JP3361052B2 - Data processing device and copy protection method applied to the device - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing device such as a personal computer and a copy protection method for digital contents used in the device, and more particularly to a data processing device having an interface with an external bus such as an IEEE 1394 serial bus and the same. The present invention relates to a copy protection method applied to a device.

[0002]

2. Description of the Related Art With the recent development of computer technology,
Digital video player, set top box, T
Various electronic devices compatible with multimedia such as V and personal computers have been developed.

An electronic device of this type is, for example, a DVD (Di
Digital contents such as movies, TV programs by digital satellite broadcasting, etc. accumulated in the digital versatile disk) can be reproduced.

Digital contents are generally encoded using a moving image high efficiency encoding system called MPEG2.
It is sent to each home through a recording medium and a transmission medium. MP
The coding by EG2 is based on the idea of variable rate coding from the viewpoint of ensuring both image quality and recording time with respect to capacity. The data amount of variable rate encoded data is
Depending on the quality of the original image, the amount of data increases as the scene moves more rapidly. Therefore, digital content is
It is possible to provide each home with high-quality images that are comparable to the original images.

In recent years, from the viewpoint of copyright protection of such digital contents, the need for copy protection technology for preventing illegal copying has been called for, but an effective method has not been established. The current situation.

Therefore, CPTWG (Copy Prot)
election Technical Working G
IEEE), which is a next-generation bus interface suitable for transmitting multimedia data.
Work is underway to formulate specifications for a new copy protection scheme for the serial bus (hereinafter referred to as IEEE 1394 copy protection technology).

The IEEE 1394 serial bus is a next-generation bus interface that connects digital video players, set-top boxes, TVs, personal computers, etc., and has two transfer modes: an asynchronous subaction and an isochronous subaction.
Supports types. The former is called an asynchronous transfer mode and is used when general data is transferred that does not require real-time processing. The latter is a synchronous transfer mode in which a transfer band is guaranteed, and real-time transfer of digital contents represented by video data and audio data is possible.

The IEEE 1394 copy protection technology uses the well-known encryption protocol such as public key encryption method and common key encryption method to enable the IEEE 1394 copy protection technology.
Digital contents transferred between devices such as a digital video player, a set-top box, a TV, and a personal computer via a 1394 serial bus are encrypted so that illegal copying thereof can be prevented.

[0009]

However, since the personal computer is originally an open system,
Sufficient protection against illegal copying cannot be expected only by encrypting the data flowing on the IEEE 1394 serial bus. Hereinafter, this will be specifically described.

FIG. 15 shows a configuration example in which the IEEE 1394 copy protection technology is directly applied to a personal computer. In FIG. 15, a personal computer (PC) 1, a set top box (ST
B) 2 and 3 of the digital video camera (DVC) 3
It is shown that two devices are connected via the IEEE 1394 serial bus 10.

These personal computers (PC)
1, a set top box (STB) 2, and a digital video camera (DVC) 3 are IEEE 13
The interface with the 94 serial bus 10 includes an encryption unit (Cipher) and a decryption unit (De-Ciphe).
r), or encryption / decryption with both functions
It has a decoding unit (De− / Cipher).

That is, the digital video camera (DVC) 3 for transmitting digital contents to another device via the IEEE 1394 serial bus 10 is provided with an encryption unit (Cipher), and another device is provided via the IEEE 1394 serial bus 10. A personal computer (PC) 1 that sends and receives digital content to and from a device 1
An encryption / decryption unit (De− / Cipher) is provided for the set top box (STB) 2.

The digital content requiring copy protection is encrypted by the device on the transmitting side, and then the IE
The encrypted data output on the EE1394 serial bus 10 is decrypted and decrypted by the receiving device. In this way, the IEEE 1394 serial bus 10
By encrypting the data flowing over, IEEE1
Even if the data flowing on the 394 serial bus 10 is illegally copied, it can be prevented from being reproduced normally.

In the personal computer (PC) 1, the encryption / decryption unit (De- / Cipher) is
As shown, a system bus such as a PCI bus 20 and an I
It is provided in the 1394 bridge 6 that bidirectionally connects with the EEE1394 serial bus 10. This gives P
Since encrypted data does not flow on the CI bus 20 and only plaintext data flows as usual, an open bus architecture can be maintained.

Digital video camera (DVC) 3 or set top box (STB) 2 to IEEE139
4 The encrypted data transmitted to the personal computer (PC) 1 via the serial bus 10 is decrypted into plain text by the 1394 bridge 6 and then sent to the CPU 4 and the MPEG decoder 5 on the PCI bus 20. Similarly,
When the digital video content is transmitted from the CPU 4 or the MPEG decoder 5 to the set top box (STB) 2, the plain text on the PCI bus 20 is encrypted by the 1394 bridge 6 and then sent out on the IEEE 1394 serial bus 10.

As described above, when the 1394 bridge 6 is provided with the encryption / decryption function, the open architecture of the PCI bus 20 can be maintained as it is.
I-bus 20 has decrypted data (Plain
(Contents) flows and it becomes possible to easily copy.

Further, in the personal computer of FIG. 15 in which the 1394 bridge 6 is provided with the encryption / decryption function, for each functional module that constitutes the personal computer, the type of content that the functional module can handle (only once) It becomes difficult to perform control such as restricting copy permission, copy prohibition, and copy free.
For example, an MPEG2 decoder needs to be able to handle all types of contents (copy only once, copy impossible, copy free), whereas DVD-
A storage device such as a RAM or an HDD needs to be able to handle only once-copyable content and copy-free content. But,
When the Plain Contents flow to the PCI bus 20, it is practically difficult to limit the content that can be handled by each functional module. This is because such content limitation is normally performed by authentication processing between devices. That is, when the 1394 bridge 6 is provided with the encryption / decryption function, the personal computer is also treated as one device on the IEEE 1394 serial bus. Therefore, although it is possible to limit the types of contents that can be handled by the personal computer by authentication processing between the personal computer and other devices on the IEEE 1394 serial bus, the contents can be limited to individual modules in the personal computer. You cannot limit the types of.

Further, in a DVD video or the like, digital contents are often realized as a stream including a plurality of contents of different types. In this case, the type of the content to be reproduced is dynamically switched, but there is also a problem that the content cannot be processed in real time if the authentication is performed again each time the type of the content is switched.

The present invention has been made in view of the above circumstances, and protects digital contents flowing on a bus in a data processing device such as a personal computer, and digital contents in functional module units constituting the data processing device. It is an object of the present invention to provide a data processing device and a copy protection method applied to the same, which can realize the above restrictions and can efficiently perform copy protection of digital contents.

[0020]

In order to solve the above-mentioned problems, the present invention encrypts and transfers data to be copy protected, which has at least types of data that can be copied only once and data that cannot be copied once. In a data processing device to which a device having the authentication function of 1 is connectable, an interface capable of communicating with the device by a first communication method and a second interface connected to the interface and different from the first communication method. An internal bus that performs communication by a communication method, and a plurality of types of functional modules that are provided in the data processing device and that are respectively connected to the internal buses, and that transmit or receive copy protected data via the internal bus. And each functional module comprises:
It authenticates whether or not it has a copy protection function with the functional module of the other party or the device that exchanges the data of the copy protection, and what kind of copy is performed by the functional module of the other party or the device. A device having an authentication means for authenticating whether or not it is possible to handle the type of data to be protected, and a device having a copy protect function capable of handling the type of data to be transmitted by the functional module of the other party or the device. If it is determined that the other party's functional module or the device obtains the decryption key necessary for decrypting the transmission target data to be encrypted and transmitted, the other party's functional module Means for performing key exchange with the functional module or the device.

In this data processing apparatus, an authentication means is provided in the interface section of each of a plurality of function modules that handle data to be copy protected such as digital contents, and between the function modules or between the function modules and the device. Authentication processing is performed individually. In this case, when performing the authentication process, the same internal bus
Even if there are functional modules that exist above, their functions
Depending on the type of module it can handle
In order to be able to limit the types of digital content,
If the function module or device that is the
Just verify that it has the
But not the other party's functional module or device
Type of data to be copy protected (such as once
Copyable, Copyable, Copy-free)
By verifying whether the device is
Of digital contents flowing on the internal bus of the data processing unit
Not only for protection, but for each functional module on the internal bus
Types of copy protected data that can be handled by
You will be able to limit the kind.

Further, the storage device is transparently connected to the bus.
It is possible to use the same authentication and encryption protocol both between the functional modules and between the device and the functional module by further including the bus interface means . That is, from the viewpoint of each functional module or application program in the data processing device, the functional module in the data processing device and the device can be handled in the same manner without distinction.

[0023]

[0024]

Further, when transmitting a stream composed of plural kinds of data of different kinds, the authentication means
Authentication processing is performed for the number of types of contents that the destination functional module can handle, and the decryption corresponding to the number of types of data that the destination functional module can process among the types of data that make up the stream. Preferably, the key is notified to the destination functional module. In this way, by passing the decryption key for each content type to the functional module on the receiving side in advance, even if the content type is dynamically changed, the encryption can be decrypted in real time. In this case, data type information indicating the type of data is embedded in the stream, and the decryption means may dynamically change the decryption key used for the decryption processing based on the data type information. .

[0026]

[0027]

[0028]

[0029]

[0030]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 shows a system configuration of a personal computer (hereinafter referred to as a PC) according to an embodiment of the present invention. This PC11 is IEEE
Communicates via a 1394 serial bus 200 with external consumer electronics, such as a set top box (STB) 12, a digital video camera or DV camcorder (DVC) 13, and a digital video cassette recorder (D-VCR) 14 as shown. It is configured to be possible.

A set top box (STB) 12, a digital video camera (DVC) 13, and a digital video cassette recorder (D-VCR) 14 each interface with an IEEE 1394 serial bus 200 to support the IEEE 1394 copy protection technology. Authentication processing unit (Authenticator) 12 for performing device authentication and key exchange, etc.
1, 131, 141 are included. Set top box (STB) 12 and digital video cassette recorder (D-VCR) 1 for transmitting and receiving digital contents
For No. 4, encryption / decryption units (De- / Cipher) 122 and 142 having both encryption and decryption functions are provided. Further, for the digital video camera (DVC) 13 that only transmits digital contents, only the encryption unit (Cipher) 132 is provided.

PC11, set top box (ST
B) 12, digital video camera (DVC) 13, and digital video cassette recorder (D-VCR) 14
Digital contents exchanged between the two are transferred in the encrypted state on the IEEE 1394 serial bus 200.

The PC 11 is connected to the PCI bus 1 as shown.
00 and a plurality of functional modules connected thereto. Among these functional modules, a functional module that handles digital contents, that is, a CPU module 111, a satellite or digital TV tuner 113, an MPEG2 decoder 115, and a DVD-R.
Regarding the AM drive 116, an authentication processing unit (Authenticator) 111 that performs device authentication, key exchange, and the like is provided in an interface unit with the PCI bus 100.
1,1131,1151,1161 are provided.
Each of these authentication processing units (Authenticator) 1
The functions of 111, 1131, 1151, and 1161 are basically the set top box (STB) 12 and the digital video camera (DVC) 1 which are 1394 devices.
3 and digital video cassette recorder (D-VC
R) 14 is the same as that of R) 14 and performs the authentication and key exchange necessary for exchanging encrypted digital contents.

Further, the CPU module 111, the tuner 113, and the interface section of the MPEG2 decoder 115 are further provided with encrypted contents (en).
Decryption unit (De-ciphe) that performs a decryption process for decrypting encrypted contents)
r) or an encryption unit (Cipher) is provided. Whether to have an encryption unit, a decryption unit, or both depends on the function of each functional module. Here, for the tuner 113, the encryption unit (C
ifer) 1132 is provided and the CPU module 1
11 and the MPEG2 decoder 115, the case where decoding units (De-cipher) 1112, 1152 are provided is illustrated.

The CPU module 111 is composed of a microprocessor, a memory controller, a PCI bus bridge, etc., and the authentication unit 1111 and the descrambling unit 1112 can be incorporated as a part of the PCI bus bridge, for example. In addition, the CPU module 111
Authentication section 1111, descrambling section 1112, MPEG2 in
The decoder unit 1113 may be realized by software.

The DVD-RAM drive 116 is the PC 11
It is provided as an auxiliary storage device of, and is connected to the PCI bus 100 via an IDE interface or an ATAPI interface. DVD-RAM
The drive 116 has only the authentication processing unit 1161, and includes a decryption unit (De-cipher) and an encryption unit (Ciphe).
r) is not provided. DVD-RAM1 with encrypted digital content still encrypted
This is for recording in 16.

The PC 11 further includes a PCI bus 100.
A 1394 bridge 117 that bidirectionally connects the IEEE 1394 serial bus 200 and the IEEE 1394 serial bus 200 is provided. Thirteen
The 94 bridge 117 is not provided with an authentication processing unit, an encryption unit, and a decryption unit, and the encrypted digital content remains encrypted in the PCI bus 100.
From IEEE 1394 serial bus 200 to IE
EE1394 serial bus 200 to PCI bus 100
Transferred to. Thus, the 1394 bridge 117
Transparently connects the functional module in the PC 11 and the 1394 device.

Here, the IEEE 1394 serial bus 2
A description will be given of a processing procedure when the CPU module 111 software-decodes the digital content transferred from the DVC 13 on 00.

First, the DVC 13 and the CPU module 11
Device authentication is performed with the device 1 to confirm that they are valid devices having a copy protection function. This device authentication uses well-known methods such as a random challenge and response method, a method using a one-way function, a method that uses a time-varying key that changes every time using a random number, or a combination of these methods. Can be realized.

The system ID is used for authentication of what kind of content the communication partner device can handle. This system I
D is embedded in the circuit or firmware of each functional module in the 1394 device and the PC 11, so that copying can be performed only once, copying cannot be performed,
It is determined whether the device is a device that can handle all types of copy-free digital contents or a device that can copy only once or can handle only copy-free digital contents.

In this authentication process, the CPU module 11
1 exchanges a key with the DVC 13 to generate a key for decrypting the encrypted content. Since the authentication unit is in the CPU module 111, the key itself or the information for generating the key remains encrypted.
DVC via 94 bus 200 and PCI bus 100
13 to the CPU module 111.

The DVC 13 encrypts the digital content and sends it to the CPU module 111. Encrypted content remains encrypted 1394 bus 200
And the CPU module 11 via the PCI bus 100.
1, the decryption unit (De-c of the CPU module 111
ipher) 1112 decrypts the content using the key obtained by the authentication. When the authentication unit and the decryption unit of the CPU module 111 are realized by software, it is needless to say that it is necessary to take measures such that the software cannot be tampered with or the algorithm is unknown.

The decrypted contents are stored in the software MPEG2 decoder (De) in the CPU module 111.
After being decoded by the coder 1113, an AG that directly connects the main memory 112 and the VGA controller 114.
P (Accelerated Graphics Por)
t) and sent to the VGA controller 114 for reproduction.

In this way, the authentication processing section and the encryption or decryption section are prepared in the interface section of each of the plurality of functional modules for handling digital contents, and the copy protection target is provided between the functional modules or between the functional modules and the 1394 device. When handing over the digital contents of the IEEE 1394 bus 200 and the PCI bus 10 by performing an authentication process and an encryption / decryption process of digital contents between these devices.
In either case of 0, the key for descrambling and the digital content are transferred while being encrypted, so that the illegal copy of the digital content can be prevented.

Further, since the authentication processing can be performed for each functional module in the PC 11, the type of digital contents that can be handled in functional module units (copy only once, copy impossible, copy free) is efficient. It is possible to limit it well.

FIG. 2 shows the relationship between software and hardware in the system of FIG. In FIG. 2, software is on the upper side of the chain line and hardware is on the lower side. In addition, blocks in thick frames that are hierarchically shown in the vertical direction are hardware modules such as each functional module in the PC 11 or a 1394 device.

The Authenticator handler is
In response to a request from an application program such as software for reproducing digital content, authentication processing and key exchange control with necessary hardware devices are performed. As mentioned above, the 1394 bridge 117 is a PC
Since each function module in 11 and the 1394 device are transparently connected, each function module in PC 11 has one
By implementing the same authentication and encryption / decryption protocol as the 394 device, as shown by the dotted line, each functional module in the PC 11 and the 1394 device are equivalent without being distinguished from the application program. It is possible to handle.

FIG. 3 shows an example of the procedure of authentication processing and key exchange used in this embodiment. The device that is sending the content is the source device
ce, the receiving device is a sink device
Is.

The Sink Device first uses an alternate random challenge key (N
a) is generated, and the random challenge key (Na) is passed to the source device together with the authentication request.
Then, the sink device creates Ar from Na using a predetermined function.

Source Device is an alternate random challenge key (Nb) that changes every time by using a random number.
Generate Sin as a response to the authentication request
Return to kDevice. And Source Dev
ice creates Br from Nb using a predetermined function.

After this, the Source Device is
Send the message (Bv) to the sink device.
This message (Bv) is created from the public key and Na and Br.

The sink device sends a message (Av) to the source device. The message (Av) is created from the public key and Nb and Ar.

The Source Device confirms whether Av is correct, and if correct, determines that the other party is a valid device and creates an authentication key (Ak). Similarly, Sink
The device also confirms whether Bv is correct, and if correct, determines that the other party is a valid device and creates an authentication key (Ak).

After this, the Source Device is
Control key (eKx) encrypted with the authentication key (Ak)
To the Sink Device. Sink Devi
The ce decrypts the encrypted control key (eKx) with the authentication key (Ak) to create the control key (Kx).

The procedure of the authentication process shown in FIG. 3 is merely an example, and as long as it is possible to verify the mutual devices are correct devices, as described above, the normal random challenge & You can use the response method and other well-known methods.

Next, a method for limiting the content that can be handled for each device when the type of digital content to be transferred (copyable once, copy prohibited, copy free) is switched in real time will be described.

A device that can send contents that cannot be copied and that can be copied only once separately uses two types of control keys (keys for decrypting the content encryption decryption key), one for copying and one for copying only once. Prepare and change the number of control keys passed to it according to the capabilities of the receiving device. If the device on the receiving side can handle both contents (copy not allowed, copy allowed only once), authentication is performed twice and both control keys are acquired in advance. It is natural for the sending device to change the key according to the content type, but by preparing both keys in advance by the authentication process, it is flexible to dynamically switch the content type. Can correspond to.

An example of a specific procedure of this authentication processing will be described below with reference to the flowchart of FIG. First, the following processing is performed for each device on the receiving side that is the destination of the digital content. First, the system ID is acquired from the receiving device. And that system ID
On the basis of the above, it is determined whether or not the receiving device can handle the non-copyable content (step S1).
01). If the receiving device is a device capable of handling uncopyable content, the sending device sends a control key (eKcontrol # 1) for the uncopyable content to the receiving device, and the receiving device cannot copy the content. The control key (eKcontrol # 1) for content is received (step S102). The control key for the non-copyable content is not transmitted to the device that cannot handle the non-copyable content.

Next, based on the system ID, it is determined whether or not the receiving device can handle the content that can be copied only once (step S103). If the receiving device is a device that can handle the content that can be copied only once, the transmitting device transmits the control key (eKcontrol # 2) for the content that can be copied only once to the receiving device, The receiving device uses its control key (eKcontr
ol # 2) is received (step S104). 1 for devices that cannot handle content that can be copied only once
Copyable only once The control key for content is not sent.

Each of these control keys (eKcont
The rolls # 1, # 2) are encrypted keys for decrypting the encrypted content key as described above, and a time-varying key using a random number or the like can be used. The device on the receiving side uses the random number value exchanged in the authentication process or another key prepared in advance in the device to decrypt the eKcontrol # 1 and # 2,
Controls # 1 and # 2 are obtained.

In this way, a key corresponding to the function of the receiving device is passed to each receiving device. That is,
In the case of a device that can handle both contents that cannot be copied and that can be copied only once, both control keys are passed by authentication twice. Further, in the case of a device that can handle only the contents that can be copied only once, only the control key for the contents that can be copied only once will be passed.

When the authentication processing with all the receiving side devices is completed (step S105), the encrypted content key (eKcontent) and the encrypted content (Encrypted contents) are all received from the transmitting side device. It is broadcasted to the device on the side (steps S106 and S107). Encrypted content (Encrypted content)
nts) has embedded in the header thereof copy control information (CGMS) indicating that copying is not possible, copying is possible only once, or copying is free.

Each device on the receiving side uses the copy control information (CGMS) as content identification information for dynamically changing the control key. That is, each device on the receiving side discriminates the type of content currently undergoing reception processing according to the copy control information (CGMS) included in the encrypted content, and the control key (Kcont) corresponding to the type of the content.
roll). Then, by using the selected control key, the encrypted content key (eKcontent) is decrypted, and the encrypted content (Encrypted content) is decrypted.
Content key (Kc) for decrypting ts)
tontent) is generated (step S108). For the device on the receiving side that received a type of content that cannot be handled, the corresponding control key (Kcontrol
Since there is no l), the content cannot be decrypted.

As described above, in the present embodiment, when transmitting a stream composed of a plurality of types of contents of different types, the authentication processing is performed for the number of types of contents that can be handled by the receiving device, and the stream is transmitted. Among the types of contents constituting the above, the process of passing the decryption key corresponding to the number of types of contents that the receiving side device can process to the receiving side device is performed.

Here, as shown in FIG. 5, for example, assume a case where an encrypted substream A consisting of a content that can be copied only once and an encrypted substream B consisting of a content that cannot be copied are continuously transmitted. .

As shown in FIG. 6, content identification information indicating the type of content is embedded in the header portion of each of the encrypted substreams A and B as information for instructing to change the key to be used. ing. As the content identification information, the copy control information (CGMS) can be used as described above.

A device (device # 1) that can handle both contents that cannot be copied and that can be copied only once, and a device that can handle only contents that can be copied only once or contents that are copy-free ( Device # 2) when sending to device #
For 1, the decryption keys of both encrypted substreams A and B are passed, and for the device # 2, only the decryption key of encrypted substream B is passed.

Therefore, as shown in FIG. 7A, when the content type is switched from the encrypted substream A to the encrypted substream B, the device # 1 responds to the decryption key according to the change. Can be changed dynamically to obtain correct decrypted data (plaintext) corresponding to each of the encrypted substreams A and B.
On the other hand, as shown in FIG.
Does not have a key for decrypting the encrypted substream B, it is possible to obtain the decrypted data (plaintext) corresponding to the encrypted substream A, but for the encrypted substream B, It cannot be decrypted.

Here, the control key corresponding to the function of the device is passed to each receiving device, but the content key corresponding to the function of the device can be prepared for each receiving device. Since it is essential, various methods can be used as a procedure therefor depending on the authentication processing method used. The configuration in which the authentication unit and the encryption / decryption unit are provided for each functional module can be applied not only to the PC but also to various microcomputer application devices such as a player for recording / playback of digital contents.

Next, with reference to FIG. 8, a method of recording content in the storage device in the PC 11 of FIG. 1 will be described. In general, a storage device used as an auxiliary storage device in a personal computer is not provided with an authentication function, so that content that requires copy protection cannot be recorded. Also, if the authentication function and the decryption function are prepared, it is possible to record the content in the storage device after the content is decrypted. However, in this case, the recorded content (Plain Contents) is illegally recorded. There is a risk of being used. Especially for removable storage devices that use portable recording media,
The danger is high.

Therefore, in the present embodiment, the storage device is provided with only an authentication processing unit (Authenticator) so that the content is encrypted and recorded on the recording medium, and the system accesses the content key generated by the authentication. The recording is made in an area on the recording medium that cannot be recorded.

Hereinafter, the recording method will be specifically described by exemplifying a case in which digital content which requires copy protection and which can be copied only once is received from the STB 12 and recorded in the DVD-RAM medium of the DVD-RAM drive 116. To do.

1. Authentication unit (Authenticator) of each of the STB 12 and the DVD-RAM drive 116
When the devices 121 and 1161 authenticate each other and it is confirmed that they are valid devices, the control key (eKcontrol) sent encrypted from the STB 12 side is sent to the DVD-RAM drive 116. Side decrypts the control key (Kco
NTP) is generated.

2. The encrypted content key (ekcontent) is sent from the STB 12 to the DVD-RAM drive 116 together with the encrypted digital content.

3. Copy control information (CGMS) is included in the encrypted digital content. 4. The DVD-RAM drive 116 is Kcontrol
And CGMS are used to generate a content key (Kcontent) from the eKcontent. eKconte
nt is a time-varying key.

5. Encrypted content encrypted with Kcontent (Encrypted Content)
s) is recorded on the medium as it is, and the corresponding Kc
The ontent is recorded in a gap area between sectors as shown in FIG. 9, for example. The contents of the CGMS are changed from "copy once" to "no more copies", and are similarly recorded in this gap area. This gap area is an area that cannot be accessed from the system.

The CPU module 111 controls all of these procedures. Next, FIG.
0, the encrypted content (EncryptedContent) recorded on the DVD-RAM medium is referred to.
The case of reproducing s) will be described.

1. DVD-RAM drive 116 and MP
Authentication is performed with the EG2 decoder 115. 2. Once they are confirmed to be legitimate devices,
Encrypted control key (eKcontrol)
Is sent from the DVD-RAM drive 116 to the MPEG2 decoder 115.

3. Auto in the MPEG2 decoder 115
The encryption of the eKcontrol is released by the lenticator 1151, and the Kcontrol is created. 4. Encrypted content (Encrypted Content)
ents) and the encrypted content key (ek)
content) and CGMS are sent from the DVD-RAM drive 116 to the MPEG2 decoder 115.

5. Auth of the MPEG2 decoder 115
Kcontrol and CG at the enticator1151
Decrypting eKcontent from MS, Kcont
Generate ent.

6. De- in the MPEG2 decoder 115
Send Kcontent to Cipher1152. 7. De-Cipher 1152 is an encrypted content (encrypted context) using a content key.
nts) decryption, and the content's Plain
Generate Text.

8. MPEG2 decoder 115 is Play
VGA controller 11 after decoding nTxet
4 to the video input port and display it on the screen. As described above, by providing the Authenticator for device authentication in the bus interface of the storage device and recording the encrypted content that has been sent as it is, contents that could not be recorded once can be recorded. You can record to the storage device. Also, by recording the transmitted content as it is, a decryption circuit for decrypting the content becomes unnecessary. In addition, by writing the decrypted content decryption key to an area that cannot be read from the system, only a legitimate device can decrypt the storage content of that storage device by authenticating with the storage device. It will be possible.

Further, by using a computer-readable recording medium, the digital content thus encrypted is recorded in a normal area, and the key for decrypting the encryption is recorded in an area which cannot be read from the system. Various titles may be distributed. This allows
The contents of the recording medium can be reproduced only by a legitimate device having an authentication and encryption / decryption function, and it is possible to prevent illegal copying.

Although the DVD-RAM drive is illustrated as the storage device here, it may be applied to a DVD-R drive, an MO drive, an HDD and the like.
Further, the storage device having such an authentication function is not limited to a PC, but may be a DVD player and a D-VCR
The present invention can be applied to various microcomputer application devices that use a readable / writable storage device, such as a multi-function peripheral. Also, it goes without saying that they may be realized as an IEEE 1394 device.

Next, a data transfer restriction method for restricting devices that can handle the content by using the attribute (field, area) of the content that is encrypted and transferred will be described.

That is, the method of limiting the devices that can handle it based on the copy control information such as copy disabled, copy only once, and copy free has been described above. Is control in units of the entire stream of the same type of content. Therefore, it is difficult to perform fine control such that only a portion that meets a certain specific condition can be handled among the types of content that can be handled.

Therefore, in the present data transfer restriction method, field information or area information indicating the contents of the content is embedded in the header part of the stream data, and by using the field information or area information, the types that are allowed to be handled ( In a stream consisting of contents that cannot be copied, copied only once, or copy-free), only the part that meets the conditions (field, region) specified in advance by the user etc. can be processed, and other parts The part is not processed.

FIG. 11 shows the system configuration for implementing the present data transfer restriction method. First, the transfer control according to the field information added to the bucket header portion of the stream data will be described.

The term "field" as used herein means the classification required socially and educationally such as presence / absence of sexual depiction, presence / absence / degree of violent depiction, and the like. The stream data is packetized at the time of passing through the network route, and this packet is composed of a header portion having data information and the data itself. The header portion here may be a header defined by a network route or a header portion included in data.

The data output system 301 comprises a stream data storage device 302 and an interface section 303 for outputting the stream data storage device 302 to the outside. Here, a data packet to be output to the network route is created. The "field" information is stored in the header part of the packet as shown in FIG. The network may be wired or wireless. In addition, the IEEE 1394 serial bus 200 of FIG.
It may be the PCI bus 100 or the like.

The data processing system 401 is in a device that receives stream data. For example, the PC 11 of FIG.
In, the tuner 113 and the CPU module 11
1 or the MPEG2 decoder 115 or the like corresponds to the data processing system 401. Further, the data processing system 401 may be not only a PC but also a 1394 device in the figure, and may be a satellite terminal or an internet terminal.

The data processing system 401 is a part that actually performs a process for presenting the data to the user, and is composed of an interface part 402 for receiving the data and a stream data processing part 403 for performing the process. That is,
The “field” information is decoded not at the time of receiving the data but at the timing of processing the data itself, and the field of the data is compared by comparing with the field defined by the system attribute information preset by the user of the data processing system 401 or the like. Whether processing is possible or not is determined for each data packet.

The interface unit may be software only, hardware only, or a combination of both. Also, not only the "field" information is included in the stream data, but instead of or in addition to the "field" information, the "region" for identifying the region where the corresponding content can be processed
Information may be embedded. Here, the “region” is classified according to the intention of the creator of the stream data or the distributor. Also in this case, the “region” information is decoded not at the time of receiving the data but at the timing of processing the data itself, and whether the data can be processed or not is determined by comparison with the region defined by the system information of the data processing system 401. It is determined in data packet units.

FIG. 13 shows how data processing is controlled by the stream attribute information such as “field” and “region” embedded in the packet header of the stream.

In FIG. 13, the data processing system 4
The type of digital content that 01 can handle is composed of data packets A, B, C, D, and each data packet includes "field" or "region" information as stream attribute information in its header part. The case is shown.

By the stream restriction function of the data processing system 401, only the "field" or "region" data (data A, data C) compatible with the data processing system 401 is processed and other data (data B, data D) are processed. ) Is excluded from processing and discarded. The processing of the stream restriction function is executed by the procedure shown in the flowchart of FIG. That is, first, the system attribute information set in the data processing system 401 is acquired and compared with the stream attribute information included in the packet header of the received stream (step S).
201-S204). If they match, the stream (packet) is processed (step S20).
5) If they do not match, they are not processed (step S20).
6).

Therefore, for example, when the stream limiting function of the data processing system 401 is added to the MPEG2 decoder 115 of FIG. 1, among the video contents (data A, B, C, D) transferred continuously, , Only data (data A, data C) that matches the "field" or "region" set by the user are decoded and reproduced, and other data (data B, data D) are not decoded and reproduced. That is, after the data A is reproduced, the reproduction period of the data B becomes blanking, and when the reproduction period of the data B ends, the data C is reproduced.

Therefore, by applying the system configuration shown in FIG. 11 to a content providing system that deals with an unspecified large number of users such as satellite TV broadcasting, only scenes matching the conditions of each user are reproduced or recorded. Therefore, it becomes possible to easily realize fine control such that only a portion that meets a certain specific condition can be handled among the types of content that can be handled.

[0099]

As described above, according to the present invention,
By providing an authentication function for encryption processing in each functional module that constitutes a data processing device such as a personal computer, protection of digital contents flowing on a bus connecting the functional modules and digital contents in functional module units The restriction of can be efficiently realized.

[Brief description of drawings]

FIG. 1 is a block diagram showing a system configuration of a computer system according to an embodiment of the present invention.

FIG. 2 is a diagram showing a relationship between software and hardware in the system of FIG.

FIG. 3 is a diagram showing an example of device authentication and key exchange used in the system of FIG.

FIG. 4 is an exemplary flowchart showing an example of a specific procedure of an authentication process used in the system of the embodiment.

FIG. 5 is an exemplary view showing an example of a stream structure of digital contents applied to the system of the embodiment.

FIG. 6 is an exemplary view showing a state in which content identification information is added to a packet header of digital content applied to the system of the embodiment.

FIG. 7 is a view for explaining the principle of digital content restriction processing applied to the system of the embodiment.

FIG. 8 is an exemplary view for explaining a content recording operation to a storage device provided in the system of the embodiment.

FIG. 9 is an exemplary view for explaining a key storage system in the storage device provided in the system of the embodiment.

FIG. 10 is an exemplary view for explaining a reproducing operation of the content recorded in the storage device provided in the system of the embodiment.

FIG. 11 is a view for explaining the principle of a data transfer limiting method applied to the system of the embodiment.

12 is a diagram showing an example of the structure of stream data used in the data transfer restriction method of FIG.

13 is a diagram showing a data restriction processing operation by the data transfer restriction method of FIG.

14 is a flowchart showing a processing procedure of the data transfer restriction method of FIG.

FIG. 15 is a block diagram showing a system configuration of a computer system in which an 1394 bridge is provided with an encryption / decryption function.

[Explanation of symbols]

11 ... Personal computer (PC) 12 ... Set top box (STB) 13 ... Digital video camera or DV camcorder (D)
VC) 14 ... Digital video cassette recorder (D-VCR) 111 ... CPU module 112 ... Main memory 113 ... Cylite or digital TV tuner 114 ... VGA controller 115 ... MPEG2 decoder 116 ... DVD-RAM drive 117 ... 1394 bridge 121 ... Authentication unit (Authenticator) 122 ... Encryption / decryption unit (De- / Cipher) 131 ... Authentication unit (Authenticator) 132 ... Encryption unit (Cipher) 141 ... Authentication unit (Authenticator) 142 ... Encryption / decryption unit (De-) / Cipher) 1111 ... Authentication unit (Authenticator) 1112 ... Decryption unit (De-cipher) 1131 ... Authentication unit (Authenticator) 1132 ... Encryption unit ( ipher) 1151 ... authentication unit (Authenticator) 1152 ... decoding unit (De-cipher) 1161 ... authentication unit (Authenticator)

─────────────────────────────────────────────────── --- Continuation of the front page (56) References JP-A-9-149023 (JP, A) JP-A-10-40172 (JP, A) JP-A-10-79174 (JP, A) JP-A-9- 168006 (JP, A) JP-A-8-331119 (JP, A) JP-A-7-288798 (JP, A) Takahashi, Asami, "Copy protection technology of IEEE1394, integrated with public key / common key" , NIKKEI ELECTRON ICS, Nikkei BP, March 23, 1998, no. 712, p. 47-53 Asami, Harada, "DVD, on a personal computer," NIKKEI ELECTRON ICS, Nikkei BP, August 18, 1997, no. 696, p. 103-126 Asami, "Unauthorized copy protection technology for digital recording devices, to be adopted this fall", NIK KEI ELECTRONICS, Nikkei BP, August 18, 1997, no. 696, p. 20 (58) Fields surveyed (Int.Cl. ⁷ , DB name) G06F 12/14 G11B 20/10 H04L 9/08 H04L 9/16

Claims (7)

(57) [Claims] 1. A data processing device to which a device having an authentication function for encrypting and transmitting and receiving data for copy protection having at least types of data that can be copied only once and data that cannot be copied is connectable, An interface capable of communicating with a device according to a first communication method, an internal bus connected to the interface for performing communication with a second communication method different from the first communication method, and inside the data processing device And a plurality of functional modules that are respectively connected to the internal bus and that transmit or receive copy protected data via the internal bus, each functional module being a copy protected data. It also has a copy protection function with the other party's functional module that exchanges Authentication unit that authenticates whether or not the functional module of the other party or the device can handle what kind of data to be protected by copy,
When it is determined that the functional module of the other party or the device is a device having a copy protection function capable of handling the type of data to be transmitted,
In order to make the functional module of the other party or the device obtain the decryption key necessary for decrypting the transmission target data to be encrypted and transmitted, between the functional module of the other party or the device A data processing device comprising means for executing key exchange. 2. A functional module on the transmission side that transmits the data to be protected by copy via the internal bus is provided with an encryption means for encrypting the data to be protected by copy, and the internal bus is connected to the functional module. The functional module on the receiving side that receives and processes the data to be copy protected via the above is provided with a decryption means for decrypting the encrypted data and releasing the encryption. The data processing device according to claim 1. 3. A bus interface means for connecting the device to the internal bus is further provided, and when data to be copy protected is transferred between the device and each of the functional modules, an encryption is performed on the internal bus. 3. The data processing device according to claim 2, wherein the encrypted data is transferred, and the same authentication and encryption protocol is used both between the functional modules and between the device and the functional module. . 4. At least one of the plurality of functional modules that handles the copy protected data is a CPU module, a decoder that decodes encoded data that has been digitally compressed and encoded, and a storage device. The data processing apparatus according to claim 1, wherein the data processing apparatus includes: 5. A data processing device having an interface connectable to a device having an authentication function for encrypting and transmitting and receiving data for copy protection having at least types of data that can be copied only once and data that cannot be copied. In the above, an internal bus and a plurality of types of functional modules that are provided in the data processing device and that are respectively connected to the internal bus and that transmit or receive copy protection target data via the internal bus are provided. Each functional module authenticates whether or not it has a copy protect function with the functional module of the other party or the device that exchanges the data of the copy protection target, and the functional module of the other party or the device is authenticated. It is possible to handle any kind of copy protected data And authentication means to authenticate whether or not there,
When it is determined that the functional module of the other party or the device is a device having a copy protection function capable of handling the type of data to be transmitted,
In order to make the functional module of the other party or the device obtain the decryption key necessary for decrypting the transmission target data to be encrypted and transmitted, between the functional module of the other party or the device When transmitting a stream composed of a plurality of types of data of different types and means for executing key exchange, a functional module which becomes a receiving side device in the types of data constituting the stream prior to the transmission of the stream. Alternatively, the authentication means and the authentication means are provided between the receiving side and the transmitting side of the stream so that the functional module or the device on the receiving side can obtain the number of decryption keys corresponding to the number of types of data that the device can process. A method for performing authentication and key exchange using the key exchange means by the number corresponding to the number of types of data included in the stream. A data processing device comprising: a step. 6. The data type information indicating the type of data is embedded in the stream, and the functional module on the receiving side can dynamically change the decryption key to be used based on the data type information. 4. The method according to claim 3,
The data processing device according to. 7. The data processing device is a computer having a CPU module as the plurality of functional modules, a decoder for decoding encoded data that has been digitally compressed and encoded, and a storage device, and the IEEE 1394 serial interface as the interface. It has a bus interface, and as the internal bus
The data processing device according to claim 1, further comprising a bus different from a communication system of the IEEE 1394 serial bus interface.