JP2010097502A - Encryption-decryption system, encryption device, decryption device and encryption-decryption method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent illegal alteration of firmware by encrypting the firmware and transmitting it to a decryption device while preventing an illegal content copying, in producing and updating the decryption device. <P>SOLUTION: The encryption device 110 includes: an encryption storage part 212 storing an encryption key used for encrypting the firmware of a reproducing device 120 as the decryption device in association with a device unique number unique to the reproduction device; and a firmware encryption part 240 encrypting the firmware by use of the encryption key. The reproducing device has: a decryption storage part 312 storing the device unique number and a decryption key received from the encryption device; a firmware decryption part 340 decrypting the encrypted firmware received from the encryption device by use of the decryption key; and a firmware storage part 330 storing the decrypted firmware. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an encryption / decryption system, an encryption device, a decryption device, and an encryption / decryption method for encrypting and decrypting firmware.

  In recent years, the so-called illegal copy problem in which contents such as movies and music stored in storage media such as DVDs and Blu-ray discs are copied to other storage media and the copied storage media are sold without permission from authorized manufacturers. Has increased rapidly. In addition, since such content is stored in a digital manner and the sound quality and image quality are not deteriorated even if copying is repeated, it is necessary to limit the content copying from the viewpoint of copyright protection.

  For such copy restriction, technologies such as CSS (Content Scramble System) and DTCP (Digital Transmission Content Protection) are used. However, whatever encryption is applied to the content itself, for example, if the firmware of the content recording / playback apparatus is tampered with illegally, the encrypted content can be illegally copied. Similarly, even if the reproduction of content that has been illegally copied is restricted, the restriction can be easily removed by falsifying the firmware.

Therefore, only when the key code and firmware encrypted using the key code are obtained together with the key code stored in advance in the optical disk device, the encrypted firmware is used for the key code. A firmware encryption technique for decrypting and updating firmware is disclosed (for example, Patent Document 1).
JP 2003-100011 A

  However, in the above-described technology, the key code and each device using firmware are not associated with each other, and a common key code is used in all devices. In this case, if the key code used for decoding the firmware is leaked once, the firmware of many devices can be decoded using the key code.

  Similarly, if an illegally tampered firmware that can be applied to one device is created, it can be applied to all other devices. Therefore, the tampered firmware can be easily stored in many devices. I can do it.

  In view of such a problem, the present invention prevents unauthorized tampering of firmware by encrypting firmware and transmitting it to the decryption device at the time of both manufacture and update of the decryption device, and thus illegal copying of content. It is an object of the present invention to provide an encryption / decryption system, an encryption device, a decryption device, and an encryption / decryption method.

  In order to solve the above-described problem, a typical configuration of the present invention is an encryption / decryption system including an encryption device and a decryption device, and the encryption device uses an encryption key used for firmware encryption. An encryption storage unit that associates and stores a unique device unique number assigned to the decryption device, a firmware encryption unit that encrypts firmware using an encryption key and generates encrypted firmware, and an encrypted firmware An encryption transmission unit that transmits a decryption key used for decryption, a device unique number, and encrypted firmware to the decryption device, and the decryption device receives a decryption key, a device unique number, and A decryption receiving unit that receives the encrypted firmware, a decryption storage unit that stores the decryption key and the device unique number received by the decryption receiving unit, and an encryption received by the decryption receiving unit. Firmware, and wherein the firmware decoding unit decodes to generate a decoded firmware using the decryption key stored in the decryption memory unit, and a firmware storage unit that stores a decryption firmware, further comprising a.

  At the time of manufacturing the decryption device, the encryption device of the present invention generates encryption firmware using the encryption key unique to the decryption device, and the decryption device encrypts the encryption using the decryption key unique to the decryption device. Decode and store firmware. With this configuration, the decryption device can be shipped in a state where it is confirmed that the encrypted firmware can be decrypted correctly. Only the encryption device that stores the encryption key in association with the device unique number unique to the decryption device can generate the encryption firmware unique to the decryption device. It can be surely prevented.

  Another representative configuration of the present invention is an encryption / decryption system including an encryption device and a decryption device, and the decryption device is unique to the decryption key used for decryption of the encrypted firmware and the decryption device. A decryption storage unit for storing the device unique number, an acquisition request unit for executing an acquisition request for encrypted firmware using the device unique number, a decryption receiving unit for receiving the encrypted firmware, and a decryption key A firmware decrypting unit that decrypts the encrypted firmware and generates the decrypted firmware, and a firmware storage unit that stores the decrypted firmware, and the encryption device uses the device unique number and the decryption key specified by the device unique number. An encryption storage unit that associates and stores a corresponding encryption key, and a device of the decryption device in response to an encryption firmware acquisition request of the acquisition request unit A firmware encryption unit that encrypts firmware using an encryption key associated with a number and generates encrypted firmware, and an encryption transmission unit that transmits the encrypted firmware to a decryption device. .

  The encryption device of the present invention transmits the encryption firmware in response to an acquisition request from the decryption device. With such a configuration, even when the firmware is updated after the decryption device is delivered to the user after the purchase of the decryption device, the encryption firmware is used unless the encryption key associated with the device unique number unique to the decryption device is used. Therefore, unauthorized tampering of the firmware of the decoding device can be prevented more reliably. In addition, when a user who has purchased a decryption device tries to update the firmware, the user is also resistant to a cyber attack that is rewritten with an illegal firmware containing a virus.

  A typical configuration of the encryption device of the present invention includes an encryption storage unit that stores an encryption key used for encrypting firmware of the decryption device and a unique device unique number assigned to the decryption device in association with each other, A firmware encryption unit that encrypts firmware using an encryption key and generates encrypted firmware, a decryption key used to decrypt the encrypted firmware, a device unique number, and an encryption that transmits the encrypted firmware to the decryption device A transmission unit.

  The encryption device of the present invention stores a device unique number and an encryption key unique to the decryption device in association with each other at the time of manufacture of the decryption device, and performs encryption associated with the device unique number of the target decryption device Encrypted firmware is generated using the key and transmitted to the decryption device. With this configuration, the decryption device can be shipped in a state where it is confirmed that the encrypted firmware can be decrypted correctly. Only the encryption device that stores the encryption key in association with the device unique number unique to the decryption device can generate the encryption firmware unique to the decryption device. It can be surely prevented.

  Another typical configuration of the encryption device according to the present invention is an encryption storage unit that stores a device unique number unique to a decryption device and an encryption key corresponding to a decryption key specified by the device unique number in association with each other. A firmware encryption unit that encrypts the firmware using the encryption key associated with the device unique number of the decryption device and generates the encrypted firmware in response to the encrypted firmware acquisition request from the decryption device, and the encrypted firmware And an encrypted transmission unit for transmitting the message to the decryption device.

  The encryption device of the present invention transmits the encryption firmware in response to an acquisition request from the decryption device. With such a configuration, even when the firmware is updated after the decryption device is delivered to the user after the purchase of the decryption device, the encryption firmware is used unless the encryption key associated with the device unique number unique to the decryption device is used. Therefore, unauthorized tampering of the firmware of the decoding device can be prevented more reliably.

  The encryption storage unit further stores a secret key that can generate an electronic signature of the encrypted firmware, and the encryption device further includes a signature generation unit that generates an electronic signature of the encrypted firmware using the secret key. The encrypted transmission unit may transmit the electronic signature in addition to the encrypted firmware.

  The encryption device of the present invention transmits an electronic signature of the encrypted firmware in addition to the encrypted firmware, and the decryption device that receives the encrypted firmware and the electronic signature uses the encrypted firmware with an illegal electronic signature for updating do not do. With such a configuration, it is possible to eliminate unauthorized firmware with an electronic signature and more reliably prevent unauthorized tampering of the firmware.

  The encryption device may further include a storage medium writing unit capable of writing a plurality of device unique numbers and a plurality of encrypted firmware associated with the device unique numbers to the storage medium.

  Since the firmware capacity is small compared to the content, etc., it is associated with the device unique number and device unique number corresponding to all the decryption devices sold for some storage media such as DVD and Blu-ray Disc. Encrypted firmware can be written. Then, the decryption device acquires the encrypted firmware associated with the device unique number unique to the decryption device from the firmware storage medium written by the encryption device, and updates its own firmware. With this configuration, it is possible to distribute a DVD or the like on which the encrypted firmware is written by means that are relatively difficult to tamper with, such as distribution or delivery at an authorized retail store, and more reliably prevent unauthorized tampering of the firmware. be able to.

  The encryption device may further include a network encryption connection unit that connects to the Internet and performs mutual authentication on the network with the decryption device.

  With this configuration, the encryption device can easily and quickly provide the encryption firmware to the decryption device through the Internet while preventing unauthorized tampering.

  A typical configuration of the decryption apparatus according to the present invention is that the decryption key used by the decryption apparatus to decrypt the encrypted firmware from the encryption apparatus and the unique apparatus unique number assigned to the decryption apparatus are associated with the unique apparatus number. The decryption receiving unit that receives the encrypted firmware received, the decryption storage unit that stores the decryption key and the device unique number received by the decryption reception unit, and the decryption storage that stores the encrypted firmware received by the decryption reception unit A firmware decrypting unit that decrypts using the decryption key stored in the unit to generate decrypted firmware, and a firmware storage unit that stores the decrypted firmware.

  The decryption device of the present invention receives the decryption key, the device unique number, and the encrypted firmware generated with the encryption key associated with the device unique number at the time of manufacture, and encrypts with the received decryption key Decode and store the firmware. With this configuration, the decryption device can be shipped in a state where it is confirmed that the encrypted firmware can be decrypted correctly. Only the encryption device that stores the encryption key in association with the device unique number unique to the decryption device can generate the encryption firmware unique to the decryption device. It can be surely prevented.

  Another representative configuration of the decryption device of the present invention is a decryption storage unit that stores a decryption key used by the decryption device for decryption of the encrypted firmware from the encryption device, and a device unique number unique to the decryption device. , An acquisition request unit that executes an acquisition request for encrypted firmware using a device unique number, a decryption reception unit that receives encrypted firmware, and firmware that decrypts encrypted firmware using a decryption key and generates decrypted firmware A decoding unit and a firmware storage unit for storing the decoded firmware are provided.

  The decryption apparatus of the present invention makes an acquisition request to the encryption apparatus and acquires the encrypted firmware. With such a configuration, even when the firmware is updated after the decryption device is delivered to the user after the purchase of the decryption device, the encryption firmware is used unless the encryption key associated with the device unique number unique to the decryption device is used. Therefore, unauthorized tampering of the firmware of the decoding device can be prevented more reliably.

  The decryption storage unit further stores a public key that can verify the reliability of the electronic signature generated using the encrypted firmware and the private key, and the decryption reception unit further receives the electronic signature and uses the public key. You may further provide the signature verification part which verifies the reliability of an electronic signature.

  The decryption apparatus receives the electronic signature of the encrypted firmware in addition to the encrypted firmware, and does not use the encrypted firmware with an illegal electronic signature for updating. With such a configuration, it is possible to eliminate unauthorized firmware with an electronic signature and more reliably prevent unauthorized tampering of the firmware.

  The decryption receiving unit obtains encrypted firmware associated with the device unique number of the decryption device from a firmware storage medium storing a plurality of device unique numbers and a plurality of encrypted firmware associated with the device unique numbers. Also good.

  As described above, the device unique number and the encrypted firmware associated with the device unique number corresponding to all the decryption devices to be sold can be written to the storage medium. Then, the decryption device acquires the encrypted firmware associated with the device unique number unique to the decryption device from the firmware storage medium written by the encryption device, and updates its own firmware. With this configuration, it is possible to distribute a DVD or the like on which the encrypted firmware is written by means that are relatively difficult to tamper with, such as distribution or delivery at an authorized retail store, and more reliably prevent unauthorized tampering of the firmware. be able to.

  The decryption device may further include a network decryption connection unit that connects to the Internet and performs mutual authentication on the network with the encryption device.

  With this configuration, the decryption device can easily and quickly acquire the encrypted firmware through the Internet while preventing unauthorized tampering.

  The decryption device may further include a content decryption unit that decrypts the encrypted content using the decryption key and generates the content.

  In order to prevent illegal copying of content such as movies and music, a decryption device that can decrypt encrypted content with a unique decryption key and generate the content also uses the decryption key in common for decryption of the encrypted firmware. With this configuration, since the function for decrypting the content can be shared by the decryption of the firmware, the unauthorized alteration of the firmware provided by the decryption device can be realized at a lower cost and in a small occupied area.

  A typical configuration of the encryption / decryption method of the present invention is an encryption / decryption method using an encryption device and a decryption device, and the encryption device is an encryption used for encryption of firmware of the decryption device. An encryption key and a unique device unique number assigned to the decryption device are stored in association with each other, the firmware is encrypted using the encryption key to generate the encrypted firmware, and the decryption key used for decryption of the encrypted firmware; The device unique number and the encrypted firmware are transmitted to the decryption device, and the decryption device receives the decryption key, the device unique number, and the encrypted firmware from the encryption device, and receives the decryption received from the encryption device. The key and the device unique number are stored, the encrypted firmware received from the encryption device is decrypted using the stored decryption key, and the decryption firmware is generated. And to store the.

  Another representative configuration of the encryption / decryption method of the present invention is an encryption / decryption method using an encryption device and a decryption device, and the decryption device uses a decryption key used for decryption of the encrypted firmware. And a device unique number unique to the decryption device, and using the device unique number, execute an encryption firmware acquisition request, and the encryption device decrypts the device unique number and the device unique number. Encrypted firmware that encrypts firmware using an encryption key associated with the device unique number of the decryption device in response to an encryption firmware acquisition request from the decryption device The encrypted firmware is transmitted to the decryption device. The decryption device receives the encrypted firmware, decrypts the encrypted firmware using the decryption key, and decrypts the firmware. It generates A, and to store the decoded firmware.

  The components corresponding to the technical idea of the encryption / decryption system, the encryption device, and the decryption device described above and the description thereof can also be applied to the encryption / decryption method.

  As described above, the present invention prevents unauthorized tampering of firmware by encrypting firmware and transmitting it to the decryption device, both at the time of manufacture and update of the decryption device, and thus prevents illegal copying of content. It becomes possible to do.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The dimensions, materials, and other specific numerical values shown in the embodiments are merely examples for facilitating the understanding of the invention, and do not limit the present invention unless otherwise specified. In the present specification and drawings, elements having substantially the same function and configuration are denoted by the same reference numerals, and redundant description is omitted, and elements not directly related to the present invention are not illustrated. To do.

  In recent years, techniques such as CSS and DTCP are used to prevent illegal copying that has been rapidly increasing. However, whatever encryption is applied to the content itself, for example, if the firmware of the content recording / playback apparatus is tampered with illegally, the encrypted content can be illegally copied. Therefore, the present embodiment aims to prevent unauthorized tampering of firmware by reliably storing legitimate firmware in the decryption device at the time of manufacture and update of the decryption device, and thus to prevent illegal copying of content. And Here, the entire encryption / decryption system capable of achieving such an object will be described, and thereafter, the encryption apparatus at the time of manufacture, the specific configuration of the decryption apparatus, and the encryption / decryption method will be described as the first embodiment. Further, a specific configuration of the encryption device and the decryption device, and the encryption and decryption method at the time of update will be described as a second embodiment.

(Encryption / Decryption System 100)
FIG. 1 is an explanatory diagram showing a schematic relationship of the encryption / decryption system 100. At the time of manufacture, the encryption / decryption system 100 includes an encryption device 110, a playback device 120 as a decryption device, a firmware storage medium 130, a communication network 140 including the Internet, a dedicated line, and the like, and a monitor 150. And a content storage medium 160. In addition, the encryption device and the playback device are substantially the same at the time of update after manufacture, but for the sake of easy understanding, a different code (encryption device 500, playback device 600) is used here. A description will be given.

  The firmware storage medium 130 is composed of a storage medium such as a DVD, a USB (Universal Serial Bus) memory, an SD (Secure Digital) memory card, a portable HDD (Hard disk drive), etc., and corresponds to all the playback devices 120 sold. A plurality of device unique numbers and encrypted firmware associated with the device unique numbers are written in one firmware storage medium 130 or divided into a plurality of firmware storage media 130.

  The monitor 150 includes a liquid crystal display, an organic EL (Electro Luminescence) display, a plasma display, and the like, and displays the image signal output from the playback device 120. Similar to the firmware storage medium 130, the content storage medium 160 includes a DVD, a USB memory, an SD memory card, a portable HDD, and the like, and stores contents such as encrypted movies and music.

  At the time of manufacturing the playback device, the encryption device 110 transmits to the playback device 120 the encrypted firmware encrypted with the encryption key, the decryption key that can decrypt the encrypted firmware, and the device unique number. The playback device 120 stores in the device the decryption key that can decrypt the received encrypted firmware, the device unique number, and the firmware obtained by decrypting the encrypted firmware with the decryption key.

  In addition, when the playback device is updated, the playback device 600 transmits a firmware acquisition request including the device unique number of the playback device 600 to the encryption device 500, and the encryption device 500 is associated with the device unique number. The encrypted firmware is returned to the playback device 600. The playback device 600 decrypts the acquired encrypted firmware and updates the firmware. Such encrypted firmware transmission / reception may be performed by sending the firmware storage medium 130 or via the communication network 140.

  In addition to the firmware, the encryption device 110 encrypts content such as movies and music to generate the content storage medium 160. The playback device 120 can decrypt the content stored in the content storage medium 160 and output it to the monitor 150 or the like for playback.

The encryption device 110 used in manufacturing the playback device 120 of the encryption / decryption system 100 and the specific configuration of the playback device 120 will be described below.
(First Embodiment: Encryption Device 110)

  FIG. 2 is a functional block diagram showing a hardware configuration of the encryption device 110 according to the first embodiment. The encryption device 110 includes an encryption control unit 210, an encryption storage unit 212, an operation unit 214, a display unit 216, a bus 218, an encryption external I / F 220, a storage buffer unit 222, and a storage medium. A writing unit 224 and a firmware encryption I / F 226 are included.

  The encryption control unit 210 manages and controls the entire encryption device 110 by a semiconductor integrated circuit including a central processing unit (CPU). The encryption storage unit 212 includes a ROM, a RAM, an EEPROM, a nonvolatile RAM, a flash memory, an HDD, and the like, and stores a program processed by the encryption control unit 210. The encryption storage unit 212 also stores a common encryption key used for generating firmware and encrypted content used when the playback device is manufactured.

  The operation unit 214 includes switches such as a keyboard, a pointing device, a cross key, and a joystick, and accepts user operation inputs. The display unit 216 is configured by, for example, a liquid crystal display, an organic EL display, or the like, and displays a GUI (Graphical User Interface) when executing the content and firmware encryption function provided by the encryption device 110.

  The encrypted external I / F 220 receives content such as movies and music to be encrypted from an external device (not shown) connected to the network via the communication network 140 according to an instruction from the content encryption unit 244 described later. To do.

  The storage buffer unit 222 is configured by a buffer memory such as SDRAM (Synchronous-DRAM), and temporarily stores the encrypted content that is the content encrypted by the content encryption unit 244 described later.

  The storage medium writing unit 224 writes the encrypted content temporarily stored in the storage buffer unit 222 to an unstored DVD, and generates the content storage medium 160.

  The firmware encryption I / F 226 is composed of a connection terminal connected in accordance with a standard such as IEEE 1394 or USB, and the encryption transmitting unit 242 described later can decrypt the encrypted firmware and the decryption key that can decrypt the encrypted firmware. Then, the device unique number of the playback device 120 becomes the I / F when transmitting to the playback device 120.

  The encryption storage unit 212 also functions as the device unique number database 230. In the device unique number database 230, an encryption key used for encrypting the firmware of the playback device 120, a decryption key used for decrypting the encrypted firmware encrypted with the encryption key, and a grant to the playback device 120 are given. Each reproduction device 120 is stored in association with a device unique number. However, the decryption key is only stored for confirmation, and can be deleted after transmission to the playback device 120.

  In the present embodiment, the encryption control unit 210 also functions as a firmware encryption unit 240, an encryption transmission unit 242, and a content encryption unit 244. The firmware encryption unit 240 acquires an encryption key associated with the device unique number associated with the playback device 120 to be manufactured from the device unique number database 230, and uses the encryption key from the encryption storage unit 212. Encrypt the obtained firmware to generate encrypted firmware. Further, the firmware encryption unit 240 temporarily stores the device unique number and the generated encrypted firmware in the encryption storage unit 212.

  The encryption transmission unit 242 acquires the decryption key and the device unique number from the device unique number database 230 of the encryption storage unit 212 and the encrypted firmware from the encryption storage unit 212. Then, the obtained decryption key, device unique number, and encrypted firmware are transmitted to the playback device 120 via the firmware encryption I / F 226.

  The encryption device 110 according to the present embodiment stores a device unique number unique to the reproduction device 120 and an encryption key in the device unique number database 230 of the encryption storage unit 212 when the reproduction device 120 is manufactured. Thus, the encrypted firmware is generated using the encryption key associated with the device unique number of the target playback device 120, and transmitted to the playback device 120 together with the device unique number. With this configuration, the playback device 120 can be shipped in a state where it is confirmed that the encrypted firmware can be correctly decrypted. The encryption firmware unique to the playback device 120 can be generated because the encryption device 110 stores the encryption key in the device unique number database 230 of the encryption storage unit 212 in association with the device unique number unique to the playback device 120. Therefore, unauthorized tampering of the firmware of the playback device 120 can be prevented more reliably.

  The content encryption unit 244 encrypts the content acquired through the encrypted external I / F 220 with the common encryption key acquired from the encryption storage unit 212, and generates encrypted content. The content is encrypted using an encryption method that can be decrypted by any decryption key of the playback device 120. For example, a method such as CPRM (Content Protection for Recordable Media) or AACS (Advanced Access Content System) is used. be able to. Such a common encryption key corresponds to all the decryption keys stored in the device unique number database 230, and the generated encrypted content can be decrypted using any decryption key. The content encryption unit 244 temporarily stores the generated encrypted content in the storage buffer unit 222. The stored encrypted content is written to a storage medium such as a DVD via the storage medium writing unit 224, and sold or rented as the content storage medium 160.

(Reproducing device 120)
FIG. 3 is a functional block diagram showing a hardware configuration of the playback device 120 according to the first embodiment. The playback device 120 includes a decoding control unit 310, a decoding storage unit 312, an operation unit 214, a display unit 316, a bus 218, a decoding monitor I / F 320, a playback buffer unit 322, and a storage medium reading unit 324. , A firmware reading unit 326, a temporary storage unit 328, and a firmware storage unit 330. The operation unit 214 and the bus 218 of the playback device 120 have substantially the same functions as those of the operation unit 214 and the bus 218 of the encryption device 110 described above, and thus description thereof will be omitted.

  The decoding control unit 310 manages and controls the entire playback device 120 using firmware and programs on a semiconductor integrated circuit including a central processing unit (CPU). The decryption storage unit 312 includes a ROM, a RAM, an EEPROM, a nonvolatile RAM, a flash memory, an HDD, and the like, and stores a program processed by the decryption control unit 310. In addition, the decryption storage unit 312 stores a device unique number unique to the playback device 120 and a decryption key used for decryption of the encrypted firmware encrypted with the encryption key associated with the device unique number.

  The display unit 316 is configured by, for example, a liquid crystal display, an organic EL display, or the like, similar to the encryption device 110, and displays a function provided by the playback device 120, for example, a GUI such as operation guidance. Further, when the playback device 120 is configured as a portable playback device, the display unit 316 can display content obtained by decrypting encrypted content stored in the content storage medium 160, as with the monitor 150.

  Similar to the firmware encryption I / F 226, the decryption monitor I / F 320 is composed of connection terminals connected according to standards such as NTSC, IEEE 1394, USB, etc., and monitors the decrypted content in accordance with instructions from the content decryption unit 344 described later. 150.

  The storage medium reading unit 324 reads the encrypted content from the content storage medium 160 according to an instruction from the content decryption unit 344 described later, and transmits it to the reproduction buffer unit 322 described later. Similar to the storage buffer unit 222 of the encryption device 110, the reproduction buffer unit 322 is configured by a buffer memory such as SDRAM, and temporarily stores the encrypted content read by the storage medium reading unit 324.

  Similar to the decryption monitor I / F 320, the firmware reading unit 326 is configured with connection terminals that are connected with standards such as IEEE 1394 and USB, and the decryption receiving unit 342, which will be described later, receives the encrypted firmware from the encryption device 110, It is used when receiving the decryption key that can decrypt the encrypted firmware and the device unique number of the playback device 120.

  Similar to the storage medium reading unit 324, the temporary storage unit 328 is configured by a buffer memory such as SDRAM, and the encrypted firmware received by the firmware reading unit 326 when the firmware decrypting unit 340 described later decrypts the encrypted firmware. Memorize temporarily.

  The firmware storage unit 330 is composed of an EEPROM, and continuously stores the firmware (decoded firmware) of the playback device 120 decoded by the temporary storage unit 328. The firmware storage unit 330 also stores a write program used when storing and updating the firmware in the firmware storage unit 330 in a non-updatable area. The decryption control unit 310 reads the firmware stored in the firmware storage unit 330 when the playback device 120 is started or restarted, and controls the content decryption / playback processing and the like according to the read firmware.

  The decryption control unit 310 also functions as a firmware decryption unit 340, a decryption reception unit 342, and a content decryption unit 344. The decryption receiving unit 342 receives the decryption key used for decryption of the encrypted firmware from the encryption device 110 through the firmware reading unit 326, the device unique number unique to each playback device 120 assigned to the playback device 120, and the device The encrypted firmware associated with the unique number is received. Then, the obtained encrypted firmware is transmitted to the temporary storage unit 328, and the decryption key and the device unique number are transmitted to the decryption storage unit 312.

  The firmware decryption unit 340 decrypts the encrypted firmware received from the encryption device 110 and stored in the temporary storage unit 328 using the decryption key received from the encryption device 110 and stored in the decryption storage unit 312. Further, the firmware decryption unit 340 transmits the decrypted firmware to the firmware storage unit 330.

  The playback device 120 of the present embodiment receives the decryption key, the device unique number, and the encrypted firmware generated with the encryption key associated with the device unique number at the time of manufacture, and the received decryption key and The device unique number is stored in the decryption storage unit 312, and the encrypted firmware is decrypted with the received decryption key and stored in the firmware storage unit 330. With this configuration, the playback device 120 can be shipped in a state where it is confirmed that the encrypted firmware can be correctly decrypted. Since only the encryption device 110 that stores the encryption key in the device unique number database 230 in association with the device unique number unique to the reproduction device 120 can generate the encrypted firmware unique to the reproduction device 120. Unauthorized tampering of the firmware of the device 120 can be prevented more reliably.

  In addition, when playing back content on the content storage medium 160, the content decryption unit 344 decrypts the encrypted content acquired from the playback buffer unit 322 with the decryption key acquired from the decryption storage unit 312. Such encrypted content can be decrypted using any decryption key of a plurality of playback devices 120 manufactured. The content decryption unit 344 transmits the decrypted content to the monitor 150 via the display unit 316 and the decryption monitor I / F 320.

  In order to prevent illegal copying of content such as movies and music, in the playback device 120 that can decrypt the encrypted content with a unique decryption key and generate the content, the decryption key is shared and used. With this configuration, since the function for decrypting the content can be shared by the decryption of the firmware, the unauthorized alteration of the firmware provided by the playback device 120 can be realized at a lower cost and in a small occupied area.

(Encryption / decryption method)
FIG. 4 is a flowchart showing the flow of the encryption process in the first embodiment.
In particular, FIG. 4A is a flowchart showing the flow of the encryption process of the encryption device 110, and FIG. 4B is a flowchart showing the flow of the decryption process of the playback device 120.

  In FIG. 4A, the encryption device 110 identifies one playback device 120 among the plurality of playback devices 120 to be manufactured (S400) in the manufacturing process, and from the device unique number database 230 of the encryption storage unit 212. Then, the encryption key associated with the device unique number assigned to the identified playback device 120 and the firmware are read from the encryption storage unit 212 (S402). Then, the firmware encryption unit 240 encrypts the firmware using the encryption key and generates encrypted firmware (S404). The encryption transmission unit 242 transmits the generated encrypted firmware, the decryption key of the device unique number database 230, and the device unique number to the playback device 120 (S406). If there is a reproducing apparatus 120 to be manufactured that has not yet transmitted the encrypted firmware (YES in S408), the same processing is repeated.

  4B, the decryption receiving unit 342 of the playback device 120 receives the decryption key, the device unique number, and the encrypted firmware, stores the decryption key and the device unique number (S450), and stores the firmware. The decryption unit 340 decrypts the encrypted firmware using the stored decryption key (S452). Then, the decrypted firmware is stored in the firmware storage unit 330 (S454).

  As described above, according to the present embodiment, when the playback device 120 is manufactured, the encryption key is stored in the device unique number database 230 of the encryption storage unit 212 in association with the device unique number unique to the playback device 120. Only the encryption device 110 can generate encryption firmware unique to the playback device 120. For this reason, by encrypting the firmware and transmitting it to the playback device 120, it is possible to prevent unauthorized tampering of the firmware and thus to prevent illegal copying of the content.

(Second Embodiment)
In the first embodiment, the encryption device 110 used when the playback device 120 of the encryption / decryption system 100 is manufactured and the specific configuration of the playback device 120 are described. In the second embodiment, at the time of updating the firmware in the playback device 600, an electronic signature is added to the encrypted firmware encrypted with the encryption key associated with the device unique number unique to the playback device 600, and sent. The playback device 600 verifies the added electronic signature and confirms that it has not been tampered with, and then decrypts and stores the encrypted firmware, thereby preventing unauthorized tampering of data in addition to firmware encryption. . The specific configurations of the encryption device 500 and the playback device 600 and the encryption and decryption methods will be described below in the same order as in the first embodiment. However, elements having substantially the same functions and configurations as those described in the first embodiment are denoted by the same reference numerals, and redundant description is omitted.

(Encryption device 500)
FIG. 5 is a functional block diagram showing a hardware configuration of the encryption apparatus 500 according to the second embodiment. The encryption device 500 includes an encryption control unit 510, an encryption storage unit 512, an operation unit 214, a display unit 216, a bus 218, an encryption external I / F 220, a storage buffer unit 222, and a storage medium. A writing unit 524 and a firmware encryption I / F 226 are included. The operation unit 214, the display unit 216, the bus 218, the encryption external I / F 220, the storage buffer unit 222, and the firmware encryption I / F 226 described above as the components in the first embodiment are substantially the same. Since the functions are the same, redundant description will be omitted. Here, the encryption control unit 510, the encryption storage unit 512, and the storage medium writing unit 524 having different configurations will be described.

  Similar to the encryption storage unit 212 of the encryption device 110, the encryption storage unit 512 includes a ROM, a RAM, an EEPROM, a nonvolatile RAM, a flash memory, an HDD, and the like, and is a program processed by the encryption control unit 510. Remember. The encryption storage unit 512 includes firmware, a device unique number database 230 that associates the encryption key used when encrypting the firmware and the device unique number, and a common encryption key used for generating encrypted content. Thus, the private key that can generate the electronic signature of the encrypted firmware and the public key that can verify the authenticity of the generated electronic signature are stored.

  The storage medium writing unit 524 generates the content storage medium 160 in the same manner as the storage medium writing unit 224 of the encryption device 110. Further, the storage medium writing unit 524 has a plurality of device unique numbers, for example, device unique numbers of all the supported playback devices 600 and a plurality of ciphers encrypted with an encryption key associated with each device unique number. The firmware storage medium 130 is written in the storage medium in a state associated with the update firmware.

  Since the capacity of the firmware is small compared to the content, etc., it is associated with a device unique number and a device unique number corresponding to all playback devices 600 sold for some storage media such as DVDs and Blu-ray Discs. Can write encrypted firmware. Then, the playback device 600 acquires the encrypted firmware associated with the device unique number unique to the playback device 600 from the firmware storage medium 130 written by the encryption device 500, and updates its own firmware. With this configuration, it is possible to distribute a DVD on which encrypted firmware has been written by means that are relatively difficult to tamper with, such as distribution and delivery at an authorized retail store, and more reliably prevent unauthorized tampering of the firmware. Can do.

  The encryption control unit 510 includes a firmware encryption unit 240, an encryption transmission unit 242, a content encryption unit 544, a signature generation unit 546, and a network encryption connection unit 548. Again, the firmware encryption unit 240 and the encryption transmission unit 242 already described in the first embodiment are omitted, the content encryption unit 544, the signature generation unit 546, and the network encryption connection unit 548. Is mainly explained.

  In response to the encrypted firmware acquisition request including the device unique number from the playback device 600 received via the encrypted external I / F 220, the content encryption unit 544 performs encryption associated with the device unique number of the playback device 600. The update firmware is encrypted using the encryption key to generate encrypted firmware. Then, the encrypted transmission unit 242 transmits the generated encrypted firmware. With this configuration, even when the firmware is updated after the playback device 600 has been delivered to the user after the playback device 600 is purchased, the encryption key associated with the device unique number unique to the playback device 600 is not used. Since the encrypted firmware cannot be generated, unauthorized alteration of the firmware of the playback device 600 can be prevented more reliably.

  The signature generation unit 546 generates an electronic signature of the encrypted firmware encrypted by the firmware encryption unit 240 using the secret key stored in the encryption storage unit 512. The encryption device 500 according to the present embodiment transmits the electronic signature of the encrypted firmware in addition to the encrypted firmware, and the playback device 600 that receives the encrypted firmware and the electronic signature verifies the tampered digital signature. Therefore, the encryption firmware with an illegal digital signature is not used for the update. With such a configuration, it is possible to eliminate unauthorized firmware with an electronic signature and more reliably prevent unauthorized tampering of the firmware.

  The network encryption connection unit 548 is connected to the communication network 140 such as the Internet via the encrypted external I / F 220 and performs mutual authentication on the reproduction device 600 and the communication network 140 described later. Then, the encrypted transmission unit 242 transmits the encrypted firmware and the electronic signature via the network to the playback device 600 that has been successfully authenticated. With this configuration, the encryption device 500 can easily and quickly provide the encryption firmware to the playback device 600 through the Internet while preventing unauthorized tampering.

(Reproducing device 600)
FIG. 6 is a functional block diagram showing a hardware configuration of the playback apparatus 600 according to the second embodiment. The playback device 600 includes a decoding control unit 610, a decoding storage unit 612, an operation unit 214, a display unit 316, a bus 218, a decoding monitor I / F 320, a decoding external I / F 620, and a playback buffer unit 322. , A storage medium reading unit 624, a firmware reading unit 326, a temporary storage unit 328, and a firmware storage unit 330. The operation unit 214, the display unit 316, the bus 218, the decoding monitor I / F 320, the reproduction buffer unit 322, the firmware reading unit 326, the temporary storage unit 328, which have already been described as the constituent elements in the first embodiment. The firmware storage unit 330 has substantially the same function, and thus a redundant description thereof will be omitted. Here, the decoding control unit 610, the decoding storage unit 612, and the storage medium reading unit 624, which are different in constituent elements, are mainly used. Explained.

  Similarly to the decryption storage unit 312 of the playback device 120, the decryption storage unit 612 includes a ROM, a RAM, an EEPROM, a nonvolatile RAM, a flash memory, an HDD, and the like. The decryption storage unit 612 is used for decrypting the device unique number and the encrypted content generation. The key and the public key that can verify the authenticity of the electronic signature generated using the encrypted firmware and the private key are stored. In addition, the encrypted firmware decrypted with the decryption key is continuously stored in the firmware storage unit 330.

  Similar to the storage medium reading unit 324 of the playback device 120, the storage medium reading unit 624 reads the encrypted content from the content storage medium 160 according to an instruction from the content decryption unit 344 and transmits the encrypted content to the playback buffer unit 322. Further, the storage medium reading unit 624 associates a plurality of device unique numbers with a plurality of pieces of encrypted firmware encrypted with an encryption key associated with each device unique number in accordance with an instruction from the content decrypting unit 344. The encrypted firmware associated with the device unique number stored in the decryption storage unit 612 and the electronic signature of the encrypted firmware are read from the firmware storage medium 130 stored in the state.

  As described above, in the firmware storage medium 130, the device unique number and the encrypted firmware associated with the device unique number corresponding to all the playback devices 600 to be sold can be written in the storage medium. Then, the playback device 600 acquires the encrypted firmware associated with the device unique number unique to the playback device 600 from the firmware storage medium 130 written by the encryption device 500, and updates its own firmware. With this configuration, it is possible to distribute a DVD on which encrypted firmware has been written by means that are relatively difficult to tamper with, such as distribution and delivery at an authorized retail store, and more reliably prevent unauthorized tampering of the firmware. Can do.

  The decryption control unit 610 also functions as a firmware decryption unit 340, a decryption reception unit 342, a content decryption unit 344, an acquisition request unit 645, a signature verification unit 646, and a network decryption connection unit 648. Also here, the firmware decryption unit 340, the decryption reception unit 342, and the content decryption unit 344 already described in the first embodiment are omitted, the acquisition request unit 645, the signature verification unit 646, and the network decryption connection unit. 648 will be mainly described.

  The decryption external I / F 620 is an I / F for performing transmission / reception with the encryption apparatus 500 via the communication network 140. The acquisition request unit 645 uses the device unique number stored in the decryption storage unit 612 of the playback device 600 to execute an encryption firmware acquisition request to the encryption device 500 via the decryption external I / F 620 or the like. To do.

  The playback apparatus 600 according to the present embodiment makes an acquisition request to the encryption apparatus 500 and acquires the encrypted firmware. With this configuration, even when the firmware is updated after the playback device 600 has been delivered to the user after the playback device 600 is purchased, the encryption key associated with the device unique number unique to the playback device 600 is not used. Since the encrypted firmware cannot be generated, unauthorized alteration of the firmware of the playback device 600 can be prevented more reliably.

  The signature verification unit 646 verifies the reliability of the electronic signature of the encrypted firmware received by the decryption reception unit 342 using the public key stored in the decryption storage unit 612. The playback apparatus 600 receives the electronic signature of the encrypted firmware in addition to the encrypted firmware, and does not use the encrypted firmware with an illegal electronic signature for updating. With such a configuration, it is possible to eliminate unauthorized firmware with an electronic signature and more reliably prevent unauthorized tampering of the firmware.

  The network decryption connection unit 648 connects to the Internet via the decryption external I / F 620 and performs mutual authentication with the encryption device 500 on the network. With this configuration, the playback device 600 can easily and quickly acquire the encrypted firmware through the Internet while preventing unauthorized tampering.

(Encryption / decryption method)
FIG. 7 is a flowchart showing a flow of encryption processing in the second embodiment. In particular, FIG. 7A is a flowchart showing the flow of the decryption process of the playback apparatus 600, and FIG. 7B is a flowchart showing the flow of the encryption process of the encryption apparatus 500.

  In FIG. 7A, the playback device 600 makes a firmware acquisition request including the device unique number to the encryption device 500 (S750). Then, network authentication is performed with the encryption device 500 (S752), and when the authentication process is normally executed (S754 YES), the encryption firmware transmitted by the encryption device 500 and the electronic signature of the encryption firmware are received ( S756). Then, the digital signature is verified using the public key stored in the decryption storage unit 612 (S758). If it is determined that the digital signature is properly generated (S760 YES), it is stored in the decryption storage unit 612. The encrypted firmware is decrypted using the decryption key (S762). Then, the decrypted firmware is stored in the firmware storage unit 330 (S764).

  In FIG. 7B, when receiving the firmware acquisition request from the playback device 600 (S700 YES), the encryption device 500 performs network authentication (S702). When the authentication process is normally executed (YES in S704), the encryption key associated with the device unique number is read from the device unique number database 230 based on the device unique number received from the playback device 600 (S706). . The encrypted firmware is generated using the encryption key (S708), and the electronic signature of the encrypted firmware is further generated using the encrypted firmware and the private key stored in the encryption storage unit 512 of the encryption device 500. Is generated (S710), and the encrypted firmware and electronic signature are transmitted to the playback device 600 (S712). Then, it waits until a firmware acquisition request is received.

  The encryption devices 110 and 500 and the playback devices 120 and 600 described above add an electronic signature to the encrypted firmware obtained by encrypting the firmware and send it out. Then, the playback device 600 verifies the added electronic signature and confirms that it has not been tampered with, and then decrypts and stores the encrypted firmware. Therefore, it is possible to prevent unauthorized tampering of the firmware at the time of both manufacture and update of the decryption device, and thus prevent illegal copying of content. In addition, an encryption device, a playback device, and an encryption / decryption method that include the components described in the first embodiment and the components described in the second embodiment are also provided.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to this embodiment. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

  In the first embodiment and the second embodiment, the device unique number database 230 storing the encryption key, the decryption key, and the device unique number, the electronic signature private key, the public key, and the playback device firmware are as follows: , Stored in the encryption storage unit, the encryption storage unit is an internal component of the encryption device, but is not limited to this, the encryption storage unit may be provided in another device, respectively For example, a server via the communication network 140 can be used independently.

  In the embodiment described above, the encryption device stores the encryption key and the device unique number unique to the playback device in association with each other. However, the present invention is not limited to this, and the device unique number is determined according to a predetermined function. An encryption key may be generated. With this configuration, the encryption apparatus does not need to store the apparatus unique number database 230 in the encryption storage unit, and manufacturing and maintenance costs can be reduced. However, in the first embodiment and the second embodiment described above, the encryption device can arbitrarily associate without using the encryption key, the device unique number, and the function. It is possible to generate a completely isolated encryption key that is not known to the relevant third party. With this configuration, it is possible to completely eliminate the risk that the encryption key is generated from the device unique number, and to prevent unauthorized tampering of the firmware more reliably.

  Note that each step in the encryption / decryption method of the present specification does not necessarily have to be processed in time series in the order described in the flowchart, and may include parallel or subroutine processing.

  The present invention can be used for an encryption / decryption system, an encryption device, a decryption device, and an encryption / decryption method for encrypting and decrypting firmware.

It is explanatory drawing which showed the schematic relationship of the encryption / decryption system. It is a functional block diagram showing the hardware configuration of the encryption device according to the first embodiment. 1 is a functional block diagram showing a hardware configuration of a playback apparatus according to a first embodiment. It is the flowchart which showed the flow of the encryption process in 1st Embodiment. It is the functional block diagram which showed the hardware constitutions of the encryption apparatus concerning 2nd Embodiment. It is the functional block diagram which showed the hardware constitutions of the reproducing | regenerating apparatus concerning 2nd Embodiment. It is the flowchart which showed the flow of the encryption process in 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Encryption / decryption system 110, 500 ... Encryption apparatus 120, 600 ... Playback apparatus (decryption apparatus)
130 ... Firmware storage medium 160 ... Content disk (storage medium)
210, 510 ... Encryption control units 212, 512 ... Encryption storage units 224, 524 ... Storage medium writing unit 240 ... Firmware encryption unit 242 ... Encryption transmission units 244, 544 ... Content encryption units 310, 610 ... Decryption Control units 312 and 612 ... Decryption storage units 324 and 624 ... Storage medium reading unit 326 ... Firmware reading unit 330 ... Firmware storage unit 340 ... Firmware decryption unit 342 ... Decryption reception unit 344 ... Content decryption unit 546 ... Signature generation unit 548 ... Network Encryption connection unit 645 ... Acquisition request unit 646 ... Signature verification unit 648 ... Network decryption connection unit

Claims (15)

An encryption / decryption system comprising an encryption device and a decryption device,
The encryption device is:
An encryption storage unit that stores an encryption key used for firmware encryption and a unique device unique number assigned to the decryption device in association with each other;
A firmware encryption unit that encrypts the firmware using the encryption key and generates encrypted firmware;
An encryption transmitter for transmitting the decryption key used for decryption of the encrypted firmware, the device unique number, and the encrypted firmware to the decryption device;
With
The decoding device
A decryption receiving unit that receives the decryption key, the device unique number, and the encrypted firmware from the encrypted transmission unit;
A decryption storage unit that stores the decryption key and the device unique number received by the decryption reception unit;
A firmware decryption unit that decrypts the encrypted firmware received by the decryption reception unit using a decryption key stored in the decryption storage unit, and generates decryption firmware;
A firmware storage unit for storing the decrypted firmware;
An encryption / decryption system comprising: An encryption / decryption system comprising an encryption device and a decryption device,
The decoding device
A decryption storage unit that stores a decryption key used for decryption of the encrypted firmware and a device unique number unique to the decryption device;
Using the device unique number, an acquisition request unit that executes an acquisition request for encrypted firmware;
A decryption receiving unit for receiving the encrypted firmware;
A firmware decrypting unit that decrypts the encrypted firmware using the decryption key and generates decrypted firmware;
A firmware storage unit for storing the decrypted firmware;
With
The encryption device is:
An encryption storage unit that associates and stores the device unique number and an encryption key corresponding to a decryption key specified by the device unique number;
In response to an acquisition request for encrypted firmware from the acquisition request unit, a firmware encryption unit that encrypts the firmware using an encryption key associated with a device unique number of the decryption device and generates encrypted firmware;
An encrypted transmission unit for transmitting the encrypted firmware to the decryption device;
An encryption / decryption system comprising: An encryption storage unit that stores an encryption key used for encrypting the firmware of the decryption device and a unique device unique number assigned to the decryption device;
A firmware encryption unit that encrypts the firmware using the encryption key and generates encrypted firmware;
An encryption transmitter for transmitting the decryption key used for decryption of the encrypted firmware, the device unique number, and the encrypted firmware to the decryption device;
An encryption device comprising: An encryption storage unit that stores a device unique number unique to the decryption device and an encryption key corresponding to the decryption key specified by the device unique number;
A firmware encryption unit that encrypts the firmware using the encryption key associated with the device unique number of the decryption device and generates the encrypted firmware in response to the encrypted firmware acquisition request from the decryption device;
An encrypted transmission unit for transmitting the encrypted firmware to the decryption device;
An encryption device comprising: The encryption storage unit further stores a secret key capable of generating an electronic signature of the encryption firmware,
A signature generating unit that generates an electronic signature of the encrypted firmware using the secret key;
The encryption apparatus according to claim 4, wherein the encryption transmission unit transmits the electronic signature in addition to the encryption firmware.   6. The encryption according to claim 4, further comprising a storage medium writing unit capable of writing a plurality of device unique numbers and a plurality of encrypted firmware associated with the device unique numbers into a storage medium. Device.   The encryption apparatus according to claim 3, further comprising a network encryption connection unit that connects to the Internet and performs mutual authentication with the decryption apparatus on a network. A decryption key used by the decryption device to decrypt the encrypted firmware, a unique device unique number assigned to the decryption device, and the encrypted firmware associated with the device unique number are received from the encryption device. A decryption receiver;
A decryption storage unit that stores the decryption key and the device unique number received by the decryption reception unit;
A firmware decryption unit that decrypts the encrypted firmware received by the decryption reception unit using a decryption key stored in the decryption storage unit, and generates decryption firmware;
A firmware storage unit for storing the decrypted firmware;
A decoding apparatus comprising: A decryption storage unit that stores a decryption key used by the decryption device to decrypt the encrypted firmware from the encryption device, and a device unique number unique to the decryption device;
Using the device unique number, an acquisition request unit that executes an acquisition request for encrypted firmware;
A decryption receiving unit for receiving the encrypted firmware;
A firmware decrypting unit that decrypts the encrypted firmware using the decryption key and generates decrypted firmware;
A firmware storage unit for storing the decrypted firmware;
A decoding apparatus comprising: The decryption storage unit further stores a public key that can verify the reliability of the electronic signature generated using the encrypted firmware and a private key,
The decryption receiving unit further receives the electronic signature,
The decryption apparatus according to claim 9, further comprising a signature verification unit that verifies the reliability of the electronic signature using the public key.   The decryption receiving unit receives encrypted firmware associated with the device unique number of the decryption device from a firmware storage medium storing a plurality of device unique numbers and a plurality of encrypted firmware associated with the device unique numbers. The decoding device according to claim 9 or 10, wherein the decoding device is obtained.   12. The decryption device according to claim 8, further comprising a network decryption connection unit that connects to the Internet and performs mutual authentication with the encryption device on the network.   The decryption apparatus according to any one of claims 8 to 12, further comprising a content decryption unit that decrypts the encrypted content by using the decryption key and generates the content. An encryption / decryption method using an encryption device and a decryption device,
The encryption device is:
An encryption key used for encrypting the firmware of the decryption device and a device unique number unique to each decryption device to be given to the decryption device are stored in association with each other,
Encrypting the firmware using the encryption key to generate encrypted firmware;
Transmitting the decryption key used for decryption of the encrypted firmware, the device unique number, and the encrypted firmware to the decryption device;
The decoding device
Receiving the decryption key, the device unique number, and the encryption firmware from the encryption device;
Storing the decryption key and the device unique number received from the encryption device;
Decrypting the encrypted firmware received from the encryption device using the stored decryption key to generate decryption firmware;
An encryption / decryption method characterized by storing the decryption firmware. An encryption / decryption method using an encryption device and a decryption device,
The decoding device
Storing a decryption key used for decryption of the encrypted firmware and a device unique number unique to the decryption device;
Using the device unique number, execute an encryption firmware acquisition request,
The encryption device is:
Storing a device unique number and an encryption key corresponding to a decryption key specified by the device unique number in association with each other;
In response to a request for obtaining encrypted firmware from the decryption device, the firmware is encrypted using an encryption key associated with the device unique number of the decryption device to generate encrypted firmware,
Sending the encrypted firmware to the decryption device;
The decoding device
Receiving the encrypted firmware;
Decrypting the encrypted firmware using the decryption key to generate decryption firmware;
An encryption / decryption method characterized by storing the decryption firmware.

Images