JP2007318583A - Content reproducing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a content reproducing apparatus capable of simplifying a decryption processing while maintaining the security of a decryption key for encrypted content. <P>SOLUTION: The apparatus decrypts a decrypt key to be encrypted obtained by encrypting a shared key used for encryption of the content by using a public key and thereafter the apparatus encrypts the key by using a newly produced protection key again and stores the resulting key therein. In the case of reproducing the content, the apparatus decrypts the decryption key to be encrypted, which is subjected to encryption by the protection key, by using the protection key to obtain the decryption key and decrypts the content to be encrypted by the decryption key. Preferably, a high-order layer 301 an a lower-order layer 302 of a software processing system of the apparatus respectively generate pseudo random numbers 31, 32 and the apparatus merges them to obtain the protection key 22. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a content playback apparatus for playing back content, and more particularly to a playback apparatus for encrypted content.

  As an encryption method, a symmetric key encryption method (also called a common key encryption method) that uses the same key as that used for encryption for decryption has long been known. When this method is used for encrypted communication of contents on the Internet, there is a problem that encryption cannot be used when a common key that should be kept secret is first passed to the recipient. On the other hand, a different pair of keys are generated for encryption and decryption, the encryption key is made public, and the decryption key is kept secret. ) Is also known. RSA and elliptic curve cryptosystems are well known as examples of public key cryptosystems.

  The public key cryptosystem does not need to transmit a secret key, but has a drawback in that a large amount of calculation is required for encryption and decryption, and processing time becomes long. Therefore, in general, a so-called hybrid method is used in which a common key used in a symmetric key encryption method is encrypted by a public key encryption method and delivered to a recipient, and a common key is used for actual encryption of content.

  In addition, by using the digital signature technique in the public key cryptosystem, the sender's signature is decrypted using the decryption key disclosed by the sender, so that the document is actually sent from the sender. It can be confirmed that it is a thing (not tampered).

  Note that even with the digital signature technology, it is impossible to cope with the case where another person pretends to be the original sender and sends out a fake decryption key and sends the content. Therefore, in e-commerce, etc., senders register their public keys with a certificate authority (CA), receive a public key certificate, send it to the receiver with the signature attached, and prevent spoofing. The technology of electronic authentication is adopted.

  According to the above-described hybrid encryption system, the time required for the decryption process is shortened, but it is not preferable in terms of security to store the decryption key once taken out in the apparatus as it is. However, each time the content is played, the decryption procedure of the public key cryptosystem that decrypts the encrypted key to decrypt the ciphertext and confirms the digital signature is complicated, and content decryption (for example, music It is disadvantageous from the viewpoint of required time and power consumption to perform these processes each time data or moving image data is reproduced).

  In such a background, the present invention makes it possible to simplify the decryption process while maintaining the security of the decryption key of the encrypted content in the content reproduction apparatus.

  A content playback apparatus for playing back content according to the present invention includes means for decrypting an encrypted decryption key, protection key generation means for generating a protection key for encryption used in the apparatus, and the decryption key. Means for encrypting with the protection key; means for decrypting with the protection key the decryption key encrypted with the protection key when reproducing the content to be encrypted; and Means for decrypting the encrypted content.

  The decryption key used for decrypting the content to be encrypted is encrypted, and the decryption key obtained by the decryption is encrypted with a protection key for encryption used in the device generated separately, Save with. When reproducing the content, the decryption key encrypted with the protection key is decrypted with the protection key to obtain the decryption key, and thus the encrypted content is decrypted.

  The protection key generation unit generates the protection key based on, for example, a pseudo random number generated corresponding to the storage medium storing the encrypted content. Thereby, a protection key unique to the storage medium is obtained. The protection key generation means generates first and second pseudo random numbers by at least one of the upper layer and the lower layer of the software processing system, and preferably by the upper layer and the lower layer of the software processing system, respectively. Are generated according to a predetermined combining rule to generate the protection key.

  According to the present invention, it is possible to maintain the security of the decryption key by newly generating a protection key for encryption used in the apparatus and encrypting and storing the decryption key with this protection key. In addition, the encryption method using the protection key is a symmetric key encryption method with relatively simple encryption and decryption processing, thereby reducing the load of decryption processing for each content playback, reducing the processing time and power consumption. Can be planned.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described in detail with reference to the drawings.

  First, the mechanism of a hybrid encryption system used in the present embodiment will be described with reference to FIG. The operations performed on the transmission side 10 and the reception side 20 when transmitting from the document (arbitrary data such as text, image, sound, program, etc.) encrypted from the transmission side 10 to the reception side 20 via the communication interface are as follows. It is as follows.

(Sender 10)
The plaintext (content) 14 to be encrypted and transmitted is irreversibly converted into a message digest (MD) 12 by a hash function, and this MD12 is sent to the sender's private key 11 (the secret key of a pair of keys of the public key cryptosystem). The digital signature 13 is generated by encryption. The digital signature 13, the plaintext 14, and the sender certificate 15 are encrypted with a symmetric key encryption common key 17 to generate a ciphertext (called a signature message) 16. The sender's certificate 15 includes the sender's signature public key 15a and the expiration date, purpose of use, serial number, CA signature, and the like of the certificate. The common key 17 is encrypted with the recipient's public key 18 and becomes the encrypted key 19. The transmitting side 10 transmits the ciphertext 16 and the encrypted decryption key 19 to the receiving side 20.

(Receiving side 20)
The receiving side 20 decrypts the encryption / decryption key 19 with the recipient's private key 21 paired with the recipient's public key 18 to obtain the common key 17. The ciphertext 16 is decrypted with the common key 17. As a result, the digital signature 13, the plaintext 14, and the sender certificate 15 are obtained. In addition, the digital signature 13 is decrypted with the sender's signature public key 15 a to obtain the MD 12. On the other hand, MD23 is generated from the plaintext 14 with the same hash function as described above. If this MD23 is compared with MD12 and a coincidence between them is detected, it is confirmed that the plaintext 14 has not been tampered with. Further, the authenticity of the sender is proved by the certificate 15.

  As described above, the receiving side 20 decrypts the encrypted decryption key 19 to obtain the common key 17, decrypts the ciphertext 16 using this as the decryption key, and further confirms the digital signature. The decryption procedure is complicated, and it is disadvantageous from the viewpoint of required time and power consumption to perform these processes each time content is decrypted (for example, reproduction of music data or moving image data). However, it is not preferable in terms of security to store the common key 17 obtained once decrypted as it is.

  Therefore, in the present embodiment, a new protection key 22 is generated by a symmetric key encryption method using a simple method, and the common key 17 is encrypted and stored using this protection key 22. Details of the generation method and management of the protection key 22 will be described later.

  FIG. 2 shows a hardware configuration example of a mobile phone terminal as a content reproduction apparatus to which the present invention is applied.

  The mobile phone terminal 100 includes an antenna 201, a transmission / reception processing unit 203, a modulation / demodulation processing unit 205, a data processing unit 207, a D / A converter 209, a speaker 210, an A / D converter 211, and the like as elements unique to the mobile phone. A microphone 212 is provided. The mobile phone terminal 100 also includes a control unit 225 including a CPU for controlling these elements, a storage area for programs executed by the control unit 225, and an internal area used as a work area and a temporary storage area for data. A memory 227, a display unit 220 including a display device such as a liquid crystal or an organic EL functioning as a user interface, an operation unit 223 including operation elements such as arbitrary operation keys and buttons and a dial, a timepiece having generation of date information and a timer function Unit 228 and an external memory (external storage medium) 229 that can be attached to and detached from the casing of the terminal.

  The internal memory 227 includes a read-only memory (EEPROM or flash memory) in which information can be electrically written and erased, and accepts normal mobile phone terminal operation input, communication, mail processing, web processing, display, voice input. Control programs for various operations such as output, telephone directory management, schedule management, encryption / decryption processing, and the like are stored.

  FIG. 3 shows the general configuration of the software processing system of the receiving terminal. A software processing system usually has a hierarchical structure. That is, a lower layer 302 such as middleware exists below an upper layer 301 such as an application, and an operating system (OS) 303 exists further below. The upper layer 301 has an application function including a function of obtaining a common key for decryption and decrypting the content. The lower layer 302 performs processing such as decryption of a public key cryptosystem, generation of a protection key, encryption and decryption of a decryption key using the protection key, and the like.

  In the present embodiment, first and second pseudo random numbers 31 and 32 are generated on the application side, which is the upper layer, and the engine (middleware) side, which is the lower layer, and the protection key 22 is obtained by combining both. By generating and encrypting the decryption key (common key 17) with this protection key 22, processing is reduced and safety is achieved.

  FIG. 4 shows various processes executed by the data processing unit 207 and the storage area or data secured in the internal memory 227 in the present embodiment.

  The data processing unit 207 includes a data reception process 401 for receiving data via a communication network, a decryption process 402 by a public key cryptosystem, a decryption key management 403 for managing a decryption key (common key), and a protection key 22 Protection key generation / management 404 for generating and managing, table management 405 for managing generation / update / deletion of a data table (decryption key information table) to be described later, decryption key encryption processing 406 by the protection key 22, An encryption / decryption key decryption process 407 and a content reproduction process 408 are included. In this figure, the upper layer and the lower layer are not particularly distinguished.

  The internal memory 227 is provided with respective storage areas for storing the ciphertext 411 including the encrypted content received (downloaded) by the data reception processing 401, the protection key 22, and the decryption key information table 413, and a data processing unit. A work area 414 that 207 uses for temporary storage of data is provided. The decryption key information table 413 is a table for storing an encrypted decryption key, which is an encrypted decryption key (common key), together with necessary information, and whether the area should be secured in an area that cannot be directly touched by the file system. Alternatively, it is prepared in an area where restrictions are applied.

  FIG. 5 is a diagram similar to FIG. 4, but shows a case where the ciphertext 411 including the encrypted content is stored in the external memory 229. Elements similar to those in FIG. 4 are denoted by the same reference numerals, and redundant description is omitted.

  6A shows a configuration example of the internal memory decryption key information table 413a corresponding to the case of FIG. 4, and FIG. 6B shows the external memory decryption key information table 413b corresponding to the case of FIG. A configuration example is shown. The internal memory decryption key information table 413a stores a content name (content identification information) 431, an encrypted decryption key 24 (encrypted with the protection key 22) corresponding to the content, and other optional additional information 433. is doing. The encryption / decryption key 24 is different from the encryption / decryption key 19 encrypted with the public key 18, and its decryption processing has a relatively light processing load. The external memory decryption key information table 413b is similar to the internal memory decryption key information table 413a, but stores external storage medium specifying information 441 in addition to its configuration. The external storage medium specifying information 441 is information for specifying each external storage medium, and thus, correspondence between each external storage medium and the decryption key information table 413b can be taken.

  FIG. 7 is a flowchart showing an example of processing related to content reproduction in the present embodiment. When content playback is instructed (S11, Yes), if the content specified by the user is content stored in the external memory (S12, Yes), does the external memory decryption key information table 413b exist? A check is made (S13). If not, the process proceeds to step S16 described later. If there is, it is checked whether there is information on the content in the table (S15). If there is information on the content, the process proceeds to step S18 described later. If there is no information about the content, the process proceeds to step S16.

  If it is determined in step S12 that the content is content in the internal memory, it is checked whether the internal memory decryption key information table 413a exists (S14). If it exists, the process proceeds to step S15. If not, the process proceeds to step S16.

  In step S16, the decryption process by the public key cryptosystem mentioned above is performed (S16). Therefore, the decryption key thus obtained is simply encrypted with the protection key 22 generated in the terminal, and the decryption key information table 413a or 413b is generated and managed (S17). A specific example of generation of the protection key 22 will be described later. If the protection key has already been generated and stored, it can be omitted in step S17.

  In the subsequent step S18, the encrypted decryption key 24 is acquired with reference to the decryption key information table. Next, the encrypted decryption key 24 is decrypted with the protection key 22 (S19). The ciphertext 411 including the content to be encrypted is decrypted with the decryption key (common key 17) obtained by this decryption and reproduced (S20). The decrypted content is deleted when the application ends.

  By such processing, a protection key 22 by a symmetric key encryption method is once generated. The decryption key (common key 17) is encrypted with this protection key and stored in the terminal, so that the content and the decryption key can be stored. It is possible to quickly execute decryption of the encrypted content when necessary without saving the data as it is.

  FIG. 8 is a flowchart showing a specific example of the process of step S17 of FIG. In FIG. 8, the processing is divided into upper layer and lower layer processing of the software processing system.

  The upper layer first acquires the storage medium ID and the current time (date and time) of the internal memory or external memory in which the content to be reproduced is stored (S21). The storage medium ID is information for uniquely identifying each storage medium. In the case of a storage medium without a storage medium ID, the time when the storage medium is first used may be used.

  The upper layer generates a first pseudo random number (for example, 128 bits) based on the storage medium ID and the time (S22). As a result, this pseudo-random number is unique to this storage medium and date and time. Next, the first pseudo random number is passed to the lower layer (S23).

  The lower layer receives the first pseudo random number from the upper layer (S31), and generates a second pseudo random number (for example, 128 bits) based on the first pseudo random number and the current time (S32). Next, the generated second pseudo random number is passed to the upper layer (S33). Therefore, the protection key 22 is generated by combining the first and second pseudorandom numbers (S34). This “combination” is performed by a predetermined arbitrary coupling rule such as a logical operation of both pseudo-random numbers (for example, AND, OR, EOR, etc.) or a simple serial combination of bit strings. The decryption key (common key 17) is encrypted with this protection key 22 (S35). Therefore, the encrypted decryption key is stored in the decryption key information table in the storage area designated by the upper layer (S36). The decryption key information table itself may be generated in either the upper layer or the lower layer. This storage is notified to the upper layer (S37).

  When the upper layer receives the second pseudo random number from the lower layer (S24), it combines the first and second pseudo random numbers to generate the protection key 22 (S25). This coupling rule is the same as that in the lower layer. The upper layer stores the generated protection key in the terminal (for example, a predetermined area of the internal memory) (S26) and uses it when decrypting the encrypted content.

  The encryption / decryption key 24 cannot be decrypted without using the protection key 22. Therefore, the encrypted content cannot be decrypted. When the encrypted content is stored in the external memory, since the decryption key is stored only in a specific terminal, the encrypted content cannot be reproduced unless the external memory is attached to the same terminal.

  The upper layer independently generates the protection key separately from the first and second pseudo-random numbers, but may receive the protection key generated by the lower layer. When the upper layer and the lower layer are realized by different hardware devices, for example, when the upper layer is realized by a CPU and the lower layer is realized by a sub CPU, a protection key is exchanged by inter-device communication. . Therefore, from the viewpoint of security, it is desirable that the upper layer and the lower layer generate protection keys separately. Even in this case, pseudorandom numbers are exchanged between the upper layer and the lower layer, but the coupling rule is not visible outside the upper layer and the lower layer.

  The table for the internal storage medium and the table for the external storage medium are held separately.

  In consideration of safety and necessity, the table for the external storage medium may be generated when the external memory is inserted into the terminal and may be deleted when the table is removed. However, if it is desired to retain the data after the external memory is removed, it is possible to select “hold” by having “external storage medium specifying information” in the table.

  Although the content reproduction instruction is issued from the upper layer, the actual content reproduction processing itself can be performed in either the upper layer or the lower layer.

  The preferred embodiments of the present invention have been described above, but various modifications and changes other than those mentioned above can be made. For example, the protection key 22 may be changed periodically, and the decryption key information table may be periodically updated accordingly.

It is a figure for demonstrating the mechanism of the hybrid type encryption system utilized in embodiment of this invention. It is a figure which shows the hardware structural example of the mobile telephone terminal as a portable terminal device with which this invention is applied. FIG. 3 shows a rough software processing system configuration of the terminal shown in FIG. 2. FIG. It is a figure which shows the various processes performed by the data processing part in embodiment of this invention, and the storage area or data ensured in an internal memory. It is a figure which shows the storage area or data ensured with the various processes performed by the data processing part in embodiment of this invention, and an internal memory and an external memory. FIG. 6 is a diagram showing a configuration example of an internal memory decryption key information table corresponding to the case of FIG. 4 and an external memory decryption key information table corresponding to the case of FIG. 5. It is a flowchart showing the process example regarding the reproduction | regeneration of the content in embodiment of this invention. It is the flowchart which showed the specific example of the process of step S17 of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Transmission side, 11 ... Private key, 13 ... Digital signature, 14 ... Plain text, 15 ... Certificate, 15a ... Public key for signature, 16 ... Cipher text, 17 ... Common key, 18 ... Public key, 19 ... Encrypted Encryption / decryption key, 20 ... reception side, 21 ... secret key, 22 ... protection key, 24 ... encryption / decryption key, 31,32 ... pseudo-random number, 100 ... cell phone terminal, 227 ... internal memory, 229 ... external memory, 301 ... Upper layer, 302 ... Lower layer, 411 ... Ciphertext, 413 ... Decryption key information table, 413a ... Internal memory decryption key information table, 413b ... External memory decryption key information table, 414 ... Work area, 433 ... Addition Information, 441 ... External storage medium specifying information

Claims (7)

A content playback device for playing back content,
Means for decrypting the encrypted decryption key;
Protection key generation means for generating a protection key for encryption used in the device;
Means for encrypting the decryption key with the protection key;
Means for decrypting, with the protection key, the decryption key encrypted with the protection key when reproducing the encrypted content;
Means for decrypting the content to be encrypted with the decrypted decryption key.   The content reproduction apparatus according to claim 1, wherein the protection key generation unit generates the protection key based on a pseudorandom number generated corresponding to a storage medium storing the encrypted content.   The content reproduction apparatus according to claim 1, wherein the protection key generation unit generates the pseudo random number in at least one of an upper layer and a lower layer of a software processing system.   The protection key generation means generates first and second pseudo random numbers in an upper layer and a lower layer of the software processing system, respectively, and generates the protection key by combining both pseudo random numbers according to a predetermined combination rule. The content reproduction apparatus according to claim 3.   The content reproduction apparatus according to claim 1, wherein at least the decryption key is encrypted by a public key cryptosystem.   The content reproduction apparatus according to claim 1, further comprising: an information table that stores the decryption key encrypted with the protection key together with identification information of the corresponding content.   7. The content playback apparatus according to claim 6, wherein when the encrypted content is stored in an external storage medium, the information table corresponding to the content is deleted when the external storage medium is removed from the apparatus.

Images