JP2013146014A - Information processing device, information storage device, information processing system, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an arrangement for more strict content usage control by setting multiple keys required to generate a title key.SOLUTION: An information storage device such as a memory card stores a first partial key required to generate a title key to be used to decrypt an encrypted content and a key block that allows acquisition of a second partial key required to generate the title key, and outputs the first partial key and the key block on the condition that authentication is successful between the information storage device and a host that carries out the decryption of the encrypted content. The first partial key is output only when the access privilege is verified by a certificate of the host. The second partial key can be acquired from the key block by using a device key that is a host-specific key hold by the host.

Description

  The present disclosure relates to an information processing device, an information storage device, an information processing system, an information processing method, and a program. In particular, the present invention relates to an information processing device, an information storage device, an information processing system, an information processing method, and a program that perform content usage control.

  For example, contents such as movies and music are sent to users via various media such as DVD (Digital Versatile Disc), Blu-ray Disc (registered trademark), flash memory, etc., networks such as the Internet, or broadcast waves. Provided. A user can play back content by using various information processing devices such as a PC, a portable terminal, a recording / playback device such as a BD player, and a television.

  However, many contents such as music data and image data provided to these users have copyrights, distribution rights, etc. held by their creators or distributors. Therefore, content providers often perform predetermined content usage restrictions when providing content to users.

  According to the digital recording device and the recording medium, for example, it is possible to repeat recording and reproduction without deteriorating images and sound, and illegal copy contents such as distribution of illegal copy contents via the Internet and distribution of so-called pirated discs. There is a problem that the use of is prevalent.

  As a specific configuration for preventing such unauthorized use of content, there is content encryption processing. The content provided to the user is encrypted, and the encryption key is set so that it can be acquired only by authorized users. These processes are described in, for example, Japanese Patent Application Laid-Open No. 2008-98765.

The key used to decrypt the encrypted data is given only to the playback apparatus that has received a license that is a content use right. The license is given to a playback device designed to comply with a predetermined operation rule such as not performing illegal copying. On the other hand, a playback device that has not received a license does not have a key for decrypting encrypted data, and therefore cannot decrypt the encrypted data.
However, there is a current situation that even if such content encryption is executed, unauthorized content usage is performed.

An example of unauthorized use of content will be described.
The content is recorded on a medium (memory card) such as a flash memory.
In the memory card, a media key set (MKS: Media Key Set) that is an encryption key set unique to the memory card is stored in advance.
This encryption key set (MKS) is constituted by a key set including a public key and a secret key issued by, for example, a license management apparatus (LA: License Authority). In many cases, the public key is stored and used in a public key certificate (PKC).
The public key certificate (PKC) is a certificate having not only a public key but also an identifier (ID) of a device (host or media) as recording data and a signature of the license management device (LA).

For example, when content stored in a memory card is played back or when new content is recorded on the memory card, a mutual authentication process between the memory card-equipped device (host) and the memory card is executed. For example, a mutual authentication process using a public key cryptosystem is executed, and the above encryption key set (MKS) is applied.
In the authentication process, the host and the media mutually confirm that the counterpart device is not an unauthorized device. On condition that this authentication is established, the host is allowed to read the content recorded on the memory card and the encryption key applied to the decryption of the content.

  The license management apparatus (LA) issues a revocation list (Revocation List) that is a list of identifiers (IDs) of unauthorized devices, and provides them to the devices that perform the above-described mutual authentication. A device that performs mutual authentication refers to the revocation list and performs a confirmation process as to whether or not the ID of the authentication counterpart device is registered.

  If an ID is recorded in the revocation list, the device is confirmed to be unauthorized, and content playback or recording is prohibited.

  This revocation list is issued by the license management device (LA) and is updated sequentially. In addition, an electronic signature of a license management apparatus (LA), which is an issuer, is given to prevent tampering.

  For example, a user device that performs content playback confirms the validity of the revocation list by verifying the signature of the revocation list, and then, the ID of the playback device or storage device used in the revocation list is registered. Only when it is confirmed that it is not registered, the subsequent processing, that is, processing such as content reproduction is allowed.

When a new unauthorized device is detected, the license management apparatus (LA) executes a revocation list update process for additionally registering the ID of the new unauthorized device. In other words, revocation lists with updated versions are distributed sequentially.
The updated revocation list is provided to the user device via the network. Alternatively, the content is recorded on a medium on which the content is recorded and provided to the user device.

  For example, if a host device that executes playback of content stored in a medium such as a memory card is identified as an unauthorized device, the license management device may identify the identifier (ID) of the unauthorized host device or the host device. Generate the latest version of the revocation list in which the identifier (ID) of the host public key certificate (Host Certificate) that stores the public key of the provided host is recorded in the revocation list, and send it via the network or content recording media. And distributed to user devices (reproducing devices, recording devices, PCs, recording media, etc.).

When the revocation list acquired via the network or the revocation list acquired by connecting to another device is newer than the version of the revocation list stored in the storage unit of the user device, Then, a process of replacing the old version revocation list stored in the storage unit of the own apparatus with the new version revocation list is performed.
In this way, the revocation list stored in each user device is sequentially replaced with a new version of the revocation list. Therefore, even when a new unauthorized device is generated, it is possible to steadily eliminate the use of the unauthorized device.

  However, for example, if a certain host device is revoked and its host device ID is registered in the revocation list, all contents cannot be used by that host device.

  That is, the process based on the revocation list is executed as a revocation (invalidation) process for each host, and there is a problem that the availability cannot be set for each content.

JP 2008-98765 A

  The present disclosure has been made in view of the above-described problems, for example, and includes an information processing device, an information storage device, an information processing system, and information that realize more flexible content usage control such as content-based usage control. It is an object to provide a processing method and a program.

The first aspect of the present disclosure is:
Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block that can acquire a second partial key necessary for generating the title key;
A data processing unit that executes an authentication process with an information processing device that decrypts the encrypted content;
The data processing unit
The information storage device executes an output process of the first partial key and the key block for the information processing device on condition that authentication with the information processing device is established.

  Furthermore, in one embodiment of the information storage device of the present disclosure, the first partial key is recorded in a protection area that allows access based on confirmation of an access right, and the data processing unit is configured to verify the information processing device. Only when the information processing apparatus confirms that the information processing apparatus has the access right to the storage area of the first partial key. Execute output processing.

  Furthermore, in an embodiment of the information storage device according to the present disclosure, the data processing unit applies the session key generated during the authentication processing, encrypts the first partial key, and outputs the encrypted first partial key to the information processing device.

  Furthermore, in an embodiment of the information storage device of the present disclosure, the title key is a key that can be calculated by an exclusive OR operation between the first partial key and the second partial key.

  Furthermore, in an embodiment of the information storage device according to the present disclosure, the second partial key is a key that can be acquired by a decryption process in which a unique key of the information processing device is applied to the key block.

Furthermore, the second aspect of the present disclosure is:
An information processing device that executes a reproduction process of content recorded in an information storage device,
A data processing unit that reads the encrypted content recorded in the information storage device and executes a decryption process;
A storage unit storing a device key which is key data unique to the information processing apparatus;
The data processing unit
A first partial key required for generating a title key to be applied to decryption of the encrypted content from the information storage device;
Read a key block that can acquire the second partial key necessary for generating the title key,
Obtaining the second partial key by a decryption process applying the device key to the key block;
In the information processing apparatus for calculating the title key by an arithmetic process using the first partial key and the second partial key.

  Furthermore, in an embodiment of the information processing apparatus according to the present disclosure, the data processing unit calculates the title key by an exclusive OR operation process between the first partial key and the second partial key.

Furthermore, the third aspect of the present disclosure is:
A server that executes processing for providing encrypted content,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is generated in a server that executes processing for generating and providing the information to the information storage device.

  Furthermore, in an embodiment of the server of the present disclosure, the key block can acquire the second partial key by a decryption process using a unique key of the information processing device stored in the selected information processing device. It is.

Furthermore, the fourth aspect of the present disclosure is:
A server that transmits to the information storage device encrypted content and generation information of a title key applied to decrypt the encrypted content;
An information storage device for storing the encrypted content and generation information of the title key;
An information processing system having an information processing device that performs decryption and reproduction of encrypted content stored in the information storage device,
The server
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is generated and transmitted to the information storage device,
The information storage device includes:
The encrypted content, the first partial key, and the key block are stored in a storage unit, and the first partial key and the key block of the information processing device are stored on condition that authentication with the information processing device is established. Execute the output process,
The information processing apparatus includes:
Obtaining the second partial key by a decryption process using a device key that is the information processing apparatus specific key for the key block;
In the information processing system for calculating the title key by an arithmetic process using the first partial key and the second partial key.

Furthermore, the fifth aspect of the present disclosure is:
An information processing method executed in an information storage device,
The information storage device includes:
Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block capable of acquiring a second partial key necessary for generating the title key;
A data processing unit of the information processing apparatus;
Executing an authentication process with an information processing device for decrypting the encrypted content;
In the information processing method of executing output processing of the first partial key and the key block to the information processing apparatus on condition that the authentication is established.

Furthermore, the sixth aspect of the present disclosure is:
An information processing method to be executed in an information processing apparatus having a data processing unit that reads encrypted content recorded in an information storage device and executes decryption processing;
The information processing apparatus includes a storage unit that stores a device key that is key data unique to the information processing apparatus,
The data processing unit
A first partial key required for generating a title key to be applied to decryption of the encrypted content from the information storage device;
Read a key block that can acquire the second partial key necessary for generating the title key,
Obtaining the second partial key by a decryption process applying the device key to the key block;
In the information processing method of calculating the title key by an arithmetic process using the first partial key and the second partial key.

Furthermore, the seventh aspect of the present disclosure is:
An information processing method executed on a server that executes encrypted content providing processing,
A data processing unit of the server,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is an information processing method for executing a process of generating and providing the information to the information storage device.

Furthermore, an eighth aspect of the present disclosure is
A program for executing information processing in an information storage device;
The information storage device includes:
Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block capable of acquiring a second partial key necessary for generating the title key;
The program is stored in the data processing unit of the information processing apparatus.
An authentication process with an information processing device for decrypting the encrypted content;
A program for executing output processing of the first partial key and the key block for the information processing apparatus on condition that the authentication is established.

Furthermore, the ninth aspect of the present disclosure is
A program that reads encrypted content recorded in an information storage device and executes information processing in an information processing device having a data processing unit that executes decryption processing.
The information processing apparatus includes a storage unit that stores a device key that is key data unique to the information processing apparatus,
The program is stored in the data processing unit.
A first partial key required for generating a title key to be applied to decrypting the encrypted content from the information storage device;
A process of reading a key block that makes it possible to acquire a second partial key necessary for generating the title key;
Obtaining the second partial key by a decryption process applying the device key to the key block;
In the program for executing the title key calculation process by the calculation process using the first partial key and the second partial key.

Furthermore, the tenth aspect of the present disclosure includes
A program that executes information processing in a server that executes processing for providing encrypted content,
In the data processing unit of the server,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is generated in the program for executing the processing to be provided to the information storage device.

  Note that the program of the present disclosure is a program that can be provided by, for example, a storage medium or a communication medium provided in a computer-readable format to an information processing apparatus or a computer system that can execute various program codes. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the information processing apparatus or the computer system.

  Other objects, features, and advantages of the present disclosure will become apparent from a more detailed description based on embodiments of the present disclosure described below and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

According to the configuration of an embodiment of the present disclosure, a strict content usage control configuration is realized by setting a plurality of keys necessary for generating a title key.
Specifically, an information storage device such as a memory card obtains a first partial key necessary for generating a title key to be applied to decryption of encrypted content and a second partial key required for generating a title key. The enabled key block is stored, and the first partial key and the key block are output on condition that the authentication process with the host that decrypts the encrypted content is established. The first partial key is output only when the access right based on the host certificate is confirmed. The key block can acquire the second partial key by applying a device key which is a host unique key held by the host.
With these configurations, for example, a configuration in which content usage control can be individually controlled for each host and each content is realized. For example, even if the host ID is not registered in the revocation list, it is possible to set content that can be used in units of content and content that cannot be used in units of content, and perform more detailed usage control in units of content Is realized.

It is a figure explaining the outline | summary of a content provision process and a utilization process. It is a figure explaining the utilization form of the content recorded on the memory card. It is a figure explaining the process between the information processing apparatus which performs content recording / reproducing, and the recording medium of content. It is a figure explaining the specific structural example of a memory card. It is a figure explaining the data structural example of usage control information. It is a figure explaining the structure and usage example of a key block. It is a figure explaining the process between the server which performs a content provision process, and the information storage device (media) which stores a content. It is a figure explaining the process between the host which performs a content reproduction process, and the information storage device (media) which stored the content. It is a sequence diagram explaining the process between the server which performs a content provision process, and the information storage device (media) which stores a content. It is a sequence diagram explaining the process between the host which performs a content reproduction process, and the information storage device (media) which stored the content. FIG. 25 is a diagram for describing an example hardware configuration of an information processing device. It is a figure explaining the example of hardware constitutions of information storage devices, such as a memory card.

The details of the information processing apparatus, information storage apparatus, information processing system, information processing method, and program of the present disclosure will be described below with reference to the drawings. The description will be made according to the following items.
1. 1. Overview of content provision processing and usage processing 2. Configuration example of information storage device 3. Data configuration example of usage control information 4. Key block configuration and usage examples 5. Content distribution processing from the server 6. Content reproduction processing in information processing apparatus (host) 7. Communication sequence between server and information storage device during content recording process 8. Communication sequence between host and information storage device during content playback processing 9. Hardware configuration example of each device Summary of composition of this disclosure

[1. Overview of content provision processing and usage processing]
Hereinafter, the configuration of the present disclosure will be described with reference to the drawings.
First, the outline of the content providing process and the usage process will be described with reference to FIG.
In FIG. 1, from the left
(A) Content provider (b) Information processing device (content recording / playback device (host))
(C) Information storage device (content recording medium)
Examples of these are shown.

  (C) The information storage device (content recording medium) 30 is a medium on which a user records content and is used for content reproduction processing. Here, for example, a memory card 31 which is an information storage device provided with a flash memory is shown.

  A user records and uses various contents such as music and movies in an information storage device (content recording medium) 30 such as a memory card 31. These contents include contents that are subject to usage control, such as contents that are subject to copyright management.

  The content that is subject to usage control is, for example, content for which random copying or distribution of copy data is prohibited, content for which the usage period is limited, or the like. Note that when usage control content is recorded in the memory card 31, usage control information (Usage Rule) that records copy restriction information, usage period restriction information, and the like corresponding to the content is also provided and recorded.

  Further, the license management apparatus (LA) that manages the use of content is an identifier such as an identifier (ID) of an unauthorized device or an identifier of a public key certificate of the unauthorized device for an information processing device or an information storage device that is recognized as an unauthorized device. A revocation list (Revocation List) in which (ID) is registered is generated and provided to each device. In the revocation list, an electronic signature using a secret key of a license management apparatus (LA: License Authority) is set. The revocation list (Revocation List) is sequentially updated.

(A) A content provider is a provider of content such as music and movies. In FIG. 1, as an example, a broadcast station 11 and a content recording medium 13 such as a content server 12, a BD, or a DVD are shown as content providers.
The broadcast station 11 is, for example, a television station, and provides various broadcast contents on a terrestrial wave or a satellite wave to a user device [(b) information processing device (content recording / playback device (host))].
The content server 12 is a server that provides content such as music and movies via a network such as the Internet.
The content recording medium 13 is a medium on which content such as a movie is recorded in advance, such as a BD-ROM or a DVD-ROM.

For example, the user can attach the memory card 31 to the information processing apparatus 20 and record the content that the information processing apparatus 20 receives from the outside or plays back from the content recording medium 13 on the memory card 31.
In addition, the information processing apparatus 20 can read and reproduce content recorded on the memory card 31, for example.

  The information processing apparatus 20 includes a recording / reproduction device (CE device: Consumer Electronics device) 21 including a hard disk, a disk such as a DVD, or a BD, such as a DVD player. Further, there are a PC 22, a mobile terminal 23 such as a smartphone, a mobile phone, a mobile player, and a tablet terminal. These are all (c) information storage devices 30, for example, devices on which a memory card 31 can be mounted.

A usage form of the memory card 31 will be described with reference to FIG.
A memory card 31 that is one form of the information storage device 30 is a recording medium that can be attached to and detached from a content player such as a PC, for example, and can be freely removed from the device that has performed content recording and mounted on other user devices. Is possible.

That is, as shown in FIG.
(1) Recording process (2) Reproduction process These processes are executed.
Some devices execute only one of recording and reproduction.
Moreover, it is not essential that the recording and playback processing devices are the same, and the user can freely select and use the recording device and the playback device.

In many cases, the usage control content recorded on the memory card 31 is recorded as encrypted content, and the content playback devices such as the recording / playback device 21, the PC 22, and the portable terminal 23 follow a predetermined sequence. After executing the decryption process, the content is reproduced.
In addition, reproduction processing and the like are performed in a usage-permitted mode recorded in usage control information (Usage Rule) set corresponding to the content.
(B) The content recording / playback apparatus (host) stores a program (host application) for executing content use and content decryption processing in accordance with usage control information (Usage Rule). Execute according to the program (host application).

Also,
An information processing apparatus 20 for executing content recording / playback;
An information storage device 30 for storing content;
Each of these devices stores a revocation list (Revocation List) that is a list in which identifiers (IDs) of unauthorized devices are recorded in the storage unit.
When the information processing apparatus 20 such as the PC 22 mounts the information storage device 30 such as the memory card 31 and records the content in the information storage device 30 or when reproducing the content recorded in the information storage device 30 As the pre-processing, as shown in FIG.
(Processing A) Mutual authentication processing between the information processing device 20 and the information storage device 30,
(Process B) Revocation list synchronization process between the information processing device 20 and the information storage device 30;
These processes are executed.

The mutual authentication process is executed in accordance with, for example, an ECDH (Elliptic Curve Diffie-Hellman) encryption method which is a public key encryption algorithm.
In this mutual authentication process, a process using a key set of a public key and a secret key held by the information processing apparatus 20 and the information storage apparatus 30 is executed.
Also, whether or not the public key certificate is mutually provided between the devices, and the other device or key or the ID of the public key certificate is recorded in the revocation list (Revocation List) which is the registration list of unauthorized devices Processing to verify whether or not. For example, when the ID of the counterpart device is recorded in the revocation list, it is determined that the counterpart device is an unauthorized device. In this case, subsequent processing, for example, content reproduction and recording processing may be stopped.

  The revocation synchronization process performs a version comparison between the revocation list (Revocation List) held by the information processing device 20 and the revocation list (Revocation List) held by the information storage device 30 to obtain a newer version of the revocation list. This is a process of selecting an application list (Revocation List) and replacing the old revocation list (Revocation List) of each device with a new one. This processing is called revocation list synchronization processing or update processing.

  The revocation synchronization process (update process) is performed not only between the information storage device 30 and the information processing device 20, but also between the information storage device 30 and the content server 12 that is the content provider, or with the information processing device 20, for example. It is also executed between content servers.

[2. Configuration example of information storage device]
Next, a configuration example of an information storage device such as a memory card 31 used as a content recording medium will be described.
A specific configuration example of the memory card 31 is shown in FIG.

  The memory card 31 is attached to, for example, an information processing apparatus (host) 20 that records and reproduces content, and is accessed from the information processing apparatus 20 or a server connected via the information processing apparatus 20 to read data. And writing is done.

As shown in FIG.
A controller (data processing unit) 110, a storage unit 120, and a communication IF 140 are included.
For example, communication with an information processing apparatus (host) or the like is performed via the communication IF 140.

  The controller (data processing unit) 110 includes a CPU 111 having a program execution function, a RAM 112, and the like. The RAM 112 is used as a recording area for data processing programs executed by the CPU, various parameters, controller-specific ID information, key information, and the like.

The storage unit 120 is divided into a protection area (secure area) 121 where free access is not allowed and a general-purpose area (user data area) 122 where basically free access is allowed.
For example, when an external device such as a server or a recording / reproducing device accesses the protection area (secure area) 121, the external apparatus outputs a certificate (Certificate) of the external apparatus to the information storage device, and the information storage device The access permission determination process based on the certificate is performed, and access is permitted according to the determination result.

Various types of secret information are recorded in the protection area (secure area) 121.
For example, the first partial key 131 or the like which is key information applied to generate an encryption key (title key) applied to content decryption. The example shown in FIG. 4 shows a storage example of the following data.
First partial key 131,
Revocation list 132,
Media secret key 133,
Media public key certificate 134,
License management device public key 135,

The first partial key 131 is key data for generating a title key that is an encryption key applied to encryption and decryption processing of content recorded in the general-purpose area 122.
First partial keys # 1, # 2,... Corresponding to each content, such as content # 1, # 2,.

For example, in order to generate the title key #n applied to the decryption of the content #n,
A first partial key #n corresponding to the content #n;
An operation using the second partial key #n corresponding to the content #n is required.
The second partial key is a key that can be acquired from the key block 139 stored in the general-purpose area (user data area) 122.

When decrypting the content, first, the first partial key 131 stored in the protection area (secure area) 121 is acquired, and then the second key is stored in the second block from the key block 139 stored in the general-purpose area (user data area) 122. Get a partial key. Furthermore, a predetermined operation using the first partial key and the second partial key is executed to calculate a title key, and a decoding process is executed using the calculated title key.
Details of these processes will be described later.

  The revocation list 132 is an unauthorized device, specifically, an information processing device such as a recording / reproducing device determined to be an unauthorized device, a device identifier (ID) such as an information storage device such as a memory card, or the like. It is the list which registered the identifier (ID) of the public key certificate (Certificate) stored in the unauthorized device. The revocation list 132 is a list that is issued and sequentially updated by the license management apparatus, and is configured such that the signature of the license management apparatus is set and tampering verification is possible.

  The media private key 133 and the media public key certificate 134 are a certificate (Certificate) storing a private key corresponding to the memory card 31 according to the public key cryptosystem and the public key.

The license management device public key 135 is, for example, the public key of the license management device that is the issuer of the revocation list 132, the media private key 133, and the media public key certificate 134.
For example, it is used in the verification process of the signature set in the revocation list 132 and the verification process of the signature set in the public key certificate.

The general-purpose area (user data area) 122 includes
For example, content 137 provided by a content server or the like, usage control information 138 in which usage permission information such as copy control information corresponding to the content is recorded, and a key block 139 are recorded.

In many cases, the content 137 is content encrypted with a title key.
The usage control information 138 is set for each content 137, for example, and is often provided together with the content. For example, when content is downloaded from a server and recorded, a usage control information file corresponding to the downloaded content is also downloaded and recorded. The data structure of the usage control information file will be described later.

The key block 139 is a key information block that generates a key (second partial key) that is applied to calculate a title key that is applied to decryption of the encrypted content 137.
The second partial key can be obtained from the key block by applying a device key, which is a host-specific host-corresponding key provided in advance to the host, which is an information processing apparatus that executes content playback processing and recording processing. It becomes.
This process will be described later.

[3. About data structure example of usage control information]
FIG. 5 shows a data configuration example of the usage control information 138.
As described above, the usage control information 138 records usage permission information such as copy control information corresponding to the content. Specifically, for example, as shown in FIG.
Header information (Header),
Copy control information (CCI: Copy Control Information),
Usage period control information (Period)
Usage period control information (before)
Usage period control information (After)
Movement control information (Move OK / NG)
Key block identifier (Key Block ID)
For example, such information is recorded.

In the header information (Header), identification information indicating usage control information, an identifier of the corresponding content, and the like are recorded.
The content issuance date / time (Issue Date) is date / time information when the content is provided to the user device. Specifically, for example, the date and time when the content server provided and recorded the content in an information storage device such as a user's memory card is recorded.

The copy control information is information regarding whether or not copying of content is permitted, and information on the number of times of copying when permitted.
The usage period control information is date and time information that allows the use of content. It is recorded as information such as a certain period (Period), a certain date and time (Before), and a certain date and time (After).
The movement control information (Move OK / NG) is information indicating whether or not the content is allowed to move (Move) to an external device.

  The key block identifier (Key Block ID) is an identifier of a key block used for calculating a title key applied to decrypting the content corresponding to the usage control information. That is, it is the identifier (ID) of the key block 139 recorded in the general-purpose area (user data area) 122 of the storage unit 120 described with reference to FIG.

  For example, these pieces of information are recorded in a usage control information file corresponding to the content. For example, when a user device such as a playback device uses content such as content playback, the control information recorded in the usage control information corresponding to the content is used. Processing to be used is executed.

[4. Key block configuration and usage example]
Next, the configuration and usage example of the key block will be described with reference to FIG.
As described above, the key block is a key information block that generates a second partial key that is a key applied to calculate a title key applied to decryption of the encrypted content.

  The second partial key can be obtained from the key block by applying a device key, which is a host-specific host-corresponding key provided in advance to the host, which is an information processing apparatus that executes content playback processing and recording processing. It becomes.

The key block is configured as an encryption key block that is broadcast to a large number of user apparatuses (hosts), that is, a large number of recording / reproducing apparatuses. A second partial key can be acquired by performing a decryption process using a host unique key (= device key), which is a unique key stored in advance in the user apparatus, on this key block.
However, by changing the setting of the key block, it is possible to perform so-called host revocation (exclusion) processing in which the second partial key cannot be obtained with the device key of a specific host.

  In this way, the encrypted data distribution configuration in which only the selected user device (host) can acquire the secret information (second partial key in this example) is called a broadcast cipher. There are various configurations as specific configuration examples of the broadcast encryption. The example shown in FIG. 6 is a diagram illustrating an example of a CS (Complete Subtree) method as an example.

  As shown in FIG. 6, a binary tree (tree) is configured in which a host which is a user apparatus is set as a terminal node. In the binary tree (tree), branches are bisected sequentially from the root which is a vertex node toward a lower layer. A node key is set for a node that becomes a branch point. Each terminal node is associated with a host (user device).

A host (user device) stores a host unique key (= device key) in advance. This host unique key (= device key) is a set of node keys of nodes on the path from the host set as the end node of the binary tree (tree) to the root (vertex node).
For example, the host 1 shown in FIG.
Node key of node set for host 1: K11
Node key of the upper node: K1,
These two node keys are stored as host-specific keys (= device keys).

Similarly, for example, the host 3 shown in FIG.
Node key of the node set for host 1: K21
Node key of the upper node: K2,
These two node keys are stored as host-specific keys (= device keys).

The host unique key (= device key) is a combination of different node keys for each host.
By providing each host (user device) with a host key consisting of a combination of these different node keys, an encryption key block containing secret information that can be decrypted only by a specific host unique key (= device key) is generated and distributed. By doing so, it becomes possible to provide confidential information only to the selected specific host.

As an example, a case where secret information is used as a key (Kroot) of a vertex node will be described.
For example, the key block (Key Block) when all the hosts can acquire the secret information (Kroot) is set as follows.
Key Block = Enc (K1, Kroot), Enc (K2, Kroot)

Enc (a, b) means data obtained by encrypting data b with key a.
The above key block (Key Block) is
Data obtained by encrypting the secret information (Kroot) with the key K1: Enc (K1, Kroot),
Data obtained by encrypting secret information (Kroot) with a key K2: Enc (K2, Kroot),
It means that the key block contains these.

  Each of the hosts 1 to 4 shown in FIG. 6 holds a node key K1 or K2 as a host unique key (= device key). Therefore, the secret information (Kroot) can be acquired from the key block (Key Block).

In addition, the processing for making it impossible to acquire the secret information (Kroot) from only the host 2, that is, the key block (Key Block) when only the host 2 is revoked (excluded) is set as follows.
Key Block = Enc (K11, Kroot), Enc (K2, Kroot)

The host 1 shown in FIG. 6 holds a node key K11 as a host unique key (= device key).
The hosts 3 and 4 hold a node key K2 as a host unique key (= device key).
Therefore, the hosts 1, 3, and 4 can acquire the secret information (Kroot) from the key block (Key Block).
However, since the host 2 does not hold any of the node keys K11 and K2, the host 2 cannot obtain the secret information (Kroot) from the key block (Key Block).

  In this way, by applying broadcast encryption such as the CS method, for example, it is possible to set a key block that is encryption information that allows only an arbitrary host (user device) to acquire secret information. Only secret information can be provided.

For example, if the above secret information (Kroot) is set as the second partial key, the second partial key can be provided only to a specific host.
Alternatively, Kroot is fixed with a key corresponding to the root, and the second partial key encrypted with Kroot is generated: Enk (Kroot, second partial key), and this encrypted data is included in the key block. You may distribute.

For example,
Key Block = Enk (Kroot, second partial key), Enc (K1, Kroot), Enc (K2, Kroot)
This key block can be decrypted by all of the hosts 1 to 4 shown in FIG. 6, and all of the hosts 1 to 4 can acquire the second partial key.

on the other hand,
Key Block = Enk (Kroot, second partial key), Enc (K11, Kroot), Enc (K2, Kroot)
This key block can be decrypted by the hosts 1, 3, and 4 shown in FIG. 6, and the hosts 1, 3, and 4 can acquire the second partial key. However, the host 2 cannot decrypt and the host 2 cannot obtain the second partial key.

The key block is an encryption key block having such a setting, and is a key block that can provide the second partial key only to a specific selected host.
The key block is transmitted, for example, from the content providing server to the user device (host) when distribution of the encrypted content is executed.

[5. Content distribution processing from the server]
Next, content distribution processing from the server will be described with reference to FIG.
FIG. 7 shows a server 200 that performs content distribution processing and an information storage device 300 such as a memory card that stores content transmitted from the server 200. The information storage device 300 is mounted on a user device such as a PC, for example, and executes communication with the server 200 via the user device.

First, in step S11, an authentication process is performed between the server 200 that executes the content providing process and the information storage device 300 that executes the content storage process.
This processing is, for example, mutual authentication processing and key exchange processing according to a public key cryptosystem, and performs both reliability confirmation and generation and sharing processing of a session key (= bus key: Bk).

Specifically, each device verifies the signature of the other party's public key certificate, and further confirms that the device ID recorded in the public key certificate is not recorded in the revocation list.
If the signature verification fails or the device ID is registered in the revocation list, the subsequent processing is not executed. That is, content provision, recording processing, and the like are not executed.

  Next, in step S12, the server 200 performs encryption processing using the title key 202, which is an encryption key, for the content 201 to be provided, generates encrypted content, and the general-purpose area of the information storage device 300 (User data area) 312 is recorded.

  Next, in step S <b> 13, the server 200 performs an exclusive OR (XOR) operation between the title key 202 and the second partial key 203 to generate the first partial key 204.

  Next, in step S <b> 14, the server 200 encrypts the generated first partial key 204 using the session key (bus key: Bk) generated in the authentication process of step S <b> 11 and provides the encrypted information to the information storage device 300. .

  Further, in step S15, the server 200 executes a key block generation process to which the host unique key 205 provided to each host is applied. The key block 206 to be generated is a key block 206 that stores the second partial key 203 as secret information and can acquire the second partial key that is secret information only by a device key owned by a specific selected host. . The generated key block 206 is stored in the general-purpose area (user data area) 312 of the information storage device 300.

On the other hand, in step S21, the information storage device 300 decrypts the first partial key encrypted by the session key (bus key: Bk) received from the server 200 by using the session key (bus key: Bk).
The decrypted first partial key is stored in a protected area (secure area) 311.

  Although not shown in the figure, the server 200 also provides the usage control information corresponding to the content together with the content to the information storage device 300 and records it in the general-purpose area (user data area) 312 of the information storage device 300. Is done.

[6. Content playback processing in information processing device (host)]
Next, the reproduction processing in the information processing apparatus (host) of the content stored in the information storage device will be described with reference to FIG.

FIG. 8 shows a host 400 that performs content reproduction processing, and an information storage device 300 such as a memory card that stores the content.
The host 400 holds the host unique key (device key) 404 described above with reference to FIG.

First, in step S51, an authentication process is performed between the host 400 that executes the content reproduction process and the information storage device 300 that stores the content.
This processing is, for example, mutual authentication processing and key exchange processing according to a public key cryptosystem, and performs both reliability confirmation and generation and sharing processing of a session key (= bus key: Bk).

Specifically, each device verifies the signature of the other party's public key certificate, and further confirms that the device ID recorded in the public key certificate is not recorded in the revocation list.
If the signature verification fails or the device ID is registered in the revocation list, the subsequent processing is not executed. That is, content reproduction processing or the like is not executed.

  Next, in step S52, the information storage device 300 reads out the first partial key necessary for generating a title key to be applied to decryption of the content to be reproduced from the protected area (secure area) 311 and reads the session key. (= Bus key: Bk) is encrypted, and an encrypted first partial key is generated and transmitted to the host 400.

  The first partial key is recorded in a protected area (secure area) 311 that allows access based on the confirmation of the access right. The data processing unit of the information storage device 300 executes access right confirmation based on the description of the certificate (Host Certificate) of the host 400 that is the information processing device, and the host 400 holds the access right to the storage area of the first partial key. Only when it is confirmed that the first partial key has been confirmed, the first partial key is output to the host 400.

  In step S <b> 53, the host 400 obtains the first partial key 402 by decrypting the encrypted first partial key received from the information storage device 300 with the session key (= bus key: Bk).

  Next, the host 400 reads the key block 403 from the general-purpose area (user data area) 312 of the information storage device 300, and applies the host unique key (device key) 404 stored in the storage unit of the own device in step S54. Thus, the second partial key 405 is obtained.

  The key block 403 is the key block described above with reference to FIG. 6, and the second partial key that is the secret information by the process using the host unique key (device key) owned by the selected host. It is a key block that can be acquired. Therefore, if the host is revoked (rejected), the key block decryption process in step S54 fails, the second partial key cannot be obtained, and the subsequent decryption and playback of the content cannot be performed. Become.

  In step S55, the host 400 that has succeeded in the key block decryption process in step S54 and has successfully acquired the second partial key 405, in step S55, performs the calculation process of the first partial key 402 and the second partial key 405. Specifically, for example, an exclusive OR (XOR) operation process is executed to calculate the title key 406.

Next, the host 400 applies the generated title key 406, decrypts the encrypted content read from the general-purpose area (user data area) 312 of the information storage device 300, generates the content 407, performs reproduction processing, etc. The content usage process is performed.
The content usage process is executed according to the usage mode permitted in the usage control information set in correspondence with the content and stored in the general-purpose area (user data area) 312 of the information storage device 300.

[7. Communication sequence between server and information storage device during content recording process]
Next, a communication sequence between the server and the information storage device during content recording processing will be described with reference to the sequence diagram shown in FIG.

FIG. 9 is a diagram illustrating a processing sequence when recording content downloaded from a server in an information storage device such as a memory card.
In FIG. 9, from the left
(A) a server that executes content providing processing;
(B) Information processing device (host) with an information storage device (media) such as a memory card attached
(C) Information storage device (media) that is a recording destination of content
These are shown.

The information processing device (host) is loaded with an information storage device (media) such as a memory card, and the data processing unit of the information storage device (media) executes communication with the server via the information processing device (host). Then, the processing after step S101 shown in the figure is sequentially executed to execute the content download processing and recording processing.
The information storage device is, for example, the memory card 31 described with reference to FIG. 4 and includes a controller 110 that functions as a data processing unit that executes data processing, a storage unit 120, and the like.
Details of the processing after step S101 will be described.

(Step S101)
First, the server transmits content to the information storage device.
As a premise of this process, for example, a process in which a user operating the information processing apparatus accesses the server, displays a list of contents provided by the server on the display of the information processing apparatus, and the user selects download contents, etc. Is done.
The server transmits content according to the user's specification.
Note that the transmission content is an encrypted content encrypted with a title key corresponding to the content. The title key is an encryption key generated by the server as a content-compatible encryption key.

(Step S102)
In step S102, the encrypted content transmitted from the server is recorded in the general-purpose area (user data area) of the information storage device.
Note that the content cannot be reproduced or used only by acquiring the encrypted content. It is necessary to acquire a title key that is an encryption key corresponding to the encrypted content.

(Step S103)
In step S103, mutual authentication processing and session key (= bus key: Bk) exchange processing are executed between the server and the information storage device. This process is a mutual authentication process and a key exchange process in accordance with a public key cryptosystem, and performs both reliability confirmation and session key (= bus key: Bk) generation and sharing processes.

Specifically, each device verifies the signature of the other party's public key certificate, and further confirms that the device ID recorded in the public key certificate is not recorded in the revocation list.
If the signature verification fails or the device ID is registered in the revocation list, the subsequent processing is not executed. That is, content provision, recording processing, and the like are not executed.

(Steps S104 to S105)
In steps S104 to S105, revocation list synchronization processing is executed. That is, if the version of the revocation list stored in the information storage device is older than the version of the revocation list held by the server, a new revocation list is provided from the server to the information storage device and stored in the information storage device. The revocation list is updated by replacing the old revocation list with the new revocation list.

(Step S106)
Next, in step S106, the server applies the session key (bus key: Bk) generated in the authentication process of step S103 and uses the encrypted data: Enc (Bk, Partial Key1) of the first partial key (Partial Key1). Generate and notify the information storage device.

(Step S107)
In step S107, the information storage device receives the encrypted data: Enc (Bk, Partial Key1) of the first partial key (Partial Key1), and applies the session key (bus key: Bk) generated in the authentication process of Step S103. Through the decryption process, the first partial key is acquired and stored in the protected area.

(Step S108)
In step S108, the server transmits the key block generated by executing the key block generation process using the host unique key provided to each host to the information storage device.
The key block to be generated is a key block that stores the second partial key as secret information, and can acquire the second partial key that is secret information only by a device key owned by a specific selected host.

(Step S109)
Next, in step S109, the information storage device stores the key block received from the server in the general-purpose area.

  Although not shown in the sequence shown in the figure, the server also provides the usage control information corresponding to the content together with the content to the information storage device and records it in the general-purpose area (user data area) of the information storage device. .

[8. Communication sequence between host and information storage device during content playback processing]
Next, a communication sequence between the host and the information storage device that is executed when the content recorded in the information storage device (media) is reproduced will be described with reference to FIG.
In FIG.
(1) Information processing apparatus [host (Host = Player)] for executing content reproduction processing;
(2) Information storage device storing content [Media (Memory Card)]
These are shown.
Content playback is performed by sequentially executing the processing in step S201 and subsequent steps shown in FIG. Hereinafter, processing of each step will be described.

(Step S201)
First, a mutual authentication process and a session key (= bus key: Bk) exchange process are executed between the information processing apparatus that executes the content reproduction process and the information storage device that stores the content. This process is a mutual authentication process and a key exchange process in accordance with a public key cryptosystem, and performs both reliability confirmation and session key (= bus key: Bk) generation and sharing processes.

(Step S202)
When mutual authentication is established and it is confirmed that both devices are reliable devices, the information storage device next uses the first partial key stored in the protection area of the information storage device in step S202 as a session. The data is encrypted with the key (= bus key: Bk) and transmitted to the information processing apparatus (host).

  In the data reading process from the protection area, a process for determining whether or not the information processing apparatus has an access right to the first partial key storage area of the protection area is executed. This determination process is performed by the information storage device with reference to the record information of the public key certificate (Host Certificate) received from the information processing device, for example.

In this determination process, only when it is determined that the information processing apparatus has an access right to the first partial key storage area of the protection area, the key reading in step S202 is executed.
If it is determined that the information processing apparatus does not have access rights to the first partial key storage area of the protection area, the key reading in step S202 is not executed. In this case, content reproduction is not executed.

(Step S203)
Next, the information storage device reads the key block from the general-purpose area (user data area) and transmits it to the information processing apparatus (host).
This key block is the key block described above with reference to FIG. 6, and the second partial key that is the secret information is obtained by applying the host unique key (device key) owned by the selected host. It is a key block that can be acquired.

(Step S204)
Next, in step S204, the information processing apparatus performs a key block decryption process using the host unique key (device key) stored in the storage unit of the information processing apparatus, and obtains a second partial key.
However, if the host is revoked (rejected), the key block decryption process fails, the second partial key cannot be obtained, and the subsequent decryption and playback of the content cannot be performed.

(Step S205)
The information processing apparatus that has succeeded in the key block decryption process in step S204 and succeeded in acquiring the second partial key, next, in step S205, performs an arithmetic process of the first partial key and the second partial key, specifically, For example, an exclusive OR (XOR) calculation process is executed to calculate the title key.

(Step S206)
Next, in step S206, the information processing apparatus reads the encrypted content to be reproduced from the general-purpose area of the information storage device.

(Step S207)
Finally, the information processing apparatus executes decryption processing using the title key calculated in step S205 on the encrypted content read from the information storage device in step S206, and reproduces the content as the decryption result.

  As described above, the information processing device (host) reads the first partial key necessary for generating the title key from the protection area of the information storage device when the encrypted content stored in the information storage device is played back, A key block capable of acquiring two partial keys is read out from the general-purpose area, and a title key is generated by calculating the first partial key and the second partial key.

  Only the host that can acquire the two keys, the first partial key and the second partial key, can play and use the content.

The condition for allowing the content reproduction, that is, the condition for allowing the generation of the title key is to satisfy all of the following conditions.
(Condition 1) The host ID of the information processing device (host) that executes the content use (playback) processing is not registered in the revocation list (= held by the information processing device (host) and the information storage device (memory card)) The host ID is not registered in the revocation list)
(Condition 2) An information processing apparatus (host) that executes content use (playback) processing can acquire the second partial key from the key block. (The host is not revoked at the time of key block generation)
(Condition 3) An information processing apparatus (host) that executes content use (playback) processing has an access right to the protection area storing the first partial key.
If all of the above (Condition 1) to (Condition 3) are satisfied, a title key is generated and the content can be used.

  However, if any of the above conditions (condition 1) to (condition 3) is not satisfied, the title key cannot be generated and the content cannot be used.

By such content playback control,
Even if the host ID is not registered in the revocation list, it is possible to set the content that can be used in units of content and the content that cannot be used in units of content, enabling a more detailed usage control in units of content Is done.

  Note that the configuration in which the title key as secret information can be acquired only by the device key of the specific selected host described above with reference to FIG. 6 is a conventionally known configuration, but the title key using the key block In the configuration of only acquisition control, when a device key provided to the user is leaked, an immediate countermeasure cannot be executed.

  For example, if a device key is leaked to an attacker, the title key can be obtained. In this configuration, the device key may be embedded in an unauthorized tool such as a ripping tool, and content may be illegally used using this unauthorized device key. There is. The device key embedded in the ripping tool is difficult to identify, for example, if it is tamper-proof mounted, and revocation processing by device identification becomes difficult.

On the other hand, in the configuration of the present disclosure, in order to derive the title key, the second partial key that can be obtained by decoding the key block using the device key and the protection area of the information storage device (media) It is necessary to acquire the first partial key that can be acquired.
"To obtain the first partial key from the protected area of the information storage device (media)" Always authenticate with the information storage device (media) and confirm the access rights of the information processing device (host) in the information storage device (media) Is executed.

  In the authentication process, the host certificate (Host Certificate) of the information processing device (host) is provided to the information storage device via a communication path, for example, a bus, between the information processing device (host) and the information storage device (media). Is done. By confirming this host certificate (Host Certificate), it becomes possible to specify the ID of the host certificate (Host Certificate) used in the ripping tool, for example, and it is possible to identify and revoke an unauthorized host Is possible. In the configuration of the present disclosure, countermeasures against such injustices are provided, and usage control in units of contents in the host device can be realized.

  In the above-described embodiment, the key block is described as being configured to be provided from the server to the information storage device as a single data file. However, for example, the key block is stored in the usage control information file and the information storage device is stored in the server. It is good also as a structure provided to.

[9. About hardware configuration example of each device]
Finally, with reference to FIG. 11 and FIG. 12, an example of the hardware configuration of each device that executes the above-described processing will be described.
FIG. 11 shows an example of the hardware configuration of an information processing apparatus that can be applied to an information processing apparatus that executes content recording on a medium or content reproduction from the medium, a content providing apparatus such as a content providing server, and a license management apparatus.

  A CPU (Central Processing Unit) 701 functions as a data processing unit that executes various processes according to a program stored in a ROM (Read Only Memory) 702 or a storage unit 708. For example, processing according to the above-described sequence is executed. A RAM (Random Access Memory) 703 stores programs executed by the CPU 701, data, and the like. The CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704.

  The CPU 701 is connected to an input / output interface 705 via a bus 704. The input / output interface 705 is connected to an input unit 706 including various switches, a keyboard, a mouse, and a microphone, and an output unit 707 including a display and a speaker. Yes. The CPU 701 executes various processes in response to commands input from the input unit 706 and outputs the processing results to the output unit 707, for example.

  The storage unit 708 connected to the input / output interface 705 includes, for example, a hard disk and stores programs executed by the CPU 701 and various data. A communication unit 709 communicates with an external device via a network such as the Internet or a local area network.

  A drive 710 connected to the input / output interface 705 drives a removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory such as a memory card, and records various data such as recorded contents and key information. To get. For example, using the acquired content and key data, the content is decrypted and played back according to the playback program executed by the CPU.

FIG. 12 shows a hardware configuration example of a memory card that is an information storage device.
A CPU (Central Processing Unit) 801 functions as a data processing unit that executes various processes according to a program stored in a ROM (Read Only Memory) 802 or a storage unit 807. For example, the communication processing with the server or host device described in each of the above-described embodiments, the processing such as writing and reading of the data in the storage unit 807, the access permission determination processing for each divided area of the protection area 811 of the storage unit 807, and the like. Run. A RAM (Random Access Memory) 803 appropriately stores programs executed by the CPU 801, data, and the like. These CPU 801, ROM 802, and RAM 803 are connected to each other by a bus 804.

  The CPU 801 is connected to an input / output interface 805 via a bus 804, and a communication unit 806 and a storage unit 807 are connected to the input / output interface 805.

  A communication unit 804 connected to the input / output interface 805 executes communication with, for example, a server or a host. The storage unit 807 is a data storage area, and includes a protection area 811 with access restrictions as described above and a general-purpose area 812 that allows free data recording and reading.

[10. Summary of composition of the present disclosure]
As described above, the embodiments of the present disclosure have been described in detail with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present disclosure. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present disclosure, the claims should be taken into consideration.

The technology disclosed in this specification can take the following configurations.
(1) Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block that can acquire a second partial key necessary for generating the title key;
A data processing unit that executes an authentication process with an information processing device that decrypts the encrypted content;
The data processing unit
An information storage device that executes output processing of the first partial key and the key block to the information processing device on condition that authentication with the information processing device is established.

(2) The first partial key is recorded in a protection area that allows access based on access right confirmation, and the data processing unit executes access right confirmation based on a certificate of the information processing apparatus, The output of the first partial key to the information processing apparatus is executed only when it is confirmed that the information processing apparatus has an access right to the storage area of the first partial key. Information storage device.
(3) The information according to (1) or (2), wherein the data processing unit encrypts the first partial key by applying a session key generated during the authentication process and outputs the encrypted first partial key to the information processing apparatus. Storage device.

(4) The information storage device according to any one of (1) to (3), wherein the title key is a key that can be calculated by an exclusive OR operation between the first partial key and the second partial key.
(5) The information storage device according to any one of (1) to (4), wherein the second partial key is a key that can be acquired by a decryption process in which a unique key of the information processing device is applied to the key block.

(6) An information processing device that executes a reproduction process of content recorded in an information storage device,
A data processing unit that reads the encrypted content recorded in the information storage device and executes a decryption process;
A storage unit storing a device key which is key data unique to the information processing apparatus;
The data processing unit
A first partial key required for generating a title key to be applied to decryption of the encrypted content from the information storage device;
Read a key block that can acquire the second partial key necessary for generating the title key,
Obtaining the second partial key by a decryption process applying the device key to the key block;
An information processing apparatus that calculates the title key by an arithmetic process using the first partial key and the second partial key.

  (7) The information processing apparatus according to (6), wherein the data processing unit calculates the title key by an exclusive OR operation process of the first partial key and the second partial key.

(8) a server that executes processing for providing encrypted content;
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
The server which performs the process which produces | generates and provides to an information storage device.
(9) The key block is configured to be able to acquire the second partial key by a decryption process using a unique key of the information processing device stored in the selected information processing device. server.

(10) a server that transmits encrypted content and generation information of a title key to be applied to decryption of the encrypted content to the information storage device;
An information storage device for storing the encrypted content and generation information of the title key;
An information processing system having an information processing device that performs decryption and reproduction of encrypted content stored in the information storage device,
The server
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is generated and transmitted to the information storage device,
The information storage device includes:
The encrypted content, the first partial key, and the key block are stored in a storage unit, and the first partial key and the key block of the information processing device are stored on condition that authentication with the information processing device is established. Execute the output process,
The information processing apparatus includes:
Obtaining the second partial key by a decryption process using a device key that is the information processing apparatus specific key for the key block;
An information processing system for calculating the title key by an arithmetic process using the first partial key and the second partial key.

  Furthermore, the configuration of the present disclosure includes a method of processing executed in the above-described apparatus and system, and a program for executing the processing.

  The series of processing described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run. For example, the program can be recorded in advance on a recording medium. In addition to being installed on a computer from a recording medium, the program can be received via a network such as a LAN (Local Area Network) or the Internet and can be installed on a recording medium such as a built-in hard disk.

  Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

As described above, according to the configuration of an embodiment of the present disclosure, a strict content usage control configuration is realized by setting a plurality of keys necessary for generating a title key.
Specifically, an information storage device such as a memory card obtains a first partial key necessary for generating a title key to be applied to decryption of encrypted content and a second partial key required for generating a title key. The enabled key block is stored, and the first partial key and the key block are output on condition that the authentication process with the host that decrypts the encrypted content is established. The first partial key is output only when the access right based on the host certificate is confirmed. The key block can acquire the second partial key by applying a device key which is a host unique key held by the host.
With these configurations, for example, a configuration in which content usage control can be individually controlled for each host and each content is realized. For example, even if the host ID is not registered in the revocation list, it is possible to set content that can be used in units of content and content that cannot be used in units of content, and perform more detailed usage control in units of content Is realized.

DESCRIPTION OF SYMBOLS 11 Broadcasting station 12 Content server 20 Information processing apparatus 21 Recording / playback dedicated device 22 PC
23 Mobile terminal 30 Information storage device 31 Memory card 110 Controller (data processing unit)
111 CPU
112 RAM
120 storage unit 121 protected area (secure area)
122 General-purpose area (user data area)
131 First Partial Key 132 Revocation List 133 Media Private Key 134 Media Public Key Certificate 135 License Management Device Public Key 137 Content 138 Usage Control Information 139 Key Block 140 Communication IF
200 Server 201 Content 202 Title Key 203 Second Partial Key 204 First Partial Key 205 Host Unique Key 206 Key Block 207 Session Key 300 Information Storage Device 301 Session Key 311 Protected Area (Secure Area)
312 General-purpose area (user data area)
321 Session key 400 Host 401 Session key 402 First partial key 403 Key block 404 Host specific key 405 Second partial key 406 Title key 701 CPU
702 ROM
703 RAM
704 Bus 705 Input / output interface 706 Input unit 707 Output unit 708 Storage unit 709 Communication unit 710 Drive 711 Removable media 801 CPU
802 ROM
803 RAM
804 Bus 805 I / O interface 806 Communication unit 807 Storage unit 811 Protection area 812 General-purpose area

Claims (16)

Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block that can acquire a second partial key necessary for generating the title key;
A data processing unit that executes an authentication process with an information processing device that decrypts the encrypted content;
The data processing unit
An information storage device that executes output processing of the first partial key and the key block to the information processing device on condition that authentication with the information processing device is established. The first partial key is recorded in a protection area that allows access based on access right confirmation;
The data processing unit
The access right confirmation based on the certificate of the information processing apparatus is executed, and only when it is confirmed that the information processing apparatus holds the access right to the storage area of the first partial key, the information processing apparatus The information storage device according to claim 1, wherein an output process of the first partial key is executed. The data processing unit
The information storage device according to claim 1, wherein a session key generated during the authentication process is applied to encrypt the first partial key and output the encrypted information to the information processing device.   The information storage device according to claim 1, wherein the title key is a key that can be calculated by an exclusive OR operation between the first partial key and the second partial key.   The information storage device according to claim 1, wherein the second partial key is a key that can be acquired by a decryption process in which a unique key of the information processing device is applied to the key block. An information processing device that executes a reproduction process of content recorded in an information storage device,
A data processing unit that reads the encrypted content recorded in the information storage device and executes a decryption process;
A storage unit storing a device key which is key data unique to the information processing apparatus;
The data processing unit
A first partial key required for generating a title key to be applied to decryption of the encrypted content from the information storage device;
Read a key block that can acquire the second partial key necessary for generating the title key,
Obtaining the second partial key by a decryption process applying the device key to the key block;
An information processing apparatus that calculates the title key by an arithmetic process using the first partial key and the second partial key. The data processing unit
The information processing apparatus according to claim 6, wherein the title key is calculated by an exclusive OR operation process between the first partial key and the second partial key. A server that executes processing for providing encrypted content,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
The server which performs the process which produces | generates and provides to an information storage device.   The server according to claim 8, wherein the key block is configured to be able to acquire the second partial key by a decryption process using a unique key of the information processing device stored in the selected information processing device. A server that transmits to the information storage device encrypted content and generation information of a title key applied to decrypt the encrypted content;
An information storage device for storing the encrypted content and generation information of the title key;
An information processing system having an information processing device that performs decryption and reproduction of encrypted content stored in the information storage device,
The server
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Is generated and transmitted to the information storage device,
The information storage device includes:
The encrypted content, the first partial key, and the key block are stored in a storage unit, and the first partial key and the key block of the information processing device are stored on condition that authentication with the information processing device is established. Execute the output process,
The information processing apparatus includes:
Obtaining the second partial key by a decryption process using a device key that is the information processing apparatus specific key for the key block;
An information processing system for calculating the title key by an arithmetic process using the first partial key and the second partial key. An information processing method executed in an information storage device,
The information storage device includes:
Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block capable of acquiring a second partial key necessary for generating the title key;
A data processing unit of the information processing apparatus;
Executing an authentication process with an information processing device for decrypting the encrypted content;
An information processing method for executing output processing of the first partial key and the key block to the information processing apparatus on condition that the authentication is established. An information processing method to be executed in an information processing apparatus having a data processing unit that reads encrypted content recorded in an information storage device and executes decryption processing;
The information processing apparatus includes a storage unit that stores a device key that is key data unique to the information processing apparatus,
The data processing unit
A first partial key required for generating a title key to be applied to decryption of the encrypted content from the information storage device;
Read a key block that can acquire the second partial key necessary for generating the title key,
Obtaining the second partial key by a decryption process applying the device key to the key block;
An information processing method for calculating the title key by an arithmetic process using the first partial key and the second partial key. An information processing method executed on a server that executes encrypted content providing processing,
A data processing unit of the server,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
Processing method for executing processing for generating and providing the information to the information storage device. A program for executing information processing in an information storage device;
The information storage device includes:
Encrypted content,
A first partial key required for generating a title key which is an encryption key applied to decrypting the encrypted content;
A storage unit storing a key block capable of acquiring a second partial key necessary for generating the title key;
The program is stored in the data processing unit of the information processing apparatus.
An authentication process with an information processing device for decrypting the encrypted content;
A program for executing an output process of the first partial key and the key block for the information processing apparatus on condition that the authentication is established. A program that reads encrypted content recorded in an information storage device and executes information processing in an information processing device having a data processing unit that executes decryption processing.
The information processing apparatus includes a storage unit that stores a device key that is key data unique to the information processing apparatus,
The program is stored in the data processing unit.
A first partial key required for generating a title key to be applied to decrypting the encrypted content from the information storage device;
A process of reading a key block that makes it possible to acquire a second partial key necessary for generating the title key;
Obtaining the second partial key by a decryption process applying the device key to the key block;
A program for executing a calculation process of the title key by a calculation process using the first partial key and the second partial key. A program that executes information processing in a server that executes processing for providing encrypted content,
In the data processing unit of the server,
The encrypted content generated by the encryption process applying the title key,
A first partial key which is a key applied to the generation of the title key;
A key block that can acquire the second partial key, which is a key applied to the generation of the title key, only in the selected information processing apparatus;
That executes the process of generating and providing the information to the information storage device.