinear editing device 4. Specifically, the flowchart on the left side of FIG. 8 shows an example of transfer processing on the playback device 3 side, and the flowchart on the right side of FIG. 8 shows an example of transfer processing on the nonlinear editing device 4 side. Note that the arrows connecting the left and right flowcharts in FIG. 8 indicate the transmission of information.

  In step S51, the playback device 3 accesses the RAM area 21 (FIG. 2) of the optical disc 11 and reads the encrypted content. When the playback device 3 has the functional configuration shown in FIG. 4, the process of step S <b> 51 is mainly executed by the RAM area reading unit 125.

  In step S52, the playback device 3 transmits the encrypted content to the nonlinear editing device 4. When the playback device 3 has the functional configuration shown in FIG. 4, the process of step S <b> 52 is mainly performed by the transmission unit 133.

  Then, in step S71, the nonlinear editing device 4 receives the encrypted content. When the nonlinear editing device 4 has the functional configuration of FIG. 5, the process of step S <b> 71 is mainly executed by the receiving unit 151.

  The series of processes described above is an example of the encrypted content transfer process. On the other hand, the following series of processes is an example of the copyright protection information transfer process for the encrypted content. The order of the encrypted content transfer process and the copyright protection information transfer process is not particularly limited to the example of FIG. 8 and may be arbitrary. That is, the encrypted content transfer process may be executed after the copyright protection information transfer process is executed first, or the copyright protection information transfer process may be executed during the encrypted content transfer process. Good.

  In each of steps S53 and S72, the playback device 3 and the nonlinear editing device 4 perform key exchange. When the playback device 3 has the functional configuration of FIG. 4, the key exchange unit 131 mainly executes the process of step S <b> 53. On the other hand, when the nonlinear editing device 4 has the functional configuration of FIG. 5, the key exchange unit 152 mainly performs the process of step S <b> 72.

  In step S54, the playback device 3 accesses the ROM area 22 (FIG. 2) of the optical disc 11 and reads the media specific information. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 54 is mainly executed by the unique information reading unit 121.

  In step S55, the playback device 3 generates an MKey based on the media specific information. When the playback device 3 has the functional configuration shown in FIG. 4, the process of step S <b> 55 is mainly executed by the MKey generation unit 102.

  In step S56, the reproducing device 3 determines whether or not to permit access to the copyright protection information area 31 (FIG. 2) of the optical disc 11. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 56 is mainly executed by the read permission unit 123.

  If it is determined in step S56 that access to the copyright protection information area 31 is not permitted, that is, prohibited, in step S57, the playback device 3 executes predetermined error processing and informs the nonlinear editing device 4 to that effect. Notice. As a result, the transfer process on the playback device 3 side ends.

  During this time, the nonlinear editing device 4 determines whether or not an error has been notified in step S73. If an error is notified from the playback apparatus 3 as described above, it is determined as YES in Step S73, and the process proceeds to Step S74. In step S74, the nonlinear editing device 4 executes predetermined error processing. Thereby, the transfer processing on the non-linear editing device 4 side is also terminated.

  On the other hand, if it is determined in step S56 that access to the copyright protection information area 31 is permitted, in step S58, the playback device 3 accesses the copyright protection information area 31 and encrypts copyright protection. Read information. When the playback device 3 has the functional configuration of FIG. 4, the process of step S58 is mainly executed by the protection information area reading unit 122.

  In step S59, the playback device 3 decrypts the encrypted copyright protection information using the MKey generated in the process of step S55. When the playback device 3 has the functional configuration shown in FIG. 4, the protection information decryption unit 103 mainly executes the process of step S59.

  In step S60, the recording apparatus 2 encrypts the copyright protection information using the key exchanged with the nonlinear editing apparatus 4. When the recording device 2 has the functional configuration of FIG. 3, the protection information encryption unit 132 mainly performs the process of step S60.

  In step S <b> 61, the playback device 3 transmits the encrypted copyright protection information to the nonlinear editing device 4. When the playback device 3 has the functional configuration of FIG. 4, the process of step S <b> 61 is mainly executed by the transmission unit 133.

  Then, after determining NO in step S73, the nonlinear editing apparatus 4 receives the encrypted copyright protection information in step S75. When the non-linear editing device 4 has the functional configuration of FIG. 5, the process of step S <b> 75 is mainly executed by the receiving unit 151.

  In step S76, the nonlinear editing device 4 decrypts the encrypted copyright protection information using the key exchanged with the playback device 3. When the nonlinear editing device 4 has the functional configuration of FIG. 5, the protection information decrypting unit 153 mainly performs the process of step S76.

  The transfer process is completed by the series of processes described above. That is, the transfer of the encrypted content and the copyright protection information from the playback device 3 to the nonlinear editing device 4 is completed. Therefore, thereafter, the non-linear editing device 4 can decrypt the encrypted content using the CKey included in the copyright protection information as necessary, and perform editing processing on the resulting content.

  As described above, the optical disc 11 has been described as an embodiment of the recording medium to which the present invention is applied. However, the present invention is not limited to the optical disc 11 and can be applied to various recording media. For example, the present invention can be applied to a semiconductor memory in which a security device is embedded. Here, the Security Device is a Device having a secure memory area and having functions such as generation of a key pair for public key encryption, generation of random numbers, encryption for public key encryption, and decryption.

  In this case, the recording / reproducing process is executed according to the flowchart of FIG. 9, for example. In the flowchart of FIG. 9, the above-described semiconductor memory is simply described as a medium. Further, it is assumed that the recording / reproducing process includes each process of a recording device (not shown) capable of recording on the medium and a reproducing device capable of reproducing on the medium.

  In step S101, the random number generator of the recorder generates Ckey.

  In step S102, the recording device acquires the public key of the media.

  In step S103, the recorder encrypts the CKey with the public key of the medium, and encrypts the content with the CKey.

  In step S104, the recorder records the encrypted content and CKey on the medium.

  In step S105, the media acquires the public key of the player.

  In step S106, the medium decrypts the encrypted CKey recorded with the secret key.

  In step S107, the media encrypts the decrypted CKey with the public key of the player.

  In step S108, the playback device acquires a CKey encrypted with the public key of the playback device itself.

  In step S109, the playback device decrypts the encrypted CKey sent with the secret key.

  In step S110, the recording device decrypts the encrypted content with the CKey.

  Thereby, the recording / reproducing process of FIG. 9 is completed.

  In a semiconductor memory in which such a security device is embedded, a certificate can be written at the same time when content is recorded. Therefore, information accompanying encryption such as security level of content such as an optical disc media such as the optical disc 11 is written In addition to just recording on the File System as rights protection information, it is possible to detect tampering of accompanying information accompanying encryption by embedding that information in the certificate. If it is detected, more advanced content protection can be realized by shutting down playback on the playback device side.

  By the way, the series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software executes various functions by installing a computer incorporated in dedicated hardware or various programs. For example, it is installed from a program recording medium in a general-purpose personal computer or the like.

  FIG. 10 is a block diagram showing an example of the configuration of a personal computer that executes the above-described series of processing by a program.

  In FIG. 10, a CPU (Central Processing Unit) 201 executes various processes according to a program stored in a ROM (Read Only Memory) 202 or a storage unit 208. A RAM (Random Access Memory) 203 appropriately stores programs executed by the CPU 201 and data. The CPU 201, ROM 202, and RAM 203 are connected to each other via a bus 204.

  An input / output interface 205 is also connected to the CPU 201 via the bus 204. Connected to the input / output interface 205 are an input unit 206 made up of a keyboard, mouse, microphone, and the like, and an output unit 207 made up of a display, a speaker and the like. The CPU 201 executes various processes in response to commands input from the input unit 206. Then, the CPU 201 outputs the processing result to the output unit 207.

  A storage unit 208 connected to the input / output interface 205 includes, for example, a hard disk, and stores programs executed by the CPU 201 and various data. The communication unit 209 communicates with an external device via a network such as the Internet or a local area network.

  Further, a program may be acquired via the communication unit 209 and stored in the storage unit 208.

  The drive 210 connected to the input / output interface 205 drives a removable medium 211 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and drives the programs and data recorded therein. Get etc. The acquired program and data are transferred to and stored in the storage unit 208 as necessary.

  As shown in FIG. 10, a program recording medium that stores a program that is installed in a computer and is ready to be executed by the computer includes a magnetic disk (including a flexible disk), an optical disk (CD-ROM (Compact Disc-Read). Only memory), DVD (Digital Versatile Disc), removable media 211, which is a package medium composed of a magneto-optical disk, semiconductor memory, or the like, or ROM 202 where a program is temporarily or permanently stored, or a storage unit It is constituted by a hard disk or the like constituting 208. The program is stored in the program recording medium using a wired or wireless communication medium such as a local area network, the Internet, or digital satellite broadcasting via a communication unit 209 that is an interface such as a router or a modem as necessary. Done.

  In the present specification, the step of describing the program stored in the program recording medium is not limited to the processing performed in time series in the order described, but is not necessarily performed in time series. Or the process performed separately is also included.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

It is a block diagram which shows the structural example of the information processing system to which this invention is applied. It is a figure which shows the structural example of the optical disk as a recording medium with which this invention is applied. FIG. 2 is a functional block diagram illustrating a functional configuration example of a recording device in the information processing system of FIG. 1. It is a functional block diagram which shows the functional structural example of the reproducing | regenerating apparatus among the information processing systems of FIG. It is a functional block diagram which shows the functional structural example of the nonlinear editing apparatus among the information processing systems of FIG. 3 is a flowchart illustrating an example of an encrypted content recording process performed by a recording device in the information processing system of FIG. 1. 3 is a flowchart for explaining an example of encrypted content playback processing by a playback device in the information processing system of FIG. 1. 2 is a flowchart for explaining an example of transfer processing by a playback device and a nonlinear editing device in the information processing system of FIG. 1. FIG. 3 is a flowchart for explaining an example of a recording / reproducing process in the case where a medium different from the example of FIG. It is a block diagram which shows the structural example of the personal computer which executes the program with which this invention is applied.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Content output device, 2 Recording device, 3 Playback apparatus, 4 Non-linear editing device, 11 Optical disk 11 RAM area, 22 ROM area 22 File System area, 31 Copyright protection information area, 51 Content acquisition part, 52 Switching part, 53 Encryption Enable / disable determination unit, 54 content encryption unit, 55 CKey generation unit, 56 reading unit, 57 CKey generation unit, 58 protection information encryption unit, 59 MKey generation unit, 60 edit information acquisition unit, 61 RAM area writing unit, 62 protection information area writing unit, 63 unique information reading unit, 101 reading unit, 102 MKey generation unit, 103 protection information decryption unit, 104 CKey acquisition unit, 105 metadata acquisition unit, 106 switching unit, 107 encryption presence / absence determination unit , 108 content decryption unit, 109 content reproduction unit, 110 transfer processing unit, 21 unique information reading unit, 122 protected information area reading unit, 123 read permission unit, 124 switch, 125 RAM area reading unit, 131 key exchange unit, 132 protection information encryption unit, 133 transmission unit, 151 reception unit, 152 key exchange Unit, 153 protection information decryption unit, 154 CKey acquisition unit, 155 metadata acquisition unit, 156 content acquisition unit, 157 switching unit, 158 encryption presence / absence determination unit, 159 content decryption unit, 160 editing unit, 161 content acquisition unit, 162 Edit list acquisition unit, 163 switching unit, 164 encryption presence / absence determination unit, 165 content encryption unit, 166 CKey generation unit, 167 metadata generation unit, 168 transmission unit, 201 CPU, 202 ROM, 208 storage unit, 211 removable media

Claims (20)

In an information processing apparatus for recording content on a recording medium,
First encryption means for encrypting the content using a first key;
Generating means for generating a second key using specific information capable of specifying the recording medium itself;
Second encryption means for encrypting the first key using the second key generated by the generation means;
An information processing apparatus comprising: recording means for recording the content encrypted by the first encryption means and the first key encrypted by the second encryption means on the recording medium. The second encryption means encrypts information including meta information related to the content in addition to the first key, using the second key as protection information for protecting the content,
The information processing apparatus according to claim 1, wherein the recording unit further records the protection information encrypted by the second encryption unit on the recording medium. The information processing apparatus according to claim 2, wherein the meta information includes information indicating an encryption algorithm employed in the first encryption unit. A decision means for deciding whether or not the content is encrypted;
The meta information includes a determination result by the determination unit,
When the determination unit determines to execute the content encryption, the first encryption unit encrypts the content, and the recording unit encrypts the content encrypted by the first encryption unit. And the protection information encrypted by the second encryption means is recorded on the recording medium,
When the determination unit determines that the content is not encrypted, the first encryption unit prohibits the content from being encrypted, and the second encryption unit converts the metadata into the protection information. The information processing apparatus according to claim 2, wherein the recording unit records the unencrypted content and the protection information encrypted by the second encryption unit on the recording medium. The information processing apparatus according to claim 2, wherein the meta information includes information indicating a security level of the content. The recording unit records the content in a first area of the recording medium, and records the first key in a second area different from the first area of the recording medium. Information processing device. The first encryption means encrypts each of the plurality of contents by using the different first keys,
7. The recording unit according to claim 6, wherein the recording unit records the plurality of contents in the first area, and records each of the first keys corresponding to each of the plurality of contents in the second area. Information processing device. In an information processing method of an information processing apparatus for recording content on a recording medium,
Encrypting the content using a first key;
Using specific information that can identify the recording medium itself, generate a second key,
Using the generated second key to encrypt the first key;
An information processing method including a step of controlling recording of the encrypted content and the encrypted first key on the recording medium. A program for causing a computer that controls processing of recording content to a recording medium to execute the program,
Encrypting the content using a first key;
Using specific information that can identify the recording medium itself, generate a second key,
Using the generated second key to encrypt the first key;
A program comprising a step of controlling recording of the encrypted content and the encrypted first key on the recording medium. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
In an information processing apparatus for reproducing the content from a recording medium on which at least an encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded,
Reading means for reading information from the recording medium;
Generating means for generating the second key using the specific information read by the reading means;
Using the second key generated by the generating means, decrypting the encryption key read by the reading means and, as a result, obtaining the first key;
An information processing apparatus comprising: a content decrypting unit that decrypts the encrypted content read by the reading unit using the first key obtained by the key decrypting unit, and obtains the content as a result. Information including meta information related to the content in addition to the first key is encrypted using the second key as protection information for protecting the content, and the resulting encrypted protection information is Recorded on a recording medium,
The key decryption means decrypts the encrypted protection information read by the reading means using the second key, and obtains the protection information as a result,
The information processing apparatus according to claim 10, wherein the content decrypting unit decrypts the encrypted content by using the first key included in the protection information obtained by the key decrypting unit. The meta information includes information indicating an encryption algorithm used in encrypting the content,
The content decryption unit decrypts the encrypted content according to a decryption algorithm corresponding to the encryption algorithm indicated by the meta information included in the protection information obtained by the key decryption unit. Information processing device. The recording target of the recording medium further includes unencrypted content in addition to the encrypted content,
The meta information includes information indicating whether or not the content recorded on the recording medium is encrypted,
The information processing apparatus according to claim 11, further comprising: a decryption control unit that controls permission and prohibition of processing of the content decryption unit based on the meta information included in the protection information obtained by the key decryption unit. . The encrypted content is recorded in a first area of the recording medium, and the first key is recorded in a second area different from the first area of the recording medium;
The information processing apparatus according to claim 10, further comprising an access control unit that controls permission and prohibition of access to the second area by the reading unit. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
Information processing method of information processing apparatus for reproducing the content from a recording medium recorded with at least an encryption key obtained by encrypting the first key using the second key based on the specific information In
Generating the second key using the specific information read from the recording medium;
Decrypting the encryption key read from the recording medium using the generated second key;
An information processing method including a step of controlling the decryption of the encrypted content read from the recording medium using the first key obtained as a result and obtaining the content as a result. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
Executed by a computer that controls processing for reproducing the content from a recording medium recorded with at least an encryption key obtained by encrypting the first key using the second key based on the specific information A program to
Generating the second key using the specific information read from the recording medium;
Decrypting the encryption key read from the recording medium using the generated second key;
A program including the step of controlling the decryption of the encrypted content read from the recording medium using the first key obtained as a result, and obtaining the content as a result. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
In an information processing apparatus for reading information from a recording medium on which at least an encryption key obtained by encrypting the first key using the second key based on the specific information is recorded and transferring the information to another apparatus ,
Reading means for reading information from the recording medium;
Generating means for generating the second key using the specific information read by the reading means;
Using the second key generated by the generating means, decrypting the encryption key read by the reading means and, as a result, obtaining the first key;
Key exchange means for exchanging keys with the other device to obtain a third key;
Key encryption means for encrypting the first key obtained by the key decryption means using the third key obtained by the key exchange means;
An information processing apparatus comprising: transfer means for transferring each of the encrypted content read by the reading means and the first key encrypted by the key encryption means to the other device. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
An information processing apparatus that reads information from a recording medium on which at least an encryption key obtained by encrypting the first key using the second key based on the specific information is recorded and transfers the information to another apparatus In the information processing method,
Generating the second key using the specific information read from the recording medium;
Decrypting the encryption key read from the recording medium using the generated second key;
The first key obtained as a result is encrypted using a third key obtained by exchanging keys with the other device,
An information processing method including a step of controlling transfer of each of the encrypted content read from the recording medium and the encrypted first key to the different device. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
Controlling reading of information from a recording medium on which at least an encryption key obtained by encrypting the first key using the second key based on the specific information is recorded and transferring it to another device A program to be executed by a computer,
Generating the second key using the specific information read from the recording medium;
Decrypting the encryption key read from the recording medium using the generated second key;
The first key obtained as a result is encrypted using a third key obtained by exchanging keys with the other device,
A program including a step of controlling transfer of each of the encrypted content read from the recording medium and the encrypted first key to the different device. Specific information that identifies you,
Encrypted content obtained as a result of encrypting the content using the first key;
A recording medium on which an encryption key obtained as a result of encrypting the first key using the second key based on the specific information is recorded.

Images