JP2009205703A - Regenerative memory and file access method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a regenerative memory and a file access method, which install only a content permitted to install by automating a plurality of installation processes and calling a shared function (installation) for executing the content when these installation processes are executed. <P>SOLUTION: A regenerative memory 10 includes: an external device I/F 12 being connected with an external memory medium 16 for recording the contents; a recording device 20 for recording the content read from the external memory medium 16; and a processor 11 for regenerating or executing the recorded contents. The processor 11 directs an installation unit to perform the installation based on an instruction of installation from the content that the processor 11 is regenerating or executing, and also prevents an installation process to execute an action on the recording device 20 without using the installation unit. The management of information includes a conversion table, which equally processes a content installed in a specified region in the recording device 20 and a content recorded on the external memory medium 16. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a recording / reproducing apparatus and a file access method, and more particularly to a recording / reproducing apparatus capable of recording, reproducing, and executing content including AV data, an application program, or data used by an application program, and a file access method thereof.

  With the widespread use of DVD players and DVD recorders, composite DVD recorders with built-in HDDs have begun to appear on the market. Further, for example, with the popularization of Java (registered trademark) language and the like, application execution environments have begun to spread to terminals such as mobile phones. However, if any application can run, it is dangerous to grant access to any information. Therefore, a specific application (for example, i-αppli (registered trademark)) permits access to various information such as a telephone directory held by the mobile phone only for reliable applications.

In general, an application downloaded to a terminal may perform an illegal operation. Therefore, the operation of the application is strictly limited, and the application cannot use local resources.
On the other hand, using the authentication information of the application held in the tamper-resistant area of the authentication module, the application downloaded to the terminal is authenticated to check whether the source has been verified or tampered with An application is disclosed in which use of local resources of a terminal is permitted (see, for example, Patent Document 1).

JP 2003-223235 A

  Here, if a local storage is installed in a terminal device that can execute an application, and an arbitrary application is executed on the local storage, the application may copy or tamper with the intention of the content creator. Therefore, it is necessary to take measures against this.

  The present invention has been made in view of the above circumstances, and automates the installation processing of content to be installed, and the content being executed calls a common function (installation) when executing these processing. Accordingly, it is an object to prevent unauthorized copying by installing only permitted installation target content and to prevent tampering by restricting access to the content being executed.

  The first technical means includes an external interface for connecting to an external recording medium on which content is recorded, a recording unit for recording content read from the external recording medium connected to the external interface, and the recorded content. In the recording / reproducing apparatus having a processing unit for reproduction or execution, the processing unit includes an installation processing unit that installs content recorded on the external recording medium in a specific area of the recording unit together with specific management information. The processing unit issues an installation instruction to the installation processing unit based on an installation instruction from the content being reproduced or executed by the processing unit, and installation processing to a specific area of the recording unit is performed by a unit other than the installation processing unit. The management information is stored in a specific area of the recording unit. It is obtained by comprising a conversion table for handling a content recorded in the external recording medium and installed content equivalent.

  The second technical means includes an external interface for connecting to an external recording medium on which content is recorded, a recording unit for recording content read from the external recording medium connected to the external interface, and the recorded content. In a file access method for accessing a content configuration file by a recording / playback device having a processing unit that plays back or executes the processing unit, the content recorded on the external recording medium together with specific management information When installing in a specific area of the recording unit, based on an installation instruction from the content being played back or being executed by the processing unit, an installation instruction is given to an installation processing unit included in the processing unit, and the recording is performed by a unit other than the installation processing unit Installation process to specific areas The management information includes a conversion table for equivalently handling content installed in a specific area of the recording unit and content recorded on the external recording medium. .

  According to the present invention, the installation process of the content to be installed is automated, and when executing these processes, the content being executed calls the function (installation) common to each content, thereby allowing the permitted installation target. Since only content can be installed, unauthorized copying can be prevented. Further, falsification can be prevented by restricting access to the content being executed.

It is a block diagram for demonstrating the internal structural example of the recording / reproducing apparatus concerning one Embodiment of this invention. It is a flowchart for demonstrating an example of the installation process shared with respect to the whole or one part of content. It is a flowchart for demonstrating an example of the deletion (uninstallation) process shared with respect to all or one part of content. It is a block diagram for demonstrating the detailed structural example of the process part shown in FIG. It is the figure which showed an example of the access restriction | limiting according to the reliability of an application program. It is the figure which showed an example of the file structure currently recorded on the ROM disc. It is the figure which showed an example of the file structure currently recorded on the hard disk. It is the figure which showed the other example of the file structure currently recorded on the ROM disc and the hard disk. It is the figure which showed the other example of the file structure currently recorded on the hard disk. It is a figure which shows an example which applies three access restriction levels with respect to three reliability levels.

  FIG. 1 is a block diagram for explaining an internal configuration example of a recording / reproducing apparatus according to an embodiment of the present invention. In the figure, 10 is a recording / reproducing apparatus, and the recording / reproducing apparatus 10 includes a processing unit 11, an external A device interface 12, a device interface 13, a network interface 14, and a user interface 15 are included. The processing unit 11 decodes AV data or executes an application program using information obtained from each interface. The external device interface 12 can read data such as AV data and application programs from the external recording medium 16 and deliver them to the processing unit 11. Here, the external recording medium 16 refers to, for example, an optical disc including a CD-ROM, CD-R (RW), DVD-ROM, a memory card, and the like. The data recorded on the external recording medium 16 may be recorded by a device other than the recording / reproducing apparatus 10.

  In the following description, meaningful AV data or application programs / data are defined as contents. AV data refers to all or part of information necessary for reproducing video, audio, or both. An application program refers to all or part of information necessary for executing an application. The content includes, for example, the entire file that constitutes AV data corresponding to one title, and the entire program file and data file that constitute one game or application.

  The network interface 14 can download data from a server device (not shown) connected to the network 17 via the network 17 and deliver it to the processing unit 11. In this example, the data can be acquired from either the external recording medium 16 or the network 17, but the present invention is not limited to this, and only one of them may be used.

The user interface 15 is connected to the display 18 and the controller 19. The processing unit 11 can output AV data or the like to the display 18 through the user interface 15 and allow the user to view the AV data. A user request input from the controller 19 is transmitted to the processing unit 11 via the user interface 15.
The device interface 13 can read data from the recording medium (local storage) 20 and write data to the recording medium 20. Here, the recording medium 20 may be a recording medium such as a built-in or external hard disk device, a recordable optical disk, or a memory card. Data recorded on the recording medium 20 (hereinafter, represented by the recording device 20) is data recorded by the recording / reproducing device 10.

  The processing unit 11 executes a content (AV data or application program) prepared in advance or a content read via any interface, and performs a file access process as one of the processes.

First, there are the following three types of file access processing of the recording / reproducing apparatus 10.
(Process 1) Installation process for reading all or part of the content from the server device via the external recording medium 16 or the network 17 and recording it in a format that can be identified by the recording device 20 (Process 2) To reproduce or execute the content Load processing for reading necessary programs and data from the server device into the internal memory via the recording device 20 or the external recording medium 16 or the network 17 (Process 3) Processing for reading and reading data generated by the content itself

  The present invention adds access restrictions to the file access process as follows in order to prevent unauthorized copying and tampering.

First, an installation process in which the content in (Process 1) is read from the server device via the external recording medium 16 or the network 17 and recorded in a format that can be identified by the recording device 20 will be described.
Here, only the data approved by the data provider among the data in the server device accessible via the external recording medium 16 or the network 17 is installed, and installation of other data, that is, unauthorized copying is prevented. There is a need. Also, it is necessary to prevent tampering with the installed data. Therefore, a process necessary for installation is defined in common, and the content being executed gives a trigger only to the common process. At this time, in order to easily perform installation, it is desirable that management information for managing a meaningful piece of content (AV data or application program) exists in the installation source.

  FIG. 2 is a flowchart for explaining an example of an installation process that is made common to all or part of the content. First, when starting the installation process (step S1), the recording / reproducing apparatus 10 designates all or part of the content to be installed in the server device accessible via the external recording medium 16 or the network 17 (step S2). . It is confirmed whether all or part of the content is content that the content provider permits installation (step S3). Here, as a specific confirmation method, for example, the determination may be made from the format or metadata of the entire content or a part of the content.

In step S3, if the content is not all or part of the content permitted to be installed (in the case of NO), an error is returned and the process ends (step S4). Further, in the above step S3, when the content is the whole or a part of the content permitted to be installed (in the case of YES), the recording device 20 is confirmed. This confirms whether there is sufficient free space in the recording device 20 and there is no possibility of inconsistency with all or part of the already recorded content (step S5).
If the capacity of the recording device 20 is insufficient or there is a possibility of inconsistency with the whole or a part of the already recorded content (in the case of NO) in step S5, an error is returned and the process is terminated ( Step S6). Further, in the above-described step S5, when recording on the recording device 20 is possible (in the case of YES), all or part of the content to be installed is recorded on the recording device 20 together with specific management information (step S7), and the processing success It returns and ends (step S8). Here, the specific management information is information for distinguishing and managing all or part of the installed content on the recording device 20, and also includes information for consistency of all or part of the content. Thus, the information is also used when deleting (uninstalling) all or part of the content.

FIG. 3 is a flowchart for explaining an example of a deletion (uninstallation) process common to all or part of the content. First, when starting the uninstall process (step S11), the recording / reproducing apparatus 10 designates all or part of the content to be uninstalled on the recording apparatus 20 (step S12). Next, it is confirmed whether the whole or a part of the content exists in the recording device 20 (step S13).
If the whole or part of the content is not in the recording device 20 in the above step S13 (in the case of NO), an error is returned and the process ends (step S14). In step S13, if all or part of the content is in the recording device 20 (in the case of YES), the content is all or partly stored using specific management information recorded together with the whole or part of the content. All the included files and their management information are deleted from the recording device 20 (step S15), the process is returned successfully, and the process ends (step S16).

Next, a description will be given of a load process for reading a program or data necessary for reproducing or executing the content of (Process 2) from the server device into the internal memory via the recording device 20, the external recording medium 16, or the network 17. Here, also in the loading process, similar to the installation process, a process necessary for loading is defined in common, and the content being executed gives a trigger only to the commoned process.
In the loading process, similarly to any of the recording device 20, the external recording medium 16, or the server device accessible via the network 17, a program or data is loaded on the internal memory in order to reproduce or execute the content. Since this loading process is only a reading process and does not require a writing process, tampering and illegal copying are not directly performed.

Next, a process of writing and reading data generated by the content itself in (Process 3) will be described.
The file system provided for the content can basically access any of the recording device 20, the external recording medium 16, or a server device accessible via the network 17. However, it cannot be written to a read-only recording medium. For example, when the external recording medium 16 is a read-only recording medium such as a CD-ROM, it cannot be written to the external recording medium 16 using the file system. Here, the following conditions are added to the file system.
The content (AV data and application program) loaded in the internal memory of the processing unit 11 by the above (Process 2) cannot be accessed.
As a result, it is possible to prohibit the content from reading the loaded data or making changes.

  In addition, the file system of the content may be made inaccessible to other or all content recorded on the external recording medium 16, and other or all content installed in the recording device 20 cannot be accessed. You may do it. Further, all access to the recording apparatus 20 of the file system, the external recording medium 16 or the server apparatus via the network 17 may be prohibited.

  However, the content can issue an install command and an uninstall command for calling (Process 1), or a playback command and an application execution command including a load process of (Process 2).

The processing so far is summarized in FIG.
4 is a block diagram for explaining a detailed configuration example of the processing unit 11 shown in FIG. 1. The processing unit 11 includes an application execution unit 11a, an installation processing unit 11b, a load processing unit 11c, and a memory 11d. . The recording media 20 ₁ and 20 ₂ may be different recording parts included in the recording device 20 shown in FIG. 1, or may be independent recording media. Further, the processing unit 11 can access the external recording medium 16 or a server device connected to the network 17 (hereinafter, represented by the external recording medium 16). In the present embodiment, each interface shown in FIG. 1 is omitted.

In FIG. 4, the application executed by the application execution unit 11a can basically access the contents (AV data or application program) recorded in the recording media 20 ₁ and 20 ₂ and the external recording medium 16, and the external recording Recording on the medium 16 is also possible. The application can issue commands to the installation processing unit 11b and the load processing unit 11c.

Installation processing unit 11b reads the content recorded in the external recording medium 16 can be written to the recording medium 20 _2. Further, it is possible to delete the content recorded on the recording medium 20 _2. The installation processing unit 11b receives an installation instruction from the content and executes installation processing. Therefore, during the installation process, the content is outside the recording medium 16, it can not directly access the recording medium 20 _2.

Load processing unit 11c reads the content from the external recording medium 16 or the recording medium 20 _2, can be written in the memory 11d. The load processing unit 11c receives a load command from the content and executes the load process. Therefore, at the time of the load process, the content is outside the recording medium 16, it can not directly access the recording medium 20 _2.

  The memory 11d stores only the content written out by the load processing unit 11c. These are the applications themselves executed by the application execution unit 11a, and variables used by the applications are not stored in this area. Further, this application cannot refer to data stored in the memory 11d.

Application program (or AV data, hereinafter represented in the application program) executed by the application execution unit 11a of the data recorded in the external recording medium 16 by, and the recording medium 20 _1, 20 _2, another external recording Can be copied to media. Here, there are cases where the author or provider of the data recorded on the external recording medium 16 does not want to copy the data and does not recognize its validity. Considering the possibility that there is an application program that performs illegal copying in this way, a method for evaluating the reliability of the application program and restricting access accordingly will be described.

FIG. 5 is a diagram showing an example of access restriction according to the reliability of the application program. For example, if it is the most reliable application program, all access permitted to the application execution unit 11a is made possible. If somewhat credible application program is prohibited only writing to the external recording medium 16 and the recording medium 20 _2. If then trusted applications program, allow only read from the external recording medium 16 and the recording medium 20 _2. If an application program that can not be very reliable, to prevent access to the external recording medium 16 and the recording medium 20 _2. For applications that are almost untrustworthy, all access is prohibited. However, the combination of the reliability of the application program and the access restriction is not limited to the above example. Further, not limited to handle external recording medium 16 and the recording medium 20 ₂ in the same.

An example of a method for evaluating the reliability of an application program is shown below.
For example, there is a method of determining by an authentication process such as collating metadata of an application program. In addition, when there are a plurality of application platforms, there is a method for determining the reliability depending on which platform the application program runs on. For example, a macro language execution environment included in AV data cannot form a very advanced program. Therefore, it can also be determined that the reliability is high because the illegal processing cannot be realized.

  Furthermore, it is assumed that the external recording medium 16 is a read-only recording medium that can be manufactured only by a specific manufacturer. In that case, the application program loaded from the external recording medium 16 may be determined to have high reliability. Similarly, when the installation source of the application program installed in the recording device 20 is a read-only recording medium that can be manufactured only by a specific manufacturer, the application program may be determined to have high reliability. . Furthermore, if the address is recorded on a read-only recording medium that can be manufactured only by a specific manufacturer among server devices on the network, the application program is judged to be highly reliable. Also good. By combining such conditions, the reliability of the application program can be evaluated.

Next, the recording / reproducing apparatus 10 described so far will be described with a specific example.
The target recording / reproducing apparatus 10 has a function of reproducing AV data recorded on a ROM disk like a DVD player. In addition to AV data, an application program written in Java (registered trademark) language can be read from a ROM disk to execute the application. AV data and application programs can be executed through the network interface in addition to the ROM disk. Furthermore, it has an interface to a recordable medium, can install the AV data and application program, read from the recordable medium, and reproduce / execute. The application program can write and read arbitrary data on the recordable medium.

  Here, in the present embodiment, the recording / reproducing apparatus 10 capable of reproducing and executing both AV data and application programs is taken as an example, but a device that can execute only application programs may be used. In addition, the description language of the application program of this example is not limited to the Java (registered trademark) language. For example, any language can be used as long as it can read and execute program data such as BASIC language, C language, and prepared macro language. Language is also acceptable. In this example, both the ROM disk and network interfaces are prepared as interfaces for reading AV data and application programs. However, only one of them may be used.

  Many contents recorded on a ROM disk such as a DVD are not permitted to be copied or modified by the author or the provider. A method for preventing content duplication or modification using the recording / reproducing apparatus 10 of the present invention for similar unauthorized copying or modification including these will be described.

  First, the apparatus configuration will be described with reference to FIG. In the recording / reproducing apparatus 10, the external recording medium 16 is read as the ROM disk 16, the recording apparatus 20 as the hard disk 20, the external device interface 12 as the ROM disk interface 12, and the device interface 13 as the hard disk interface 13.

  The processing unit 11 decodes AV data or executes an application program using information obtained from each interface. The ROM disk interface 12 can read data such as AV data and application programs from the ROM disk 16 and deliver them to the processing unit 11. The network interface 14 can download data from a server device (not shown) via the network 17 and deliver it to the processing unit 11.

  The user interface 15 is connected to the display 18 and the controller 19. The processing unit 11 can output AV data from the user interface 15 to the display 18 so that the user can view the AV data. Further, the user request input from the controller 19 is transmitted to the processing unit 11 via the user interface 15. The hard disk interface 13 can read data from the hard disk 20 and write data to the hard disk 20. However, it is not limited to the hard disk 20 of this example, and a RAM disk or a memory card may be used. Further, the hard disk 20 may be either built in the recording / reproducing apparatus 10 or externally attached.

  The processing unit 11 executes a content (AV data or application program) prepared in advance or a content read via one of the interfaces, and performs a file access process as one of the processes.

  First, processing for installing content (AV data or application program) read via the ROM disk interface 12 or the network interface 14 into the hard disk 20 via the hard disk interface 13 will be described.

  Here, “install” refers to recording content that is permitted to be copied to the hard disk 20 on the hard disk 20 in an identifiable format in a server device accessible via the ROM disk 16 or the network 17. Here, a piece of installable content is called a package. For example, it is a movie, a trailer (movie trailer), and a game. The package may reinforce the contents of the ROM disk 16. For example, subtitle information in a language that is not included in the contents of the ROM disk 16 and management information that can be reproduced.

Here, an example of a method for discriminating the contents permitted to be installed in the ROM disk 16 will be described with reference to FIG.
FIG. 6 is a diagram showing an example of the file structure recorded on the ROM disk 16.
In the file structure of the ROM disk 16 shown in FIG. 6A, under the root directory 31, a folder 32 named video, install. There is a file 35 named info and a folder 36 named package. Here, the video folder 32 is a folder that is automatically referred to when the AV data on the ROM disk 16 is reproduced. In this folder 32, index01. A file 33 named info is a management information file for controlling the playback order. A file 34 named mpg is a file in which the substance of AV data is recorded. For example, index01. The info file 33 is loaded, and according to the description, content01. The mpg file 34 is reproduced. Here, index01. The info file 33 manages reproducible AV data, but may manage executable program files. Alternatively, the file 33 itself may be an executable program file. One management information file may manage a plurality of AV data and program files. Further, there may be a plurality of management information files. In that case, the file name to be loaded by default needs to be specified. install. The info file 35 manages files that are permitted to be installed.

  FIG. 6B shows install. It is a figure which shows an example of the content of the info file. The path to the file that is permitted to be copied, the title for management and display, and the path to the image file for display are recorded. In the package folder 36, index01. a file 37 called info, and content01. A file 38 named mpg and image. and a file 39 named jpg. index01. The info file 37 is a management information file that controls the playback order. The mpg file 38 is a file in which the substance of AV data is recorded.

  The file for which copying shown in FIG. info file 37 and content01. mpg file 38. The image file for display is image. It can be seen that it is a jpg file 39. The display image file is a representative image when the installed package is presented to the user, and an image printed on a case surface such as a DVD disk can be considered. And install. A file registered in the info file 35 is a target of installation, and a file not registered is not a target of installation. In the above example, install. The info file 35 manages one package, but the present invention is not limited to this, and a plurality of packages may be managed. Alternatively, a plurality of installation information files may be created.

  FIG. 7 is a diagram showing an example of a file configuration recorded on the hard disk 20. Under the root directory 41, package. There is a file 42 named list. package. The list file 42 is a management information file for managing each installed package, and is a conversion table for handling each package folder equivalently to the video folder of the ROM disk 16. The installed package is recorded in a folder prepared by the system in the same format as the video folder. For example, the index01. info file 44, content01. It is recorded as an mpg file 45. The means for reproducing these data is the same as the above-described ROM disk content reproduction procedure. A display image file is also recorded in the same folder. For example, image. It is a jpg file 46. The path to these data is associated with the management title, and the package. It is recorded in the list file 42.

  Similarly, the index01. info file 48, content01. Mpg file 49 is recorded. A display image file is also recorded in the same folder. For example, image. It is a jpg file 50.

  The above processing is executed by calling an installation command from the application program. The installation command is automatically processed, for example, by specifying a device. If there are multiple packages on the device, this can be achieved by using a command for acquiring a management title and an installation command for specifying a management title.

  If necessary, a package upgrade may be introduced. When different versions of packages managed by the same management title exist, processing for replacing the old version package with the new version package is automatically performed. The application program is realized by calling a version upgrade command. If necessary, install.install shown in FIG. The info file 35 and the package. The package and the version of each file are recorded in the list file 42.

Next, a method of loading, reproducing, and executing the contents of the ROM disk 16 or the server device accessible via the network 17 or the hard disk 20 will be described.
Content reproduction is performed by designating a management information file. There are two methods for specifying the management information file: a method for directly specifying the management information file on the device, and a method for specifying the device as the management information file specified by default for the device. Here, a method for specifying a reproduction / execution file will be described with reference to FIG.

FIG. 8 is a diagram showing another example of the file structure recorded on the ROM disk 16 and the hard disk 20.
In the file structure of the ROM disk 16 shown in FIG. 8A, there is a video folder 62 below the root directory 61, and index01. The info file 63 is content01. mpg file 64 and content02. mpg file 65 is index02. The info file 66 is content03. mpg file 67, index04. The info file 69 is content04. Each mpg file 70 is managed.

  When the management information file is directly specified, the ROM disk 16 is specified as a device, and the management information file such as index02. Specifies the info file 66. Further, even if the file is not a file under the video folder 62, for example, index04. An info file 69 can be specified. In this example, the file specified by default is index01. Since it is an info file 63, when the ROM disk interface 12 is designated, index01. The info file 63 is designated as a file to be reproduced / executed.

  Further, the same processing as described above can be performed on the server device via the network 17. For example, the management information file of the server device can be directly specified. For the http protocol, for example, “http://www.sharp.co.jp/index05.info” can be designated.

In the file configuration of the hard disk 20 shown in FIG. 8B, as an example of how to handle the hard disk, each package of the hard disk 20 is recognized as a virtual device managed by each management title. The root directory 71 and below, for example, the pkg001 folder 73 and the files below it (index01.info file 74, content01.mpg75, content02.mpg76, index02.info file 77, content03.mpg78, image.jpg79) The package associated with “AAA”, the package kg80 folder 80 and the files below it (index01.info file 81, content01.mpg82, image.jpg83) are package.package.id if they are associated with the management title “BBB”. It is assumed that it is recorded in the list file 72.
Here, when the management information file is directly designated, for example, “AAA” is designated as the device, and the management information file index02. Specifies the info file 77. If only the device “BBB” is specified, the index01. The info file 81 is designated.

  The content designated as described above is executed by loading necessary data into a specific memory for reproduction / execution. This process is executed by calling a playback command or an execution command from the application program.

  Next, access permitted to an arbitrary application program will be described. First, an arbitrary application program cannot access the content (AV data or application program) on the loaded memory. The application program has a specific area on the hard disk 20 for reading and writing data generated by the application. Here, an example of a specific area will be described based on FIG. 9 below.

  FIG. 9 is a diagram showing another example of the file structure recorded on the hard disk 20. Root directory 91 or lower, package. list92, pkg001 folder 93, index01. info file 94, content01. mpg file 95, image. jpg file 96, pkg002 folder 97, index01. info file 98, content01. mpg file 99, image. Up to the jpg file 100 is as described above. In this example, in addition, a savedata folder 101 is included, and files under the savedata folder 101 are saved. The list file 102 manages. savedata. The list file 102 is a management file that manages files under the savedata folder 101. In the savedata folder 101, savedata. List (management information) file 102 associates each application program with 001. dat files 103 and 002. dat file 104. A file associated with an arbitrary application program corresponds to a specific area. That is, each application program is saveddata. Only the files managed in the list (management information) file 102 and prepared under the savedata folder 101 can be read and accessed. Further, the folders forming each package can be accessed in the same manner as the external recording medium 16 by the same access procedure as the load process.

  Furthermore, an arbitrary application program can read data of a server device that can be accessed via the ROM disk 16 or the network 17.

  With the access restriction so far, it is possible to prohibit at least altering the data loaded on the memory for reproduction / execution. However, an arbitrary application program can read the data of the server device that can be accessed via the ROM disk 16 or the hard disk 20 or the network 17 and record it on the hard disk 20. This may be an unauthorized copy regardless of whether the recorded data can be played back or executed.

Here, a method of changing access restrictions according to the reliability of the application program is applied. First, an example of a method for determining the reliability of an application is shown below.
For example, first, when the ROM disk 16 is difficult to manufacture for general users, it is manufactured only by a specific manufacturer. That is, if it is known that those manufacturers are reliable, the data on the ROM disk 16 can be trusted. In addition, since there is no fear that the installed data is falsified, the data installed from the ROM disk 16 can be trusted. Secondly, the data of the server device indicated by the network address recorded on the ROM disk 16 and the data installed therefrom can also be trusted. However, since there is a possibility that there is a problem by misrepresenting the network itself, the reliability is slightly lowered. Thirdly, it is determined that the data of the server device indicated by the unspecified network address and the data installed therefrom are the least reliable.

  If reliability criteria are required for installed data, package. Flags representing the above three reliability levels may be recorded in management information such as a list file.

  FIG. 10 is a diagram illustrating an example in which three access restriction levels are applied to three reliability levels. First, writing to the ROM disk 16 is impossible from the beginning. The application program corresponding to the most reliable first reliability level is read from the ROM disk 16 and written to a file corresponding to an application under the savedata folder 101 of the hard disk 20 on the assumption that the application program can be trusted unless improper processing is performed. And reading access from the package of the hard disk 20 (for example, the kgg001 folder 93) is permitted, and writing to the package of the hard disk 20 (for example, the kgg001 folder 93) is prohibited.

Conversely, an application program corresponding to the third reliability level that is least reliable is prohibited from accessing both the ROM disk 16 and the hard disk 20.
The somewhat reliable application program of the second reliability level is subjected to any of the following restrictions. One is that reading from the ROM disk 16 and writing to and reading from a package (for example, the kgg001 folder 93) of the hard disk 20 are prohibited. The other is writing and reading to and from a file corresponding to an application under the savedata folder 101 of the hard disk 20 and prohibiting writing to a package (for example, the pkg001 folder 93) of the hard disk 20. By applying either of these, it is impossible to copy data from the ROM disk 16 to the hard disk 20.

  Further, an external recording medium that can be accessed by an application loaded from an external recording medium (hereinafter, external recording medium A) is limited to the external recording medium A. Further, a package that can be accessed by an application loaded from an installed package (hereinafter, package B) is limited to the package B. The possibility of unauthorized copying may be prevented by implementing such a function. Further, unauthorized tampering may be prevented by prohibiting writing from application to package.

  The recording / reproducing apparatus and file access method of the present invention can be suitably used for a portable terminal device capable of executing various application programs, a DVD recorder with a built-in HDD, and the like.

DESCRIPTION OF SYMBOLS 10 ... Recording / reproducing apparatus, 11 ... Processing part, 11a ... Application execution part, 11b ... Installation processing part, 11c ... Load processing part, 11d ... Memory, 12 ... External device interface, 13 ... Device interface, 14 ... Network interface, 15 User interface 16 External recording medium 17 Network 18 Display 19 Controller 20 Recording apparatus (recording medium) 20 ₁ , 20 ₂ Recording medium

Claims (2)

An external interface for connecting to an external recording medium on which the content is recorded, a recording unit for recording the content read from the external recording medium connected to the external interface, and a processing unit for reproducing or executing the recorded content In a recording / reproducing apparatus having
The processing unit includes an installation processing unit that installs content recorded on the external recording medium together with specific management information in a specific area of the recording unit,
The processing unit issues an installation instruction to the installation processing unit based on an installation instruction from the content being reproduced or executed by the processing unit, and installation processing to a specific area of the recording unit cannot be executed by a device other than the installation processing unit And
The recording / reproducing apparatus, wherein the management information includes a conversion table for equivalently handling content installed in a specific area of the recording unit and content recorded on the external recording medium. An external interface for connecting to an external recording medium on which the content is recorded, a recording unit for recording the content read from the external recording medium connected to the external interface, and a processing unit for reproducing or executing the recorded content In a file access method for accessing a configuration file of content by a recording / reproducing apparatus having
When the processing unit installs the content recorded on the external recording medium in a specific area of the recording unit together with specific management information, the processing unit is based on an installation instruction from the content being played back or being executed Instructing the installation processing unit included in the processing unit to install, so that the installation processing to the specific area of the recording unit can not be executed by other than the installation processing unit,
The file access method characterized in that the management information includes a conversion table for equivalently handling content installed in a specific area of the recording unit and content recorded on the external recording medium.

Images