JP2008252745A - Content manager and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology which protects a copyright of contents and simultaneously enhances a user's convenience. <P>SOLUTION: An accepter 106 accepts a request for obtaining a contents key for decoding the encoded contents. A code processor 110 has functions of a key exchanger for exchanging a code key between the code processor 110 and a device of a request source of the contents key, and an address obtainer for obtaining an address of the device of the request source signed by using the code key exchanged by the key exchanger from the device of the request source of the contents key. A group determiner 112 verifies a signature, and determines whether the device of the request source is a device belonging to a group of the same network with its own device, based on the address of the device of the request source and an address of its own device. When it is determined that it belongs to the same group, a code processor 110 encodes the contents key by the code key exchanged by the key exchanger, and sends the contents key to the device of the request source of the contents key. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to content data management technology, and more particularly, to a content management apparatus and method for managing the copying or use of a content key for decrypting encrypted content data.

  Digitalization of contents such as music and video is progressing, and devices capable of recording and reproducing digital data are widely used. Unlike analog data recorded or recorded on a magnetic tape or the like, digital data does not deteriorate with the passage of time or repeated reproduction, so that it is possible to enjoy content such as music and video semipermanently.

  Since digital data can be duplicated many times without degrading the sound quality or image quality of the content, the copy of the digital data must be strictly managed in order to properly protect the copyright of the content. On the other hand, if the personal or private use in the home is restricted, the convenience of the user may be impaired.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide a technique capable of improving user convenience while protecting content from unauthorized use.

  One embodiment of the present invention relates to a content management apparatus. The content management apparatus includes: a reception unit that receives a content key acquisition request for decrypting encrypted content; a key exchange unit that exchanges an encryption key between the content key request source device; An address acquisition unit that acquires an address of the request source device, which is signed using the encryption key exchanged by the key exchange unit from the content key request source device, and the acquired request source device A determination unit that determines whether the requesting device belongs to the same network group as the own device based on the address of the device and the address of the own device; and When it is determined that the device belongs to the same group as the own device, the content key is encrypted with the encryption key exchanged by the key exchange unit, and the content key A transmission unit for transmitting to the requesting device, characterized in that it comprises a.

  The determination unit may determine that the request source device and the own device belong to the same group when the address of the request source device matches the network unit of the own device address.

  The signature is a keyed hash value of the address using the encryption key issued by the content management device, or a hash value of the address encrypted with the encryption key issued by the content management device. Also good. The signature is a keyed hash value of the address using an encryption key issued by the device requesting the content key, or the address encrypted with the encryption key issued by the device requesting the content key May be a hash value.

  Another aspect of the present invention relates to a content management method. The content management method includes a step of accepting a content key acquisition request for decrypting encrypted content, a step of exchanging an encryption key with a device that has requested the content key, Obtaining the address of the requesting device encrypted with the encryption key exchanged in the step of exchanging the encryption key or attached with a keyed hash value using the encryption key from the requesting device. Determining whether the requesting device belongs to the same network group as the own device based on the acquired address of the requesting device and the address of the own device; and When it is determined in the determining step that the device requesting the content key belongs to the same group as its own device, the content key is Encrypted with the encryption key exchanged by the step of exchanging serial encryption key, characterized in that it comprises the steps of: transmitting to the requesting device of the content key.

  Yet another embodiment of the present invention relates to a content management apparatus. The content management device includes an encryption key between a request unit that requests transmission of the content key to a device that holds a content key for decrypting the encrypted content, and the device to which the content key is requested. A key exchange unit for exchanging the content, an address transmission unit for transmitting the address of the content key with a signature using the encryption key exchanged by the key exchange unit to the address of the device, A content key receiving unit that receives the content key encrypted with the encryption key exchanged by the key exchange unit from a request destination device.

  The signature is a keyed hash value of the address using the encryption key issued by the content management device, or a hash value of the address encrypted with the encryption key issued by the content management device. Also good. The signature is a keyed hash value of the address using an encryption key issued by the content key requesting device, or the address encrypted with the encryption key issued by the content key requesting device. May be a hash value.

Yet another embodiment of the present invention relates to a content management method. In this content management method, an encryption key is transmitted between a step of requesting transmission of the content key to a device holding a content key for decrypting the encrypted content and a device to which the content key is requested. Exchanging, transmitting to the requesting device of the content key, attaching the signature using the encryption key exchanged in the exchanging encryption key to the address of the own device, and transmitting the request destination Receiving the content key encrypted with the encryption key exchanged by the step of exchanging the encryption key from the device of:
It is characterized by providing.

  Yet another embodiment of the present invention relates to a content management apparatus. The content management device includes a first unit between a request unit that requests transmission of the content key to a device that holds a content key for decrypting the encrypted content, and a device to which the content key is requested. A key exchange unit that relays communication for exchanging a second encryption key between the device that requests the content key and the storage device that records the content key; and An address transmitting unit that transmits the address of the device with a signature using the first encryption key to the request destination device, and the request destination device encrypted with the second encryption key. And a content key receiving unit that receives the content key and transfers it to the storage device.

  Yet another embodiment of the present invention relates to a content management method. The content management method includes a step of requesting transmission of the content key to a device that holds a content key for decrypting encrypted content, and a first device between the device to which the content key is requested. Exchanging an encryption key, relaying communication for exchanging a second encryption key between the content key requesting device and the storage device that records the content key; and Transmitting a signature using a first encryption key to the device's own address and receiving the content key encrypted with the second encryption key from the requested device And transferring to the storage device.

  It should be noted that any combination of the above-described constituent elements and a representation of the present invention converted between a method, an apparatus, a system, etc. are also effective as an aspect of the present invention.

  According to the present invention, it is possible to improve user convenience while protecting the copyright of content.

(First embodiment)
FIG. 1 shows the overall configuration of a content management system 10 according to the first embodiment. In the content management system 10, the content server 12 provides content via the Internet 14 or the like. Devices connected to the LAN 18 constructed in a home or company, such as the content recording device 100, the content reproduction device 300, and the home appliance 22, are connected to the Internet 14 via the router 16.

  The content recording device 100 records content data acquired from the content server 12 via the Internet 14 or broadcast waves. When the content recording apparatus 100 has a content recording function and a reproduction function, the user can reproduce and enjoy the content recorded in the content recording apparatus 100 with the content recording apparatus 100. However, for example, other devices connected to the LAN 18 such as viewing content recorded in the content recording device 100 installed in the living room with the content playback device 300 in the own room are stored in the content recording device 100. There is also a desire to reproduce the content that has been made. In this embodiment, the use of private content within a limited network is permitted, but the outflow of content to different networks is restricted, so that the copyright of the content is appropriately protected. At the same time, a technique for improving user convenience is proposed.

  More specifically, in the present embodiment, when the acquisition of content data held in the content recording device 100 is requested, the content recording device is referred to by referring to the address of the requesting content reproduction device 300 Content data is supplied to the content playback device 300 belonging to the same network group as 100, and content data is not supplied to devices that do not belong to the same network group. For example, content provision is permitted to devices connected to the same LAN 18, and content provision is denied to devices connected to a network outside the router 16. As a result, the content can be reproduced by a device inside the network without leaking the content to a device outside the network.

  An IP address is assigned to a device connected to the Internet 14 or the LAN 18 in order to identify the device on the network. The IP address is divided into a network address and a host address. For example, in a 32-bit address space in IPv4, 8 bits are assigned from the MSB as the network address in class A, 16 bits in class B, and 24 bits in class C. It is done. When a subnet mask is used, the bit length specified from the MSB is the network address, and the rest is the host address. In the subnet mask method, a part of a bit string that is a host address in the address class method is divided into a subnet and a host address using an address mask. In this embodiment, the subnet is also a part of the network address. To do.

  In the present embodiment, the IP addresses of the request source content reproduction device 300 and the content recording device 100 are compared, and if the network addresses are the same, it is determined that both belong to the same network group, Allow supply. In general, a LAN 18 constructed in a home or the like is provided with a DHCP server 20 that assigns an IP address to each device. The DHCP server 20 automatically assigns an IP address having the same network address but a different host address to each device. Therefore, each device connected to the LAN 18 is assigned an IP address having the same network address. The DHCP server 20 may be provided as a function of the router 16 or may be realized by a device different from the router 16. Further, when the IP address is fixedly set for each device, the DHCP server 20 may not be provided.

  As a copyright protection method for protecting content data, the content data is encrypted and the confidentiality of content usage information (hereinafter referred to as “license data”) including its decryption key (hereinafter referred to as “content key”) is enhanced. There is a management method. When license data is transmitted / received between devices, an encrypted communication path is constructed between the devices, and license data is transmitted / received via the encrypted communication path. A device that transmits and receives license data includes a tamper resistant module (TRM) for handling encrypted license data.

  Although the content data itself may be treated as confidential data, in the present embodiment, the content data is encrypted, and the encrypted content data itself is recorded as normal data. Then, the license data including the content key for decrypting the encrypted content is input / output as confidential data. As a result, while maintaining sufficient tamper resistance, data input / output can be simplified, processing speed can be increased, and power consumption can be reduced.

  In constructing an encrypted communication path, first, an apparatus that provides license data (hereinafter referred to as “license providing apparatus”) sends a public key to an apparatus that receives license data (hereinafter referred to as “license receiving apparatus”). Send a certificate containing. Then, the license providing device verifies this certificate, and if the verification result indicates that the certificate transmitted from the license receiving device is a regular certificate and is not invalidated by the certificate revocation list, The public key included in this certificate is used to exchange keys between devices. Then, the license data encrypted with the key sent from the license providing apparatus to the license receiving apparatus is transmitted from the license providing apparatus to the license receiving apparatus. The TRM is a circuit module in which data is physically protected and confidentiality is guaranteed, and is configured so that license data can be exchanged only via an encrypted communication path.

  In this embodiment, in order to determine whether or not the requesting content reproduction device 300 belongs to the same network group, the IP address of the content reproduction device 300 is acquired. This IP address is also an encrypted communication path. By using this, it is possible to prevent IP address spoofing and spoofing. Thereby, the copyright of content can be protected appropriately.

  FIG. 2 shows a configuration of a content recording apparatus 100 that is an example of a content management apparatus according to the embodiment. FIG. 2 shows only the configuration relating to the content data management technique of the present embodiment, of the configuration of the content recording apparatus 100. The content recording apparatus 100 mainly includes a communication unit 102, a reception unit 106, a controller 108, an encryption processing unit 110, a group determination unit 112, a normal data storage unit 114, and a tamper resistant storage unit 116. These configurations can be realized in terms of hardware by a CPU, memory, or other LSI of an arbitrary computer, and in terms of software by a program loaded in the memory. Depicts functional blocks realized by. Accordingly, those skilled in the art will understand that these functional blocks can be realized in various forms by hardware only, software only, or a combination thereof.

  The normal data storage unit 114 is a normal storage area for recording normal data or the like, and the tamper resistant storage unit 116 is a confidential data storage area for recording confidential data. The normal data storage unit 114 is directly accessible from the outside, and data is input / output via the controller 108, but the tamper resistant storage unit 116 is configured to be accessible only by the cryptographic processing unit 110, Data is input / output via the unit 110. The license data including the content key is recorded in the tamper resistant storage unit 116, and the content data encrypted with the content key is recorded in the normal data storage unit 114.

  When acquiring the encrypted content data from the content server 12, the content recording device 100 records the acquired encrypted content data in the normal data storage unit 114 and the license data in the tamper resistant storage unit 116. When acquiring unencrypted content data from the content server 12, the license data is issued by an encryptor (not shown), recorded in the tamper-resistant storage unit 116 via the encryption processing unit 110, and the issued content The content data is encrypted with the key and recorded in the normal data storage unit 114.

  The encryption processing unit 110 controls encryption communication for inputting / outputting secret data such as license data including a content key. Details of the encryption communication will be described later. The controller 108 comprehensively controls the components of the content recording apparatus 100.

  The communication unit 102 controls communication with other devices via the LAN 18. The IP address acquisition unit 104 has a DHCP client function, requests the DHCP server 20 to assign an IP address, and acquires the IP address assigned from the DHCP server 20. The accepting unit 106 accepts a content data acquisition request from the content reproduction device 300. When the accepting unit 106 accepts a content data acquisition request, the encryption processing unit 110 starts encrypted communication with the requesting content reproduction device 300.

  The group determination unit 112 acquires an IP address from the requesting content reproduction device 300, and compares the IP address of the own device acquired by the IP address acquisition unit 104 with the content reproduction device 300 belonging to the same network group. It is determined whether or not. As described above, the group determination unit 112 determines that the IP addresses belong to the same network group if the network addresses are the same.

  FIG. 3 shows an internal configuration of a content reproduction apparatus 300 that is an example of the content management apparatus according to the embodiment. FIG. 3 shows only the configuration relating to the content data management technique of the present embodiment, of the configuration of the content reproduction device 300. The content reproduction device 300 mainly includes a communication unit 302, a request unit 306, a controller 308, an encryption processing unit 310, an address information generation unit 312, and a content decryption unit 314. These functional blocks can also be realized in various forms by hardware only, software only, or a combination thereof.

  The encryption processing unit 310 controls encryption communication for inputting / outputting secret data such as license data including a content key. Details of the encryption communication will be described later. The controller 308 comprehensively controls the components of the content playback device 300.

  The communication unit 302 controls communication with other devices via the LAN 18. The IP address acquisition unit 304 has a DHCP client function, requests the DHCP server 20 to assign an IP address, and acquires the IP address assigned from the DHCP server 20. The request unit 306 requests the content recording apparatus 100 to acquire content data. When the request unit 306 requests acquisition of content data, the encryption processing unit 310 starts encrypted communication with the requesting content recording apparatus 100.

  The address information generation unit 312 generates address information of the own device to be transmitted to the content recording device 100. The address information generation unit 312 acquires the IP address of the own device from the IP address acquisition unit 304, and uses the encryption key exchanged with the content recording device 100 by the encryption processing unit 310, and the hash value with the key of the IP address. Is calculated and added to the IP address to generate address information.

  The content decryption unit 314 decrypts the encrypted content data acquired from the content recording device 100 with the content key included in the license data acquired from the content recording device 100 via the encryption processing unit 310. The decrypted content data is reproduced by a reproduction unit (not shown).

  Here, the encryption key used in the encrypted communication path of the present embodiment will be described. In the present embodiment, the key is expressed as a character string starting with a capital letter “K”. When the second character is lowercase “c” or “s”, it represents a symmetric key (common key). When the third character following “c” is “h”, it represents a challenge key. The challenge key is a temporally symmetric key generated at the transmission source of the encrypted data. If the third character following “s” is “e”, it represents a session key. The session key is a temporal symmetric key generated at the transmission destination of the encrypted data. When the second character is capital “P”, it indicates a public key of the public key cryptosystem. This key always has a corresponding secret key, and this secret key is expressed by replacing the second letter of the public key notation with a lowercase “p”.

  When the character string indicating the public key or the secret key is a lowercase “d”, it indicates that the key is given to the device. When the third character of the character string indicating the public key is a lowercase letter “c”, it is given as a public key certificate with an electronic signature. The certificate of the public key KPcx is expressed as C [KPcx].

  Here, the encryption algorithm used in the embodiment will be described. In the present embodiment, two schemes are adopted: a public key cryptosystem and a symmetric key (common key) cryptosystem. The common key encryption method is an encryption method that performs encryption and decryption using the same key, and DES (Data Encryption Standard), AES (Advanced Encryption Standard), and the like are known as encryption algorithms. In this embodiment, any method can be adopted, but AES is adopted in consideration of the balance of encryption strength.

  The public key encryption method is an encryption method in which encryption and decryption are performed using different keys. A key to be encrypted is called a public key, and a key to be decrypted is called a secret key. As the name indicates, the public key is a public key and does not need to be managed secretly. On the other hand, the secret key is managed secretly. In this method, cryptographic algorithms such as RSA and EC-DH (Elliptic Curve Diffie-Hellman) are known. In this embodiment, any method can be adopted, but EC-DH is adopted in consideration of the balance between the key length and the encryption strength.

  EC-DH encrypts data with a symmetric key (referred to as “shared key”) shared by both parties by multiplication on an elliptic curve over a finite field (this operation algorithm is referred to as “elliptic curve encryption”). The encrypted data has a format in which the result of encrypting the data and data for sharing the shared key (referred to as “parameter”) are concatenated.

  For example, transmission of encrypted data using the public key KPdx and the secret key Kdx will be described. In EC-DH, the relationship between the two is KPdx = Kdx * B. Here, the base point on the elliptic curve is indicated by “B”, and the multiplication on the elliptic curve is indicated by “*”. In the following description, “x” indicates a side that receives encrypted data (referred to as “reception side”), and “y” indicates a side that provides encrypted data (referred to as “transmission side”).

  The receiving side transmits the public key KPdx to the transmitting side. Upon receiving the public key KPdx, the transmission side generates a random number Ry in order to create encrypted data. Then, the public key KPdx and the random number Ry are multiplied on the elliptic curve, and the shared key Ksdxy = F (KPdx * Ry is obtained from the multiplication result. Here, F is a function for obtaining the common key from the coordinate data on the elliptic curve. At the same time, in order to share the shared key Ksdxy with the receiving side, the parameter B * Ry to be transmitted to the receiving side is calculated, and the base point B and the function F are shared in advance together with the elliptic curve equation. is doing.

  Using the generated shared key Ksdxy, the target data (denoted as Data) is encrypted to generate encrypted data Es (Ksdxy, Data). Then, the parameter B * Ry and B * Ry // Es (Ksdxy, Data) obtained by concatenating the result are sent as Ep (KPdx, Data) to the receiving side.

  Here, the symbol “//” indicates data concatenation, and B * Ry // Es (Ksdxy, Data) indicates a data string obtained by combining the parameter B * Ry and the encrypted data Es (Ksdxy, Data) side by side. . Further, Es indicates an encryption function using a common key encryption method, and Es (Ksdxy, Data) indicates that the target data Data is encrypted with the symmetric key Ksdxy. Ep indicates an encryption function using a public key cryptosystem, and indicates that the target data Data is encrypted with the public key KPdx. In EC-DH, Ep (KPdx, Data) = B * Ry // Es (Ksdxy, Data) = B * Ry // Es (F (KPdx * By), Data).

  On the receiving side, when Ep (KPdx, Data) is received, the stored secret key Kdx and the parameter B * Ry are multiplied on an elliptic curve, and the shared key Ksdxy is obtained from the multiplication result Kdx * B * Ry = KPdx * Ry. = F (KPdx * Ry) is obtained, and the encrypted data Es (Ksdxy, Data) is decrypted. The same applies to other public key and private key pairs.

  In the following, in order to simplify the notation, the description will be made simply with the content key Kc instead of the license data. Therefore, the same effect can be obtained by replacing the content key Kc with license data including the content key Kc.

  FIG. 4 shows an internal configuration of the encryption processing unit 110 of the content recording apparatus 100 shown in FIG. The encryption processing unit 110 includes a certificate verification unit 120, a random number generation unit 121, a certificate output unit 122, a control unit 123, a first encryption unit 125, a first decryption unit 126, a second decryption unit 127, and a second encryption unit 128. The third encryption unit 129, the third decryption unit 130, the fourth decryption unit 131, the fourth encryption unit 132, the fifth encryption unit 133, and the local bus 124 that electrically connects at least some of these components. Prepare.

  The certificate verification unit 120 verifies the certificate C [KPcd] acquired from the content reproduction device 300. The certificate C [KPcd] includes plaintext data (referred to as “certificate body”) including the public key KPcd and electronic signature data attached to the certificate body. This electronic signature data is obtained by applying a calculation result by a hash function to the certificate body (this calculation process is referred to as “hash calculation”) as a root key of a certification authority (not shown) as a third party. Data encrypted by Ka. The root key Ka is a private key that is strictly managed by the certificate authority and serves as a secret key of the certificate authority. The certificate verification unit 120 holds a verification key KPa that is paired with the root key Ka. The verification key KPa is a public key for verifying the validity of the certificate.

  The verification of the certificate is judged by the validity of the certificate and the validity of the certificate. The verification of the validity of the certificate is a process of comparing the calculation result of the hash function for the certificate body of the certificate to be verified with the result of decrypting the electronic signature with the verification key KPa. It is judged that. In addition, the certificate verification unit 120 holds a certificate revocation list (CRL) which is a list of invalid certificates, and there is a certificate to be verified in the CRL for the validity of the certificate. It is judged that it is effective when it is not described. The process of judging the validity and validity of the certificate and approving the valid certificate is called verification.

  If the verification is successful, the certificate verification unit 120 retrieves the public key KPcd of the content reproduction device 300 and transmits the public key KPcd to the first encryption unit 125 and notifies the control unit 123 of the verification result. If verification fails, a verification error notification is output.

  The certificate output unit 122 outputs the certificate C [KPcs] of the content recording device 100. The certificate may be held by the certificate output unit 122 or may be held in a certificate holding unit (not shown) and read out. The certificate includes a certificate body including the public key KPcs of the content recording device 100 and an electronic signature attached to the certificate body. The electronic signature is encrypted with the root key Ka of the certificate authority.

  The random number generator 121 generates a random number. The random number may be a pseudo random number. Here, a challenge key Kchs, a session key Kses, and a random number Rs that are temporarily used to perform encrypted communication with the content reproduction device 300 are generated. By generating a challenge key Kchs, a session key Kses, etc. each time encrypted communication is performed, the possibility of the key being broken is minimized. The generated challenge key Kchs is transmitted to the first encryption unit 125 and the first decryption unit 126. The generated session key Kses is transmitted to the third encryption unit 129 and the third decryption unit 130. The random number Rs is transmitted to the first encryption unit 125 and the second encryption unit 128 and used for encryption by ED-DH.

  The first encryption unit 125 encrypts the challenge key Kchs with the public key KPcd of the content reproduction device 300 extracted by the certificate verification unit 120 in order to notify the content reproduction device 300 of the challenge key Kchs, and the first challenge Information Ep (KPcd, Kchs) is generated.

  The first decryption unit 126 decrypts the data encrypted with the challenge key Kchs. The session key Ksed issued by the content reproduction device 300 and the public key KPd held by the content reproduction device 300 are supplied from the content reproduction device 300 as second challenge information Es (Kchs, E (KPcs, Ksed // KPd). Therefore, the first decryption unit 126 acquires the challenge key Kchs generated by the random number generation unit 121, decrypts the second challenge information Es (Kchs, Ep (KPcs, Ksed // KPd), and encrypts the data Ep (KPcs). , Ksed // KPd) is extracted and transmitted to the second decoding unit 127.

  The second decryption unit 127 decrypts the data encrypted with the public key KPcs. The second decryption unit 127 acquires the private key Kpcs of the own device, decrypts Ep (KPcs, Ksed // KPd) transmitted from the first decryption unit 126, and extracts the session key Ksed and the public key KPd. The extracted session key Ksed is transmitted to the second encryption unit and switch 135, and the public key KPd is transmitted to the third encryption unit 129.

  The second encryption unit 128 encrypts the session key Kses with the session key Ksed extracted by the second decryption unit 127 to notify the content reproduction device 300 of the session key Kses, and encrypts the data Es (Ksed, Kses). Is transmitted to the third encryption unit 129.

  The third encryption unit 129 further encrypts the encrypted data Es (Ksed, Kses) generated by the second encryption unit 128 with the public key KPd of the content reproduction device 300 extracted by the second decryption unit 127, Connection information Ep (KPd, Es (Ksed, Kses)) is generated. For the encryption, the random number Rs generated by the random number generator 121 is used. The shared key Ksds generated using this random number is transmitted to the fifth encryption unit 133.

  The third decryption unit 130 decrypts the data encrypted with the session key Kses. Since the session key Ksed reissued by the content reproduction device 300 is supplied from the content reproduction device 300 as session information Es (Kses, Es (Ksed-old, Ksed)), the third decryption unit 130 includes a random number generation unit. 121 obtains the session key Kses generated, decrypts the session information Es (Kses, Es (Ksed-old, Ksed)), extracts the encrypted data Es (Ksed-old, Ksed), and sends it to the fourth decryption unit 131. introduce.

  When the second decryption unit 127 or the fourth decryption unit 131 extracts the session key Ksed, the switch 135 selects it and transmits it to the holding memory 134. The holding memory 134 holds the session key Ksed transmitted by the switch 135 until a new session key Ksed is obtained, and transmits the session key Ksed to the fourth decryption unit 131 as the session key Ksed-old. That is, the session key Ksed indicates the latest key, and the session key Ksed-old indicates the key transmitted one time before.

  The fourth decryption unit 131 decrypts the data encrypted with the session key Ksed. The fourth decryption unit 131 decrypts the encrypted data Es (Ksed-old, Ksed) transmitted from the third decryption unit 130 with the immediately preceding session key Ksed-old transmitted from the holding memory 134, and the latest session key. Take out Ksed. The extracted session key Ksed is transmitted to the fourth encryption unit 132 and the switch 135.

  In order to transmit the content key Kc to the content reproduction device 300, the fourth encryption unit 132 acquires the content key Kc, encrypts it with the session key Ksed transmitted from the fourth decryption unit 131, and encrypts the encrypted data Es (Ksed , Kc) is transmitted to the fifth encryption unit 133.

  The fifth encryption unit 133 further encrypts the encrypted data Es (Ksed, Kc) generated by the fourth encryption unit 132 with the shared key Ksds for the public key KPd transmitted from the third encryption unit 129, and encrypts the encrypted data License data Es (Ksds, E (Ksed, Kc)) is generated.

  The control unit 123 controls the internal configuration of the encryption processing unit 110 in accordance with an instruction from the controller 108 of the content recording apparatus 100, and mediates data input / output with the external configuration.

  In FIG. 4, various modification examples can be considered for the form of connecting each component. In this embodiment, the challenge key Kchs, the session key Kses, the random number Rs, the secret key Kpcs, Consideration is given so that the session key Ksed received from the content reproduction apparatus 300 does not flow directly to the local bus 124. Thereby, it is possible to prevent each key used in the encryption processing unit 110 from leaking to the outside via other components of the content recording apparatus 100 and improve the security.

  FIG. 5 shows an internal configuration of the encryption processing unit 310 of the content reproduction apparatus 300 shown in FIG. The encryption processing unit 310 includes a certificate verification unit 320, a random number generation unit 321, a certificate output unit 322, a control unit 323, a first decryption unit 325, a first encryption unit 326, a second encryption unit 327, and a second decryption unit 328. A third decryption unit 329, a third encryption unit 330, a fourth encryption unit 331, a fourth decryption unit 332, a fifth decryption unit 333, and a local bus 324 that electrically connects at least some of these components. Prepare.

  The certificate verification unit 320 verifies the certificate C [KPcs] acquired from the content recording device 100. The operation when the certificate verification unit 320 verifies the certificate is the same as that of the certificate verification unit 120 described above. If the verification is successful, the certificate verification unit 320 extracts the public key KPcs of the content recording apparatus 100 and transmits it to the first encryption unit 326 and notifies the control unit 323 of the verification result. If verification fails, a verification error notification is output.

  The certificate output unit 322 outputs the certificate C [KPcd] of the content reproduction device 300. The certificate may be held by the certificate output unit 322 or may be held in a certificate holding unit (not shown) and read out. The certificate includes a certificate body including the public key KPcd of the content reproduction device 300 and an electronic signature attached to the certificate body. The electronic signature is encrypted with the root key Ka of the certificate authority.

  The random number generator 321 generates a random number. The random number may be a pseudo random number. Here, a session key Ksed that is temporarily used to perform encrypted communication with the content recording apparatus 100 and a random number that is used for encryption with the public key (EC-DH) in the first encryption unit 326 are generated. . By generating the session key Ksed every time encrypted communication is performed, the possibility of the key being broken is minimized. The generated session key Ksed is transmitted to the first encryption unit 326, the third decryption unit 329, the third encryption unit 330, the fourth decryption unit 332, and the holding memory 334.

  The holding memory 334 is used to hold the session key Ksed generated by the random number generation unit 321 and obtain the session key Ksed-old generated one time before. The session key Ksed-old is transmitted to the third encryption unit 330.

  The first decryption unit 325 decrypts the data encrypted with the public key KPcd. Since the challenge key Kchs issued by the content recording device 100 is supplied from the content recording device 100 as the first challenge information Ep (KPcd, Kchs), the first decryption unit 325 acquires the private key Kcd of the own device. Thus, the first challenge information Ep (KPcd, Kchs) is decrypted, and the challenge key Kchs is extracted. The extracted challenge key Kchs is transmitted to the second encryption unit 327.

  The first encryption unit 326 notifies the content recording device 100 of the session key Ksed and the public key KPd by using the public key KPcs of the content recording device 100 extracted by the certificate verification unit 320 and the session key Ksed and the public key KPd. Is encrypted to generate encrypted data Ep (KPcs, Ksed // KPd), which is transmitted to the second encryption unit 327.

  The second encryption unit 327 further encrypts the encrypted data Ep (KPcs, Ksed // KPd) generated by the first encryption unit 326 with the challenge key Kchs extracted by the first decryption unit 325, and Challenge information Es (Kchs, Ep (KPcs, Ksed // KPd)) is generated.

  The second decryption unit 328 decrypts the data encrypted with the public key KPd. Since the session key Kses issued by the content recording device 100 is supplied from the content recording device 100 as connection information Ep (KPd, EsKsed, Kses), the second decryption unit 328 acquires the private key Kpd of the own device. To obtain a shared key Ksds. Further, decryption is performed using the obtained shared key Ksds, and the encrypted data Es (Ksed, Kses) is extracted and transmitted to the third decryption unit 329.

  The third decryption unit 329 decrypts the data encrypted with the session key Ksed. The third decryption unit 329 decrypts Es (Ksed, Kses) transmitted from the second decryption unit 328 with the session key Ksed generated by the random number generation unit 321 and extracts the session key Kses. The extracted session key Kses is transmitted to the fourth encryption unit 331.

  In order to notify the content recording device 100 of the re-generated session key Ksed, the third encryption unit 330 generates a random number generation unit 321 and newly uses the previous session key Ksed-old held in the holding memory 334. The generated session key Ksed is encrypted to generate encrypted data Es (Ksed-old, Ksed), which is transmitted to the fourth encryption unit 331.

  The fourth encryption unit 331 further encrypts the encrypted data Es (Ksed-old, Ksed) generated by the third encryption unit 330 with the session key Kses extracted by the third decryption unit 329, and stores the session information Es. (Kses, E (Ksed-old, Ksed)) is generated.

  The fourth decryption unit 332 decrypts the data encrypted with the shared key Ksds. Since the content key Kc is supplied from the content recording apparatus 100 as encrypted license data Es (Ksds, E (Ksed, Kc)), the fourth decryption unit 332 uses the shared key Ksds extracted by the second decryption unit 328. Is obtained, the encrypted license data Es (Ksds, Es (Ksed, Kc)) is decrypted, and the encrypted data Es (Ksed, Kc)) is extracted and transmitted to the fifth decryption unit 333.

  The fifth decryption unit 333 decrypts the data encrypted with the session key Ksed. The fifth decryption unit 333 decrypts E (Ksed, Kc) transmitted from the fourth decryption unit 332 with the latest session key Ksed generated by the random number generation unit 321 and extracts the content key Kc.

  The control unit 323 controls the internal configuration of the encryption processing unit 310 in accordance with an instruction from the controller 308 of the content reproduction device 300, and mediates data input / output with the external configuration.

  In the encryption processing unit 310 shown in FIG. 5, various modifications can be considered in the form of connecting each component. In the present embodiment, the session key Ksed generated by the random number generation unit 321, the public key, The secret keys Kpcd and Kpd that make a pair, the challenge key Kchs and the session key Kses received from the content recording device 100 are configured so as not to flow on the local bus 324, and are used in the cryptographic processing unit 310. Prevent the key from leaking outside.

  6 and 7 are sequence diagrams showing the procedure of the content management method according to the present embodiment. 6 and 7 show a procedure until the content recording apparatus 100 transmits license data to the content reproduction apparatus 300. FIG. First, when the request unit 306 of the content reproduction device 300 requests the content recording device 100 to acquire content (S100), the reception unit 106 of the content recording device 100 accepts the request and responds to the content reproduction device 300 (S102). . Thereby, encryption communication is started between the encryption processing unit 110 of the content recording device 100 and the encryption processing unit 310 of the content reproduction device 300.

  The controller 308 of the content reproduction device 300 reads the certificate C [KPcd] of the content reproduction device 300 from the certificate output unit 322 (S110) and transmits it to the content recording device 100 (S112). When the controller 108 of the content recording apparatus 100 acquires the certificate C [KPcd] of the content reproduction apparatus 300, the controller 108 transmits the certificate C [KPcd] to the encryption processing unit 110. The control unit 123 of the encryption processing unit 110 causes the certificate verification unit 120 to verify the certificate C [KPcd] (S114). If the certificate is not approved, the process ends abnormally. If the verification of the certificate is successful, the control unit 123 reads the certificate C [KPcs] of the content recording apparatus 100 from the certificate output unit 122 (S116). Subsequently, the control unit 123 causes the random number generation unit 121 to generate and hold the challenge key Kchs (S118), and causes the first encryption unit 125 to encrypt the challenge key Kchs with the public key KPcd of the content reproduction device 300. Then, the first challenge information Ep (KPcd, Kchs) is generated (S120). The controller 108 concatenates the generated first challenge information Ep (KPcd, Kchs) and the certificate C [KPcs] of the content recording device 100 and transmits them to the content reproduction device 300 (S122).

  When the controller 308 acquires the certificate C [KPcs] and the first challenge information Ep (KPcd, Kchs) of the content recording device 100, the controller 308 transmits them to the encryption processing unit 310. The control unit 323 of the encryption processing unit 310 causes the certificate verification unit 320 to verify the certificate (S126). If the certificate is not approved, the process ends abnormally. If the verification of the certificate is successful, the control unit 323 causes the first decryption unit 325 to decrypt the first challenge information Ep (KPcd, Kchs), and extracts the challenge key Kchs (S128). Subsequently, the control unit 323 causes the random number generation unit 321 to generate and hold the session key Ksed (S130), connect it to the public key KPd of the content reproduction device 300, and causes the first encryption unit 326 to store the session key Ksed and The public key KPd is encrypted with the public key KPcs of the content recording device 100, and further, the second encryption unit 327 is encrypted with the challenge key Kchs extracted by the first decryption unit 325, and second challenge information Es ( Kchs, Ep (KPcs, Ksed // KPd)) is generated (S132).

  The address information generation unit 312 acquires the IP address of the content reproduction device 300 from the IP address acquisition unit 304 (S134), the challenge key Kchs issued by the content recording device 100, and the session key Ksed issued by the content reproduction device 300. To the IP address LI (Location Information), the hash value of the data is calculated, the calculated keyed hash value is added to the LI, and the address information LI // H (Ksed // Kchs // LI) is calculated. Generate (S138). The controller 308 concatenates the generated second challenge information Es (Kchs, Ep (KPcs, Ksed // KPd)) and the address information LI // H (Ksed // Kchs // LI) to record the content. It transmits to the apparatus 100 (S142).

  When the controller 108 acquires the second challenge information Es (Kchs, Ep (KPcs, Ksed // KPd)) and the address information LI // H (Ksed // Kchs // LI), the controller 108 transmits them to the encryption processing unit 110. The control unit 123 causes the first decryption unit 126 and the second decryption unit 127 to decrypt the second challenge information Es (Kchs, Ep (KPcs, Ksed // KPd)), and extracts the session key Ksed and the public key KPd ( S146). Subsequently, the control unit 123 causes the group determination unit 112 to verify the address information LI // H (Ksed // Kchs // LI) (S148).

  The group determination unit 112 acquires the address LI acquired from the content reproduction device 300, the challenge key Kchs generated by the random number generation unit 121, and the session key Ksed extracted by the second decryption unit 127, and H (Ksed / / Kchs // LI) is calculated and compared with the keyed hash value H (Ksed // Kchs // LI) of the address LI acquired from the content reproduction apparatus 300. If they do not match, the process ends abnormally. If the two match, then the IP address of the content recording device 100 is acquired from the IP address acquisition unit 104 (S160), and compared with the IP address of the content playback device 300, whether or not they belong to the same network group. Is determined (S162). If the network unit of the IP address of the content playback device 300 and the network unit of the IP address of the content recording device 100 are not the same, the group determination unit 112 determines that they do not belong to the same network group (S164). N), the provision of content is rejected (S198), and the process is terminated. If both network addresses are the same, it is determined that they belong to the same network group (Y in S164), content provision is permitted, and the process is continued.

  The control unit 123 causes the random number generation unit 121 to generate and hold the session key Kses (S166), and causes the second encryption unit 128 to encrypt the session key Kses with the session key Ksed extracted by the second decryption unit 127. Furthermore, the random number generation unit 121 generates a random number Rs, and the third encryption unit 129 uses the public key KPd and the random number Rs to encrypt the connection information Ep (KPd, Es (Ksed , Kses)) is generated (S168). The controller 108 transmits the generated connection information Ep (KPd, Es (Ksed, Kses)) to the content reproduction device 300 (S170).

  When the controller 308 acquires the connection information Ep (KPd, Es (Ksed, Kses)) from the content recording apparatus 100, the controller 308 transmits the connection information Ep (KPd, Es (Ksed, Kses)) to the encryption processing unit 310. The control unit 323 causes the second decryption unit 328 and the third decryption unit 329 to decrypt the connection information Ep (KPd, Es (Ksed, Kses)), and extracts the shared key Ksds and the session key Kses using the public key KPd (S172). ). Subsequently, the control unit 323 causes the random number generation unit 321 to regenerate and hold the session key Ksed (S174), and causes the third encryption unit 330 to regenerate the regenerated session key Ksed with the previous session key Ksed-old. In addition, the fourth encryption unit 331 generates the session information Es (Kses, Es (Ksed-old, Ksed)) by encrypting with the session key Kses extracted by the third decryption unit 329 ( S176). The controller 308 transmits the generated session information Es (Kses, Es (Ksed-old, Ksed)) to the content recording device 100 (S178).

  When the controller 108 acquires the session information Es (Kses, Es (Ksed-old, Ksed)), the controller 108 transmits it to the encryption processing unit 110. The control unit 123 causes the third decryption unit 130 and the fourth decryption unit 131 to decrypt the session information Es (Kses, Es (Ksed-old, Ksed)), and extracts the regenerated session key Ksed (S180). Subsequently, the control unit 123 reads the content key Kc from the tamper resistant storage unit 116 (S182), and causes the fourth encryption unit 132 to encrypt the content key Kc with the session key Ksed extracted by the fourth decryption unit 131. Further, the fifth encryption unit 133 is encrypted with the shared key Ksds generated by the third encryption unit 129 to generate encrypted license data Es (Ksds, Es (Ksed, Kc)) (S184). The controller 108 transmits the generated encrypted license data Es (Ksds, Es (Ksed, Kc)) to the content reproduction device 300 (S186).

  Upon obtaining the encrypted license data Es (Ksds, Es (Ksed, Kc)), the controller 308 transmits the encrypted license data Es to the encryption processing unit 310. The control unit 323 causes the fourth decryption unit and the fifth decryption unit to decrypt the encrypted license data Es (Ksds, Es (Ksed, Kc)), and extracts the content key Kc (S188). The extracted license data is transmitted to the content decryption unit 314. The controller 108 reads the encrypted content data E (Kc, Dcontent) from the normal data storage unit 114 (S190), and transmits it to the content reproduction device 300 (S192). When acquiring the encrypted content data Es (Kc, Dcontent), the controller 308 transmits the encrypted content data Es (Kc, Dcontent) to the content decryption unit 314. The content decryption unit 314 decrypts the acquired encrypted content data Es (Kc, Dcontent) with the content key Kc (S194).

  Through the above procedure, the content key Kc and the content data encrypted with the content key Kc are provided to the content playback device 300 belonging to the same network group as the content recording device 100. Note that either the content key or the encrypted content data may be transmitted to the content reproduction device 300 first, or both may be transmitted in parallel.

(Second Embodiment)
FIG. 8 shows a configuration of a content reproduction device 300 according to the second embodiment. In the present embodiment, a technique for copying content data held in the content recording apparatus 100 will be described. In the present embodiment, content data is copied to the storage device 200 that is detachably connected to the content reproduction apparatus 300. This storage device 200 is not only a storage medium that holds data, but also a drive-integrated storage having a configuration such as a controller that controls input / output of data between a host device such as the content reproduction device 300 and the storage medium. It is a device. In the present embodiment, a hard disk drive will be described as an example of the storage device 200.

  The conventional hard disk drive is generally used by being fixedly connected to one host device. However, the storage device 200 of the present embodiment is connected to a host device such as the content playback device 300. It is configured to be detachable. That is, the storage device 200 according to the present embodiment is a storage device that can be removed from the host device and carried in the same manner as a CD or DVD, and can be shared among a plurality of host devices.

  As described above, the storage device 200 according to the present embodiment is assumed to be connected to a plurality of host devices. For example, the storage device 200 is connected to a host device of a third party other than the owner and recorded therein. Data may be read out. When it is assumed that contents to be protected by copyright such as music and video, confidential data such as corporate and personal information are recorded on the storage device 200, the confidential data leaks to the outside. In order to prevent this, it is preferable to provide the storage device 200 itself with a configuration for appropriately protecting data and to have a sufficient tamper resistance function.

  From such a viewpoint, the storage device 200 according to the present embodiment has a configuration for encrypting and exchanging confidential data when the confidential data is input and output with the host device. Further, in order to store confidential data, a confidential data storage area different from a normal storage area is provided, and the confidential data storage area is configured to be accessible only through an encryption processing unit provided in the storage device 200. To do. This encryption processing unit inputs / outputs secret data only to / from a host device verified as having a legitimate authority.

  In order to make the most of the characteristics of the storage device 200 as a removable medium, it is preferable that normal data can be input / output even by a host device that does not support the secure function. Therefore, the storage device 200 according to the present embodiment supports ATA (AT Attachment), which is a standard of ANSI (American National Standards Institute), in order to maintain compatibility with the conventional hard disk, and the secure function described above. Is realized as an ATA extension instruction.

  The content playback apparatus 300 of this embodiment further includes an ATA interface 318 in addition to the configuration of the content playback apparatus 300 of the first embodiment shown in FIG. The ATA interface 318 controls data input / output with the storage device 200.

  The storage device 200 mainly includes a controller 208, an encryption processing unit 210, a normal data storage unit 214, a tamper resistant storage unit 216, and an ATA interface 218. These configurations can also be realized in various forms by hardware only, software only, or a combination thereof.

  The normal data storage unit 214 is a normal storage area for recording normal data and the like, and the tamper resistant storage unit 216 is a confidential data storage area for recording confidential data. The normal data storage unit 214 is directly accessible from the outside, and data is input / output via the controller 208, but the tamper resistant storage unit 216 is configured to be accessible only by the cryptographic processing unit 210, Data is input / output via the unit 210. The content key is recorded in the tamper resistant storage unit 216, and the content data encrypted with the content key is recorded in the normal data storage unit 214.

  The encryption processing unit 210 controls encryption communication for inputting / outputting secret data such as a content key. The internal configuration of the cryptographic processing unit 210 is the same as the internal configuration of the cryptographic processing unit 310 of the content reproduction apparatus 300 according to the first embodiment shown in FIG. The controller 208 comprehensively controls the components of the storage device 200. The ATA interface 218 controls input / output of data with a host device such as the content reproduction device 300.

  In the first embodiment, the exchange of the encryption key and the communication such as the encrypted license data and the encrypted content data performed between the content recording device 100 and the content reproduction device 300 are the content recording in the present embodiment. This is performed between the device 100 and the storage device 200. The content reproduction apparatus 300 relays encrypted communication between the content recording apparatus 100 and the storage device 200 and performs procedures related to generation of address information on behalf of the storage device 200.

  9 and 10 are sequence diagrams showing the procedure of the content management method according to the present embodiment. First, when the request unit 306 of the content reproduction device 300 requests the content recording device 100 to acquire content (S100), the reception unit 106 of the content recording device 100 accepts the request and responds to the content reproduction device 300 (S102). . As a result, encryption communication is started among the encryption processing unit 110 of the content recording device 100, the encryption processing unit 310 of the content reproduction device 300, and the encryption processing unit 210 of the storage device 200.

  The controller 208 of the storage device 200 reads the certificate C [KPcd] of the storage device 200 from the certificate output unit (S104), and transmits it to the content reproduction device 300 (S106). The controller 308 of the content reproduction device 300 reads the certificate C [KPch] of the content reproduction device 300 from the certificate output unit 322 (S108), and the certificate C [KPcd] of the storage device 200 and the certificate of the content reproduction device 300. C [KPch] is concatenated and transmitted to the content recording apparatus 100 (S109).

  When the controller 108 of the content recording apparatus 100 acquires the certificate C [KPcd] of the storage device 200 and the certificate C [KPch] of the content reproduction apparatus 300, the controller 108 transmits the certificate C [KPch] to the encryption processing unit 110. The control unit 123 of the encryption processing unit 110 causes the certificate verification unit 120 to verify the certificate C [KPcd] and the certificate C [KPch] (S114, S115). If the certificate is not approved, the process ends abnormally. If the verification of the certificate is successful, the control unit 123 reads the certificate C [KPcs] of the content recording apparatus 100 from the certificate output unit 122 (S116). Subsequently, the control unit 123 causes the random number generation unit 121 to generate and hold the challenge keys Kchs1 and Kchs2 (S119), and causes the first encryption unit 125 to challenge the challenge key Kchs1 with the public key KPcd of the storage device 200. The key Kchs2 is encrypted with the public key KPch of the content reproduction device 300, and first challenge information Ep (KPcd, Kchs1) // Ep (KPch, Kchs2) is generated (S120). The controller 108 concatenates the generated first challenge information Ep (KPcd, Kchs1) // Ep (KPch, Kchs2) and the certificate C [KPcs] of the content recording device 100, and transmits it to the content reproduction device 300. (S123).

  When the controller 308 acquires the certificate C [KPcs] and the first challenge information Ep (KPcd, Kchs1) // Ep (KPch, Kchs2) of the content recording apparatus 100, the controller 308 transmits them to the encryption processing unit 310. The control unit 323 of the encryption processing unit 310 causes the first decryption unit 325 to decrypt Ep (KPch, Kchs2), and extracts the challenge key Kchs2 (S124). The controller 308 concatenates the certificate C [KPcs] of the content recording apparatus 100 and the first challenge information Ep (KPcd, Kchs1) and transmits them to the storage device 200 (S125).

  When the controller 208 acquires the certificate C [KPcs] and the first challenge information Ep (KPcd, Kchs1) of the content recording apparatus 100, the controller 208 transmits the certificate C [KPcs, Kchs1) to the encryption processing unit 210. The control unit of the cryptographic processing unit 210 causes the certificate verification unit to verify the certificate (S126). If the certificate is not approved, the process ends abnormally. When the verification of the certificate is successful, the control unit causes the first decryption unit to decrypt the first challenge information Ep (KPcd, Kchs1) and retrieves the challenge key Kchs1 (S128). Subsequently, the control unit causes the random number generation unit to generate and hold the session key Ksd (S130), causes the first encryption unit to encrypt the session key Ksed with the public key KPcs of the content recording device 100, and The second encryption unit is encrypted with the challenge key Kchs1 extracted by the first decryption unit to generate second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) (S132). The controller 208 transmits the generated second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) to the content reproduction device 300 (S133).

  When the controller 308 acquires the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)), the controller 308 transmits the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) to the encryption processing unit 310. The address information generation unit 312 acquires the IP address of the content reproduction device 300 from the IP address acquisition unit 304 (S134), and concatenates the challenge key Kchs2 issued by the content recording device 100 to the IP address LI (Location Information). A hash value of data is calculated, and the calculated keyed hash value is added to the LI to generate address information LI // H (Kchs2 // LI) (S139). The controller 308 connects the generated address information LI // H (Kchs2 // LI) to the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)), and transmits it to the content recording apparatus 100. (S143).

  When the controller 108 acquires the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) and the address information LI // H (Kchs2 // LI), the controller 108 transmits them to the encryption processing unit 110. The control unit 123 causes the first decryption unit 126 and the second decryption unit 127 to decrypt the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)), and extracts the session key Ksed and the public key KPd ( S146). Subsequently, the control unit 123 causes the group determination unit 112 to verify the address information LI // H (Kchs2 // LI) (S149).

  The group determination unit 112 obtains the address LI obtained from the content reproduction device 300 and the challenge key Kchs2 generated by the random number generation unit 121, calculates H (Kchs2 // LI), and obtains it from the content reproduction device 300. It is compared with the keyed hash value H (Kchs2 // LI) of the address LI. If they do not match, the process ends abnormally. If they match, the IP address of the content recording device 100 and the IP address of the content playback device 300 are compared to determine whether or not to provide the content, as in the first embodiment. Thereafter, the procedure shown in FIG. 7 is executed between the content recording apparatus 100 and the storage device 200.

  Through the above procedure, the content key Kc and the content data encrypted with the content key Kc are copied to the storage device 200 via the content playback device 300 belonging to the same network group as the content recording device 100.

(Third embodiment)
Also in the present embodiment, a technique for copying content data held in the content recording apparatus 100 to the storage device 200 will be described. In the second embodiment, when generating the address information, a keyed hash value using the challenge key Kchs2 issued by the content recording device 100 is attached as a signature attached to the IP address LI of the content reproduction device 300. In this embodiment, a keyed hash value is further calculated using the session key Ksed2 issued by the content reproduction device 300.

  FIG. 11 is a sequence diagram showing the procedure of the content management method according to the present embodiment. In FIG. 11, only the parts different from the procedure of the content management method according to the second embodiment shown in FIGS. 9 and 10 are shown.

  When the controller 308 acquires the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)), the controller 308 transmits the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) to the encryption processing unit 310. The control unit 323 causes the random number generation unit 321 to generate the session key Ksed2 (S135), causes the first encryption unit 326 to encrypt the session key Ksed2 with the public key KPcs of the content recording device 100, and further, the second encryption The unit 327 is encrypted with the challenge key Kchs2 extracted by the first decryption unit 325 to generate Es (Kchs2, Ep (KPcs, Ksed2)) (S136). The address information generation unit 312 acquires the IP address of the content reproduction device 300 from the IP address acquisition unit 304 (S134), and uses the challenge key Kchs2 issued by the content recording device 100 and the session key Ksd2 issued by the content reproduction device 300. , Calculates the hash value of the data linked to the IP address LI (Location Information), adds the calculated keyed hash value to the LI, and generates address information LI // H (Ksed2 // Kchs2 // LI) (S140). The controller 308 uses the generated address information LI // H (Ksed2 / Kchs2 // LI) // Es (Kchs2, Ep (KPcs, Ksed2)) as second challenge information Es (Kchs1, Ep (KPcs, Ksed). // KPd)) and transmitted to the content recording apparatus 100 (S144).

  The controller 108 uses the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) and address information LI // H (Ksed2 // Kchs2 // LI) // Es (Kchs2, Ep (KPcs, Ksed2)). ) Is transmitted to the encryption processing unit 110. The control unit 123 causes the first decryption unit 126 and the second decryption unit 127 to decrypt Es (Kchs2, Ep (KPcs, Ksed2)), and extracts the session key Ksed2 (S145). Also, the second challenge information Es (Kchs1, Ep (KPcs, Ksed // KPd)) is decrypted, and the session key Ksed and the public key KPd are extracted (S146). Subsequently, the control unit 123 causes the group determination unit 112 to verify the address information LI // H (Ksed2 / Kchs2 // LI) (S150).

  The group determination unit 112 acquires the address LI acquired from the content reproduction device 300, the session key Ksed2 extracted by the second decryption unit 127, and the challenge key Kchs2 generated by the random number generation unit 121, and H (Ksed2 / / Kchs2 // LI) is calculated and compared with the keyed hash value H (Ksed2 / Kchs2 // LI) of the address LI acquired from the content reproduction apparatus 300. If they do not match, the process ends abnormally. If they match, the IP address of the content recording device 100 and the IP address of the content playback device 300 are compared to determine whether or not to provide the content, as in the first embodiment. Thereafter, the procedure shown in FIG. 7 is executed between the content recording apparatus 100 and the storage device 200.

  Through the above procedure, the content key Kc and the content data encrypted with the content key Kc are copied to the storage device 200 via the content playback device 300 belonging to the same network group as the content recording device 100.

  In the above, this invention was demonstrated based on the Example. This embodiment is an exemplification, and it will be understood by those skilled in the art that various modifications can be made to each component and combination of processing processes, and such modifications are within the scope of the present invention.

It is a figure which shows the whole structure of the content management system which concerns on 1st Embodiment. It is a figure which shows the structure of the content recording apparatus which is an example of the content management apparatus which concerns on embodiment. It is a figure which shows the internal structure of the content reproduction apparatus which is an example of the content management apparatus which concerns on embodiment. It is a figure which shows the internal structure of the encryption process part of the content recording apparatus shown in FIG. It is a figure which shows the internal structure of the encryption process part of the content reproduction apparatus shown in FIG. It is a sequence diagram which shows the procedure of the content management method which concerns on 1st Embodiment. It is a sequence diagram which shows the procedure of the content management method which concerns on 1st Embodiment. It is a figure which shows the structure of the content reproduction apparatus which concerns on 2nd Embodiment. It is a sequence diagram which shows the procedure of the content management method which concerns on 2nd Embodiment. It is a sequence diagram which shows the procedure of the content management method which concerns on 2nd Embodiment. It is a sequence diagram which shows the procedure of the content management method which concerns on 3rd Embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 Content management system, 12 Content server, 14 Internet, 16 router, 18 LAN, 20 DHCP server, 100 Content recording apparatus, 102 Communication part, 104 IP address acquisition part, 106 Reception part, 108 Controller, 110 Encryption processing part, 112 Group determination unit, 114 Normal data storage unit, 116 Tamper resistant storage unit, 120 Certificate verification unit, 121 Random number generation unit, 122 Certificate output unit, 123 Control unit, 124 Local bus, 125 First encryption unit, 126 First Decryption unit, 127 Second decryption unit, 128 Second encryption unit, 129 Third encryption unit, 130 Third decryption unit, 131 Fourth decryption unit, 132 Fourth encryption unit, 133 Fifth encryption unit, 200 Storage device, 208 Controller 210 encryption processing unit 214 Normal data storage unit, 216 anti-tamper storage unit, 218 ATA interface, 300 content playback device, 302 communication unit, 304 IP address acquisition unit, 306 request unit, 308 controller, 310 encryption processing unit, 312 address information generation unit, 314 content Decryption unit, 318 ATA interface, 320 certificate verification unit, 321 random number generation unit, 322 certificate output unit, 323 control unit, 324 local bus, 325 first decryption unit, 326 first encryption unit, 327 second encryption unit, 328 Second decryption unit, 329 third decryption unit, 330 third encryption unit, 331 fourth encryption unit, 332 fourth decryption unit, 333 fifth decryption unit.

Claims (11)

A receiving unit that receives a request for acquiring a content key for decrypting encrypted content;
A key exchange unit that exchanges an encryption key with the content key request source device;
An address acquisition unit for acquiring an address of the request source device, which is attached with a signature using the encryption key exchanged by the key exchange unit, from the request source device of the content key;
A determination unit that verifies the signature and determines whether the requesting device belongs to the same network group as the own device based on the address of the requesting device and the address of the own device; ,
When the determination unit determines that the device requesting the content key belongs to the same group as its own device, the content key is encrypted with the encryption key exchanged by the key exchange unit, and the content key A transmitter that transmits to the key requesting device;
A content management apparatus comprising:   The determination unit determines that the request source device and the own device belong to the same group when the address of the request source device matches the network unit of the address of the own device. The content management apparatus according to 1.   The signature is a keyed hash value of the address using the encryption key issued by the content management device, or a hash value of the address encrypted with the encryption key issued by the content management device. The content management apparatus according to claim 1, wherein   The signature is a keyed hash value of the address using an encryption key issued by the device requesting the content key, or the address encrypted with the encryption key issued by the device requesting the content key The content management apparatus according to claim 1, wherein the content management apparatus is a hash value of Receiving a request for acquiring a content key for decrypting encrypted content;
Exchanging an encryption key with the device requesting the content key;
Obtaining from the requesting device of the content key the address of the requesting device, signed with the encryption key exchanged in the step of exchanging the encryption key;
Verifying the signature and determining, based on the address of the requesting device and the address of the own device, whether the requesting device belongs to the same network group as the own device;
When it is determined in the determining step that the device requesting the content key belongs to the same group as its own device, the content key is encrypted with the encryption key exchanged in the step of exchanging the encryption key. Transmitting to the requesting device of the content key;
A content management method comprising: A requesting unit for requesting transmission of the content key to a device holding a content key for decrypting the encrypted content;
A key exchange unit for exchanging an encryption key with a device to which the content key is requested;
An address transmission unit that transmits a signature using the encryption key exchanged by the key exchange unit to the address of the device to which the content key is requested;
A content key receiving unit that receives the content key encrypted with the encryption key exchanged by the key exchange unit from the request destination device;
A content management apparatus comprising:   The signature is a keyed hash value of the address using the encryption key issued by the content management device, or a hash value of the address encrypted with the encryption key issued by the content management device. The content management apparatus according to claim 6.   The signature is a keyed hash value of the address using an encryption key issued by the content key requesting device, or the address encrypted with the encryption key issued by the content key requesting device. The content management apparatus according to claim 6, wherein the content management apparatus is a hash value of Requesting transmission of the content key to a device holding a content key for decrypting the encrypted content;
Exchanging an encryption key with a device to which the content key is requested;
Sending the content key request destination device with a signature using the encryption key exchanged in the step of exchanging the encryption key to the address of the device;
Receiving the content key encrypted with the encryption key exchanged by the step of exchanging the encryption key from the requested device;
A content management method comprising: A requesting unit for requesting transmission of the content key to a device holding a content key for decrypting the encrypted content;
A first encryption key is exchanged with the device requesting the content key, and a second encryption key is exchanged between the device requesting the content key and the storage device storing the content key A key exchange unit that relays communication to be performed;
An address transmitting unit that transmits a signature using the first encryption key to the address of the device to which the content key is requested;
A content key receiving unit that receives the content key encrypted with the second encryption key from the request destination device and transfers the content key to the storage device;
A content management apparatus comprising: Requesting transmission of the content key to a device holding a content key for decrypting the encrypted content;
A first encryption key is exchanged with the device requesting the content key, and a second encryption key is exchanged between the device requesting the content key and the storage device storing the content key Relaying the communication to be performed;
Transmitting the content key requesting device with a signature using the first encryption key to the address of the device;
Receiving the content key encrypted with the second encryption key from the requested device and transferring it to the storage device;
A content management method comprising:

Images