JP2008099087A - Information recording and reproducing program, information processing apparatus, and information recording and reproducing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable content data to be recorded on a recording medium or to be utilized safely by processing of a general-purpose program. <P>SOLUTION: A module I/F 121 executes mutual authentication processing with a secure module 100 and when the mutual authentication processing is executed rightly, records of content data and content utilization information required for utilizing the content data are acquired from the secure module 100. A DRM processing unit 17 operates the content utilization information acquired by the module I/F 121 after the mutual authentication processing to convert the content data into an unavailable state and records the content data in an HDD 15. Furthermore, the content utilization information similarly acquired by the module I/F 121 after the mutual authentication processing is made to act on the content data read from the HDD 15 so as to convert the content data into an available state. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information recording / reproducing program for causing a computer to execute processing for recording information on a recording medium and reproducing the recorded information, an information processing apparatus for executing the program, and an information recording / reproducing method. The present invention relates to an information recording / reproducing program, an information processing apparatus, and an information recording / reproducing method capable of safely handling right-protected content data.

  In recent years, video recorders having two types of recording devices such as HDDs (Hard Disk Drives) and DVD (Digital Versatile Disk) optical disk recording drives have become widespread. In such a video recorder, for example, video content intended for time-shifted viewing is recorded on an HDD, and video content intended for long-term storage is recorded on an optical disc.

  Recently, a Blu-ray Disc (registered trademark of Sony Corporation, hereinafter abbreviated as BD) has been realized as an optical disc capable of recording a larger amount of data. By using BD, for example, digital data of HDTV (High Definition TeleVision) video provided by digital broadcasting can be recorded on one BD for about 2 hours on one side.

  Thus, as high-quality digital content can be easily stored in a portable recording medium, the importance of protecting the copyright of the digital content is increasing. For this reason, even in the video recorder as described above, means for preventing illegal copying of copyright-protected content is taken.

FIG. 18 is a block diagram showing functions of the conventional video recorder as described above.
In this video recorder 900a, a tuner 901 receives digital TV content (video content) of a predetermined channel and demodulates it. Since demodulated video content data (hereinafter abbreviated as content data) is encrypted, it is recorded in a B-CAS (BS-Broadcasting Satellite) card 902a by an encryption processing unit 902. Decrypted using the key information. The decrypted content data is MPEG-2 (Moving Picture Experts Group-phase 2) stream data. When viewing a TV broadcast, the stream data is decoded by a decoder 903, Data is supplied to the graphic processing unit 904 to generate a display signal. Thus, the TV image is displayed on the external display 904a.

  When content data received from a digital broadcast is recorded in the HDD 905, the content data (baseband data) decoded by the decoder 903 is re-encoded by a CODEC (Encoder / Decoder) 906, and a DRM processing unit (Digital Rights) Management) 907 is encrypted and recorded in HDD 905.

  Here, the DRM processing unit 907 is a block that performs processing for protecting the copyright of the content data when recording / reproducing the content data using the HDD 905. For example, the DRM processing unit 907 is an encryption for recording on the HDD 905. The key information used when decrypting or decrypting encrypted content data is stored as secure information (SI: Secure Information) 907a. The DRM process for the HDD 905 can adopt a method unique to the video recorder 900a. For example, the content data is encrypted using the key information unique to each HDD 905 or each video recorder 900a and recorded in the HDD 905. Even when the content data is copied to another device, it cannot be decrypted.

  When content data received from a digital broadcast is recorded on an optical disc through the optical disc drive 908, similarly, the content data (baseband data) decoded by the decoder 903 is re-encoded by the CODEC 909, and the DRM processing unit 910 The encrypted data is supplied to the optical disk drive 908 and recorded on the optical disk.

  Here, the DRM processing unit 910 is a block that performs processing for protecting the copyright of the content data when recording / reproducing the content data using the optical disc. For example, the DRM processing unit 910 encrypts or decrypts the content data. The key information used at the time of the security is held as secure information 910a. As DRM processing standards for optical disks, for example, CPRM (Content Protection for Recordable Media) is used for DVD, and AACS (Advanced Access Content System) is used for BD. When these DRM standards are used, the DRM processing unit 910 stores key information used for mutual authentication processing with the optical disc drive 908 as secure information 910a.

  Further, the video recorder 900 a can move the content data received from the digital broadcast and recorded in the HDD 905 to the optical disc through the optical disc drive 908. When copy control information (Copy Once, Copy Once) indicating that copying can be performed only once is added to the content data recorded in the HDD 905, the content data is supplied to the CODEC 906 via the DRM processing unit 907. After being decoded, it is re-encoded by the CODEC 909, encrypted by the DRM processing unit 910, and recorded on the optical disc by the optical disc drive 908. At the same time, the original content data in the HDD 905 is deleted (or made unusable).

  In the above description, when the content data received from the digital broadcast is recorded on the HDD 905 or the optical disc, the content data is once decoded and then re-encoded. However, such decoding / encoding is not performed. In addition, the original data stream may be supplied to the DRM processing units 907 and 910 as they are, and may be encrypted and recorded on the HDD 905 or the optical disc. Similarly, when content data is moved from the HDD 905 to the optical disk, the content data may be moved without being decoded / encoded.

  As described above, the conventional video recorder 900a can handle copyright-protected content data by providing a function for protecting the copyright of the content data. In particular, in a video recording dedicated device, the above functions are realized as a closed circuit with respect to the outside, so it can be said that it is relatively easy to improve the safety and effectiveness of such a copyright protection function.

  At present, it is not permitted to move content data from the optical disk to the HDD 905. However, in the future, information on an area inaccessible by the user in the BD is rewritten from the optical disk drive 908 to allow / It is possible to move from the BD to the HDD or the like by making the control impossible or the number of copies.

  Further, as a conventional technique that enables the move, in order to invalidate the original data at the time of the move, the partial data that is determined to be invalidated among the target data recorded on the recording medium is sequentially invalidated. There has been an invalidation device including an invalidation unit (see, for example, Patent Document 1). In addition, as a related art related to the above, when encrypting the content in the HDD and backing it up to another recording device, the device information such as the HDD ID and the encryption key are saved, and when restoring, Compared with device information at the time of backup and device information at the time of backup, the content is decrypted when it is determined that it is not an illegal restoration, thereby protecting the copyright and enabling the backup of the content. (For example, see Patent Document 2).

  Recently, personal computers (PCs) having a TV recording function are also widely used. In particular, PCs capable of recording HD-quality video content on an HDD or the like through digital broadcasting have attracted attention.

  FIG. 19 is a block diagram illustrating functions of a PC having a TV recording function. In FIG. 19, the functional blocks corresponding to FIG. 18 are given the same reference numerals, and the description thereof is omitted here.

  In the PC 900b shown in FIG. 19, the functional block configuration for displaying the video content received by the tuner unit 901 on the display 904a and recording the content data on the HDD 905 is almost the same. However, the hardware configuration of the PC 900b for realizing these functions is different from that for video recording dedicated devices. For example, the functions of a digital broadcast tuner unit 901, an encryption processing unit 902 using a B-CAS card 902 a, and a decrypted content data decoder 903 are realized as hardware circuits such as a tuner board 920. In addition, CODECs 906 and 909 used at the time of recording and reproducing content data on the HDD 905 and the optical disk, the DRM processing units 907 and 910 corresponding to the respective recording media, and the like, an application program 930 in which these processing procedures are described is a CPU. This is realized by being executed by (Central Processing Unit).

  In the PC 900b having such a hardware configuration, when content data received from a digital broadcast is to be recorded in the HDD 905, the content data is transferred when the content data is transferred from the decoder 903 to the CODEC 906 (ie, from the tuner board 920 to the CPU). Data flows through the CPU bus to the outside. Since the PC has an open architecture that assumes the connection of general-purpose devices, and is a specification that allows transfer data on the CPU bus to be easily extracted, conventional PCs use content data received from digital broadcasts such as HDDs. Many of the recording media were not able to be recorded.

  Further, in order to be able to record content data received from a digital broadcast in the HDD 905, the PC 900b in FIG. Are provided with local encryption processing units 921 and 931 that respectively execute encryption of content data transferred to the network and decryption of the content data. Thereby, unauthorized use of content data flowing in the CPU bus can be prevented.

  In the above configuration example, the function (decoder 903) for decoding the content data received from the digital broadcast is realized by hardware in the tuner board 920, but this function is realized as software executed by the CPU. May be. In this case, it is necessary to encrypt the content data from the tuner board 920 to the decoder 903 and transfer it through the CPU bus.

  Further, when the copyright-protected content data is permitted to be stored in the HDD, it is necessary to safely manage the content data so as not to be used illegally. In the video recorder, the content data is encrypted and recorded in the HDD, and the content data in the HDD can be decrypted only by the same video recorder, thereby enabling a safe move to the optical disc. However, in general, a PC in which the HDD can be replaced has a problem that it is not always possible to prevent unauthorized use of the encrypted content data in the HDD simply by encrypting the content data and recording it in the HDD. For example, after removing the HDD that stores the encrypted content data and backing up the data in the other HDD by bit by bit, the original HDD is returned to the PC, Move content data to optical disc. Next, when all the data is returned from the backup destination HDD to the HDD, the content data in the data can be moved again on the PC, and virtually unlimited copying becomes possible.

  Furthermore, it is necessary to hold key information for encrypting and decrypting content data in the PC, but since the PC has an open specification, it is not easy to handle the key information safely.

  Due to the above problems, the PC generally does not allow the content data recorded on the HDD to be moved to another recording medium such as an optical disk, and functions so that the content data can be used only by the same PC. Are often restricted.

In particular, in digital broadcasting, at present, a relatively strong copyright protection function is used in which descrambling is performed by hardware processing using a B-CAS card. Therefore, in order to make it possible to move such content data on a PC, it is important to secure the same copyright protection safety as that.
JP 2002-244926 A (paragraph numbers [0024] to [0037], FIG. 2) JP 2003-224557 A (paragraph numbers [0032] to [0047], FIG. 4)

  By the way, in the PC, various functions can be realized by installing a software program because of its structure. Therefore, by making the content data available on the PC, it is possible to handle content data in a new format by adding or updating (upgrading) the program, and easily handling new media, devices, and services. Various merits such as being possible are born. Also, since it is easy to add an HDD or use as a file server in a PC, content data can be moved between different recording media or between different devices on such a PC. As a result, it is possible not only to record / reproduce content data but also to efficiently organize and use the content data. Furthermore, there is an advantage that, when a PC or HDD is replaced, content data purchased in the past can be used.

  However, as described above, at present, the content data recorded in the HDD can basically be used only by the device, and it is not permitted to move the content data to another recording medium. Therefore, there has been a problem that the user cannot receive the above-mentioned merit unique to the PC.

  In addition, the PC has a great merit that various functions as described above can be distributed in large quantities as software programs. That is, such software programs can be easily distributed in large quantities as package media or through a network.

  When the processing function of the recorder device is to be realized as a software program, mutual authentication is required between the software program and the device to be used. For this reason, key information used for authentication with the device must be assigned to the software program itself. However, it is very difficult to assign such unique information to each of the software programs distributed in large quantities, and in reality there is no choice but to realize functions equivalent to those of a video recorder by using only dedicated software for each device. . Therefore, features such as ease of distribution of software programs to users and high functionality expandability by adding programs are hindered.

  The present invention has been made in view of the above points, and an information recording / reproducing program that can safely execute recording of content data on a recording medium and use of the content data by processing of a general-purpose program. An information processing apparatus and an information recording / reproducing method are provided.

  In the present invention, in order to solve the above-mentioned problem, an information recording / reproducing program for recording information on a recording medium and causing a computer to execute a process of reproducing the recorded information is necessary for recording and using content data. Authentication processing means for executing mutual authentication processing with a usage information management unit that manages content usage information, and acquiring the content usage information from the usage information management unit when the mutual authentication processing is correctly executed The content use information acquired by the authentication processing means is acted on to convert the content data into an unusable state and recorded on the recording medium, the content data recorded on the recording medium Read and use the content usage information acquired by the authentication processing means to make it usable Information recording and reproducing program for causing the computer to function as the read control means for conversion is provided.

  Here, the content usage information necessary for recording and using the content data is managed by the usage information management unit, and the authentication processing means executes mutual authentication processing with the usage information management unit, When the mutual authentication process is correctly executed, the content usage information is acquired from the usage information management unit. The writing control means acts on the content usage information acquired after the mutual authentication processing by the authentication processing means to convert the content data into an unusable state, and then records the content data on the recording medium. The read control means converts the content usage information acquired after the mutual authentication processing by the authentication processing means into a usable state by acting on the content data read from the recording medium, and for example, converts the content data on the computer. It becomes possible to play with.

  According to the information recording / reproducing program of the present invention, the content usage information necessary for recording and using the content data is managed by the usage information management unit. Since the content usage information is acquired only when the authentication process is correctly executed, the content usage information can be acquired safely. Using the acquired content usage information, it is possible to convert the content data recorded on the recording medium into an unusable state and to convert the content data read from the recording medium into an available state become. Therefore, by executing this information recording / reproducing program, it is possible to record the content data on the recording medium and reproduce the content data while reliably protecting the copyright of the content data. In addition, since it is no longer necessary to assign content usage information to the information recording / reproducing program itself, a large amount of information recording / reproducing programs can be distributed regardless of the method of recording content data on the recording medium and variations in the usage method. Can be installed and run on any computer.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
[First Embodiment]
FIG. 1 is a block diagram showing a functional configuration of a PC according to the first embodiment of the present invention.

  1 includes a tuner unit 11, an encryption processing unit 12, a decoder 13, a graphic processing circuit 14, an HDD 15, a CODEC 16 and DRM processing unit 17 for the HDD 15, a BD drive 18, a CODEC 19 and a DRM processing unit 20 for BD, A secure module 100, a module I / F (interface) 121, and local cryptographic processing units 111 and 122 are provided.

  The tuner unit 11 receives a broadcast radio wave received by an external antenna, selects a signal having a predetermined carrier frequency in accordance with an instruction from a CPU, which will be described later, demodulates the selected received signal, and performs an encryption processing unit 12. Output to. The broadcast radio wave may be, for example, a ground wave or a satellite wave relayed by BS or CS (Communication Satellite). Moreover, you may receive a broadcast signal through a wired cable.

  When the signal output from the tuner unit 11 is scrambled, the encryption processing unit 12 descrambles the signal. A B-CAS card 12a made of a semiconductor memory or the like in which contract information of a viewable program, key information for descrambling processing, and the like are stored is inserted into the encryption processing unit 12. When the scrambled signal is input, the encryption processing unit 12 collates the contract information read out from the B-CAS card 12a with the contract information extracted from the received broadcast signal, and can be viewed. If it is determined, the key information is read from the B-CAS card 12a, and the descrambling process is performed using the key information.

  The decoder 13 decodes the broadcast content data descrambled by the encryption processing unit 12. In the present embodiment, the broadcast content data supplied from the encryption processing unit 12 is MPEG-2 stream data, and the decoder 13 executes the decoding process according to this encoding method, and the decoded content. Data is output to the graphic processing circuit 14 and an audio processing circuit (not shown). The decoder 13 can also transfer the input content data to the CODECs 16 and 19 in the state of MPEG-2 stream data without decoding.

  In FIG. 1 and subsequent figures, content data (stream data) encoded by the MPEG-2 system is indicated as “MP2”, and encrypted (or scrambled) stream data is indicated as “e (MP2)”. ". The decoded content data is indicated as “BB”.

  The tuner unit 11, the encryption processing unit 12, and the decoder 13 are realized as a hardware circuit provided on the tuner board 110. In addition, content data and the like are securely transferred to the tuner board 110 with a recording / playback software 120 described later (specifically, for example, content data transmitted on a CPU bus described later is encrypted). A local encryption processing unit 111 is provided as a hardware circuit. The local encryption processing unit 111 stores key information and the like necessary for data transfer as secure information 111a.

  The graphic processing circuit 14 generates a display image signal from the video data in the content data decoded by the decoder 13, and outputs the display image signal to the external display 14a to display the image. As a result, the received broadcast content image is displayed on the display 14a. In addition, the graphic processing circuit 14 can also receive the video data decoded by the CODECs 16 and 19 and generate a display image signal, thereby reproducing the video content recorded on the BD in the HDD 15 or the BD drive 18. Can also be displayed on the display 14a.

  The HDD 15 is a storage device having a relatively large capacity of, for example, several hundred GB, and stores received broadcast content data and content data moved from the BD via the BD drive 18 in an encrypted state. Can do.

  The CODEC 16 decodes the content data read from the HDD 15 and outputs it to the graphic processing circuit 14 and an audio processing circuit (not shown). Thereby, the reproduction image of the content in the HDD 15 can be displayed on the display 14a. The CODEC 16 can also transfer the content data read from the HDD 15 to the CODEC 19 in a stream data state without decoding. Further, the CODEC 16 can once decode the stream data transferred from the decoder 13 and the CODEC 19, and then re-encode the data by changing the setting of the compression rate or the image size, for example, and output it to the HDD 15.

  The DRM processing unit 17 is a processing function for preventing unauthorized use of content data recorded in the HDD 15, and writing of content data from the CODEC 16 to the HDD 15 and reading of content data from the HDD 15 to the CODEC 16 are all performed in this DRM. This is performed via the processing unit 17. The DRM processing unit 17 performs encryption of content data to be recorded on the HDD 15 and decryption of content data read from the HDD 15. Secure information 17a such as key information used during these processes will be described later. As described above, the data is read from the secure module 100 via the module I / F 121. Alternatively, the data is written into the secure module 100 via the module I / F 121.

  The BD drive 18 includes a drive device in which a BD (not shown) is mounted and data is read / written and a drive circuit thereof. On the attached BD, the received broadcast content data and the content data moved from the HDD 15 can be recorded in an encrypted state.

  The CODEC 19 decodes the content data read from the BD in the BD drive 18 and outputs it to the graphic processing circuit 14 and an audio processing circuit (not shown). Thereby, the reproduction image of the content in the BD can be displayed on the display 14a. The CODEC 19 can also transfer the content data read from the BD to the CODEC 16 in a stream data state without decoding. Further, the CODEC 19 can also once decode the stream data transferred from the decoder 13 and the CODEC 16, and re-encode it to output it to the BD drive 18, similarly to the CODEC 16. The function of the CODEC 19 may be shared with the CODEC 16.

  The DRM processing unit 20 is a processing function for preventing unauthorized use of content data recorded on the BD in the BD drive 18. The content data is written from the CODEC 19 to the BD, and the content data is read from the BD to the CODEC 19. Are all performed via the DRM processing unit 20. In the present embodiment, processing is performed according to the AACS standard standardized in the BD standard. The DRM processing unit 20 performs encryption of content data recorded on the BD, decryption of content data read from the BD, and the like. Secure information 20a such as key information used at the time of these processes will be described later. As described above, the data is read from the secure module 100 via the module I / F 121.

  Here, the CODECs 16 and 19 and the DRM processing units 17 and 20 are realized by the CPU executing the recording / reproduction software 120 that controls the recording / reproduction processing of the content data using the HDD 15 and the BD drive 18 and the like. It is a function. Further, a module I / F 121 and a local encryption processing unit 122 are provided as functions realized by executing the recording / reproducing software 120.

  The module I / F 121 functions as an interface for the function of the recording / playback software 120 to exchange data with the secure module 100. For example, mutual authentication with the secure module 100 and encryption of data to be transmitted / received are performed.・ It has functions such as decryption.

  The local encryption processing unit 122 is a function for the function of the recording / playback software 120 to securely transfer content data and the like to and from the tuner board 110, a mutual authentication function with the tuner board 110, and data to be transmitted and received It has functions such as encryption / decryption. Note that secure information 122 a such as key information necessary for these processes is read from the secure module 100 via the module I / F 121.

  The secure module 100 uses various information for mutual authentication with the recording / playback software 120, and the content data from the tuner board 110 and the content data in the HDD 15 and BD by executing the recording / playback software 120. Various kinds of information necessary for this are stored.

FIG. 2 is a block diagram illustrating a hardware configuration of the PC according to the first embodiment.
In the PC according to the present embodiment, the CPU 131, ROM (Read Only Memory) 132, and RAM 133, the tuner board 110, the graphic processing circuit 14, the HDD 15, the BD drive 18, and the secure module 100 are included in the CPU bus 134. It has the structure mutually connected via this.

  The CPU 131 comprehensively controls each unit in the PC by executing an OS (Operating System), application programs, and the like stored in the ROM 132, the HDD 15, and the like. The ROM 132 stores a program such as BIOS (Basic Input / Output System) or a part thereof, and various other data in advance. The RAM 133 temporarily stores at least part of a program to be executed by the CPU 131 and data necessary for processing by this program. In such a configuration, the above-described recording / reproducing software 120 is stored in, for example, the HDD 15 and executed by the CPU 131.

  In the present embodiment, the secure module 100 is realized by a dedicated hardware circuit including a non-volatile recording medium such as an EEPROM (Electronically Erasable and Programmable-ROM), a processing circuit for executing authentication / encryption processing, and the like. The Note that the function of the secure module 100 does not necessarily have to be realized as individual hardware, but another implementation of this function will be described later.

  The secure module 100 includes information for mutual authentication with various software tools executed by the CPU 131 such as the recording / reproducing software 120 (for example, information unique to each software tool), and the software. Information necessary for handling content data when the tool is executed (for example, authentication information with a device that transmits and receives content data, right information for each content, and the like) is centrally managed as secure information 101. Then, mutual authentication is performed with the executed software tool, and if it is correctly authenticated, various information necessary for use of the content data is secured to the CPU 131 via the CPU bus 134 by, for example, encryption. Deliver.

  In this way, information for handling content data in each software tool is centrally managed in the secure module 100 as secure information 101, so that it is not necessary for each software tool to manage the information. If each software tool can correctly execute only the authentication with the secure module 100, the content data can be handled in a state in which unauthorized copying is reliably prevented. For example, the content data can be moved between the HDD 15 and the BD in the BD drive 18.

  Next, authentication processing between the recording / playback software 120 and various devices such as the secure module 100 and processing for protecting content data will be described, and information recorded as secure information 101 will be described. An example will be specifically described. Although the safety of the recording / reproducing software 120 itself is not mentioned here, it is desirable that a measure for preventing alteration of the recording / reproducing software 120 is taken in this PC.

  First, FIG. 3 is a block diagram showing an example of a function for mutual authentication between the recording / reproducing software and the secure module. Here, as an example, it is assumed that mutual authentication processing by the so-called PKI (Public Key Infrastructure) method is performed between the recording / playback software 120 and the secure module 100, but for example, by another method such as a common key method. Mutual authentication processing may be performed.

  The secure module 100 includes secure information storage units 102 and 103, a mutual authentication processing unit (indicated as “AKE” in the figure, AKE: Authentication and Key Exchange) 104, and an encryption processing unit 105. The module I / F 121 of the recording / playback software 120 includes a secure information storage unit 201, a mutual authentication processing unit 202, and an encryption processing unit 203.

  In the secure module 100, the secure information storage units 102 and 103 are both storage areas that cannot be accessed from the outside. The secure information storage unit 102 stores, among the secure information 101, software-side secure information used after mutual authentication between the recording / reproducing software 120 and the secure module 100 is established. For example, software-side secure information necessary for mutual authentication between the recording / playback software 120 and the BD drive 18 or the tuner board 110 is stored.

  On the other hand, the secure information storage unit 103 stores module-side information necessary for the mutual authentication processing unit 104 to perform mutual authentication between the secure module 100 and the recording / reproducing software 120. For example, a tool licensor public key T_pub issued from the manufacturer or distributor of a software tool (here, the recording / reproducing software 120), a module private key M_priv for the secure module 100, a module certificate M_cert, and the like are stored. The module certificate M_cert includes the module public key and is encrypted with the tool licensor private key. Of these pieces of information, at least the module secret key M_priv needs to be stored in a secure state in the secure information storage unit 103, but confidentiality is not particularly required for other information.

  On the other hand, in the module I / F 121 of the recording / reproducing software 120, the secure information storage unit 201 stores information necessary for processing by the mutual authentication processing unit 202. The secure information storage unit 201 is, for example, a data storage area incorporated in the recording / reproduction software 120 itself. If the recording / reproduction software 120 is stored in the HDD 15, the secure information storage unit 201 is also provided in the HDD 15.

  The secure information storage unit 201 stores a tool licensor public key T_pub, a software private key S_priv for the recording / playback software 120, a software certificate S_cert, and the like. The software certificate S_cert includes a software public key and is encrypted with a tool licensor private key. The secure information storage unit 201 needs to store at least the software secret key S_priv among these pieces of information in a secure state that cannot be rewritten from the outside. Sex is not required. Information that does not require confidentiality may be stored in a storage area accessible from the outside, for example, stored in the HDD 15 in a state of being incorporated in a part of the recording / playback software 120.

  The mutual authentication processing units 104 and 202 perform processing for authenticating each other using information from the secure information storage units 103 and 201, respectively. The cryptographic processing units 105 and 203 send and receive encrypted information to each other based on the authentication results by the mutual authentication processing units 104 and 202, respectively. By the encryption processing units 105 and 203, secure information is transmitted and received between the secure module 100 and the recording / reproducing software 120 via the CPU bus 134 in an encrypted state, and unauthorized use of the secure information is prevented. .

FIG. 4 is a sequence diagram illustrating an example of a mutual authentication processing procedure between the recording / playback software and the secure module.
First, when the recording / reproducing software 120 is executed by the CPU 131, the mutual authentication processing unit 202 on the software side generates temporary authentication information Sn by generating a random number, for example, and this authentication information Sn and secure information storage The software certificate S_cert in the unit 201 is transmitted to the mutual authentication processing unit 104 of the secure module 100 through the CPU bus 134 (step S1).

  The module-side mutual authentication processing unit 104 decrypts the received software certificate S_cert using the tool licensor public key T_pub in the secure information storage unit 103 and confirms that the software certificate S_cert is valid. . Then, the decrypted software certificate S_cert and the received authentication information Sn are held (step S2).

  Next, the mutual authentication processing unit 104 on the module side generates temporary authentication information Mn by generating a random number, for example, and this authentication information Mn and the module certificate M_cert in the secure information storage unit 103 are The data is transmitted to the mutual authentication processing unit 202 on the software side through the CPU bus 134 (step S3).

  The mutual authentication processing unit 202 on the software side decrypts the received module certificate M_cert using the tool licensor public key T_pub in the secure information storage unit 201 and confirms that the module certificate M_cert is valid. . Then, the decrypted module certificate M_cert and the received authentication information Mn are held (step S4).

  Next, the module-side mutual authentication processing unit 104 generates temporary authentication information Mv by generating a random number, and connects the stored authentication information Sn and the new authentication information Mv to connect the information. Is encrypted with the module secret key M_priv in the secure information storage unit 103 to generate a module signature, and the module signature is transmitted to the mutual authentication processing unit 202 on the software side through the CPU bus 134 (step S5).

  The mutual authentication processing unit 202 on the software side decrypts the received module signature using the held module certificate M_cert, extracts the authentication information Sn, and whether the value matches the one generated in step S1. It is confirmed whether or not (step S6). If they match, it is confirmed that the partner secure module 100 is a valid communication partner.

  Furthermore, the mutual authentication processing unit 202 on the software side generates temporary authentication information Sv by generating a random number, and connects the stored authentication information Mn and the new authentication information Sv. The module signature encrypted with the software private key S_priv in the secure information storage unit 201 is transmitted to the module-side mutual authentication processing unit 104 through the CPU bus 134 (step S7).

  The mutual authentication processing unit 104 on the module side decrypts the received module signature using the held software certificate S_cert, extracts the authentication information Mn, and whether the value matches the one generated in step S3. It is confirmed whether or not (step S8). If they match, it is confirmed that the other party's recording / playback software 120 is a valid communication partner.

  When the above mutual authentication processing is normally executed, thereafter, for example, the information to be transmitted / received is changed using temporary key information generated based on the authentication information Mv and Sv shared in the above processing. By encrypting the secure information, the secure information can be transferred between the secure module 100 and the CPU 131 executing the recording / reproducing software 120 through the CPU bus 134 in a confidential state. Therefore, after mutual authentication processing is executed between the secure module 100 and the recording / reproducing software 120, as described below, processing for securely handling content data in each device used in the recording / reproducing software 120 Can be executed.

  As described above, the module secret key M_priv and the software secret key S_priv need to be stored in advance in a secure state in the secure information storage units 103 and 201 on the module side and the software side, respectively. The module secret key M_priv may be registered in the secure information storage unit 103 in advance. On the other hand, the software private key S_priv may be stored in the HDD 15 or the like as a part of the recording / reproducing software 120 in a state that the user cannot read. For example, after the recording / reproducing software 120 is installed in the PC, Registration may be performed in response to an operation input by the user, for example, at the time point when the authentication process with the secure module 100 is performed or until that time.

Next, FIG. 5 is a block diagram illustrating an example of functions provided in the recording / playback software in order to prevent unauthorized use of content data recorded in the HDD.
The DRM processing unit 17 for the HDD 15 applied to the present embodiment encrypts the content data and records it on the HDD 15, and further encrypts the set key Ks used for the encryption and records it on the HDD 15. By this processing, the content data and the set key Ks transmitted / received between the HDD 15 and the CPU 131 via the CPU bus 134 are both encrypted to prevent unauthorized use of these. Furthermore, a random number Rn (Rn: R1, R2, R3,...) Necessary for decrypting the set key Ks is securely managed in the secure module 100, and the random number Rn is updated at least every time content data is moved. By re-encrypting the set key Ks, unauthorized use of content data in the HDD 15 is also prevented. For such processing, the DRM processing unit 17 includes a set key output unit 301, a random number output unit 302, and cryptographic processing units 303 and 304.

  When content data from the tuner board 110 or the BD drive 18 is recorded on the HDD 15, the input content data is encrypted by the encryption processing unit 303 using the set key Ks. At the same time, the set key Ks used for encryption is encrypted by the random number Rn newly generated by the random number output unit 302 and recorded on the HDD 15. At this time, the random number Rn used for encryption is transferred to the secure module 100 via the module I / F 121 and stored in the secure information storage unit 102. As a result, the content data recorded in the HDD 15 cannot be used in a state where authentication with the secure module 100 is not correctly performed.

  The set key output unit 301 records the encrypted set key Ks in the HDD 15 when the recording / playback software 120 installed in the PC is executed by the CPU 131 and content data is recorded on the HDD 15 for the first time. In the state where it is not, the set key Ks is output to the encryption processing unit 303. The set key Ks is preferably unique and is output as a random number, for example. In addition, the set key Ks may be, for example, unique information recorded in advance in the secure module 100. In this case, the set key Ks is set in a state where the set key Ks is not recorded in the HDD 15. The key Ks is read from the secure module 100 via the module I / F 121.

  Here, it is assumed that the set key Ks recorded in the HDD 15 is encrypted by a random number R1 as an example. In this case, the secure information storage unit 102 in the secure module 100 stores a random number R1. When reproducing the content data recorded on the HDD 15 from this state, first, the random number R1 is read from the secure module 100 and supplied to the encryption processing unit 304 via the module I / F 121. The encryption processing unit 304 decrypts the set key Ks read from the HDD 15 by using the supplied random number R1. When the set key Ks is correctly decrypted, the encryption processing unit 303 decrypts the content data read from the HDD 15 using the decrypted set key Ks. Thereby, an image based on the decrypted content data can be displayed on the display 14a.

  Next, when content data recorded in the HDD 15 is moved to, for example, a BD in the BD drive 18, first, the random number R1 is read from the secure module 100 as in the case of reproduction, and the module I / F 121 is read. Is supplied to the cryptographic processing unit 304. The encryption processing unit 304 decrypts the set key Ks read from the HDD 15 by using the supplied random number R1. When the set key Ks is correctly decrypted, the encryption processing unit 303 decrypts the content data read from the HDD 15 using the decrypted set key Ks. The decrypted content data is supplied to the BD drive 18 via the CODECs 16 and 19 and the DRM processing unit 20 for the BD drive 18 and moved to the BD. Also, the moved content data is erased from the HDD 15 (or made unusable in the HDD 15).

  Further, along with such a move process, a new random number R2 is generated from the random number output unit 302. The encryption processing unit 304 encrypts the set key Ks decrypted using the random number R1 again using the new random number R2. The encrypted set key Ks is overwritten on the HDD 15. Further, the new random number R2 is transferred to the secure module 100 via the module I / F 121 and overwritten in the secure information storage unit 102.

  In this way, each time content data is moved, the set key Ks is encrypted and updated with a new random number Rn, and the random number Rn in the secure module 100 is updated, so that, for example, the data in the HDD 15 is changed. Even if it is copied bit-by-bit to another recording medium, if the content data in the original HDD 15 is moved even once, the content data in the copy-destination recording medium cannot be returned to the HDD 15 and decrypted thereafter. It is possible to prevent unauthorized use (unauthorized copying, unauthorized reproduction, etc.) of content data.

  In the above configuration, the set key Ks in the HDD 15 is re-encrypted not only when the content data in the HDD 15 is moved but also when new content data is recorded in the HDD 15, and A new random number Rn may be updated. Furthermore, the set key Ks may be re-encrypted and the random number Rn may be updated when the content data in the HDD 15 is reproduced.

  Next, FIG. 6 is a block diagram showing an example of a function for mutual authentication between the BD drive and the recording / playback software. Here, as an example, it is assumed that mutual authentication processing according to the AACS standard is performed.

  In the BD 18a compliant with the AACS standard, content data is encrypted and recorded in the data area. The encryption process at the time of recording and the decryption process at the time of reproduction and move are executed by the function of the encryption processing unit 401 provided in the DRM processing unit 20 of the recording / reproducing software 120.

  Further, information called MKB (Media Key Block) is recorded in a predetermined area in the BD 18a. In addition, in the case of the reproduction-only BD 18a, a unique volume ID (Volume ID) for each stamper or cutting is recorded so that a general user cannot easily read it. On the other hand, in the case of the rewritable BD 18a, a medium ID (Media ID) unique to each medium is recorded so that it cannot be easily read in place of the volume ID. Furthermore, information called a binding nonce is recorded in a predetermined protected area (that is, an area that cannot be easily read or copied by a general user) and updated as appropriate. It is like that.

  When recording content data on the BD 18a, and reproducing and moving content data in the BD 18a, mutual authentication processing is executed between the BD drive 18 and the recording / reproducing software 120. First, the MKB in the BD 18a is read out to the BD drive 18, and the version information of this MKB and the host revocation list (Host Revocation List) recorded in advance on the BD drive 18 are read by the revocation processing unit 501. To be compared. The MKB is also transferred from the BD drive 18 to the recording / playback software 120, and the MKB version information and the device revocation list are compared by the revocation processing unit 402 of the DRM processing unit 20. Is done. Through these comparison processes, it is confirmed whether the device is an unauthorized device (here, the BD drive 18) and the host (here, the recording / reproducing software 120 or the PC).

  The device revocation list may be recorded in the HDD 15 or the like as part of the recording / playback software 120, but this information is stored in the secure information storage unit 102 in the secure module 100, and the module I The DRM processing unit 20 may read via / F121. As a result, unauthorized modification of the device revocation list can be prevented, and handling when the device revocation list is updated is facilitated.

  Next, mutual authentication processing is executed between the authentication processing unit 502 on the device side and the authentication processing unit 403 on the host side. This mutual authentication processing procedure is basically the same as the mutual authentication processing between the secure module 100 and the recording / reproducing software 120 described above. In the BD drive 18, an AACS licensor public key AACS_LA_pub, a device secret key Device_priv, and a device certificate Device_cert are stored in advance in the secure information storage unit 500 that cannot be accessed from the outside. Used for mutual authentication processing.

  On the other hand, the authentication processing unit 403 on the software side uses the AACS licensor public key AACS_LA_pub, the host secret key Host_priv, and the host certificate Host_cert for the mutual authentication processing. Of these, at least the host secret key Host_priv needs to be handled in a concealed state from the outside, so it is stored in the secure information storage unit 102 of the secure module 100 and encrypted via the module I / F 121. And transferred to the DRM processing unit 20. Similarly, the host certificate Host_cert may be stored in the secure module 100.

  When the mutual authentication processing by the authentication processing units 502 and 403 is correctly executed, the authentication processing units 502 and 403 respectively generate a bus key based on the data used for authentication. This bus key is used in the arithmetic units 503 and 404 in order to reliably transfer data recorded in a predetermined protected area in the BD 18a from the BD drive 18 to the DRM processing unit 20.

  Next, in the case of the reproduction-only BD 18a, the volume ID in the BD 18a is read by the BD drive 18. The computing unit 503 of the BD drive 18 generates an authentication code based on the read volume ID and the bus key from the authentication processing unit 502, and transmits the authentication code together with the volume ID to the DRM processing unit 20 on the software side. To do. In the DRM processing unit 20 on the software side, the calculation unit 404 generates an authentication code based on the bus key from the authentication processing unit 403 and the volume ID from the calculation unit 503 on the drive side. Then, the calculation unit 404 compares the authentication code generated by itself with the authentication code from the drive-side calculation unit 503, and determines that the received volume ID is valid information when they match. The volume ID is supplied to the encryption processing unit 401.

  After such processing, the cryptographic processing unit 401 generates key information from the MKB read from the BD 18a, a device key (Device Key) unique to the device (here, the PC or the recording / playback software 120), a volume ID, and the like. The content data read from the BD 18a can be decrypted using the key information. Since the device key needs to be handled in a concealed state from the outside, it is stored in the secure information storage unit 102 of the secure module 100 and encrypted in the DRM processing unit 20 via the module I / F 121. Forwarded to

  On the other hand, in the recordable BD 18a, as described above, the binding nonce is recorded in a predetermined protected area in the BD 18a. The binding nonce is unique information that is updated each time content data is newly recorded or moved to the BD 18a. In the data area of the BD 18a, a title key (Title Key) that is key information for each content data is encrypted and recorded together with the encrypted content data.

  When content data is recorded on the BD 18a, the encryption processing unit 401 of the DRM processing unit 20 encrypts the content data with the title key and causes the BD 18a to record the content data. At the same time, the random number generation unit 504 of the BD drive 18 generates a new random number, and the random number is recorded as a binding nonce in the protected area of the BD 18a. The generated binding nonce is supplied to the cryptographic processing unit 401 via the calculation units 503 and 404. The cryptographic processing unit 401 generates a unique key from the media key extracted from the MKB and the binding nonce, and this unique key is generated. The title key is encrypted with the key and recorded in the data area of the BD 18a.

  Thereafter, when further content data is recorded on the BD 18a, the encryption processing unit 401 of the DRM processing unit 20 encrypts the new content data with the corresponding title key and records it in the data area of the BD 18a. Let At the same time, the MKB read from the BD 18 a is supplied to the encryption processing unit 401, and the binding nonce read from the BD 18 a is supplied to the encryption processing unit 401 via the arithmetic units 503 and 404. The encryption processing unit 401 generates a decryption key for decrypting the title key from the media key extracted from the MKB and the binding nonce. Then, all the title keys recorded on the BD 18a are read out and decrypted with the decryption key.

  Thereafter, in the BD drive 18, a new binding nonce is generated by the random number generation unit 504 in the same procedure as in the above recording, and the binding nonce of the protected area of the BD 18 a is overwritten and updated. Further, the encryption processing unit 401 generates a new unique key based on the media key extracted from the MKB and the new binding nonces received from the random number generation unit 504 via the calculation units 503 and 404, and this unique key is generated. All the title keys including those corresponding to the newly recorded content data are encrypted with the key and recorded in the data area in the BD 18a.

  Note that the binding nonce read from the protected area in the BD 18a and the new binding nonce from the random number generation unit 504 are supplied to the cryptographic processing unit 401 through the arithmetic units 503 and 404, respectively. At this time, similarly to the above-described volume ID transfer procedure, the transmission-side arithmetic unit 503 generates an authentication code based on the data to be transmitted and the bus key, transmits this authentication code together with the data, and receives it on the reception side. The calculation unit 404 generates an authentication code based on the received data and the bus key, compares it with the received authentication code, and determines the validity of the received data.

  With the above processing procedure, the content data recorded on the BD 18a can be decrypted and used only when the recording / playback software 120, the secure module 100, and the BD drive 18 are correctly mutually authenticated, and the copyright of the content data can be used. Is protected. Further, since the content data and the title key are encrypted and transmitted on the CPU bus 134 between the BD drive 18 and the CPU 131 executing the recording / reproducing software 120, unauthorized use of these information is also prevented. Is done. Further, the configuration for updating the binding nonce allows the content data in the BD 18a to be moved to another recording medium (for example, the HDD 15) while preventing unauthorized use of the content data in the BD 18a.

Next, FIG. 7 is a block diagram showing an example of a function for mutual authentication between the tuner board and the recording / playback software.
When the content data received by the tuner board 110 is handled by the recording / reproduction software 120, that is, when this content data is recorded on the HDD 15, BD, etc., the recording / reproduction software 120 and the secure module 100 are connected in the above-described procedure. After the mutual authentication process is executed, the mutual authentication process is also executed between the local encryption processing unit 111 in the tuner board 110 and the local encryption processing unit 122 included in the recording / reproducing software 120.

  The mutual authentication processing procedure between the local cryptographic processing units 111 and 122 is basically the same as the mutual authentication processing procedure between the recording / reproducing software 120 and the secure module 100. In the tuner board 110, a board licensor public key Pt_pub, a board secret key Bt_priv, and a board certificate Bt_cert issued from the manufacturer or distributor of the tuner board 110 are stored in the secure information storage unit 601 that cannot be accessed from the outside. The information is stored in advance and used for mutual authentication processing by the authentication processing unit 602.

  On the other hand, in the local encryption processing unit 122 on the software side, the authentication processing unit 701 uses the board licensor public key Pt_pub, the board authentication software private key St_priv, and the board authentication software certificate St_cert to authenticate. Mutual authentication processing is executed with the processing unit 602. Of these, at least the software secret key St_priv needs to be handled in a concealed state from the outside, so it is stored in the secure information storage unit 102 of the secure module 100 and encrypted via the module I / F 121. And transferred to the local encryption processing unit 122. The board licensor public key Pt_pub and the software certificate St_cert may also be stored in the secure module 100 in the same manner.

  After the mutual authentication processing is correctly executed according to the above procedure, each of the cryptographic processing units 603 and 702 in the local cryptographic processing units 111 and 122 generates, for example, authentication information shared in the course of the mutual authentication processing. The transmission / reception target information is encrypted using the temporary key information. As a result, content data (stream data) output from the tuner board 110 to the CPU 131 executing the recording / playback software 120 can be transferred on the CPU bus 134 in an encrypted state. The content data on 134 is prevented from being illegally used.

  As described above, secure information necessary for securely handling content data in devices such as the HDD 15, the BD drive 18, and the tuner board 110 is collectively managed in the secure information storage unit 102 of the secure module 100. . Here, for such secure information, in particular, information requiring confidentiality such as a secret key on the software side, the secure information is basically stored in advance when the secure module 100 is activated (for example, when the PC is shipped). Stored in the storage unit 102. However, for example, at the time when the recording / playback software 120 is installed, or after the recording / playback software 120 is installed or after a new device is connected to the PC, the device and the recording / playback software 120 first transmit / receive data. It is also possible to register in the secure information storage unit 102 under authentication with the secure module 100 according to an operation input by the user.

  In addition to the information described above, the secure information storage unit 102 of the secure module 100 includes, for example, right information (or equivalent to the right) indicating the right to use each content data recorded on the BD in the HDD 15 or the BD drive 18. (Decryption key information to be used), usage control information indicating whether or not each content data can be used (playback, move, copy, etc.), and the number of times of use can be stored. As for the right information and the usage control information, for example, what is acquired from the content data provider side may be stored in the secure module 100 by a user operation. Alternatively, when content data received by the tuner board 110 is recorded on the HDD 15 or BD, copy control information extracted from the data received by the tuner board 110, rights information based on data in the B-CAS card 12a, etc. Alternatively, it may be automatically stored in the secure module 100.

Next, a procedure of main processing performed on the PC by executing the recording / reproducing software 120 will be described using a flowchart with the processing procedure described above.
FIG. 8 is a flowchart showing a processing procedure for recording content data received by the tuner board in the HDD.

  [Step S11] The recording / reproduction software 120 recorded in the HDD 15 is executed by the CPU 131, and the recording / reproduction software 120 is activated (step S11). The CPU 131 executes the following steps S12 to S16 according to the description of the recording / reproducing software 120.

  [Step S12] The CPU 131 performs mutual authentication processing with the secure module 100. When the mutual authentication processing is correctly executed, the CPU 131 generates temporary key information shared with the secure module 100, and uses the key information in the following processing with the secure module 100. Send and receive data encrypted.

  [Step S13] The CPU 131 reads necessary information such as the board licensor public key Pt_pub, the software private key St_priv, the software certificate St_cert from the secure module 100, and uses these pieces of information to exchange data with the tuner board 110. Perform authentication process. When the mutual authentication process is correctly executed, the CPU 131 generates temporary key information shared with the tuner board 110.

  [Step S14] The CPU 131 reads from the secure module 100 secure information (here, a random number Rn) necessary for recording data in the HDD 15. Then, the encrypted set key is read from the HDD 15 and decrypted with the random number Rn.

  [Step S15] The CPU 131 reads the broadcast content data received and output by the tuner board 110, transfers it to the HDD 15, and records it. At this time, the encrypted content data supplied from the tuner board 110 through the CPU bus 134 is decrypted with the temporary key information generated in step S12, and then encrypted with the set key decrypted in step S14. The data is supplied to the HDD 15 through the bus 134.

  [Step S16] If the DRM processing unit 17 for the HDD 15 is designed to update the secure information (that is, the random number Rn) each time recording is performed, the CPU 131 updates the secure information after the recording of the content data in the HDD 15 is completed. . That is, the set key is encrypted with the new random number Rn and overwritten in the HDD 15, and the new random number Rn is transferred to the secure module 100 for storage.

Next, FIG. 9 is a flowchart showing a processing procedure for moving content data recorded on the HDD to a BD in the BD drive.
[Step S21] The recording / reproducing software 120 is activated by the CPU 131 in the same manner as in step S11 of FIG.

[Step S22] Similar to step S12 in FIG. 8, the CPU 131 executes mutual authentication processing with the secure module 100.
[Step S23] The CPU 131 reads necessary information such as the AACS licensor public key AACS_LA_pub, the host secret key Host_priv, the host certificate Host_cert from the secure module 100, and further reads the MKB from the BD 18a and uses these information. Mutual authentication processing is performed with the BD drive 18. When the mutual authentication process is correctly executed, the CPU 131 uses the device key read from the secure module 100 to extract the media key from the MKB read from the BD 18a. Further, a binding nonce is generated, and a unique key is generated from the binding nonce and the media key.

  [Step S24] The CPU 131 reads the secure information (random number Rn) necessary for moving the content data in the HDD 15 from the secure module 100 and is encrypted from the HDD 15 in the same procedure as Step S14 in FIG. The set key is read and decrypted with the random number Rn.

  [Step S25] The CPU 131 reads content data from the HDD 15, transfers it to the BD drive 18, and requests recording on the BD. At this time, after decrypting the encrypted content data supplied from the HDD 15 through the CPU bus 134 with the set key decrypted in step S24, a title key is generated, and the content data is encrypted again with the title key, The data is supplied to the BD drive 18 through the CPU bus 134 and recorded on the BD 18a. The title key is also encrypted with the unique key generated in step S23 and recorded on the BD 18a. Further, the binding nonce is overwritten in a predetermined area of the BD 18a and updated.

  [Step S26] After the recording of the content data on the BD is completed, the CPU 131 invalidates the content data of the move source in the HDD 15. This invalidation is performed, for example, by erasing content data in the HDD 15. Alternatively, when usage control information and right information corresponding to the content data are stored in the secure module 100, the invalidation processing is performed by updating the information to make the content data unusable. Executed.

  In addition, a content key (title key) is generated for each content data, the content data is encrypted with the content key and recorded on the HDD 15, and the content key is encrypted with the set key and recorded on the HDD 15. There is also a method for preventing unauthorized copying. In this case, in order to invalidate the content data in the HDD 15, the corresponding content key may be deleted. Further, in the case of a method in which usage control information and right information corresponding to content data are encrypted with a set key and recorded in the HDD 15, the usage control information and right information are updated, and the content data in the HDD 15 is not used. It should be possible.

  [Step S27] The CPU 131 updates secure information regarding the HDD 15. Specifically, the set key is encrypted with the new random number Rn and overwritten in the HDD 15, and the new random number Rn is transferred to the secure module 100 for storage.

  The basic procedure for moving the content data recorded on the BD in the BD drive to the HDD 15 is almost the same as the procedure shown in FIG. That is, when moving from the BD to the HDD 15, in step S25 of FIG. 9, the content data read from the BD is decrypted with the key information generated in step S23, and then encrypted again with the set key decrypted in step S24. Record. Thereafter, the secure information regarding the HDD 15 is updated, and the binding nonce in the BD is also updated. By this procedure, the content data in the BD can be moved to the HDD 15 in a secure state.

  When reproducing the content data recorded on the HDD 15, the content data read from the HDD 15 is decrypted with the set key and decoded by the CODEC 16 after the procedures of steps S21, S22, and S24 in FIG. By outputting to the graphic processing circuit 14, a reproduced image is displayed on the display 14a. When reproducing the content data in the BD, the content data read from the BD is decrypted with the key information generated in step S23 after the procedure of steps S21 to S23 in FIG. The reproduced image is displayed on the display 14a by being decoded and output to the graphic processing circuit 14.

  Further, as described above, when the usage control information indicating the usage frequency limit of the content data is stored in the secure module 100, every time the content data recorded on the HDD 15 or BD is copied to another recording medium, By updating the usage control information in the module 100, it is possible to copy in addition to moving the content data to another recording medium. The usage control information may be encrypted together with the corresponding content data and recorded on a recording medium, and the usage control information may be read and updated together with the content data when copying.

  In the above processing procedure, authentication processing with each device is performed in response to a request from the recording / playback software 120. In addition to this, authentication processing may be requested from the device side. For example, an authentication process may be requested from the device side to the recording / playback software 120 when the operation status on the device side changes or when a certain time has elapsed since the start of the operation under authentication. As an example of the change in the operation status on the device side, for example, when content data received from a broadcast is recorded, the program received during the change is changed, and the rights form of the changed program changes (for example, recording) In the case of changing from a permitted program to a non-permitted program), it is conceivable that, when a plurality of content data in the HDD 15 or BD is reproduced, the rights form is different for each content data. Further, either the recording / reproducing software 120 or the device side may periodically execute authentication processing with the other party after the recording / reproducing software 120 is activated.

  As described above, in the PC according to the first embodiment, when the recording / reproducing software 120 is executed, mutual authentication is performed between the secure module 100 and the recording / reproducing software 120, and necessary from the secure module 100 under the authentication. Various information is securely read and operations such as recording, reproduction, copying, and moving of content data are executed. As a result, these operations can be executed while ensuring that the copyright of the content data is protected. In particular, not only a move from the HDD 15 to a portable recording medium such as a BD, but also a re-move in the opposite direction can be executed securely.

  Further, secure information necessary for securely handling content data in devices such as the HDD 15, the BD drive 18, and the tuner board 110 is different information depending on the combination of devices constituting the PC, the manufacturer or model of the device, and the like. Become. On the other hand, since software tools such as the recording / playback software 120 are generally distributed in large quantities through package media or networks, it is realistic to add the above secure information to each software tool distributed in large quantities. It is impossible. For this reason, conventionally, as a software tool for a PC for recording or moving content data, a dedicated tool for the PC is often used.

  On the other hand, the secure module 100 is provided in the PC as in the present embodiment, the secure information is collectively managed, and a software tool such as the recording / reproducing software 120 is executed to authenticate the secure information. With this configuration, it is not necessary to associate these pieces of secure information with each software tool in advance. Therefore, the ease of distribution of software tools is not hindered.

  In addition, for example, software tools can be updated to support new devices and functions as usual, and new functions with similar authentication processing functions can be installed and expanded. Become.

  For example, in the present embodiment, recording and playback of broadcast content on the HDD 15 and BD, movement between recording media, and the like can be integratedly controlled by a single recording / playback software 120. For example, depending on the device, media, content format, service, etc., it is also possible to handle content data using individual software tools. Moreover, you may control handling of these one part by one software tool. For example, a software tool that records and moves content data purchased through a specific service, a software tool that only plays back the content data, a software tool that records, plays back, and moves content data in a specific format May be mixed.

  In such a case, if mutual authentication is established between each software tool and the secure module 100, each software tool reads secure information necessary for handling content data from the secure module 100 and uses it. The secure information can be updated. As a result, for example, the same content data in which the number of times that copying can be performed is restricted can be used by each of different software tools while ensuring the copy restriction.

  That is, a new format of content data can be obtained by uniformly defining a method for storing the secure information in the secure module 100 (such as a memory map) and a protocol such as authentication processing with the secure module 100. It will be possible to respond flexibly to new media, devices and services. Therefore, it is possible to make the most of the advantages such as the high function expandability of the PC and the ease of distribution of the software tool by updating or newly installing the software tool, and it is possible to reliably protect the copyright of the content data.

[Second Embodiment]
FIG. 10 is a block diagram illustrating a functional configuration of a PC according to the second embodiment of the present invention. FIG. 11 is a block diagram illustrating a hardware configuration of the PC according to the second embodiment.

  In the PC according to the second embodiment, as shown in FIG. 10, the function of decoding the broadcast content received by the tuner unit 11 is not the hardware in the tuner board 110a, but the function of the recording / playback software 120a ( It is different from the first embodiment in that it is realized as a decoder 21). For this reason, in the recording / playback software 120a, a local encryption processing unit 122 that performs mutual authentication processing with the tuner board 110a and encryption processing of transmission / reception data is provided at the data input stage from the tuner board 110a to the decoder 21. It has been.

  That is, as shown in FIG. 11, the broadcast content data received and demodulated by the tuner unit 11 of the tuner board 110a is descrambled by the encryption processing unit 12, and then encrypted by the local encryption processing unit 111. And supplied to the CPU 131 via the CPU bus 134. The CPU 131 decrypts the data of the broadcast content by the function of the local encryption processing unit 122 and executes a recording process to the BD in the HDD 15 or the BD drive 18.

  Note that before the content data is transferred from the tuner board 110 to the CPU 131, a mutual authentication process must be executed between the local encryption processing units 111 and 122. The procedure of this mutual authentication process is as described with reference to FIG. 7, and information necessary for the process is stored in the secure module 100 as secure information 101.

[Third Embodiment]
FIG. 12 is a block diagram showing a configuration of functions provided in a PC according to the third embodiment of the present invention.

  In the PC according to the third embodiment, in contrast to the configuration of the second embodiment, instead of receiving content data from broadcasting, it can be received through a network and recorded in the HDD 15 or BD 18. Here, as an example, it is assumed that copyright-protected content data received via the Internet or the like is received via a LAN (Local Area Network). As a format of content data (video data) having such a copyright protection function, WMV (Windows Media Video, registered trademark), for example, can be applied.

  In this PC, a LAN interface 22 that is hardware for connecting to a LAN is connected to the CPU bus 134, and the recording / playback software 120b receives encrypted content data through the LAN interface 22. And a function of the DRM processing unit 23 for decrypting the content data and making it usable. Secure information 23a necessary for the DRM processing unit 23 to receive the content data (for example, license information including key information for decrypting the content data and the number of times the copy is permitted) is managed in the secure module 100. The

  When downloading copyright-protected content data through the LAN, for example, license information acquired in advance during the purchase procedure (or received together with the content data) is stored as secure information 101 in the secure module 100. deep. When receiving content data input through the LAN interface 22, the DRM processing unit 23 receives supply of license information from the secure module 100 through the module I / F 121, decrypts the content data using this information, and decodes the decoder 21. To supply. Thereby, the reproduced image can be displayed on the display 14a. It is assumed that the decoder 21 can decode the WMV format stream data.

  When the downloaded content data is recorded in the HDD 15, the content data input from the LAN interface 22 is decrypted by the DRM processing unit 23 according to the above procedure, for example, and then the stream data remains as the stream data via the DRM processing unit 17. To be recorded. At this time, the content data is encrypted by the DRM processing unit 17, and the license information (or part thereof) of the content data stored in the secure module 100 is used to generate key information for the encryption. It is desirable. Alternatively, information such as the number of copies in the license information may be encrypted simultaneously with the content data and recorded in the HDD 15.

  Then, when reproducing or moving the content data, the content data is decrypted using the license information (or key information based on the license information) read from the secure module 100. As described in the first embodiment, each time content data is moved, key information (set key Ks) for encrypting the content data is encrypted with a new random number Rn and updated. By updating the random number Rn in the secure module 100 to a new one, unauthorized use of the content data in the HDD 15 can be prevented.

  Further, the content data downloaded through the LAN interface 22 can be recorded on the BD in the BD drive 18 by the same procedure. In this case, the content data license information, CODEC 19, may re-encode the input content data in accordance with the BD data format. In the example of FIG. 12, content data in WMV format is converted into content data in the MPEG-2 format and recorded on the BD. Further, when encrypting the content data to be recorded on the BD in the DRM processing unit 20 and reading and decrypting the content data, the key information generated using the license information read from the secure module 100 is used. May be.

  The content data from the LAN interface 22 may be recorded on the HDD 15 in an encrypted state. In this case, the DRM processing unit 23 for authenticating the LAN interface 22 is not necessary. Further, the DRM processing unit 17 corresponding to the HDD 15 records the encrypted content data in the HDD 15 as it is and uses the secure information read from the secure module 100 for the license information corresponding to the content data, for example. It is encrypted and recorded in the HDD 15. At this time, as described in the first embodiment, each time the content data is moved, the set key Ks for encrypting the corresponding license information is encrypted and updated with a new random number Rn, and secure By updating the random number Rn in the module 100 to a new one, unauthorized copying of content data can be prevented.

  By recording the content data on the HDD 15 or BD by the above procedure and making it available for reading, the above-mentioned content data is protected from the HDD 15 to the BD or from the BD to the HDD 15 with the copyright protected. It is possible to move securely.

[Fourth Embodiment]
FIG. 13 is a block diagram showing a functional configuration of a PC according to the fourth embodiment of the present invention.

  In the configuration shown in FIG. 13, in addition to the configuration shown in FIG. 10, the descrambling process of the content data received from the broadcast is also executed by the process by the recording / reproducing software 120c. Conventionally, descrambling processing of content data received from digital broadcasting has been performed by hardware processing using a B-CAS card. However, in the future, this processing can be performed by software processing as in this example. The present embodiment is applied to such a case.

  In FIG. 13, only the tuner unit 11 is provided as a hardware circuit on the tuner board 110b, and the content data received and demodulated by the tuner board 110b is executed by the recording / reproducing software 120c via the CPU bus 134. Is supplied to the CPU 131. At this time, since the transferred content data is scrambled, a function for locally encrypting the data transferred between the tuner board 110b and the recording / reproducing software 120c (the local encryption process of FIG. 10). Parts 111 and 122) are not required.

  The encryption processing unit 24 executes the descrambling process of the content data by using the B-CAS information 24a corresponding to the information stored in the conventional B-CAS card, but the B-CAS information 24a is secured. By storing in the module 100 in advance, the encryption processing unit 24 can read the B-CAS information 24a from the secure module 100 and perform descrambling of the content data. The subsequent processing procedures such as recording on the HDD 15 and BD and moving between recording media are the same as those in FIG.

[Fifth Embodiment]
FIG. 14 is a block diagram illustrating a functional configuration of a PC according to the fifth embodiment of the present invention.

  In the PC having the function shown in FIG. 14, the recording destination of the content data can be a device external to the PC. Here, as an example, as a function of the recording / playback software 120d, a DRM processing unit 25 for securely transmitting / receiving copyright-protected content data to / from an external portable device 200 is provided. Since other functions are as shown in FIG. 10, the description thereof is omitted here.

  For example, just as the recording / reproducing software 120a in FIG. 10 performs mutual authentication with the BD drive 18 by the DRM processing unit 20, the recording / reproducing software 120d shown in FIG. Perform mutual authentication with. In a state in which this mutual authentication is correctly executed, the content data encrypted for the portable device 200, its right information, key information for decrypting the content data, and the like are encrypted by the DRM processing unit 25, and the portable device 200 200 is transferred securely. Information necessary for mutual authentication with the portable device 200 is stored in advance in the secure information storage unit 102 in the secure module 100 and is read at the time of mutual authentication.

  Similarly, when the content data recorded in the mobile device 200 is read and played back, or when the content data is moved to, for example, the HDD 15, the recording / playback software 120 d is similarly connected to the mobile device 200 by the DRM processing unit 25. Mutual authentication is performed, and under the authentication, encrypted content data, right information, and key information for decryption are securely read from the mobile device 200. That is, of the read information, encrypted information (for example, key information) is decrypted by the DRM processing unit 25.

  If it is known in advance that the content data will be read (moved) to the PC again after being transferred (moved) to the mobile device 200, the content data of the transfer source is not erased in the PC. If only the right information or key information to be updated is updated at the time of transfer, there is no need to read the encrypted content data itself at the time of re-reading, and the time required for transfer can be shortened. As a result, after re-reading, the PC can reuse the original high-quality content data before the conversion, instead of the data converted to the low bit rate for playback on the mobile device 200.

  The CODEC 26 has a function of converting content data in accordance with the data format in the portable device 200 and a function of decoding the converted content data. In the example of FIG. 14, the CODEC 26 converts MPEG-2 stream data input from the tuner board 110a or the HDD 15 into the MPEG-2-AVC format.

[Sixth Embodiment]
FIG. 15 is a block diagram showing a configuration of functions provided in a PC according to the sixth embodiment of the present invention.

  In the PC having the function shown in FIG. 15, the transfer destination of the content data can be an external device on the network. Here, as an example, as a function of the recording / playback software 120e, a DRM processing unit 27 for securely transmitting / receiving copyright-protected content data to / from an external device connected to the LAN is provided. Since other functions are as shown in FIG. 10, the description thereof is omitted here.

  As with the DRM processing unit 25 in FIG. 14, the DRM processing unit 27 performs mutual authentication processing with an external device connected to the LAN, encryption when outputting content data on the LAN under the authentication, Decodes content data transferred from an external device through the LAN. As a result, the recording of broadcast content data to an external device on the LAN, the movement of content data in the HDD 15 to the external device, the reproduction of content data on the external device, and the move to the HDD 15, etc. Can be run in a protected state.

The CODEC 28 in the figure is a block that executes content data encoding / decoding processing according to the MPEG-2 system, for example.
[Seventh Embodiment]
FIG. 16 is a block diagram showing a functional configuration of a PC according to the seventh embodiment of the present invention.

  In FIG. 16, it is assumed that the graphic processing circuit 141 and the external display 14b are compatible with a display signal protection method such as mutual authentication and encryption of transmitted / received data. As such a protection method, for example, the HDMI (High-Definition Multimedia Interface) standard can be applied.

  As described above, when a high protection function is required for content data output to the outside, the unauthorized use of the baseband signal transferred to the graphic processing circuit 141 through the CPU bus 134 is protected even inside the PC. Is required. Therefore, in the configuration of FIG. 16, mutual authentication is also performed between the graphic processing circuit 141 and the recording / reproducing software 120f, and the baseband signal of the content data is encrypted and transferred.

  The graphic processing circuit 141 is provided with a local encryption processing unit 143 that performs mutual authentication and encryption processing with the recording / playback software 120f, in addition to the graphic processing unit 142 responsible for generating a display signal and the like. The local encryption processing unit 143 holds secure information 143a necessary for mutual authentication in advance. When mutual authentication is performed using the PKI method described above, as the secure information 143a stored in the local cryptographic processing unit 143, for example, a board licensor public key issued from the manufacturer or distributor of the graphic processing circuit 141, The board secret key, board certificate, etc. are stored. Here, illustration of functions such as mutual authentication between the graphic processing circuit 141 and the display 14b is omitted.

  Further, as a function of the recording / playback software 120f, in addition to the function shown in FIG. 10, a local encryption processing unit 123 that performs mutual authentication and encryption processing with the graphic processing circuit 141 is provided. Secure information 123a necessary for mutual authentication and cryptographic processing in the local cryptographic processing unit 123 is stored in the secure module 100 in advance. As the secure information 123a, for example, a board licensor public key, a software secret key for authentication of the graphic processing circuit 141, a software certificate, and the like are applied. Of these, at least the software private key needs to be handled in a concealed state from the outside, so this information is always stored in the secure information storage unit 102 of the secure module 100 and encrypted. The data is transferred to the local encryption processing unit 123 via the module I / F 121.

  When displaying the content on the display 14 b, the local encryption processing unit 123 performs mutual authentication with the graphic processing circuit 141 using the secure information 123 a read from the secure module 100. Then, the content data is encrypted with the key information based on the information generated in the authentication process and transferred to the graphic processing circuit 141 through the CPU bus 134.

[Eighth Embodiment]
FIG. 17 is a block diagram showing a configuration of functions provided in a PC according to the eighth embodiment of the present invention.

  The function of the secure module does not need to be provided inside the PC on which the recording / reproducing software is executed as in the above-described embodiments, and may be provided in, for example, an external device. The example of FIG. 17 shows an example in which the function of the secure module is provided in an external PC 2 connected to the PC 1 on which the recording / playback software 120g is executed through a network (here, LAN).

  In FIG. 17, the PC 1 is provided with a LAN interface 29 for connecting to the LAN in addition to the configuration shown in FIG. The PC 2 includes the function of the secure module 100 and the LAN interface 30. The module I / F 121g realized by executing the recording / playback software 120g in the PC 1 communicates with the PC 2 through the LAN interface 29, performs mutual authentication with the secure module 100a, and then stores the secure information 101a in the secure module 100a. Read in encrypted form and update it. The operation in the PC 1 by the execution of the recording / reproducing software 120g is basically the same as that in FIG.

  When the function of the secure module is provided in the external device in this way, a plurality of secure information storage areas are provided in the secure module, and secure information corresponding to each of the plurality of PCs is stored in each storage area. You may keep it. Each PC that handles content data accesses the secure module in the external device via the network, and reads or updates secure information corresponding to the own device after the authentication processing. Further, secure information may be stored not only for each PC but also for each user, each software tool, each content data format or service, and each corresponding device.

  The function of the secure module may be provided on a device that can be directly connected to a PC that handles content data. For example, the function of the secure module may be realized as a USB module connected to a PC via a USB terminal (Universal Serial Bus). In this case, for example, by storing the individual secure information in the user in the USB module, the user carries the USB module, and replaces it with another PC in which similar software tools are installed. If it is the same user, it becomes possible to handle the copyright-protected content data on the PC.

  In each of the above embodiments, the functions of the secure module are realized as individual hardware. However, it is not always necessary to provide all the functions in the secure module on the same hardware. For example, the secure information recording area provided in the secure module may be provided in an internal recording medium such as an HDD, and processing functions such as authentication and encryption processing may be realized as a program executed by the CPU. However, in this case, it is necessary to take measures so that the program that realizes the processing function is not altered, and only this program should be accessible to the secure information recording area.

  Alternatively, only the secure information recording area may be provided by dedicated hardware, and the access to the recording area and the processing functions may be realized by a program. In addition, a program that realizes the processing function may be recorded in the recording area in an unchangeable state, and the program may be executed by the CPU. In such a form, a recording area for secure information and a program (authentication / encryption processing program) may be provided on a portable recording medium connected via a communication I / F such as a USB.

  The processing functions described in the above embodiments can be realized by a computer. In that case, a program describing the processing contents of the functions that the PC should have is provided. And the said processing function is implement | achieved on a computer by running the program with a computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical disk, and a semiconductor memory.

  In order to distribute the program, for example, portable recording media such as an optical disk and a semiconductor memory on which the program is recorded are sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. Further, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

It is a block diagram which shows the structure of the function with which PC concerning the 1st Embodiment of this invention is provided. It is a block diagram which shows the hardware constitutions of PC concerning 1st Embodiment. It is a block diagram which shows the example of the function for the mutual authentication between recording / reproducing software and a secure module. It is a sequence diagram which shows the example of the mutual authentication process procedure between recording / reproducing software and a secure module. FIG. 3 is a block diagram illustrating an example of functions provided in recording / playback software in order to prevent unauthorized use of content data recorded in an HDD. It is a block diagram which shows the example of the function for the mutual authentication between BD drive and recording / reproducing software. It is a block diagram which shows the example of the function for the mutual authentication between a tuner board and recording / reproducing software. It is a flowchart which shows the process sequence at the time of recording the content data received by the tuner board in HDD. It is a flowchart which shows the process sequence at the time of moving the content data recorded on HDD to BD in BD drive. It is a block diagram which shows the structure of the function with which PC concerning the 2nd Embodiment of this invention is provided. It is a block diagram which shows the hardware constitutions of PC concerning a 2nd embodiment. It is a block diagram which shows the structure of the function with which PC concerning the 3rd Embodiment of this invention is provided. It is a block diagram which shows the structure of the function with which PC concerning the 4th Embodiment of this invention is provided. It is a block diagram which shows the structure of the function with which PC concerning the 5th Embodiment of this invention is provided. It is a block diagram which shows the structure of the function with which PC concerning the 6th Embodiment of this invention is provided. It is a block diagram which shows the structure of the function with which PC concerning the 7th Embodiment of this invention is provided. It is a block diagram which shows the structure of the function with which PC concerning the 8th Embodiment of this invention is provided. It is a block diagram which shows the function of the conventional video recorder. It is a block diagram which shows the function of PC provided with TV recording function.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 11 ... Tuner part, 12 ... Encryption processing part, 12a ... B-CAS card, 13 ... Decoder, 14 ... Graphic processing circuit, 14a ... Display, 15 ... HDD, 16, 19 ... CODEC, 17, 20... DRM processing unit, 17a, 20a, 101, 111a, 122a .... secure information, 18 ... BD drive, 100 ... secure module, 110 ... tuner board, 111, 122 ... local encryption processing unit 120 …… Recording / playback software, 121 …… Module I / F, 131 …… CPU, 132 …… ROM, 133 …… RAM, 134 …… CPU bus

Claims (20)

In an information recording / reproducing program for causing a computer to execute processing for recording information on a recording medium and reproducing the recorded information,
When the mutual authentication process is executed with the usage information management unit that manages the content usage information necessary for recording and using the content data, the usage information management is performed when the mutual authentication process is correctly executed. Authentication processing means for acquiring the content usage information from a section;
Write control means for converting the content data into an unusable state by operating the content usage information acquired by the authentication processing means and recording the content data in the recording medium;
Read control means for reading the content data recorded on the recording medium and converting the content use information acquired by the authentication processing means into a usable state by acting on the content use information;
An information recording / reproducing program for causing the computer to function as: The write control means encrypts content data using encryption key information included in the content usage information and records it on the recording medium,
The read control means decrypts the content data read from the recording medium using the decryption key information included in the content usage information;
The information recording / reproducing program according to claim 1. The write control means receives supply of encrypted content data and records it on the recording medium, encrypts decryption key information for decrypting the content data using the content usage information, and records the recording Record on the medium,
The read control means decrypts the decryption key information read from the recording medium using the content usage information, and decrypts the content data read from the recording medium using the decrypted decryption key information.
The information recording / reproducing program according to claim 1. The writing control means and the reading control means are individually provided for each of the plurality of recording media to be recorded content data,
2. The authentication processing unit acquires the individual content usage information for each recording medium from the usage information management unit and supplies the content usage information to the corresponding write control unit and read control unit. The information recording / reproducing program described.   After causing the authentication processing means to perform mutual authentication processing with the usage information management unit, the content usage information corresponding to the first recording medium is read from the usage information management unit, Supplying to the reading control means corresponding to the recording medium, causing the reading control means to convert the content data read from the first recording medium into a usable state, and causing the authentication processing means to store the second recording medium. The corresponding content usage information is read from the usage information management unit and supplied to the write control means corresponding to the second recording medium, and the write control means is supplied to the first recording medium. The corresponding content data from the reading control means is converted to an unusable state, recorded on the second recording medium, and after the recording of the content data on the second recording medium, the first Claim 4 of the information recording and reproducing program, characterized by further comprising a content movement control means for invalidating the corresponding content data in the recording medium. The write control means corresponding to the first recording medium encrypts the content data using key information when recording the content data on the first recording medium, and uses the corresponding content The key information is encrypted using random key information included in the information, and recorded on the recording medium together with the encrypted content data,
The read control means corresponding to the first recording medium reads the key information encrypted from the first recording medium when reading the content data from the first recording medium, and After decrypting using the random key information included in the content usage information, decrypting the content data read from the first recording medium using the decrypted key information,
Furthermore, the reading control means corresponding to the first recording medium is updated at least when the content data in the first recording medium is moved to the second recording medium by the content movement control means. The random key information is generated, the key information is re-encrypted and recorded on the first recording medium, and the new random key information is transmitted to the usage information management unit through the authentication processing means. 6. The information recording / reproducing program according to claim 5, wherein the corresponding content usage information is updated.   After the mutual authentication process with the usage information management unit is correctly executed by the authentication processing unit, data is written to the recording medium and data is read from the recording medium as the content usage information The authentication information necessary for executing the mutual authentication process with the writing / reading device is acquired from the usage information management unit, and with the writing / reading device using the acquired authentication information When the mutual authentication process is executed and the mutual authentication process is executed correctly, the content usage information necessary for the writing control unit or the reading control unit is acquired from the usage information management unit and transferred. 2. The information recording / reproducing program according to claim 1, further comprising a read / write device authentication means.   After the mutual authentication processing with the usage information management unit is correctly executed by the authentication processing means, the content usage information is used for mutual authentication processing with a content receiving device that outputs content data received from the outside. When necessary authentication information is acquired from the usage information management unit, a mutual authentication process is executed with the content receiving device using the acquired authentication information, and when the mutual authentication process is correctly executed, the content 2. The information recording / reproducing program according to claim 1, further comprising receiving device authentication means for supplying content data output from the receiving device to the writing control means.   Content data is encrypted and supplied from the content receiving device, and the receiving device authentication means uses the key information based on information generated in the course of mutual authentication processing with the content receiving device to receive the content. 9. The information recording / reproducing program according to claim 8, wherein the content data from the device is decoded and supplied to the writing control means.   The receiving device authenticating means, as the content receiving device, performs a mutual authentication process with a tuner that receives broadcast radio waves, demodulates and outputs content data, and receives supply of content data from the tuner 9. The information recording / reproducing program according to claim 8, wherein:   The receiving device authenticating unit performs mutual authentication processing with a network interface that receives content data through a network as the content receiving device, and receives supply of content data from the network interface. 8. An information recording / reproducing program according to 8.   After the mutual authentication process with the usage information management unit is correctly executed by the authentication processing unit, a display image signal for monitor display is generated as the content usage information based on image data included in the content data Authentication information necessary for mutual authentication processing with the display processing device is acquired from the usage information management unit, and the mutual authentication processing is executed with the display processing device using the acquired authentication information. 2. The display processing device authentication means for outputting the content data read from the recording medium by the read control means to the display processing device when the authentication processing is correctly executed. The information recording / reproducing program described.   The display processing device authentication means encrypts content data from the read control means using key information based on information generated in the course of mutual authentication processing with the display processing device, and stores the encrypted content data in the display processing device. 13. The information recording / reproducing program according to claim 12, wherein the information recording / reproducing program is output. In an information processing apparatus that executes processing according to a description of a program,
A writing / reading unit for writing data to the recording medium and reading data from the recording medium;
A content control processing unit for performing processing including content data writing control to the recording medium and content data reading control in the recording medium by executing a recording / playback program;
Have
The content control processing unit
When the mutual authentication process is executed with the usage information management unit that manages the content usage information necessary for recording and using the content data, the usage information management is performed when the mutual authentication process is correctly executed. An authentication processing means for acquiring the content usage information from a section;
Write control means for converting the content data into an unusable state by operating the content usage information acquired by the authentication processing means, and recording the data on the recording medium through the writing / reading unit;
Read control means for reading the content data recorded on the recording medium through the writing / reading section and converting the content usage information acquired by the authentication processing means into a usable state;
An information processing apparatus comprising: The usage information management unit is provided inside the information processing apparatus, executes mutual authentication processing with the authentication processing unit of the content control processing unit, and when the mutual authentication processing is correctly executed, Read and encrypt the content usage information from a predetermined storage area, output to the authentication processing means,
The information processing apparatus according to claim 14, wherein the authentication processing unit of the content control processing unit decrypts the content usage information from the usage information management unit. A communication processing unit for transmitting and receiving data over the network;
The authentication processing means of the content control processing unit performs mutual authentication processing with the usage information management unit provided on an external device connected to the network, and is encrypted from the usage information management unit. 15. The information processing apparatus according to claim 14, wherein the content use information is supplied and decrypted. A plurality of the writing / reading units respectively corresponding to the individual recording media;
Further, the content control processing unit individually includes the write control unit and the read control unit for each of the plurality of recording media to be recorded content data,
15. The authentication processing unit according to claim 14, wherein the authentication processing unit acquires the individual content usage information for each recording medium from the usage information management unit and supplies the content usage information to the corresponding encryption unit and decryption unit. Information processing device. The content control processing unit
After causing the authentication processing means to perform mutual authentication processing with the usage information management unit, the content usage information corresponding to the first recording medium is read from the usage information management unit, Supplying to the reading control means corresponding to the recording medium, causing the reading control means to convert the content data read from the first recording medium into a usable state, and causing the authentication processing means to store the second recording medium. The corresponding content usage information is read from the usage information management unit and supplied to the write control means corresponding to the second recording medium, and the write control means is supplied to the first recording medium. The content data from the corresponding decryption means is converted to an unusable state, recorded on the second recording medium, and after the content data is recorded on the second recording medium, the first description Corresponding information processing apparatus according to claim 17, further comprising a content movement control means for invalidating the content data in the media.   The at least one writing / reading unit executes writing of data to an external recording medium connected to the outside via a communication interface and reading of data from the external recording medium. The information processing apparatus according to 17. In an information recording / reproducing method for recording information on a recording medium and reproducing the recorded information,
When the authentication processing means executes mutual authentication processing with the usage information management unit that manages content usage information necessary for recording and using content data, and the mutual authentication processing is executed correctly. , Acquiring the content usage information from the usage information management unit,
The writing control means converts the content data into an unusable state by operating the content usage information acquired by the authentication processing means, and records it on the recording medium.
The read control means reads the content data recorded on the recording medium, and converts the content usage information acquired by the authentication processing means into a usable state.
An information recording / reproducing method.

Images