JP2009169892A - Information processing apparatus, disk, information processing method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent illegal acquisition of an ID and illegal use of a content by an illegal application. <P>SOLUTION: An open key of a content owner providing an application to be recorded on a disk is stored, An application certificate in which a signature of a certificate authority is set and root certificate corresponding signature data in which a signature of the content owner is set for data containing the certificate authority are recorded on the disk. A reproducing device verifies the signatures of the application certificate and root certificate corresponding signature data. When the signature verification fails, use of the application is prohibited or limited. The application provided by the content owner is under the control of the certificate authority to prevent spread of illegal applications, illegal acquisition and use of identification information by an illegal application, and illegal use of the content. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing device, a disk, an information processing method, and a program. More specifically, the present invention relates to an information processing apparatus, a disk, an information processing method, and a program for performing reading control and usage control of content and identification information (ID) recorded on an information recording medium.

  Discs such as a DVD (Digital Versatile Disc) and a Blu-ray Disc (registered trademark) are used as content recording media. For example, movie content is recorded on a disc (for example, a ROM disc) and provided to the user. In many cases, copyrights, distribution rights, etc. are possessed by the creator or seller. Content. For such content, for example, usage control is performed to prevent unauthorized copying (duplication) or the like.

  There are various forms of usage control. For example, according to the AACS (Advanced Access Content System) that defines copyright protection technology, ID information such as a media ID is used when a disc recording content is used. The content usage control is performed by reading the content from the user ID and confirming the read ID or generating a key using the ID information.

For example, the following identification information (ID) is recorded on the disc.
(A) Media ID (PMSN (sometimes called Pre-recorded Media Serial Number), which is disc-specific identification information)
(B) Volume ID set for each disc title;
(C) a content certificate ID as identification information of a content certificate set corresponding to the disc recording content;
For example, such identification information (ID) is recorded on the disc.

  The playback device reads, for example, at least one of the identification information (ID) (a) to (c) from the disc, and uses the content by processing according to a predetermined sequence, for example, key generation using the ID or content decryption. To do. Further, the above-described various identification information (ID) may be transmitted to the server, and various additional contents and service data may be received from the server based on the ID confirmation in the server.

In addition, not the above (a) to (c) recorded on the disc,
(D) a device binding ID which is identification information corresponding to the playback device;
May be used. The device binding ID is recorded in the memory in the playback device as identification information unique to the playback device, uses the contents stored on the disk, acquires subsequent data from the server, and stores the subsequent data stored in a storage unit such as a hard disk of the playback device. When used, for example, it is used for processing such as ID confirmation, key generation, and content decryption as confirmation processing of the playback device.

  In order to read the identification information (ID) (a) to (d) and perform content reproduction or copy processing or data acquisition processing from the server, it is necessary to execute a predetermined program in the reproduction device. It is. In many cases, the program is a program created corresponding to the content stored on the disc, and is recorded on the disc together with the content, and the playback device reads the program from the disc and executes it.

  Such a program is created, for example, as a simple program using Java (registered trademark), and is often created, for example, by a content owner or a provider (content owner) or by a consignment thereof. May be mixed.

  An illegal program may be used for illegal processing such as illegally acquiring identification information (ID) recorded on a disk to illegally use content and illegally acquiring service data from a server. is there.

  With reference to FIG. 1, an outline of the content usage control configuration in the current AACS rules will be described. FIG. 1 shows a disc (media) 120 that stores content 121, a content owner 110 that provides disc-recorded content, and a license management unit 130 that performs content management processing. The license management unit 130 is operated by, for example, an AACS LA (Licensing Administrator) that performs content usage management in accordance with AACS regulations.

In addition to the content 121, the above-described identification information (ID) 122 is recorded on the disc 120. As the identification information (ID) 122,
(A) Media ID (PMSN) 126 which is disc-specific identification information;
(B) a volume ID 127 set in units of disc titles;
(C) a content certificate ID 128 as identification information of the content certificate set corresponding to the disc recording content,
These pieces of ID information are included.

  On the disc 120, a content certificate 123 for certifying that the content 121 is a valid content, that is, a valid content certified by the license management unit (AACS LA) 130 is recorded. The content certificate 123 is issued under the management of the license management unit 130 and recorded on the disc 120 as data for proving its validity corresponding to the content 121 recorded on the disc 120.

  The content certificate 123 records the root certificate hash value so as to show the details in the license management unit 130, and the electronic certificate using the secret key of the license management unit (AACS LA) 130 is recorded with respect to these recorded hash values. It has a configuration with a signature. The root certificate 124 is recorded on the disk 120 and has a configuration in which a signature is set with the content owner's private key with respect to the content owner's public key, as shown in the content owner 110 in the figure.

  The playback device that plays back the content 121 recorded on the disc executes the signature verification set in the content certificate and is permitted to use the content 121 on the condition that the validity of the content certificate is confirmed. The In this way, the validity is strictly checked for the content.

  However, in addition, a disc recording application 125 may be recorded on the disc 120. The disk recording application 125 is a program used for the reproduction process of the content 121 and other processes, for example. Specifically, it is an application for providing service data from a server to a content user. A program executed to acquire service data from the server by transmitting the identification information (ID) 122 recorded on the disk 120 to the server.

  As shown in the content owner 110 in the figure, the disc recording application 125 has a configuration in which a signature is set with the content owner's private key for the application provided by the content owner.

  A playback device that uses the disc recording application 125 recorded on the disc 120 applies the content owner's public key and verifies the signature set in the disc recording application 125 to confirm the validity of the application. You will run the application.

  However, the disc recording application 125 can be created independently by the content owner 110 and is not monitored by a third party. As described above, the validity of content can be confirmed by the content certificate 123 issued by the license management unit 130 corresponding to the content, but the disc recording application 125 can thus confirm the validity by a third party. It is impossible to deny the possibility that the content owner 110 creates an unauthorized application.

  As described above, by using an unauthorized application, the identification information (ID) 122 recorded on the disk 120 is illegally obtained, the content 121 is illegally used, and the service data is illegally acquired from the server. May be used for illegal processing.

  The present invention has been made in view of, for example, the above-described problems, and is an information processing apparatus, a disc, an information processing method, and a program that prevent unauthorized reading and use of content and identification information recorded on the disc. The purpose is to provide.

The first aspect of the present invention is:
An information processing apparatus that controls the use of application programs recorded on a disk,
An application execution unit that executes processing using the application program;
The application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certificate authority that is a third party is set is read from the disk, and the first signature verification is performed.
Further, the root certificate corresponding data having a signature for the data including the content certificate recorded on the disc as a certificate corresponding to the content recorded on the disc is read from the disc, and the content owner public key is applied. A data verification unit for performing signature verification of 2;
In the first and second signature verification processes in the data verification unit, when verification fails, an application control unit that prohibits or restricts application program use processing in the application execution unit;
There is an information processing apparatus characterized by having.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the application control unit executes a process for prohibiting the application execution unit from acquiring the identification information recorded on the disc.

Furthermore, in one embodiment of the information processing apparatus of the present invention, the identification information is
(A) Media ID (PMSN) which is identification information unique to the disc,
(B) Volume ID set for each disc title;
(C) a content certificate ID as identification information of a content certificate set corresponding to the disc recording content;
It is the identification information in any one of said (a)-(c), It is characterized by the above-mentioned.

  Furthermore, in an embodiment of the information processing apparatus according to the present invention, the application control unit executes a process in which the application execution unit prohibits or restricts a process of reproducing, copying, or externally outputting content recorded on a disc. It is characterized by that.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the application control unit executes a process in which the application execution unit prohibits or restricts a process of connecting to an external server via a network. .

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the application control unit performs a process in which the application execution unit prohibits or restricts API call processing for a program execution unit that reads or uses disk recording data. It is characterized by performing.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the data verification unit refers to a certificate revocation list in which the revocation information of the application certificate is recorded, and the content recorded in the application certificate A process of verifying whether an owner identifier is included in the certificate revocation list is executed, and the application control unit includes the content owner identifier recorded in the application certificate in the certificate revocation list In this case, a process for prohibiting or limiting the application program use process in the application execution unit is executed.

Furthermore, the second aspect of the present invention provides
Content,
A content certificate which is certification data corresponding to the content;
Application programs,
An application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certificate authority that is a third party is set;
Record the root certificate compatible data that has a signature for the data including the content certificate,
Disc capable of causing a playback device that intends to execute the application program to execute signature verification of the application program and the data corresponding to the root certificate, and to control use of the application program according to the verification result It is in.

Furthermore, the third aspect of the present invention provides
An information processing method for controlling the use of an application program recorded on a disc in an information processing device,
The data verification unit reads the application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certification authority, which is a third party, is set from the disk, and performs the first signature verification. Run,
Further, the root certificate corresponding data having a signature for the data including the content certificate recorded on the disc as a certificate corresponding to the content recorded on the disc is read from the disc, and the content owner public key is applied. A data verification step for performing signature verification of 2;
An application control step in which the application control unit prohibits or restricts the use processing of the application program when verification fails in the first and second signature verification processing in the data verification step;
There is an information processing method characterized by comprising:

  Furthermore, in an embodiment of the information processing method of the present invention, the application control step is a step in which the application execution unit executes a process of prohibiting a process of acquiring the identification information recorded on the disc. To do.

Furthermore, in one embodiment of the information processing method of the present invention, the identification information is
(A) Media ID (PMSN) which is identification information unique to the disc,
(B) Volume ID set for each disc title;
(C) a content certificate ID as identification information of a content certificate set corresponding to the disc recording content;
It is the identification information in any one of said (a)-(c), It is characterized by the above-mentioned.

  Furthermore, in an embodiment of the information processing method of the present invention, the application control step includes a step of executing a process in which the application execution unit prohibits or restricts a process of reproducing, copying, or externally outputting content recorded on a disc. It is characterized by being.

  Furthermore, in an embodiment of the information processing method of the present invention, the application control step is a step in which the application execution unit executes a process for prohibiting or restricting a process for connecting to an external server via a network. Features.

  Furthermore, in an embodiment of the information processing method of the present invention, the application control step executes a process in which the application execution unit prohibits or restricts an API call process for a program execution unit that reads or uses disk recording data. It is a step to perform.

  Further, in one embodiment of the information processing method of the present invention, the data verification step refers to a certificate revocation list in which revocation information of the application certificate is recorded, and the content recorded in the application certificate And executing a process of verifying whether an owner identifier is included in the certificate revocation list, wherein the application control step includes the content owner identifier recorded in the application certificate as the certificate revocation list. Included in the application execution unit, a process for prohibiting or limiting the application program use process in the application execution unit is executed.

Furthermore, the fourth aspect of the present invention provides
In the information processing apparatus, a program for controlling the use of an application program recorded on a disk,
The application certificate in which the public key of the content owner as the provider of the application program is stored in the data verification unit and the signature of the certification authority that is a third party is set is read from the disk and the first signature verification is performed. Let it run
Further, the root certificate corresponding data having a signature for the data including the content certificate recorded on the disc as a certificate corresponding to the content recorded on the disc is read from the disc, and the content owner public key is applied. A data verification step for performing signature verification of 2;
An application control step for causing the application control unit to prohibit or restrict the use processing of the application program when the verification fails in the first and second signature verification processing in the data verification step;
There is a program characterized by having.

  The program of the present invention is, for example, a program that can be provided by a storage medium or a communication medium provided in a computer-readable format to a general-purpose system capable of executing various program codes. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  According to one embodiment of the present invention, content is stored for an application certificate storing a public key of a content owner providing an application recorded on a disc and setting a signature of a certificate authority and data including a root certificate. A configuration in which the signature data corresponding to the root certificate with the owner's signature set is recorded on the disc, and the playback device that is to execute the application is configured to perform signature verification of the application certificate and the signature data corresponding to the root certificate. When the signature verification fails, the use of the application is prohibited or restricted. With this configuration, the application provided by the content owner will be placed under the control of a certificate authority as a third-party organization, and the spread of unauthorized applications, unauthorized acquisition and use of identification information due to the use of unauthorized applications, or Prevention of unauthorized use of content is realized.

  The details of the information processing apparatus, disk, information processing method, and program of the present invention will be described below with reference to the drawings.

  The outline of the configuration of the present invention will be described with reference to FIG. FIG. 2 shows a disc (media) 220 storing content 221, a content owner 210 that provides disc recording content, and a license management unit 230 that performs content management processing, as described above with reference to FIG. Furthermore, a certificate authority (BDA-CA) 240 is newly shown. The license management unit 230 is operated by, for example, an AACS LA (Licensing Administrator) that performs content usage management in accordance with AACS regulations.

  In this embodiment, a BD (Blu-ray Disc (registered trademark)), specifically, a BD-ROM disc which is a ROM type BD will be described as the disc 220. In the embodiment, an example in which the BD-ROM is applied will be described. However, the application example of the BD-ROM is merely an example, and the present invention can be applied to other types of media.

In addition to the content 221, identification information (ID) 222 is recorded on the disc 220 as described above with reference to FIG. As the identification information (ID) 222,
(A) Media ID (PMSN) 226 which is disc-specific identification information
(B) Volume ID 227 set in units of disc titles;
(C) a content certificate ID 228 as identification information of a content certificate set corresponding to the disc recording content;
These pieces of ID information are included.

  The playback device reads, for example, at least one of the identification information (ID) (a) to (c) from the disc, and uses the content by processing according to a predetermined sequence, for example, key generation using the ID or content decryption. To do. Further, the above-described various identification information (ID) may be transmitted to the server, and various additional contents and service data may be received from the server based on the ID confirmation in the server.

In addition, not the above (a) to (c) recorded on the disc,
(D) a device binding ID which is identification information corresponding to the playback device;
May be used. The device binding ID is recorded in the memory in the playback device as identification information unique to the playback device, uses the contents stored on the disk, acquires subsequent data from the server, and stores the subsequent data stored in a storage unit such as a hard disk of the playback device. When used, for example, it is used for processing such as ID confirmation, key generation, and content decryption as confirmation processing of the playback device.

  A content certificate (Content Cert) 223 for verifying that the content 221 is valid content, that is, valid content managed by the license management unit (AACS LA) 230 is recorded on the disc 220. The content certificate 223 is issued under the management of the license management unit 230 and recorded on the disc 220 as data certifying the validity corresponding to the content 221 recorded on the disc 220.

  The content certificate 223 records the root certificate hash, which is a hash value generated by the configuration data of the root certificate, as shown in detail in the license management unit 230 shown in FIG. 2, and records these hash values. On the other hand, it has a configuration in which an electronic signature with a secret key of the license management unit (AACS LA) 230 is given.

  Also, the root certificate (BD-J Root Cert) 224 recorded on the disc 220 is used as the content owner's public key and the content owner's public key, as shown in detail in the content owner 210 shown in FIG. On the other hand, it has a data structure including a signature generated with the content owner's private key, and is recorded on the disc 220 as a certificate corresponding to the disc recording application 225 recorded on the disc 220.

  The playback device that plays back the content 221 recorded on the disk 220 executes verification of the signature set in the content certificate 223 to check the validity of the content certificate 223, and uses this validity check as a condition. The content 221 is used. In this way, the validity is strictly checked for the content.

  Further, a disc recording application (BD-J application) 225 is recorded on the disc 220. The disk recording application 225 is, for example, a reproduction process or a copy process of the content 221 or other processes, for example, an application for receiving service data from an external server. As shown in detail in the content owner 210 shown in FIG. 2, the disc recording application 225 has a configuration in which a signature is set with the content owner's private key for the application provided by the content owner.

  Since this disc recording application 225 cannot directly read the identification information 222 recorded on the disc 220, it asks another program to read the identification information (ID) 222, and the disc recording application 225 reads it from the disc. The read identification information (ID) 222 is received.

  With reference to FIG. 3, an example of a reading process of the identification information (ID) 222 recorded on the disk 220 will be described. The disc recording application 225 is executed by the application execution unit 301 of the playback device 300. The disk recording application 225 is, for example, a Java (registered trademark) program, and in this case, the application execution unit 301 is configured by, for example, a virtual machine (referred to as a BD-J Virtual Machine) that executes the Java (registered trademark) program. .

  Since the application executed in the application execution unit 301 cannot directly read the identification information 222 recorded on the disk 220, the application executing the reading of the identification information 222 is requested to read the ID. The AACS layer (ID information acquisition program execution unit) 302 shown in FIG. 3 directly reads the identification information 222 recorded on the disk 220. The AACS layer 302 is a data processing unit that executes data processing according to a sequence in accordance with AACS regulations.

  An application executed by the application execution unit 301 executes an API (Application Programming Interface) call to the AACS layer (ID information acquisition program execution unit) 302. This API is an API composed of a function for reading the identification information 222 recorded on the disc 220.

  The AACS layer (ID information acquisition program execution unit) 302 reads the identification information 222 recorded on the disk 220 in response to an API call from the application execution unit 301, and uses the read identification information 222 as the application execution unit 301. Will be offered to. After that, the application executed in the application execution unit 301 uses the acquired identification information to use the content and acquire service data, for example, acquires the acquired identification information (ID) to the server, Then, other service information is received.

In this embodiment, an example in which the identification information 222 recorded on the disc is used will be described. As described above,
A device binding ID which is identification information corresponding to the playback device,
May be used. The device binding ID is recorded in the memory in the playback device as identification information unique to the playback device, uses the contents stored on the disk, acquires subsequent data from the server, and stores the subsequent data stored in a storage unit such as a hard disk of the playback device. When used, for example, it is used for processing such as ID confirmation, key generation, and content decryption as confirmation processing of the playback device. In the following, an example in which the identification information 222 recorded on the disc is used will be described. However, the identification information described below is also used when the device binding ID, which is identification information corresponding to the playback device, is read from the memory of the playback device and used. This is executed as a process similar to the reading process 222.

  As described above, a problem in reading and using the identification information is that the application executed by the application execution unit 301, that is, the disk recording application 225 may be an unauthorized program. For example, there is a possibility that the program is a malicious program generated in an attempt to illegally acquire the identification information 222.

  Therefore, in the configuration of the present invention, in order to prevent such unauthorized processing, the application certificate (AACS On-line Cert) 251 and the root certificate corresponding signature data (AACS On-line Sig) 252 are further stored in the disk 220. Is recorded.

  The application certificate (AACS On-line Cert) 251 is a certificate issued by the certificate authority (BDA-CA) 240, and is based on the private key of the certificate authority (BDA-CA) 240 with respect to the public key of the content owner. The signature data is set.

  The root certificate corresponding signature data (AACS On-line Sig) 252 is signature data generated by the content owner 210 and is generated by applying the content owner's private key to the data including the root certificate 224. It is signature data.

  With reference to FIG. 4, an example of the data configuration of each of the application certificate (AACS On-line Cert) 251 and the root certificate corresponding signature data (AACS On-line Sig) 252 will be described.

The application certificate (AACS On-line Cert) 251 has, for example, the following data configuration.
Data length: Data length of the entire application certificate data (4 bytes),
Certificate version: Application certificate version information (4 bytes),
Content owner ID: the identifier (4B) of the content owner who provided the disc recording application,
Content owner public key: The public key of the content owner who provided the disc recording application,
Signature: A signature for an application certificate generated by applying a private key of a certificate authority (BDA-CA),
It consists of these data.

  The signature is a signature generated for the configuration data (data length to content owner public key) of the application certificate 251, and the application certificate is verified by signature verification using the public key of the certificate authority (BDA-CA). It can be confirmed whether or not the book 251 has been tampered with.

On the other hand, the root certificate corresponding signature data (AACS On-line Sig) 252 has a data length: data length (4 bytes) of the entire data of the root certificate compatible signature data, as shown in the figure.
Signature version: Version information (4 bytes) of signature data corresponding to the root certificate,
Signature: Signature for the root certificate 224 generated by applying the private key of the content owner who provided the disc recording application, and the configuration data (data length, signature version) of the root certificate corresponding signature data 252.

  The signature is a signature generated for the configuration data (data length, signature version) of the root certificate 224 and the root certificate-corresponding signature data 252, and by signature verification using the public key of the content owner, It is possible to confirm whether or not the root certificate 224 and the root certificate corresponding signature data 252 are falsified.

  The issue configuration of the application certificate 251 and the root certificate corresponding signature data 252 will be described with reference to FIG.

In FIG.
(A) an additional configuration according to the invention,
(B) existing configuration,
The configurations of (a) and (b) are shown.
(B) The existing configuration is common to both the configuration shown in FIG. 1 described as the conventional configuration and the configuration shown in FIG. 2 described as the configuration of the present invention. That is, the configuration is a disc recording application 225 recorded on the disc and a root certificate 224.

  The disc recording application 225 is set with a signature to which the secret key of the content owner who provides the disc recording application 225 is applied.

As described with reference to FIG. 2, the root certificate 224 has a configuration in which a signature is set with the content content owner's private key with respect to the content owner's public key providing the disc recording application 225.
This configuration is common to both the configuration shown in FIG. 1 described as the conventional configuration and the configuration shown in FIG. 2 described as the configuration of the present invention.

  On the other hand, (a) the additional configuration according to the present invention shown in the upper part of FIG. 5 does not exist in FIG. 1 described as the conventional configuration, but exists only in the configuration shown in FIG. 2 described as the configuration of the present invention. It is an additional configuration.

  First, the root certificate corresponding signature data (AACS On-line Sig) 252 is signature data generated by the content owner 210 and is generated by applying the content owner's private key to the data including the root certificate 224. Signature data. By executing the signature verification set in the root certificate corresponding signature data (AACS On-line Sig) 252, the root certificate 224 and the root certificate corresponding signature data 252 can be falsified.

  The application certificate (AACS On-line Cert) 251 is a certificate issued by the certificate authority (BDA-CA) 240, and is based on the private key of the certificate authority (BDA-CA) 240 with respect to the public key of the content owner. The signature data is set. By this signature verification, falsification verification of the application certificate 251 is possible, and it is possible to confirm that the content owner public key stored in the application certificate 251 is valid key data.

  When it is confirmed by falsification verification that the application certificate 251 is valid data without falsification, the content owner public key stored in the application certificate 251 is acquired, and the acquired content owner public key is applied. The signature set in the root certificate corresponding signature data (AACS On-line Sig) 252 is verified. This signature verification confirms that the root certificate 224 and the root certificate corresponding signature data 252 are legitimate data without falsification.

  Further, the signature set in the disk recording application 225 is also verified using the content owner public key, and the disk recording application 225 is verified for falsification.

By adopting such a sequence, as shown in FIG.
[Certification Authority 240],
[Application Certificate (AACS On-line Cert) 251],
[Root certificate compatible signature data (AACS On-line Sig) 252]
[Disc recording application (BD-J application 225)
These configurations and data will have a series of relationships.

The playback device that intends to execute the disc recording application 225 provided by the content owner can use the above data, that is,
[Application Certificate (AACS On-line Cert) 251],
[Root certificate compatible signature data (AACS On-line Sig) 252]
The signature verification set for these data is executed.

  If it is confirmed by this signature verification that the application certificate 251, the root certificate corresponding signature data 252 and the root certificate 224 are not falsified, the disc recording application 225 is allowed to be executed. The identification information 222 recorded on the disc according to the sequence described with reference is allowed to be acquired. However, if it is not confirmed by signature verification that the application certificate 251, the root certificate corresponding signature data 252 and the root certificate 224 are not falsified, the execution of the disk recording application 225 is not permitted.

  Alternatively, a process of stopping a part of the execution function of the disk recording application 225 is performed. Specifically, control for disabling acquisition of the identification information 222 and processing using the identification information 222, control for disabling network connection, control for disabling content copying, and the like are performed. Note that the setting that does not allow the acquisition of the identification information 222 is realized by the process of prohibiting the use of the API described above with reference to FIG.

  A processing sequence executed in the data processing unit of the playback apparatus will be described with reference to the flowchart shown in FIG.

  First, in step S101, the application certificate (AACS On-line Cert) is read from the disk, and the signature set in the application certificate (AACS On-line Cert) is verified. In step S102, it is determined whether or not the signature verification of the application certificate is successful, that is, whether or not the application certificate is confirmed to be a valid certificate without falsification.

  As described above with reference to FIG. 4 and the like, the application certificate (AACS On-line Cert) is a certificate issued by the certificate authority (BDA-CA), and authenticates the public key of the content owner. This is a configuration in which signature data using a secret key of a station (BDA-CA) is set. With this signature verification, it is possible to verify whether the application certificate has been tampered with. For example, it is possible to confirm whether the content owner public key stored in the application certificate is valid key data. Become.

If it is determined in step S102 that the signature verification of the application certificate has failed, that is, it has not been confirmed that the application certificate is a valid certificate without falsification, the process proceeds to step S112. In step S112, the use of the disc recording application recorded on the disc is prohibited or restricted. Specifically, for example,
(1) The APIs that can be used by the disk recording application are limited.
(2) Prohibition of network connection,
(3) Prohibition of playback of disc recorded content,
(4) Prohibition of copy of recorded content on disc,
(5) Prohibition of use of disc recording application,
For example, application use restriction processing is performed by any one or combination of the above (1) to (5). Thereafter, in step S113, application use processing is performed within an allowable range.

  On the other hand, if the signature verification of the application certificate is successful in step S102, that is, if it is confirmed that the application certificate is a valid certificate without falsification, the process proceeds to step S103.

  In step S103, the root certificate corresponding signature data (AACS On-line Sig) is read from the disk, and in step S104, the content owner public key stored in the application certificate is applied to sign the root certificate corresponding signature data. Perform verification. The key applied to this signature verification is the content owner public key stored in the application certificate whose validity has been confirmed in step S102.

  As described above with reference to FIG. 4 and the like, the root certificate-corresponding signature data is signature data generated by the content owner, and the content owner's secret with respect to the data including the root certificate recorded on the disc. This is signature data generated by applying a key. By executing signature verification set in the root certificate corresponding signature data (AACS On-line Sig), falsification verification between the root certificate and the root certificate corresponding signature data can be performed.

In step S105, whether or not the signature verification of the root certificate-corresponding signature data is successful, that is, whether or not the root certificate and the root certificate-corresponding signature data are confirmed to be legitimate data without falsification by the signature verification. Determine whether. If it is not confirmed in step S105 that the root certificate and the root certificate corresponding signature data are valid data without falsification, the process proceeds to step S112. In step S112, the use of the disc recording application recorded on the disc is prohibited or restricted. Specifically, as described above, for example,
(1) The APIs that can be used by the disk recording application are limited.
(2) Prohibition of network connection,
(3) Prohibition of playback of disc recorded content,
(4) Prohibition of copy of recorded content on disc,
(5) Prohibition of use of disc recording application,
For example, application use restriction processing is performed by any one or combination of the above (1) to (5). Thereafter, in step S113, application use processing is performed within an allowable range.

  On the other hand, if it is confirmed in step S105 that the root certificate and the root certificate-corresponding signature data are valid data without falsification, the process proceeds to step S106. In step S106, a certificate revocation list (CRL) obtained by obtaining a certificate revocation list (CRL: Certificate Revocation List) from the server or the disk is subjected to signature verification processing.

  The certificate revocation list (CRL) is a list that stores information on certificates that have already been revoked among issued certificates. For example, it is a list indicating that the public key stored in the public key certificate that stores the public key such as an application certificate is invalid, and the certificate identifier of the invalidated certificate and the certificate issuance destination This is a list in which the identification information and the like are registered. This certificate revocation list (CRL) is updated sequentially, the latest list can be obtained from the management server of the certificate issuing entity, and is recorded on a disc and provided to the user. It should be noted that version information is set in the certificate revocation list (CRL) so that the old and new can be discriminated.

  The certificate revocation list (CRL) is set with a signature using the private key of the certificate issuing entity, and has a data structure that can be tampered with by signature verification using the public key of the certificate issuing entity. In step S106, signature verification of the certificate revocation list (CRL) is performed. If the certificate revocation list (CRL) signature fails in step S107, there is a possibility that the certificate is an invalid CRL, and the process returns to step S106 to acquire a new certificate revocation list (CRL) from the server. Thus, signature verification is performed on the obtained certificate revocation list (CRL).

  If the certificate revocation list (CRL) is successfully signed in step S107 and the validity of the certificate revocation list (CRL) is confirmed, the process proceeds to step S108.

  In step S108, the version of the certificate revocation list (CRL) stored in the memory of the playback device is compared with the version of the certificate revocation list (CRL) that has been subjected to signature verification obtained from the server or disk. When it is determined that the certificate revocation list (CRL) obtained by performing signature verification acquired from the server or the disk is newer than the certificate revocation list (CRL) stored in the playback device, in step S109, the server Alternatively, a certificate revocation list (CRL) obtained from the disk and subjected to signature verification is stored in the memory of the playback device.

  In step S110, the content owner ID is read from the application certificate and collated with the record data of the certificate revocation list (CRL) that has been subjected to signature verification.

  If it is determined in step S111 that the content owner ID recorded in the application certificate is not recorded in the CRL list, the process proceeds to step S113, and application usage processing is performed within an allowable range. In this case, application use processing that is basically unlimited is possible. That is, the identification information acquisition and use processing described above with reference to FIG. 3 can be executed without limitation.

On the other hand, if it is determined in step S111 that the content owner ID recorded in the application certificate is recorded in the CRL list, the process proceeds to step S112 to prohibit or limit the use of the disc recording application recorded on the disc. To do. Specifically, as described above, for example,
(1) The APIs that can be used by the disk recording application are limited.
(2) Prohibition of network connection,
(3) Prohibition of playback of disc recorded content,
(4) Prohibition of copy of recorded content on disc,
(5) Prohibition of use of disc recording application,
For example, application use restriction processing is performed by any one or combination of the above (1) to (5). Thereafter, in step S113, application use processing is performed within an allowable range.

  As described above with reference to FIG. 2, the content owner's signature is set in the disc recording application 225, and signature verification using the content owner's public key is performed and the signature verification is successful. That is, it is confirmed that the disc recording application 225 is legitimate application data without falsification, and the application is used on the condition that this confirmation has been made.

Thus, in the configuration of the present invention, as described above with reference to FIG.
[Certification Authority 240],
[Application Certificate (AACS On-line Cert) 251],
[Root certificate compatible signature data (AACS On-line Sig) 252]
[Disc recording application (BD-J application 225)
It is possible to set the disc recording application provided by the content owner by associating these configurations and data under the control of a third party, that is, a certificate authority, and to a playback apparatus that intends to use the disc recording application. The strict validity check of the disk recording application 225 is made possible by executing the process according to the flow shown in FIG. 5 and the application certificate (AACS On-line Cert) and the root certificate corresponding signature data (AACS On-line Sig) If the signature verification of () fails, the application execution function restriction process is executed to stop at least a part of the execution function of the disk recording application 225.

  Specifically, control such as acquisition of identification information recorded on a disk such as a media ID (PMSN) and use processing, control for disabling internet connection, control for disabling content copying, and the like are performed. .

  As described above with reference to FIG. 3, it is not the disc recording application itself that performs processing such as reading the identification information 222 recorded on the disc 220, but the AACS layer (ID information acquisition shown in FIG. 3). Program execution unit) 302. As described above, the AACS layer executes data processing according to a sequence according to the AACS standard.

  The application can request various processes to the AACS layer, and executes API calls set in accordance with the various processes. The AACS layer executes data processing corresponding to the API call, for example, the above-described identification information reading processing, and provides the processing result to the application execution unit.

  As described with reference to FIG. 6, in the playback apparatus of the present invention, an application certificate (AACS On-line Cert), which is data recorded on a disc, and a root certificate corresponding signature data (AACS On-line Sig). ) And the like, the application processing is limited when signature verification fails. A configuration example for controlling application processing will be described with reference to FIG. FIG. 7 shows the disc 220 and the playback device 300.

  The playback device 300 includes an application execution unit 301, an AACS layer 302, a data verification unit 351, and an application control unit 352. The application execution unit 301 and the AACS layer 302 correspond to the application execution unit 301 and the AACS layer 302 described with reference to FIG.

  The data verification unit 351 executes the processes of steps S101 to S110 in the flow shown in FIG. That is, signature verification of application certificate (AACS On-line Cert) 251 and root certificate corresponding signature data (AACS On-line Sig) 252 which are data recorded on the disc, verification processing of CRL recording data, etc. And the verification result is notified to the application control unit 352.

The application control unit 352 controls the application according to the data verification result in the data verification unit 351. Specifically, as described above, for example,
(1) The APIs that can be used by the disk recording application are limited.
(2) Prohibition of network connection,
(3) Prohibition of playback of disc recorded content,
(4) Prohibition of copy of recorded content on disc,
(5) Prohibition of use of disc recording application,
For example, application use restriction processing is performed by any one or combination of the above (1) to (5).

  The application execution unit 301 reads and executes a disk recording application (BD-J application) 225 recorded on the disk 220. The application calls an API including a function that causes the AACS layer 302 to execute various processes. However, the application control unit 352 controls the API processing in accordance with the data verification result in the data verification unit 351 and prohibits the process of inputting the API call to the AACS layer 302.

  The API control by the application control unit 352 prohibits execution of various processes of the application. Specifically, any of the processes (1) to (5) or a plurality of processes described above are prohibited. Various settings can be made for the prohibition process and the allowance process in the application.

The application execution unit 301 executes an API call corresponding to the process to the AACS layer 302. In particular,
An API that causes the AACS layer to execute a process of reading the media ID (PMSN) 226;
An API that causes the AACS layer to execute the process of reading the volume ID 227;
An API that causes the AACS layer to execute the reading process of the content certificate ID 228;
further,
API that allows the AACS layer to provide permissible information for playback, copying, and external output processing of disc recorded content,
Executes various processes such as network connection, playback by the binding process between the content recorded on the disk recording content and the storage unit (hard disk, flash memory, etc.) of the playback device, or the output of processing permission information to the AACS layer API to be
Since processing using an API set in accordance with such various processing is executed on the AACS layer 302, execution of various processing of the application is selectively prohibited by API control by the application control unit 352. It becomes possible to do.

  As described above, a device binding ID that is identification information corresponding to a playback device recorded in the memory of the playback device may be used instead of the identifier recorded on the disc. In this case, the device binding ID is also recorded on the disc. It can be executed as a processing mode similar to the use of the identifier. The device binding ID is recorded in the memory in the playback device as identification information unique to the playback device, uses the contents stored on the disk, acquires subsequent data from the server, and stores the subsequent data stored in a storage unit such as a hard disk of the playback device. When used, for example, it is used for processing such as ID confirmation, key generation, and content decryption as confirmation processing of the playback device.

Thus, according to the configuration of the present invention,
An application certificate (AACS On-line Cert) that stores the public key of the content owner that provides the application recorded on the disc and sets the signature of the certificate authority;
Root certificate compatible signature data (AACS On-line Sig) in which the content owner's signature is set for the data including the root certificate,
It is configured to record these data on a disc,
The playback apparatus that intends to execute the application verifies the signature of the application certificate (AACS On-line Cert) according to the flow shown in FIG. 6 and confirms the validity of the application certificate (AACS On-line Cert). The content owner public key is acquired from the confirmed application certificate, and the obtained content owner public key is applied to verify the signature of the root certificate corresponding signature data (AACS On-line Sig) The configuration is such that the validity of the document is confirmed, and when the signature verification fails, the use of the application is prohibited or restricted.

  With this configuration, the application provided by the content owner is placed under the control of a certification authority as a third party organization. The spread of unauthorized applications, unauthorized acquisition and use of identification information through the use of unauthorized applications, or content Can be prevented from being illegally used.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

  The series of processing described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run. For example, the program can be recorded in advance on a recording medium. In addition to being installed on a computer from a recording medium, the program can be received via a network such as a LAN (Local Area Network) or the Internet, and installed on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the configuration of the embodiment of the present invention, the application certificate in which the public key of the content owner that provides the application recorded on the disc is stored and the signature of the certificate authority is set, and the root Root certificate compatible signature data in which the content owner's signature is set to the data including the certificate is recorded on the disc, and the application certificate and the root certificate compatible signature data are stored in the playback device that is to execute the application. In the configuration for performing the signature verification, the use of the application is prohibited or restricted when the signature verification fails. With this configuration, the application provided by the content owner will be placed under the control of a certificate authority as a third-party organization, and the spread of unauthorized applications, unauthorized acquisition and use of identification information due to the use of unauthorized applications, or Prevention of unauthorized use of content is realized.

It is a figure explaining the outline | summary of the content use control structure in the present AACS prescription | regulation. It is a figure explaining the structure for implement | achieving application utilization control which concerns on one Example of this invention. It is a figure explaining the example of a reading process of the identification information (ID) recorded on the disc. It is a figure explaining the example of a data structure of each of application certificate (AACS On-line Cert) and signature data corresponding to root certificate (AACS On-line Sig). It is a figure explaining the issuing structure of an application certificate and signature data corresponding to a root certificate. It is a figure which shows the flowchart explaining the process sequence performed in the data processing part of a reproducing | regenerating apparatus. It is a figure explaining the structural example which controls the process of an application.

Explanation of symbols

110 Content owner 120 Disc 121 Content 122 Identification information (ID)
123 Content certificate 124 Root certificate 125 Disc recording application 126 Media ID (PMSN)
127 Volume ID
128 Content certificate ID
130 License Management Section 210 Content Owner 220 Disc 221 Content 222 Identification Information (ID)
223 Content Certificate
224 Root certificate (BD-J Root Cert)
225 Disc recording application (BD-J application)
226 Media ID (PMSN)
227 Volume ID
228 Content certificate ID
230 License Management Department 240 Certificate Authority (BDA-CA)
251 Application Certificate (AACS On-line Cert)
252 Signature data for root certificate (AACS On-line Sig)
300 Playback Device 301 Application Execution Unit (BD-J VM)
302 AACS layer 351 Data verification unit 352 Application control unit

Claims (16)

An information processing apparatus that controls the use of application programs recorded on a disk,
An application execution unit that executes processing using the application program;
The application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certificate authority that is a third party is set is read from the disk, and the first signature verification is performed.
Further, the root certificate corresponding data having a signature for the data including the root certificate recorded on the disc as the certificate corresponding to the application program is read from the disc, and the second signature verification is performed by applying the content owner public key. A data verification unit for executing
In the first and second signature verification processes in the data verification unit, when verification fails, an application control unit that prohibits or restricts application program use processing in the application execution unit;
An information processing apparatus comprising: The application control unit
The information processing apparatus according to claim 1, wherein the application execution unit executes a process for prohibiting a process of acquiring identification information recorded on a disc or the information processing apparatus. The identification information is
(A) Media ID (PMSN) which is identification information unique to the disc,
(B) Volume ID set for each disc title;
(C) a content certificate ID as identification information of a content certificate set corresponding to the disc recording content;
(D) a device binding ID that is identification information of the information processing apparatus;
The information processing apparatus according to claim 2, wherein the identification information is any one of the identification information (a) to (d). The application control unit
The information processing apparatus according to claim 1, wherein the application execution unit executes a process for prohibiting or restricting a process of reproducing, copying, or externally outputting content recorded on a disc. The application control unit
The information processing apparatus according to claim 1, wherein the application execution unit executes a process for prohibiting or restricting a process for connecting to an external server via a network. The application control unit
The information processing apparatus according to claim 1, wherein the application execution unit executes a process for prohibiting or restricting an API call process for a program execution unit that reads or uses disk recording data. The data verification unit
Processing for verifying whether or not a content owner identifier recorded in the application certificate is included in the certificate revocation list with reference to a certificate revocation list in which revocation information of the application certificate is recorded Run,
The application control unit
2. The process for prohibiting or restricting application program use processing in the application execution unit when the content owner identifier recorded in the application certificate is included in the certificate revocation list. The information processing apparatus described. Content,
A content certificate which is certification data corresponding to the content;
Application programs,
An application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certificate authority that is a third party is set;
Record root certificate corresponding data having a signature for data including a root certificate which is a certificate corresponding to the application program,
Disc capable of causing a playback device that intends to execute the application program to execute signature verification of the application program and the data corresponding to the root certificate, and to control use of the application program according to the verification result . An information processing method for controlling the use of an application program recorded on a disc in an information processing device,
The data verification unit reads the application certificate in which the public key of the content owner as the provider of the application program is stored and the signature of the certification authority, which is a third party, is set from the disk, and performs the first signature verification. Run,
Further, the root certificate corresponding data having a signature for the data including the root certificate recorded on the disc as the certificate corresponding to the application program is read from the disc, and the second signature verification is performed by applying the content owner public key. A data validation step to perform
An application control step in which the application control unit prohibits or restricts use processing of the application program when verification fails in the first and second signature verification processing in the data verification step;
An information processing method characterized by comprising: The application control step includes
The information processing method according to claim 9, wherein the application execution unit is a step of executing a process of prohibiting a process of acquiring identification information recorded on a disk or an information processing apparatus. The identification information is
(A) Media ID (PMSN) which is identification information unique to the disc,
(B) Volume ID set for each disc title;
(C) a content certificate ID as identification information of a content certificate set corresponding to the disc recording content;
(D) a device binding ID that is identification information of the information processing apparatus;
The information processing method according to claim 10, wherein the identification information is any one of (a) to (d). The application control step includes
The information processing method according to claim 9, wherein the application execution unit is a step of executing a process of prohibiting or restricting a process of reproducing, copying, or externally outputting the content recorded on the disc. The application control step includes
The information processing method according to claim 9, wherein the application executing unit is a step of executing a process of prohibiting or restricting a process of connecting to an external server via a network. The application control step includes
10. The information processing method according to claim 9, wherein the application execution unit is a step of executing a process of prohibiting or restricting an API call process for a program execution unit that reads or uses disk recording data. The data verification step includes:
Processing for verifying whether or not a content owner identifier recorded in the application certificate is included in the certificate revocation list with reference to a certificate revocation list in which revocation information of the application certificate is recorded Including steps to perform,
The application control step includes
10. The process for prohibiting or restricting application program use processing in an application execution unit is executed when the content owner identifier recorded in the application certificate is included in the certificate revocation list. Information processing method. In the information processing apparatus, a program for controlling the use of an application program recorded on a disk,
The application certificate in which the public key of the content owner as the provider of the application program is stored in the data verification unit and the signature of the certification authority that is a third party is set is read from the disk and the first signature verification is performed. Let it run
Further, the root certificate corresponding data having a signature for the data including the root certificate recorded on the disc as the certificate corresponding to the application program is read from the disc, and the second signature verification is performed by applying the content owner public key. A data verification step to execute
An application control step for causing the application control unit to prohibit or restrict the use processing of the application program when the verification fails in the first and second signature verification processing in the data verification step;
The program characterized by having.