JP4078792B2 - Information recording device, information reproducing device, encryption processing key updating method, and program providing medium - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an information recording device, an information reproducing device, an encryption processing key update method, and a program providing medium, and performs update of an encryption key such as a master key or a media key using a tree-structured hierarchical key distribution method. The present invention relates to a configuration that enables encryption using a newer key for content newly stored in a recording medium. Specifically, using a key distribution method in which each recording / reproducing device device is arranged on each leaf of the n-ary tree, the keys necessary for recording and reproducing content are distributed, and multiple generations, versions Information recording apparatus, information reproducing apparatus, and encryption that can store different keys in a recording medium, store newer keys in the recording medium, and delete unnecessary keys when the recording / reproducing apparatus accesses the recording medium The present invention relates to a processing key update method and a program providing medium.
[0002]
[Prior art]
With the advancement and development of digital signal processing technology, in recent years, recording devices and recording media for digitally recording information are becoming widespread. According to such a digital recording apparatus and recording medium, for example, recording and reproduction can be repeated without deteriorating images and sound. In this way, digital data can be copied over and over again while maintaining image quality and sound quality. Therefore, when recording media illegally copied are distributed to the market, various contents such as music, movies, etc. The profits of the copyright holders or the rightful sales rights holders will be harmed. In recent years, in order to prevent such illegal copying of digital data, various mechanisms (systems) for preventing illegal copying of digital recording devices and recording media have been introduced.
[0003]
For example, in a MD (mini disk) (MD is a trademark) device, SCMS (Serial Copy Management System) is adopted as a method for preventing illegal copying. SCMS outputs an SCMS signal together with audio data from the digital interface (DIF) on the data reproduction side, and controls recording of audio data from the reproduction side on the data recording side based on the SCMS signal from the reproduction side. This is a system that prevents illegal copying.
[0004]
Specifically, whether the SCMS signal is audio data that is copy-free data that can be copied any number of times or data that is allowed to be copied only once (copy once allowed). Or a signal indicating whether copying is prohibited (copy prohibited) data. On the data recording side, when audio data is received from the DIF, an SCMS signal transmitted together with the audio data is detected. If the SCMS signal is copy free, the audio data is recorded on the mini disc together with the SCMS signal. If the SCMS signal is allowed to be copied only once (copy once allowed), the SCMS signal is changed to copy prohibited and recorded on the mini disk together with the audio data. Further, when the SCMS signal is copy prohibited, audio data is not recorded. By performing such control using SCMS, the mini-disc apparatus prevents illegal copying of copyrighted audio data by SCMS.
[0005]
However, since the SCMS is based on the premise that the data recording device itself has a configuration for controlling the recording of audio data from the playback side based on the SCMS signal as described above, the SCMS is controlled. When a mini-disc device without a structure is manufactured, it is difficult to cope with it. Therefore, for example, a DVD player is configured to prevent illegal copying of copyrighted data by adopting a content scramble system.
[0006]
In a content scramble system, video data, audio data, and the like are encrypted and recorded on a DVD-ROM (Read Only Memory), and a key (decryption key) used to decrypt the encrypted data is used. To the licensed DVD player. The license is given to a DVD player designed to comply with a predetermined operation rule such as not performing illegal copying. Therefore, a licensed DVD player can reproduce images and sounds from the DVD-ROM by decrypting the encrypted data recorded on the DVD-ROM using a given key.
[0007]
On the other hand, an unlicensed DVD player does not have a key for decrypting encrypted data, and therefore cannot decrypt encrypted data recorded on a DVD-ROM. As described above, in the content scramble system configuration, a DVD player that does not satisfy the conditions required at the time of license cannot reproduce a DVD-ROM on which digital data is recorded, so that unauthorized copying is prevented. It has become.
[0008]
However, the content scramble system adopted in the DVD-ROM is intended for a recording medium in which data cannot be written by the user (hereinafter referred to as ROM medium as appropriate), and recording in which data can be written by the user. Application to media (hereinafter referred to as RAM media as appropriate) is not considered.
[0009]
That is, even if the data recorded on the ROM medium is encrypted, if all the encrypted data is copied as it is to the RAM medium, it can be reproduced by a licensed legitimate device. You can create a pirated version.
[0010]
In view of this, the applicant of the present patent application, Japanese Patent Application Laid-Open No. 11-224461 (Japanese Patent Application No. 10-25310), identifies information for identifying individual recording media (hereinafter referred to as medium identification information). Is recorded on a recording medium together with other data, and it is possible to access the medium identification information of the recording medium only when the condition is satisfied, provided that the apparatus is licensed for this medium identification information. I proposed a composition.
[0011]
In this method, the data on the recording medium is encrypted with the medium identification information and a secret key (master key) obtained by receiving the license, and the device that has not received the license reads the encrypted data. Even so, it is impossible to obtain meaningful data. The operation of the apparatus is regulated so that illegal copying (illegal copying) cannot be performed when receiving a license.
[0012]
An unlicensed device cannot access the medium identification information, and the medium identification information has an individual value for each medium. Therefore, an unlicensed device is recorded on the recording medium. Even if all of the encrypted data is copied to a new recording medium, the data recorded on the recording medium thus created is not limited to an unlicensed device but a licensed device. However, since it cannot be decrypted correctly, illegal copying is substantially prevented.
[0013]
[Problems to be solved by the invention]
By the way, in the above configuration, the master key stored in the licensed apparatus is generally common to all devices. In this way, a common master key is stored for a plurality of devices under the conditions necessary to make a medium recorded on one device playable on another device (to ensure interoperability). Because there is.
[0014]
However, in this method, if the attacker succeeds in attacking one device and removes the master key, the encrypted data recorded in the entire system can be decrypted. Collapse. To prevent this, when it is discovered that a device has been attacked and the master key has been revealed, the master key is updated to a new one, and the new master key is updated to all devices other than the device that succumbed to the attack. Need to give. The simplest method to realize this configuration is to give each device a unique key (device key), prepare a new master key encrypted with each device key, However, there is a problem that the total amount of messages to be transmitted increases in proportion to the number of devices.
[0015]
As a configuration for solving the above problem, the applicant uses a key distribution method in which each information recording / reproducing device is arranged on each leaf of an n-ary tree, and the content data is transmitted via a recording medium or a communication line. By distributing a key (master key or media key) necessary for recording to or recording from a recording medium, each device can record and reproduce content data using this key. A configuration in which a master key or media key can be transmitted with a small amount of message (to a device whose secret is not exposed) has been proposed previously, and a patent application has already been filed (Japanese Patent Application No. 2000-105328). Specifically, a key necessary for generating a key necessary for recording on or reproducing from the recording medium, for example, a node key assigned to a node constituting each leaf of the n-ary tree is updated. A key update block (KRB) that is set as a node key and includes a leaf key that only the legitimate device has as an updated node key and information that is encrypted in a manner that can be decrypted by the node key is distributed to each information recording / reproducing device, and a key update block ( In this configuration, each device can acquire a key necessary for recording or reproduction from a recording medium by KRB decryption processing of each information recording / reproducing device that has received (KRB).
[0016]
In the recording medium manufactured after that, when it is detected that a device in a specific system (recording / playback device group) is attacked by an attacker and the secret device key is exposed, Has a feature that the recording / reproducing apparatus with the secret exposed can be excluded from the system, that is, the recording / reproducing compatibility with the apparatus which is not excluded can be prevented.
[0017]
However, in this configuration, it is only in a recording medium that is manufactured after it is discovered that a device whose secret has been exposed can be excluded from the system. In a recording medium that was manufactured before that, data is actually stored. Even if it is after the above-mentioned discovery time point, there is a problem that the recorded data can be decrypted with the exposed key, that is, there are few cases where the device to be excluded can actually be excluded.
[0018]
The present invention aims to solve the above-mentioned problems, and after it is discovered that a secret has been revealed, even on a previously manufactured recording medium, the recorded data cannot be decrypted with the exposed key. It is possible to provide an information recording apparatus, an information reproducing apparatus, an information recording method, an information reproducing method, an information recording medium, and a program providing medium that enable more effective content encryption. More specifically, a plurality of generations and versions of different keys can be stored in the recording medium, and when the recording / reproducing apparatus accesses the recording medium, a newer key is stored in the recording medium and unnecessary keys are deleted. It is an object of the present invention to provide an information recording apparatus, an information reproducing apparatus, an encryption processing key update method, and a program providing medium configured as described above.
[0019]
[Means for Solving the Problems]
  The first aspect of the present invention is:
  In an information recording apparatus for recording information on a removable recording medium,
  A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are used as leaves and nodes above the leaves are used as nodes is stored, and the key information is stored. For decrypting the encryption processing key for decrypting the stored data recorded on the recording medium.Update keyConfigured as stored dataKey update blockMemory means for storing
  Decryptable using the key information built in the information recording deviceKey update blockThe decryption process is performed to calculate the encryption process key used for the encryption process of the data to be stored in the recording medium, and the stored encryption data is stored in the recording medium using the calculated encryption process key. An encryption processing means for executing encryption processing;
  Stored in the recording medium when accessing the recording mediumKey update blockAnd the information recording device itself hasKey update blockCompare version with new versionKey update blockStored in the memory of the information recording device itselfKey update blockAnd the new versionKey update blockIs not stored in the recording medium, the new version of the recording mediumKey update blockExecute the writing processKey update blockUpdate processing means;
  An information recording apparatus characterized by comprising:
[0020]
  Furthermore, in one embodiment of the information recording apparatus of the present invention,Key update blockThe update processing means is stored in the recording medium.Key update blockAnd the information recording device itselfKey update blockLatest available inKey update blockStored on the recording mediumKey update blockAnd the latestKey update blockIs not stored in the memory of the information recording apparatus itself, the latestKey update blockIt is characterized by having the structure which performs this write-in process.
[0021]
  Furthermore, in one embodiment of the information recording apparatus of the present invention,Key update blockThe update processing means is stored in the recording medium.Key update blockIn addition, it is not used for encryption of any content data stored in the recording medium and is not the latest on the recording medium.Key update blockExecute detection process and detectKey update blockIt is characterized by having the structure which performs the process which deletes from the said recording medium.
[0022]
  Furthermore, in one embodiment of the information recording apparatus of the present invention, the encryption processing means is stored in the recording medium in the process of encrypting and storing content that is stored data in the recording medium.Key update blockAnd stored in the memory of the information recording device itselfKey update blockLatest available from withinKey update blockDetect the latest available availableKey update blockIt is characterized in that the storage data encryption processing for the recording medium is executed using the encryption processing key obtained by the decryption processing.
[0023]
Furthermore, in one embodiment of the information recording apparatus of the present invention, the encryption processing key is a master key common to a plurality of information recording apparatuses, a device key unique to the information recording apparatus, and a medium uniquely set to the recording medium It is one of the keys.
[0024]
  Furthermore, in one embodiment of the information recording apparatus of the present invention, the node key is configured as an updatable key, and the key for updating the cryptographic processing key is a key including at least one of a lower layer node key or a leaf key in the encryption processing key update processing. Encrypted byKey update blockIs distributed to the information recording device of the encryption processing key providing target leaf, and the encryption processing means in the information recording device receives the encryption processing key encrypted with the updated node key,Key update blockThe update node key is obtained by the encryption process, and the encryption process key is calculated based on the obtained update node key.
[0025]
  Furthermore, in one embodiment of the information recording apparatus of the present invention, the encryption processing key is configured to be associated with a version number as generation information.
Furthermore, in one embodiment of the information recording apparatus of the present invention, the encryption processing means seeds data at a head portion of block data of a predetermined size in the stored data when encrypting the stored data on the recording medium. As described above, a block key is calculated using the encryption processing key, and block data other than the head portion recorded on the recording medium is encrypted using the block key.
[0026]
  Furthermore, the second aspect of the present invention provides
  In an information reproducing apparatus for reproducing information from a removable recording medium,
  A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information reproducing devices are leaves and nodes are nodes higher than the leaves is stored, and the key information For decrypting the encryption processing key for decrypting the stored data recorded on the recording medium.Update keyConfigured as stored dataKey update blockMemory means for storing
  Decryptable using the key information built in the information reproducing apparatusKey update blockThe decryption process is executed, the calculation process of the encryption process key used for the decryption process of the encrypted data stored in the recording medium is executed, and the calculated encryption process key is used to store the encryption process key. A cryptographic processing means for performing decryption processing of the cryptographic data;
  Stored in the recording medium when accessing the recording mediumKey update blockAnd the information playback device itself hasKey update blockCompare version with new versionKey update blockStored in the memory of the information playback device itselfKey update blockAnd the new versionKey update blockIs not stored in the recording medium, the new version of the recording mediumKey update blockExecute the writing processKey update blockUpdate processing means;
  There is an information reproducing apparatus characterized by comprising:
[0027]
  Furthermore, in one embodiment of the information reproducing apparatus of the present invention,Key update blockThe update processing means is stored in the recording medium.Key update blockAnd the information reproducing apparatus itself hasKey update blockLatest available inKey update blockStored on the recording mediumKey update blockAnd the latestKey update blockIs not stored in the memory of the information reproducing apparatus itself, the latestKey update blockIt is characterized by having the structure which performs this write-in process.
[0028]
  Furthermore, in one embodiment of the information reproducing apparatus of the present invention,Key update blockThe update processing means is stored in the recording medium.Key update blockIn addition, it is not used for encryption of any content data that is stored data stored in the recording medium, and is not the latest on the recording mediumKey update blockExecute detection process and detectKey update blockIt is characterized by having the structure which performs the process which deletes from the said recording medium.
[0029]
  Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means is stored in the recording medium in the decryption processing of the encrypted data stored in the recording medium.Key update blockAnd stored in the memory of the information playback device itselfKey update blockAmong them, it matches the version of the encryption processing key of the content to be played that is the storage data of the recording mediumKey update blockDetected and detectedKey update blockThe decryption processing of the encrypted data stored in the recording medium is executed using the encryption processing key obtained by the decryption processing of the above.
[0030]
Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing key is a master key common to a plurality of information reproducing apparatuses, a device key unique to the information reproducing apparatus, and a medium uniquely set to the recording medium It is one of the keys.
[0031]
  Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the node key is configured as an updatable key, and the key for the update of the encryption processing key includes at least one of a lower layer node key or a leaf key in the encryption processing key update processing Encrypted byKey update blockIs distributed to the information reproduction device of the leaf for which the cryptographic processing key is provided, and the cryptographic processing means in the information reproducing device receives the cryptographic processing key encrypted by the updated node key,Key update blockThe update node key is obtained by the encryption process, and the encryption process key is calculated based on the obtained update node key.
[0032]
  Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing key is configured to be associated with a version number as generation information.
Furthermore, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means includes a block seed having a predetermined size read from the recording medium and the encryption code when the encryption data stored in the recording medium is decrypted. A block key is calculated using the processing key, and a decryption process using the block key is executed.
[0033]
  Furthermore, the third aspect of the present invention provides
  A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are leaves and nodes are nodes higher than the leaves is stored and detachable An encryption processing key update method in an information recording or reproducing apparatus for recording information on a recording medium,
  Applied to key generation used for information recording or reproduction using the recording medium by decryption processing using the key informationUpdate keyA key update block stored in the recording medium, and a key update block of the latest version available from the key update block stored in the memory of the information recording or reproducing device itself. A key update block detection step for detecting
  When the latest version key update block is a key update block stored in the memory of the information recording or reproducing apparatus itself, and the new version key update block is not stored in the recording medium, the new version key for the recording medium is stored. A key update block update process step for executing an update block write process;
  There is a cryptographic processing key update method characterized by comprising:
[0034]
  Furthermore, in an embodiment of the cryptographic processing key update method of the present invention,Key update blockThe update processing step is further stored on the recording medium.Key update blockAnd the information recording or playback device itself hasKey update blockLatest available inKey update blockStored on the recording mediumKey update blockAnd the latestKey update blockIs not stored in the memory of the information recording / reproducing apparatus itself,Key update blockThe step of executing the writing process is included.
[0035]
  Furthermore, in an embodiment of the cryptographic processing key update method of the present invention,Key update blockThe update processing step is further stored on the recording medium.Key update blockIn addition, it is not used for encryption of any content data that is stored data stored in the recording medium, and is not the latest on the recording mediumKey update blockExecute detection process and detectKey update blockIncluding a step of executing a process of deleting from the recording medium.
[0036]
  Furthermore, the fourth aspect of the present invention provides
  A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are leaves and nodes are nodes higher than the leaves is stored and detachable A program recording medium recording a computer program for executing on a computer system an information recording or reproducing apparatus for recording / reproducing information on a recording medium, wherein the computer program includes:
  The key update block update processing means constituting the computer system is applied to key generation used for information recording or reproduction using the recording medium by decryption processing using the key information.Update keyIs a key update block detection step for acquiring a key update block stored in a recording medium, and a key update block of the latest version available from the key update block stored in the memory of the information recording or playback device itself A key update block detection step for detecting
  In the key update block update processing means, when the latest version of the key update block is a key update block stored in the memory of the information recording or playback device itself, and the new version of the key update block is not stored in the recording medium, A key update block update processing step for executing a write process of the new version key update block on the recording medium; and
  The program recording medium is characterized by comprising:
[0037]
[Action]
In the configuration of the present invention, the distribution message amount required for key update is kept small by using a hierarchical key distribution method having a tree structure. In other words, using a key distribution method in which each device is arranged on each leaf of the n-ary tree, it is necessary for recording or reproducing content data on a recording medium via a recording medium or a communication line. A key (master key or media key) is distributed, and each device records and reproduces content data using this key.
[0038]
Further, in the present invention, in order to solve the above-mentioned problem, a plurality of generations and versions of different keys can be stored in the recording medium, and when the recording / reproducing apparatus accesses the recording medium, a newer key is stored in the recording medium. It is configured to store and delete unnecessary keys. Even after the recording medium is manufactured and put on the market, the recording / reproducing apparatus can write a key renewal block (KRB) for calculating a newer media key on the recording medium. When recording data on a recording medium, the recording / reproducing apparatus calculates a media key using a key renewal block (KRB) on the recording medium and the latest one among the KRBs stored in the recording medium. If the latest KRB is not on the recording medium but is stored by itself, it is stored on the recording medium.
[0039]
Furthermore, the recording / reproducing apparatus of the present invention checks the version of all KRBs on the recording medium when accessing the recording medium, and uses the latest version if it is newer than the one stored therein. The KRB stored in itself is updated to the latest one. Through these processes, new KRBs are stored more and more in the recording / reproducing apparatus, and when data is recorded, the media key calculated by the latest KRB stored in the recording / reproducing apparatus and the recording medium at that time is used. Since the data is encrypted and recorded, even if the recording medium is very old and the KRB stored in the recording medium is old, the data is recorded. Since there is a high possibility that a new KRB will be used, the security of the data can be further increased.
[0040]
Furthermore, the recording / reproducing apparatus of the present invention records not only the new KRB on the recording medium but also when recording the content data, and also when the recording medium is mounted on the recording / reproducing apparatus and the recording / reproducing apparatus accesses the recording medium. To do. By doing so, the recording / reproducing apparatus having a KRB newer than all the KRBs stored in the recording medium can record the new KRB on the recording medium even when the content data is not recorded. New KRB migration speed increases. Further, it is considered that one or a plurality of KRBs that are not the latest among the KRBs on the recording medium remain on the recording medium. When the recording / reproducing apparatus erases KRB, the recording capacity of the recording medium can be saved.
[0041]
The program providing medium according to the fourth aspect of the present invention is a medium that provides a computer program in a computer-readable format to, for example, a general-purpose computer system that can execute various program codes. The form of the medium is not particularly limited, such as a recording medium such as CD, FD, or MO, or a transmission medium such as a network.
[0042]
Such a program providing medium defines a structural or functional cooperative relationship between a computer program and a providing medium for realizing a function of a predetermined computer program on a computer system. . In other words, by installing a computer program in the computer system via the provided medium, a cooperative action is exhibited on the computer system, and the same effects as the other aspects of the present invention are obtained. Can do it.
[0043]
Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings.
[0044]
DETAILED DESCRIPTION OF THE INVENTION
[System configuration]
FIG. 1 is a block diagram showing the configuration of an embodiment of a recording / reproducing apparatus 100 to which the present invention is applied. The recording / reproducing apparatus 100 includes an input / output I / F (Interface) 120, an MPEG (Moving Picture Experts Group) codec 130, an input / output I / F (Interface) 140 including an A / D and D / A converter 141, and encryption processing. Means 150, ROM (Read Only Memory) 160, CPU (Central Processing Unit) 170, memory 180, and recording medium interface (I / F) 190 of the recording medium 195 are connected to each other by a bus 110. .
[0045]
The input / output I / F 120 receives digital signals constituting various contents such as images, sounds, and programs supplied from the outside, outputs the digital signals to the bus 110, receives the digital signals on the bus 110, and externally receives them. Output. The MPEG codec 130 MPEG-decodes MPEG-encoded data supplied via the bus 110 and outputs it to the input / output I / F 140 and MPEG-encodes a digital signal supplied from the input / output I / F 140. Output on the bus 110. The input / output I / F 140 includes an A / D and D / A converter 141. The input / output I / F 140 receives an analog signal as content supplied from the outside and performs A / D (Analog Digital) conversion by the A / D and D / A converter 141, thereby converting the MPEG codec 130 as a digital signal. In addition, the digital signal from the MPEG codec 130 is D / A (Digital Analog) converted by the A / D and D / A converter 141 to be output to the outside as an analog signal.
[0046]
The encryption processing unit 150 is configured by, for example, a one-chip LSI (Large Scale Integrated Circuit), and encrypts or decrypts a digital signal as content supplied via the bus 110 and outputs the encrypted signal to the bus 110. have. The cryptographic processing means 150 is not limited to a one-chip LSI, and can be realized by a configuration combining various types of software or hardware. The configuration as the processing means by the software configuration will be described later.
[0047]
The ROM 160 includes, for example, a leaf key that is a device key unique to each recording / playback device or a group of a plurality of recording / playback devices, and a node key that is a device key shared by a plurality of recording / playback devices or a plurality of groups. Is remembered. The CPU 170 executes the program stored in the memory 180, thereby executing control of the MPEG codec 130, the encryption processing means 150, and the like, and further, control as KRB update processing means for executing KRB update processing described later. The memory 180 is a non-volatile memory, for example, and stores various programs including a KRB update process executed by the CPU 170 and data necessary for the operation of the CPU 170. The recording medium interface 190 reads (reproduces) digital data from the recording medium 195 by driving a recording medium 195 capable of recording / reproducing digital data, and outputs the data onto the bus 110 and is supplied via the bus 110. The digital data is supplied to the recording medium 195 and recorded. Further, the program may be stored in the ROM 160 and the device key may be stored in the memory 180.
[0048]
The recording medium 195 is a medium capable of storing digital data, such as an optical disk such as a DVD or a CD, a magneto-optical disk, a magnetic disk, a magnetic tape, or a semiconductor memory such as a RAM. In this embodiment, the recording medium is a recording medium. It is assumed that the configuration is detachable from the interface 190. However, the recording medium 195 may be built in the recording / reproducing apparatus 100.
[0049]
[Data recording processing and data playback processing]
Next, data recording processing on the recording medium and data reproduction processing from the recording medium in the recording / reproducing apparatus of FIG. 1 will be described with reference to the flowcharts of FIGS. When the content of the digital signal from the outside is recorded on the recording medium 195, a recording process according to the flowchart of FIG. That is, when digital signal content (digital content) is supplied to the input / output I / F 120 via, for example, an IEEE (Institute of Electrical and Electronics Engineers) 1394 serial bus, the input / output I / F is received in step S201. F120 receives the supplied digital content and outputs it to the encryption processing means 150 via the bus 110.
[0050]
In step S 202, the encryption processing unit 150 performs encryption processing on the received digital content, and outputs the resulting encrypted content to the recording medium I / F 190 via the bus 110. The encrypted content is recorded on the recording medium 195 via the recording medium I / F 190 (S203), and the recording process is terminated.
[0051]
As a standard for protecting digital contents when transmitting digital contents between devices connected via an IEEE1394 serial bus, 5CDTCP ( Five Company Digital Transmission Content Protection (hereinafter referred to as “DTCP” as appropriate) is defined. In this DTCP, when digital content that is not copy-free is transmitted between devices, the transmission side and the reception side receive data prior to data transmission. The two sides mutually authenticate whether or not the copy control information for controlling the copy can be handled correctly, and then the transmission side encrypts and transmits the digital content, and the reception side encrypts the encrypted digital content ( (Encrypted content) is decrypted.
[0052]
In the data transmission / reception based on the DTCP standard, the input / output I / F 120 on the data receiving side receives the encrypted content via the IEEE1394 serial bus in step S201, and the encrypted content conforms to the DTCP standard. Are decrypted and output to the encryption processing means 150 as plain text content.
[0053]
Encryption of digital content by DTCP is performed using a key that changes over time and that key. The encrypted digital content including the key used for the encryption is transmitted on the IEEE1394 serial bus, and the receiving side decrypts the encrypted digital content using the key included therein.
[0054]
According to DTCP, precisely, an initial value of a key and a flag indicating a change timing of a key used for encrypting digital content are included in the encrypted content. On the receiving side, the key used for encryption is generated by changing the initial value of the key included in the encrypted content at the timing of the flag included in the encrypted content. The encrypted content is decrypted. However, here, since it may be considered that the encrypted content includes a key for performing the decryption, it is assumed that it is equivalent in the following. Here, for DTCP, for example, an informational version can be obtained from a Web page specified by a URL (Uniform Resource Locator) at http://www.dtcp.com.
[0055]
Next, processing when external analog signal content is recorded on the recording medium 195 will be described with reference to the flowchart of FIG. When the content of the analog signal (analog content) is supplied to the input / output I / F 140, the input / output I / F 140 receives the analog content in step S221, proceeds to step S222, and includes the built-in A / D, A / D conversion is performed by the D / A converter 141 to obtain a digital signal content (digital content).
[0056]
This digital content is supplied to the MPEG codec 130, MPEG encoding, that is, encoding processing by MPEG compression is executed in step S 223, and supplied to the cryptographic processing means 150 via the bus 110.
[0057]
Thereafter, in steps S224 and S225, processing similar to the processing in steps S202 and S203 in FIG. That is, the encryption process in the encryption processing unit 150 is executed, the encrypted content obtained as a result is recorded on the recording medium 195, and the recording process is terminated.
[0058]
Next, a process of reproducing the content recorded on the recording medium 195 and outputting it as digital content or analog content will be described with reference to the flow of FIG. The process of outputting to the outside as digital content is executed as a reproduction process according to the flowchart of FIG. That is, first, in step S301, the encrypted content recorded on the recording medium 195 is read by the recording medium I / F 190 and output to the encryption processing unit 150 via the bus 110.
[0059]
In the encryption processing unit 150, the encrypted content supplied from the recording medium I / F 190 is decrypted in step S302, and the decrypted data is supplied to the input / output I / F 120 via the bus 110. In step S303, the input / output I / F 120 outputs the digital content to the outside and ends the reproduction process.
[0060]
When the digital content is output via the IEEE1394 serial bus in step S303, the input / output I / F 120 performs authentication with the counterpart device in accordance with the DTCP standard as described above. After each other, the digital content is encrypted and transmitted.
[0061]
When the content recorded on the recording medium 195 is played back and output to the outside as analog content, playback processing according to the flowchart of FIG. 3B is performed.
[0062]
That is, in steps S321 and S322, the same processing as in steps S301 and S302 of FIG. 3A is performed, and thus the decrypted digital content obtained by the encryption processing means 150 is transmitted through the bus 110. To the MPEG codec 130.
[0063]
In the MPEG codec 130, in step S 323, digital content is subjected to MPEG decoding, that is, decompression processing, and supplied to the input / output I / F 140. In step S324, the input / output I / F 140 performs D / A conversion on the digital content MPEG-decoded by the MPEG codec 130 by the built-in A / D and D / A converter 141 to obtain analog content. In step S325, the input / output I / F 140 outputs the analog content to the outside and ends the reproduction process.
[0064]
[About tree structure as key distribution configuration]
Next, a description will be given of a configuration in which the recording / reproducing apparatus shown in FIG. 1 distributes a key, for example, a media key, necessary for recording or reproducing data to / from a recording medium to each device. FIG. 4 is a diagram showing a key distribution configuration of a recording / reproducing apparatus in a recording system using this method. Numbers 0 to 15 shown at the bottom of FIG. 4 are individual recording / reproducing apparatuses. That is, each leaf (leaf) of the tree structure shown in FIG. 4 corresponds to each recording / reproducing apparatus.
[0065]
Each device 0 to 15 itself has a key (node key) assigned to a node from its leaf to the root and a leaf key of each leaf in its initial tree at the time of manufacture (shipment). Store. K0000 to K1111 shown at the bottom of FIG. 4 are leaf keys assigned to the devices 0 to 15, respectively. Keys described in the second clause (node) from the top KR to KR to K111 from the top KR. Is a node key.
[0066]
In the tree configuration shown in FIG. 4, for example, the device 0 has a leaf key K0000 and node keys: K000, K00, K0, and KR. The device 5 owns K0101, K010, K01, K0, and KR. The device 15 owns K1111, K111, K11, K1, and KR. Note that only 16 devices 0 to 15 are shown in the tree of FIG. 4 and the tree structure is shown as a balanced configuration with a four-stage configuration, but more devices are configured in the tree. In addition, it is possible to have a different number of stages in each part of the tree.
[0067]
Each of the recording / reproducing devices included in the tree structure of FIG. 4 includes various types of recording / reproducing devices that use various recording media such as DVD, CD, MD, Memory Stick (trademark), and the like. . Furthermore, it is assumed that various application services coexist. The key distribution configuration shown in FIG. 4 is applied on such a coexistence configuration of different devices and different applications.
[0068]
In a system in which these various devices and applications coexist, for example, the portions surrounded by dotted lines in FIG. 4, that is, devices 0, 1, 2, and 3 are set as one group using the same recording medium. For example, for devices included in the group surrounded by the dotted line, the common content is encrypted and sent from the provider, the master key used in common is sent, or the provider is sent from each device. Alternatively, a process for encrypting and outputting content fee payment data to a settlement organization or the like is executed. An institution that performs data transmission / reception with each device, such as a content provider or a payment processing institution, sends data collectively as a group of the parts surrounded by the dotted lines in FIG. 4, that is, devices 0, 1, 2, and 3. Execute the process. There are a plurality of such groups in the tree of FIG.
[0069]
Note that the node key and leaf key may be managed by a single key management center, or may be managed for each group by a provider, a settlement institution, or the like that performs various data transmission / reception with respect to each group. These node keys and leaf keys are updated when, for example, a key is leaked, and this updating process is executed by a key management center, a provider, a settlement organization, or the like.
[0070]
In this tree structure, as is apparent from FIG. 4, the three devices 0, 1, 2, 3 included in one group have common keys K00, K0, KR as node keys. By using this node key sharing configuration, for example, a common master key can be provided only to devices 0, 1, 2, and 3. For example, if the common node key K00 itself is set as the master key, only the devices 0, 1, 2, and 3 can set the common master key without executing new key transmission. Further, if the value Enc (K00, Kmaster) obtained by encrypting the new master key Kmaster with the node key K00 is stored in the recording medium via the network or distributed to the devices 0, 1, 2, 3, the device 0, Only 1, 2 and 3 can use the shared node key K00 possessed by each device to break the encryption Enc (K00, Kmaster) to obtain the master key: Kmaster. Enc (Ka, Kb) indicates data obtained by encrypting Kb with Ka.
[0071]
In addition, when it is discovered that the key possessed by the device 3: K0011, K001, K00, K0, KR is analyzed and exposed by an attacker (hacker) at a certain generation: t, the system (device) In order to protect data transmitted and received in the 0, 1, 2, 3 group), it is necessary to disconnect the device 3 from the system. For this purpose, the node keys: K001, K00, K0, KR are updated to new keys K (t) 001, K (t) 00, K (t) 0, K (t) R, respectively, and devices 0, 1, 2 must be notified of the update key. Here, K (t) aaa indicates that the key is a renewal key of Generation: t.
[0072]
The update key distribution process will be described. For updating the key, for example, a table composed of block data called a key renewal block (KRB) shown in FIG. 5A is stored in, for example, a network or a recording medium, and the devices 0, 1, 2 are stored. It is executed by supplying to.
[0073]
The key update block (KRB) shown in FIG. 5A is configured as block data having a data configuration that can be updated only by a device that needs to update the node key. The example of FIG. 5 is block data formed for the purpose of distributing the update node key of generation t to the devices 0, 1, and 2 in the tree structure shown in FIG. As is apparent from FIG. 4, device 0 and device 1 require K (t) 00, K (t) 0, and K (t) R as update node keys, and device 2 uses K (t) as an update node key. ) 001, K (t) 00, K (t) 0, K (t) R are required.
[0074]
As shown in the KRB in FIG. 5A, the KRB includes a plurality of encryption keys. The lowest encryption key is Enc (K0010, K (t) 001). This is an update node key K (t) 001 encrypted with the leaf key K0010 of the device 2, and the device 2 can decrypt this encryption key with the leaf key of itself and obtain K (t) 001. . Also, using K (t) 001 obtained by decryption, the encryption key Enc (K (t) 001, K (t) 00) in the second stage from the bottom of FIG. 5A can be decrypted and updated. The node key K (t) 00 can be obtained. Subsequently, the encryption key Enc (K (t) 00, K (t) 0) in the second stage from the top of FIG. 5A is sequentially decrypted, and the update node key K (t) 0, as shown in FIG. The first-stage encryption key Enc (K (t) 0, K (t) R) is decrypted to obtain K (t) R. On the other hand, for the devices 0 and 1, the node key K000 is not included in the update target, and K (t) 00, K (t) 0, and K (t) R are required as the update node keys. The devices 0 and 1 decrypt the encryption key Enc (K000, K (t) 00) in the third row from the top of FIG. 5A to obtain K (t) 00. ) Decrypts the second-stage encryption key Enc (K (t) 00, K (t) 0) from the top, and updates the node key K (t) 0, the first-stage encryption from the top of FIG. The decryption key Enc (K (t) 0, K (t) R) is decrypted to obtain K (t) R. In this way, the devices 0, 1, and 2 can obtain the updated key K (t) R. Note that the index in FIG. 5A indicates the absolute addresses of node keys and leaf keys used as decryption keys.
[0075]
In the case where it is not necessary to update the node keys: K (t) 0, K (t) R in the upper level of the tree structure shown in FIG. 4, and only the node key K00 needs to be updated, the processing shown in FIG. By using a key renewal block (KRB), the updated node key K (t) 00 can be distributed to the devices 0, 1, and 2.
[0076]
The KRB shown in FIG. 5B can be used, for example, when distributing a new master key shared by a specific group of information recording apparatuses, a device key unique to the information recording apparatus, or a media key specific to the recording medium. is there. As a specific example, it is assumed that a recording medium having devices 0, 1, 2, and 3 in a group indicated by a dotted line in FIG. 4 is used and a new common master key K (t) master is required. At this time, the data Enc (K (t (K)) is obtained by encrypting a new common update master key: K (t) master using K (t) 00 obtained by updating the common node key K00 of the devices 0, 1, 2, and 3. ), K (t) master) is distributed together with the KRB shown in FIG. This distribution enables distribution as data that is not decrypted in other groups of devices such as the device 4. The same applies to the media key.
[0077]
That is, if the devices 0, 1, and 2 decrypt the ciphertext using K (t) 00 obtained by processing the KRB, the master key: K (t) master and the media key: K ( t) It is possible to obtain media.
[0078]
In summary, the processing in each device can be described as follows.
1. Each device looks at the index part of the KRB and knows the structure of the tree sent by the KRB.
2. By decrypting the ciphertext using the highest key (in this example, K000 for device 0, 1 and K0010 for device 2) among the node keys that have not been updated by KRB (live), the parent key of the node Get the updated node key for the node.
3. By decrypting the ciphertext using the updated node key, the updated node key of the parent node of the node is obtained.
4). This is repeated to obtain the updated node key of the highest node of KRB.
[0079]
The generation of KRB represents the version of the KRB. For example, the value of a new one is increased, and the new and old KRBs can be compared by comparing the values. If updating of K (t) 0 and K (t) R is not required, K (t) 00 is assigned to devices 0, 1, and 2 by using KRB (Key Renewal Block) in FIG. 2 can share. That is, when a device 0, 1, 2, 3 forms one group using a certain recording medium, the recording data is encrypted using the media key transmitted using K (t) 00, whereby the device 4 For example, data that is not accessed from other groups of devices can be used. Specifically, for example, using FIG. 5B, the devices 0, 1, and 2 share K (t) 00, but the media key K (t) media at the time point t is stored in the recording medium storing this KRB. Is encrypted and stored. The devices 0, 1, and 2 decrypt the ciphertext using K (t) 00 obtained by processing the KRB, and obtain a media key K (t) media at time t.
[0080]
[Acquiring media key using KRB]
FIG. 6 shows an example of processing for obtaining the media key K (t) media at time t proposed in Japanese Patent Application No. 2000-105328, which is an earlier patent application of the present applicant. Processing of the device 2 which has received the data Enc (K (t) 00, K (t) media) obtained by encrypting the common media key K (t) media and the KRB shown in FIG. 5B via the recording medium Indicates.
[0081]
As shown in FIG. 4, it is assumed that a recording / reproducing system includes four devices, devices 0, 1, 2, and 3, surrounded by dotted lines. FIG. 6 shows that when the device 3 is revoked and the media key assigned to each recording medium is used, the recording / playback apparatus (device 2) is necessary for encrypting or decrypting the content on the recording medium. This represents processing for obtaining a media key using a KRB (Key Renewal Block) stored in the recording medium and a device key stored in the recording / reproducing apparatus.
[0082]
In the memory of device 2, the leaf key K_0010 assigned only to itself and the node keys (K_001, K_00, K_0, K_R, respectively) of each node 001,00,0, R from the root to the tree are securely stored. ing. The device 2 calculates the node key K (t) _001 of the node 001 by decrypting the encrypted text having the index 0010 out of the KRB stored in the recording medium of FIG. Next, using it, the ciphertext with index 001 is decrypted to calculate node key K (t) _00 of node 00, and finally the ciphertext is decrypted using it to media key K (t) Calculate _media. Data encryption processing and decryption processing using the media key thus calculated and acquired will be described below.
[0083]
[Encryption and decryption using media key]
An example of data encryption processing and recording processing on a recording medium executed by the encryption processing unit 150 will be described with reference to the processing block diagram of FIG.
[0084]
The recording / reproducing apparatus 700 acquires the media key by the calculation process based on the above-described KRB.
[0085]
Next, the recording / reproducing apparatus 700 checks whether or not a disc ID (Disc ID) as identification information has already been recorded on a recording medium 702 that is, for example, an optical disc. If recorded, the disk ID (Disc ID) is read. If not recorded, the encryption processing means 150 generates a disk ID (Disc ID) 1701 randomly or by a predetermined method such as random number generation. And record it on the disc. Since there is only one disc ID (Disc ID) for the disc, it can be stored in the lead-in area or the like.
[0086]
Next, the recording / reproducing device 700 generates a disc unique key using the media key 701 and the disc ID. As a specific method for generating a disk unique key (Disc Unique Key), as shown in FIG. 8, a result obtained by inputting a media key and a disk ID (Disc ID) into a hash function using a block cipher function The data generated by bit concatenation of the media key and the disc ID (Disc ID) is input to the method of Example 1 using the method and the hash function SHA-1 defined in FIPS 180-1, and the 160-bit The method of Example 2 in which only the necessary data length from the output is used as the disc unique key can be applied.
[0087]
Next, a title key (Title Key), which is a unique key for each recording, is generated randomly or by a predetermined method such as random number generation in the encryption processing means 150 (see FIG. 1) and recorded on the disk 702. .
[0088]
Next, from a combination of either a disc unique key (Disc Unique Key) and a title key (Title Key) and a device ID, or a disc unique key (Disc Unique Key) and title key (Title Key) and a device unique key , Generate a title unique key.
[0089]
As shown in FIG. 9, a specific method for generating this title unique key (Title Unique Key) includes a hash function using a block cipher function, a title key (Title Key), a disc unique key (Disc Unique Key), The method of Example 1 using the result obtained by inputting the device ID (when the playback device is not restricted) or the device unique key (when the playback device is restricted), or the hash function SHA defined in FIPS 180-1 -1 is input with data generated by bit concatenation of a media key, a disc ID (Disc ID) and a device ID (when playback device restriction is not performed) or a device specific key (when playback device restriction is performed). The method of Example 2 in which only the necessary data length is used as the title unique key from the 160-bit output can be applied. Note that the playback device restriction means that the content data stored in the recording medium can be played back only by a specific playback device that is restricted.
[0090]
In the above description, a disc unique key (Disc Unique Key) is generated from the media key and disc ID (Disc ID), and the title key (Title Key) and device ID or title key (Title Key) and device. A unique title key (Title Unique Key) is generated from each unique key, but a disc unique key (Disc Unique Key) is not required, and a media key, disc ID (Disc ID), title key (Title Key), The title unique key (Title Unique Key) may be generated directly from the device ID or the device unique key, and without using the title key (Title Key), the media key (Media Key), the disc ID (Disc ID), A key corresponding to a title unique key (Title Unique Key) may be generated from the device ID or the device unique key.
[0091]
Further, the subsequent processing will be described with reference to FIG. From the block seed (Block Seed) output by separating the first 1 to 4 bytes of the block data input as encrypted data, and the title unique key (Title Unique Key) generated earlier, the block A block key that is a key for encrypting the data is generated.
[0092]
An example of a method for generating a block key is shown in FIG. FIG. 10 shows two examples in which a 64-bit block key (Block Key) is generated from a 32-bit block seed (Block Seed) and a 64-bit title unique key (Title Unique Key). Yes.
[0093]
In Example 1 shown in the upper part, a cryptographic function having a key length of 64 bits and an input / output of 64 bits is used. The title unique key (Title Unique Key) is used as the key for this cryptographic function, and the result of encryption by inputting the concatenation of the block seed (Block Seed) and 32-bit constant (constant) is used as the block key (Block Key). Yes.
[0094]
Example 2 is an example using the hash function SHA-1 of FIPS 180-1. A value obtained by concatenating a title unique key (Title Unique Key) and a block seed (Block Seed) is input to SHA-1, and the 160-bit output is reduced to 64 bits, for example, using only the lower 64 bits. Is a block key.
[0095]
In the above description, an example of generating a disc unique key, a title unique key, and a block key has been described. For example, a disc unique key and a title are generated. Media key, disk ID (Disc ID), title key (Title Key), block seed (Block Seed), device ID, or device unique key for each block without generating a unique key (Title Unique Key) May be used to generate a block key.
[0096]
When the block key is generated, the block data is encrypted using the generated block key. As shown in the lower part of FIG. 7, the first 1 to m bytes (for example, m = 8 bytes) of the block data including the block seed (block seed) are separated (selector 1608) and are not subject to encryption, and m + 1 bytes. Encrypt from eye to final data. The m bytes that are not encrypted include the first to fourth bytes as a block seed. The block data after the (m + 1) th byte separated by the selector is encrypted according to an encryption algorithm preset in the encryption processing means 150. As an encryption algorithm, for example, DES (Data Encryption Standard) defined by FIPS 46-2 can be used.
[0097]
Through the above processing, the content is encrypted in block units with a generation-managed media key, a block key generated based on the block seed, etc., and stored in the recording medium.
[0098]
FIG. 11 is a block diagram for explaining the decryption and reproduction processing of the encrypted content data stored in the recording medium.
[0099]
In the reproduction processing, a disc unique key is generated from the media key and the disc ID, and a title unique key is generated from the disc unique key and the title key, as in the encryption and recording processing described with reference to FIGS. Further, a block key is generated from the title key and the block seed read from the recording medium, and the block-unit encrypted data read from the recording medium 702 is decrypted using the block key as a decryption key.
[0100]
As described above, in the encryption process at the time of recording the content data on the recording medium and the decryption process at the time of reproduction from the recording medium, the media key is calculated based on the KRB, and then the calculated media key and other identifiers are calculated. Based on the above, a key for content encryption processing or a key for decryption processing is generated.
[0101]
In the above-described example, the configuration for generating the keys used for the encryption process and the decryption process of the content data using the media key has been described. However, instead of the media key, a master key common to a plurality of recording / playback apparatuses, Alternatively, a device key unique to the recording / reproducing device may be acquired from the KRB, and a key used for content data encryption processing and decryption processing may be generated based on the device key. Furthermore, a media key, a master key, or a device key itself acquired from KRB can be applied as a key used for content data encryption processing and decryption processing.
[0102]
As described above, by using a key update block (KRB), an update key is securely provided only to a device that has received a valid license, and a content encryption process for the recording medium using the provided key, or a recording medium It is possible to generate a key for use in decrypting the content read from the content. In the above-described configuration, for example, only one key update block (KRB) is stored in one recording medium and an update key is acquired using the same, but a plurality of key update blocks (KRB) are further used. ) Will be described below. In this case, as will be described in detail later, each of the recorded encrypted content data on the recording medium is encrypted using which KRB of the plurality of key update blocks (KRB). Is configured to have distinguishable information.
[0103]
In the configuration of the present invention, it is possible to store KRB not only in the recording medium but also in the memory of the recording / reproducing apparatus. The storage means for storing the key update block (KRB) of the recording / reproducing apparatus has a rewritable configuration, and the recording / reproducing apparatus can access the recording medium, for example, when the recording medium is attached to the recording / reproducing apparatus. The KRB on the recording medium is searched, and if the newest version is newer than the one stored by itself, the KRB stored therein is updated using this.
[0104]
[KRB format]
FIG. 12 shows a format example of a key renewal block (KRB). The version 1201 is an identifier indicating a version of a key renewal block (KRB). The depth indicates the number of hierarchies in the hierarchy tree for the device to which the key renewal block (KRB) is distributed. The data pointer 1203 is a pointer indicating the position of the data part in the key renewal block (KRB), the tag pointer 1204 is the position of the tag part, and the signature pointer 1205 is a pointer indicating the position of the signature. The data unit 1206 stores, for example, data obtained by encrypting the node key to be updated.
[0105]
A tag portion 1207 is a tag indicating the positional relationship between the encrypted node key and leaf key stored in the data portion. The tag assignment rule will be described with reference to FIG. FIG. 13 shows an example in which the key update block (KRB) described with reference to FIG. 5A is sent as data. The data at this time is as shown in the table on the right side of FIG. The top node address included in the encryption key at this time is set as the top node address. In this case, since the update key K (t) R of the root key is included, the top node address is KR.
[0106]
The uppermost data Enc (K (t) 0, K (t) R) of the encryption key is at the position shown in the left hierarchical tree in FIG. Here, the next data is Enc (K (t) 00, K (t) 0), and is in the lower left position of the previous data on the tree. When there is data, the tag is set to 0, and when there is no data, 1 is set. The tags are set as {left (L) tag, right (R) tag}. Since there is data on the left of the uppermost data Enc (K (t) 0, K (t) R), L tag = 0, and there is no data on the right, so R tag = 1. Hereinafter, tags are set for all data, and a data string and a tag string shown in FIG. 13C are configured.
[0107]
Returning to FIG. 12, the KRB format will be further described. The signature (Signature) is an electronic signature executed by, for example, a key management center, a content provider, a settlement organization, etc. that issued the key update block (KRB). The device that has received the KRB confirms by signature verification that it is a key update block (KRB) issued by a valid key update block (KRB) issuer.
[0108]
[Update process of key update block (KRB)]
Next, update processing of the key update block (KRB) in the recording / reproducing apparatus and the recording medium will be described with reference to FIG.
[0109]
FIG. 14 shows a key update block (KRB) update process in the recording / reproducing apparatus. FIG. 14A shows a state before the recording medium is mounted on the recording / reproducing device. One recording key update block (KRB) 1411 is stored in the recording / reproducing apparatus 1410, and the recording medium 1420 contains the recording medium 1420. A state is shown in which two key update blocks (KRB) 1421, 1422 are stored.
[0110]
The KRB stored in the recording / reproducing apparatus 1410 is a version (T2) key update block (KRB) 1411. The KRB stored in the recording medium 1420 is the version (T1) key update block (KRB) 1421, and This is a key update block (KRB) 1422 of the version (T3). Here, it is assumed that the versions T3, T2, and T1 have the latest T3 and the oldest T1.
[0111]
The recording medium 1420 stores content 1431 encrypted using a media key generated from the key update block (KRB) of version (T1).
[0112]
When the recording medium 1420 is loaded into the recording / reproducing apparatus 1410 and the recording / reproducing apparatus 1410 accesses the recording medium 1420, the recording / reproducing apparatus 1410 searches for the latest version of the KRB among the KRBs on the recording medium 1420. To do. The latest version is T3, and the version T3 is newer than the key update block (KRB) 1411 of the version (T2) stored in the recording / reproducing apparatus 1410. Therefore, the key update block (KRB) 1422 of the version (T3) Is used to update the KRB stored in the recording / reproducing apparatus. As a result, as shown in FIG. 14B, the key update block (KRB) 1411 of the old version (T2) of the recording / playback apparatus 1410 is replaced with the key update block (KRB) 1412 of the new version (T3). It is done.
[0113]
Further, when the KRB stored in the recording / reproducing apparatus is newer than all the KRBs stored in the recording medium, the new KRB is stored in the recording medium when the recording medium is accessed. FIG. 15 shows the concept that the recording / reproducing apparatus records a new KRB on the recording medium.
[0114]
(A) shown in the upper part of FIG. 15 shows a state before the recording medium is mounted on the recording / reproducing device. One key update block (KRB) 1511 is stored in the recording / reproducing apparatus 1510, and the recording medium 1520 contains A state in which two key update blocks (KRB) 1521 and 1522 are stored is shown.
[0115]
The KRB stored in the recording / reproducing apparatus 1510 is a version (T3) key update block (KRB) 1511. The KRB stored in the recording medium 1520 is the version (T1) key update block (KRB) 1521, and This is a key update block (KRB) 1522 of version (T2). Here, it is assumed that the versions T3, T2, and T1 have the latest T3 and the oldest T1.
[0116]
The recording medium 1520 stores content 1531 encrypted using a media key generated from the key update block (KRB) of version (T1).
[0117]
When the recording medium 1520 is loaded into the recording / reproducing apparatus 1510 and the recording / reproducing apparatus 1510 accesses the recording medium 1520, the recording / reproducing apparatus searches for the latest version of the KRB among the KRBs on the recording medium 1520. . The latest version is T2, and the version T2 is an older version than the key update block (KRB) 1511 of the version (T3) stored in the recording / reproducing device 1510. Therefore, the key update block of the version (T3) (KRB) 1511 is recorded on the recording medium 1520. As a result, as shown in FIG. 15B, the key update block (KRB) 1523 of the new version (T3) is added to the recording medium 1520.
[0118]
Furthermore, in the recording / reproducing apparatus of the present invention, KRB that is not used for encryption of any content data in the recording medium and is not the latest on the recording medium is deleted. FIG. 16 shows a concept in which the recording / reproducing apparatus deletes unnecessary KRB on the recording medium.
[0119]
FIG. 16A shows a state before the recording medium is mounted on the recording / reproducing device. One key update block (KRB) 1611 is stored in the recording / reproducing apparatus 1610, and the recording medium 1620 stores the key update block (KRB) 1611. A state is shown in which three key update blocks (KRBs) 1621, 1622, and 1623 are stored.
[0120]
The KRB stored in the recording / reproducing apparatus 1610 is a key update block (KRB) 1611 of any arbitrary version, version (any), and the KRB stored in the recording medium 1620 is a key update block (KRB) of version (T1). ) 1621, version (T2) key update block (KRB) 1622, and version (T3) key update block (KRB) 1623. Here, it is assumed that the versions T3, T2, and T1 have the latest T3 and the oldest T1.
[0121]
The recording medium 1620 stores content 1631 encrypted using a media key generated from the key update block (KRB) of version (T1).
[0122]
When the recording medium 1620 is mounted on the recording / reproducing apparatus 1610 and the recording / reproducing apparatus 1610 accesses the recording medium 1620, the recording / reproducing apparatus is not used for encryption of any content data, and the recording medium Search for a key update block (KRB) that is not the latest on 1620. In the example of FIG. 16, the version (T2) key update block (KRB) 1622 is detected as a KRB that satisfies the condition. The recording / reproducing device 1610 deletes the detected KRB, that is, the key update block (KRB) that is not used for encryption of any content data and is not the latest on the recording medium 1620. As a result, as shown in FIG. 16B, the recording medium 1620 includes a key update block (KRB) 1621 of the version (T1) used for content encryption and the latest version (T3). Only the key update block (KRB) 1623 is recorded. As a result, the recording area of the recording medium can be used effectively.
[0123]
As described above, all of the three types of KRB update processing described with reference to FIGS. 14, 15, and 16 may be performed when a recording medium is loaded in the recording / reproducing apparatus, for example. Specifically, when it is detected that a recording medium is loaded in the recording medium interface 190 of FIG. 1, the CPU 170 reads and executes a KRB update processing program stored in the ROM 160 or the memory 170. This processing procedure will be described with reference to the flowchart of FIG.
[0124]
In step S1701 in FIG. 17, the recording / reproducing apparatus retrieves all KRBs on the recording medium, and the latest one among them, and the version of KRB (generation: Generation) stored in the recording means in the recording / reproducing apparatus. ) Is compared. If the versions are the same, the process ends without doing anything.
[0125]
If the latest KRB on the recording medium is newer than the KRB in the recording / reproducing apparatus, the process advances to step S1702. In step S1702, it is determined whether or not the latest KRB to be updated can be decrypted using the leaf key and node key held by the recording / reproducing apparatus. That is, as described above with reference to FIGS. 4, 5, 6, etc., the key update block (KRB) is sequentially decrypted with its own leaf key or node key, and the generation updated generation information: the node key of the new version of t For example, it is determined whether or not K (t) 00 or the root key K (t) R can be acquired. In this determination process, for example, in the key update block (KRB) shown in FIG. 5, it is determined whether or not an encryption key that can be decrypted by applying its own leaf key and node key as it is to any index is stored. Is done.
[0126]
If it is determined in step S1702 that the latest KRB to be updated can be decrypted using the leaf key and node key held by the recording / reproducing apparatus, the process advances to step S1703. If it is determined that decoding is not possible, step S1703 is skipped and the process ends. In step S1703, as described above with reference to FIG. 14, the KRB in the recording / reproducing apparatus is updated using the latest KRB on the recording medium, and the process ends.
[0127]
On the other hand, if the KRB in the recording / reproducing apparatus is newer than the latest KRB on the recording medium in step S1701, the process proceeds to step S1704.
[0128]
In S1704, the KRB in the recording / reproducing apparatus is recorded on the recording medium, and the process proceeds to S1705. In step S1705, it is checked whether an unnecessary KRB exists on the recording medium. As described above, the unnecessary KRB is a KRB that is not used for encryption of any content data stored in the recording medium and is not the latest on the recording medium. If such a KRB exists, the process advances to step S1706 to delete the KRB from the recording medium, and the process ends.
[0129]
If there is no unnecessary KRB in S1705, S1706 is skipped and the process is terminated. As described above, the KRB in the recording / reproducing apparatus can be updated, the new KRB can be recorded on the recording medium, and the unnecessary KRB can be deleted from the recording medium.
[0130]
Next, a process in which the recording / reproducing apparatus shown in FIG. 1 records content data on a recording medium will be described using the flowchart of FIG.
[0131]
In step S1801, the recording / reproducing apparatus generates a media key from the KRB stored therein. In step S1802, the content data is encrypted based on the media key. As a specific encryption method, for example, a method according to the description with reference to FIGS. Then, the encrypted content data is recorded on a recording medium. At this time, the version (generation) of the KRB used for generating the key used for encryption is also recorded on the recording medium. Specifically, the KRB version (generation) stores information such as which data constitutes which title, as in the case of the title key (Title Key) and recording generation number shown in FIG. Can be recorded in a data management file. Through the above processing, the encrypted content data and the KRB information necessary for the reproduction thereof can be recorded on the recording medium.
[0132]
In the process of encrypting and storing content in the recording medium, the latest available key update block (KRB) stored in the recording medium and the key update block (KRB) stored in the memory of the information recording apparatus itself can be used. Configuration for detecting key update block (KRB) and executing encryption processing of stored data on recording medium using encryption processing key obtained by decryption processing of detected latest available key update block (KRB) By doing so, encryption and storage of content by a newer key are promoted.
[0133]
Next, a process in which the recording / playback apparatus reads the content data recorded as described above from the recording medium will be described with reference to the flowchart of FIG.
[0134]
In step S1901, the recording / reproducing apparatus reads a version (generation) of KRB that generates a media key obtained by encrypting content data to be reproduced. The KRB version (generation) corresponding to each content data on the recording medium is written in, for example, the aforementioned data management file.
[0135]
In step S1902, the recording / reproducing apparatus finds the KRB having the above-mentioned version (generation) value among the KRBs stored on the recording medium, and uses this to explain using FIG. Follow the procedure above to generate a media key.
[0136]
In step S1903, the recording / reproducing apparatus reads the content data from the recording medium, decrypts it based on the media key generated in 62, and uses it. Through the above processing, the content data stored in the recording medium can be reproduced.
[0137]
In the decryption process of the encrypted data stored in the recording medium, not only the key update block (KRB) stored in the recording medium but also the key update block (KRB) stored in the memory of the information playback apparatus itself is reproduced. The key update block (KRB) that matches the version of the encryption key for the target content is detected, and stored in the recording medium using the encryption key obtained by decrypting the detected key update block (KRB) It may be configured to execute the decryption process of the encrypted data.
[0138]
As described above, the information recording / reproducing apparatus of the present invention can store a plurality of generations and versions of different keys in a recording medium in an environment where a plurality of different generations, that is, key update blocks (KRBs) having versions are used in combination. When the recording / reproducing apparatus accesses the recording medium, the newer key is stored in the recording medium, the latest KRB from the recording medium is stored in the memory of the recording / reproducing apparatus itself, and the unnecessary key is further stored in the recording medium. It was set as the structure which deletes.
[0139]
A recording / playback apparatus having a newer KRB than all the KRBs stored in the recording medium can record the new KRB on the recording medium even when the content data is not recorded. Therefore, the migration speed of the new KRB is increased. Get faster. Through these processes, new KRBs are stored more and more in the recording / reproducing apparatus, and when data is recorded, the media key calculated by the latest KRB stored in the recording / reproducing apparatus and the recording medium at that time is used. Since the data is encrypted and recorded, even if the recording medium is very old and the KRB stored in the recording medium is old, it is stored in the recording / reproducing apparatus. Even if the old KRB is old, it is expected that a new KRB is likely to be used when data is recorded, and the safety of the data can be further increased. Therefore, according to the configuration of the present invention, it is possible to configure a recording system that can effectively prevent illegal (contradicting the copyright holder) duplication of copyrighted data such as movies and music. Further, the recording / reproducing apparatus erases unnecessary KRBs on the recording medium, that is, KRBs that are not used for content data encryption and are not the latest among the KRBs on the recording medium. As a result, the recording capacity of the recording medium can be saved.
[0140]
In the description of the above-described embodiment, the description has focused on an example in which the media key is used as the encryption processing key. However, the encryption processing key updated by the KRB is, for example, a master key common to a plurality of information recording devices, A device key unique to the information recording / reproducing apparatus may be used, and the key update by the above KRB can be applied to the master key and the device key as well as the media key.
[0141]
[Copy control in recording processing]
Now, in order to protect the interests of the copyright holder of the content, it is necessary to control the copy of the content in the licensed apparatus.
[0142]
That is, when content is recorded on a recording medium, it is necessary to investigate whether the content can be copied (copiable) and to record only the content that can be copied. In addition, when content recorded on a recording medium is reproduced and output, it is necessary to prevent the content to be output from being illegally copied later.
[0143]
1 will be described with reference to the flowcharts of FIGS. 20 and 21 when the content is recorded and reproduced while performing such content copy control.
[0144]
First, when the content of an external digital signal is recorded on a recording medium, a recording process according to the flowchart of FIG. 20A is performed. The process in FIG. 20A will be described. The recording / reproducing device 100 of FIG. 1 will be described as an example. When digital signal content (digital content) is supplied to the input / output I / F 120 via, for example, an IEEE1394 serial bus or the like, in step S2001, the input / output I / F 120 receives the digital content, The process proceeds to S2002.
[0145]
In step S2002, the input / output I / F 120 determines whether the received digital content can be copied. That is, for example, when the content received by the input / output I / F 120 is not encrypted (for example, when plaintext content is supplied to the input / output I / F 120 without using the above-described DTCP). It is determined that the content can be copied.
[0146]
Further, it is assumed that the recording / reproducing apparatus 100 is an apparatus conforming to DTCP, and executes processing according to DTCP. In DTCP, 2-bit EMI (Encryption Mode Indicator) is defined as copy control information for controlling copying. When EMI is 00B (B indicates that the previous value is a binary number), it indicates that the content is copy-free, and when EMI is 01B. This means that the content cannot be copied any more (No-more-copies). Further, when the EMI is 10B, it means that the content can be copied only once (Copy-one-generation). When the EMI is 11B, the content is prohibited from being copied. (Copy-never).
[0147]
When the signal supplied to the input / output I / F 120 of the recording / reproducing apparatus 100 includes EMI and the EMI is Copy-freely or Copy-one-generation, it is determined that the content can be copied. Further, when EMI is No-more-copies or Copy-never, it is determined that the content cannot be copied.
[0148]
If it is determined in step S2002 that the content cannot be copied, steps S2003 to S2004 are skipped, and the recording process is terminated. Therefore, in this case, the content is not recorded on the recording medium 10.
[0149]
If it is determined in step S2002 that the content can be copied, the process proceeds to step S2003. Thereafter, in steps S2003 to S2004, the same processes as those in steps S202 and S203 of FIG. . That is, the encryption process in the encryption processing unit 150 is executed, the encrypted content obtained as a result is recorded on the recording medium 195, and the recording process is terminated.
[0150]
The EMI is included in the digital signal supplied to the input / output I / F 120. When digital content is recorded, the copy control state is set together with the digital content in the same manner as EMI or EMI. Information to be represented (for example, embedded CCI in DTCP) is also recorded.
[0151]
In this case, generally, information representing Copy-One-Generation is converted into No-more-copies and recorded so as not to allow further copying.
[0152]
When the content of the analog signal from the outside is recorded on the recording medium, a recording process according to the flowchart of FIG. 20B is performed. The process in FIG. 20B will be described. When the content of the analog signal (analog content) is supplied to the input / output I / F 140, the input / output I / F 140 receives the analog content in step S2011, proceeds to step S2012, and the received analog content is Determine whether copying is possible.
[0153]
Here, the determination process in step S2012 is based on whether the signal received by the input / output I / F 140 includes a macrovision signal or a CGMS-A (Copy Generation Management System-Analog) signal, for example. Done. That is, the macrovision signal is a signal that causes noise when recorded on a VHS video cassette tape. If this signal is included in the signal received by the input / output I / F 140, analog content can be copied. It is determined that it is not.
[0154]
In addition, for example, the CGMS-A signal is a signal obtained by applying a CGMS signal used for copy control of a digital signal to copy control of an analog signal, the content of which is copy-free (Copy-freely), and copied only once. It indicates whether it is a good copy (Copy-one-generation) or a copy is prohibited (Copy-never).
[0155]
Therefore, when the CGMS-A signal is included in the signal received by the input / output I / F 140 and the CGMS-A signal indicates Copy-freely or Copy-one-generation, the analog content is It is determined that copying is possible. When the CGMS-A signal indicates Copy-never, it is determined that the analog content cannot be copied.
[0156]
Further, for example, if neither the macrovision signal nor the CGMS-A signal is included in the signal received by the input / output I / F 4, it is determined that the analog content can be copied.
[0157]
If it is determined in step S2012 that the analog content cannot be copied, steps S2013 to S2016 are skipped, and the recording process is terminated. Therefore, in this case, the content is not recorded on the recording medium 195.
[0158]
If it is determined in step S2012 that analog content can be copied, the process proceeds to step S2013. Thereafter, in steps S2013 to S2016, the same processes as those in steps S222 to S225 in FIG. 2B are performed. Thus, the content is subjected to digital conversion, MPEG encoding, and encryption processing, recorded on the recording medium, and the recording processing ends.
[0159]
When the analog signal received by the input / output I / F 140 includes the CGMS-A signal, when the analog content is recorded on the recording medium, the CGMS-A signal is also recorded on the recording medium. In this case, generally, information representing Copy-One-Generation is converted into No-more-copies and recorded so as not to allow further copying. However, if a rule such as "Copy-one-generation copy control information is recorded without converting to No-more-copies but treated as No-more-copies" is determined in the system, This is not the case.
[0160]
[Copy control in playback processing]
Next, when the content recorded on the recording medium is reproduced and output to the outside as digital content, reproduction processing according to the flowchart of FIG. 21A is performed. The processing in FIG. 21A will be described. First, in steps S2101 and S2102, processing similar to the processing in steps S301 and S302 of FIG. 3A is performed, whereby the encrypted content read from the recording medium is decrypted by the encryption processing means 150. The digital content that has been processed and decrypted is supplied to the input / output I / F 120 via the bus 110.
[0161]
In step S2103, the input / output I / F 120 determines whether the digital content supplied thereto can be copied later. That is, for example, when the digital content supplied to the input / output I / F 120 does not include EMI or information indicating the copy control state (copy control information) as in the case of EMI, the content is copied later. It is determined that it is possible.
[0162]
Further, for example, when EMI is included in digital content supplied to the input / output I / F 120, and accordingly, when EMI is recorded in accordance with the DTCP standard when recording the content, the EMI (recorded) is recorded. When EMI (Recorded EMI) is Copy-freely, it is determined that the content can be copied later. When EMI is No-more-copies, it is determined that the content cannot be copied later.
[0163]
In general, the recorded EMI is not copy-one-generation or copy-never. This is because Copy-one-generation EMI is converted to No-more-copies during recording, and digital content having Copy-never EMI is not recorded on a recording medium. However, if a rule such as "Copy-one-generation copy control information is recorded without converting to No-more-copies but treated as No-more-copies" is determined in the system, This is not the case.
[0164]
If it is determined in step S2103 that the content can be copied later, the process advances to step S2104, and the input / output I / F 120 outputs the digital content to the outside and ends the reproduction process.
[0165]
If it is determined in step S2103 that the content cannot be copied later, the process advances to step S2105, and the input / output I / F 120 converts the digital content into the digital content in accordance with, for example, the DTCP standard. Is output to the outside in such a way that it will not be copied later, and the playback process is terminated.
[0166]
That is, for example, as described above, when the recorded EMI is No-more-copies (or in the system, for example, “Copy-one-generation copy control information is not converted to No-more-copies. If the EMI is recorded as "No-more-copies" and the EMI recorded under that condition is copy-one-generation), the content will not be copied further Unacceptable.
[0167]
For this reason, the input / output I / F 120 performs mutual authentication with the partner device in accordance with the DTCP standard, and the partner is a valid device (here, the device conforms to the DTCP standard). Case), the digital content is encrypted and output to the outside.
[0168]
Next, when the content recorded on the recording medium is reproduced and output to the outside as analog content, a reproduction process according to the flowchart of FIG. 21B is performed. The processing in FIG. 21B will be described. In steps S2111 to S2114, processing similar to that in steps S321 to S324 in FIG. 3B is performed. That is, reading of encrypted content, decryption processing, MPEG decoding, and D / A conversion are executed. The analog content thus obtained is received by the input / output I / F 140.
[0169]
In step S2115, the input / output I / F 140 determines whether the content supplied thereto can be copied later. That is, for example, when copy control information such as EMI is not recorded together with the recorded content, it is determined that the content can be copied later.
[0170]
Further, when copy control information such as EMI is recorded in accordance with the DTCP standard, for example, when the content is recorded, when the information is Copy-freely, the content can be copied later. It is determined.
[0171]
Also, when the copy control information such as EMI is No-more-copies, or in the system, for example, “Copy-one-generation copy control information is recorded without being converted to No-more-copies. If the rule "Handle as No-more-copies" is determined and the copy control information such as EMI recorded under the conditions is Copy-one-generation, the content can be copied later It is determined that it is not.
[0172]
Further, for example, when the CGMS-A signal is included in the analog content supplied to the input / output I / F 140, and accordingly, when the CGMS-A signal is recorded together with the content when the content is recorded, the CGMS- When the A signal is Copy-freely, it is determined that the analog content can be copied later. When the CGMS-A signal is Copy-never, it is determined that the content cannot be copied later.
[0173]
If it is determined in step S2115 that the content can be copied later, the process advances to step S2116, and the input / output I / F 140 outputs the analog signal supplied thereto to the outside as it is, and ends the reproduction process. To do.
[0174]
If it is determined in step S2115 that the content cannot be copied later, the process advances to step S2117, and the input / output I / F 140 externalizes the analog content in such a manner that the analog content is not copied later. Output and finish the reproduction process.
[0175]
That is, for example, as described above, when the recorded copy control information such as EMI is No-more-copies (or in the system, for example, “Copy-one-generation copy control information is No-more- If the rule is to record without converting to copies but treat as No-more-copies, and copy control information such as EMI recorded under that condition is Copy-one-generation) No further copying of content is allowed.
[0176]
For this reason, the input / output I / F 140 outputs analog content to the outside by adding, for example, a macrovision signal or a GCMS-A signal indicating Copy-never. Further, for example, even when the recorded CGMS-A signal is Copy-never, further copying of the content is not permitted. For this reason, the input / output I / F 4 changes the CGMS-A signal to Copy-never and outputs it together with the analog content.
[0177]
As described above, it is possible to prevent copying (illegal copying) outside the range permitted for content by performing content recording and reproduction while performing content copy control.
[0178]
[Configuration of data processing means]
The series of processes described above can be performed not only by hardware but also by software. That is, for example, the encryption processing unit 150 can be configured as an encryption / decryption LSI, but can also be configured to execute a program by a general-purpose computer or a one-chip microcomputer. . When a series of processing is performed by software, a program constituting the software is installed in a general-purpose computer, a one-chip microcomputer, or the like. FIG. 22 shows a configuration example of an embodiment of a computer in which a program for executing the series of processes described above is installed.
[0179]
The program can be recorded in advance on a hard disk 2205 or a ROM 2203 as a recording medium built in the computer. Alternatively, the program is temporarily or permanently stored in a removable recording medium 2210 such as a floppy disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disc, a DVD (Digital Versatile Disc), a magnetic disc, or a semiconductor memory. Can be stored (recorded). Such a removable recording medium 2210 can be provided as so-called package software.
[0180]
The program is installed in the computer from the removable recording medium 2210 as described above, or transferred from the download site to the computer wirelessly via a digital satellite broadcasting artificial satellite, or a LAN (Local Area Network), The program can be transferred to a computer via a network such as the Internet, and the computer can receive the program transferred in this manner by the communication unit 2208 and install it in the built-in hard disk 2205.
[0181]
The computer includes a CPU (Central Processing Unit) 2202. An input / output interface 2211 is connected to the CPU 2202 via the bus 2201, and the CPU 2202 is operated via the input / output interface 2210 by the user operating an input unit 2207 configured with a keyboard, a mouse, and the like. When a command is input in accordance with the above, a program stored in a ROM (Read Only Memory) 2203 is executed accordingly.
[0182]
Alternatively, the CPU 2202 reads the program stored in the hard disk 2205, the program transferred from the satellite or the network, received by the communication unit 2208, installed in the hard disk 2205, or read from the removable recording medium 2210 attached to the drive 2209. The program installed in the hard disk 2205 is loaded into a RAM (Random Access Memory) 2204 and executed.
[0183]
Thus, the CPU 2202 performs processing according to the above-described flowchart or processing performed by the configuration of the above-described block diagram. Then, the CPU 2202 outputs the processing result from the output unit 2206 configured by an LCD (Liquid Crystal Display), a speaker, or the like, for example, via the input / output interface 2211 as necessary, or from the communication unit 2208. Transmission and further recording on the hard disk 2205.
[0184]
Here, in this specification, the processing steps for describing a program for causing a computer to perform various types of processing do not necessarily have to be processed in time series according to the order described in the flowchart, but in parallel or individually. This includes processing to be executed (for example, parallel processing or processing by an object).
[0185]
Further, the program may be processed by a single computer, or may be processed in a distributed manner by a plurality of computers. Furthermore, the program may be transferred to a remote computer and executed.
[0186]
In the present embodiment, the block for performing content encryption / decryption has been described mainly with respect to an example in which the block is configured by a single-chip encryption / decryption LSI. However, the block for performing content encryption / decryption is, for example, Also, it can be realized as one software module executed by the CPU 170 shown in FIG.
[0187]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0188]
【The invention's effect】
As described above, according to the information recording / reproducing apparatus of the present invention, a plurality of generations and versions of different keys can be stored in a recording medium, and a newer key can be assigned when the recording / reproducing apparatus accesses the recording medium. It is stored in the recording medium, the latest KRB from the recording medium is stored in the memory of the recording / reproducing apparatus itself, and unnecessary keys are deleted from the recording medium, which is newer than all the KRBs stored in the recording medium. The recording / reproducing apparatus having the KRB is configured to record a new KRB on the recording medium even when the content data is not recorded.
[0189]
Therefore, the migration speed of the new KRB is increased, and new KRBs are stored in the recording / reproducing apparatus more and more by the KRB update process. When data is recorded, the recording / reproducing apparatus and the recording medium are Data is encrypted and recorded using the media key calculated by the latest KRB to be stored. Therefore, even if the recording medium is manufactured very old and the KRB stored in the recording medium is old, the KRB stored in the recording / reproducing apparatus is old. Even when the data is recorded, there is a high possibility that a new KRB will be used, and the security of the encrypted data can be further increased.
[0190]
Therefore, according to the configuration of the present invention, it is possible to configure a recording system that can effectively prevent illegal (contradicting the copyright holder) duplication of copyrighted data such as movies and music. Further, the recording / reproducing apparatus erases unnecessary KRBs on the recording medium, that is, KRBs that are not used for content data encryption and are not the latest among the KRBs on the recording medium. As a result, the recording capacity of the recording medium can be saved.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration example of an information recording / reproducing apparatus of the present invention.
FIG. 2 is a diagram showing a data recording processing flow of the information recording / reproducing apparatus of the present invention.
FIG. 3 is a diagram showing a data reproduction processing flow of the information recording / reproducing apparatus of the present invention.
FIG. 4 is a tree configuration diagram for explaining encryption processing of a key such as a media key for the information recording / reproducing apparatus of the present invention.
FIG. 5 is a diagram showing an example of a key update block (KRB) used for distributing a key such as a media key to the information recording / reproducing apparatus of the present invention.
FIG. 6 is a diagram showing a distribution example and a decryption processing example using a key update block (KRB) of a media key in the information recording / reproducing apparatus.
FIG. 7 is a block diagram illustrating an encryption process during a data recording process using a media key in the information recording / reproducing apparatus of the present invention.
FIG. 8 is a diagram for explaining an example of disc unique key generation applicable in the information recording / reproducing apparatus of the present invention.
FIG. 9 is a diagram showing an example of a title unique key generation process applicable in the information recording / reproducing apparatus of the present invention.
FIG. 10 is a diagram for explaining a block key generation method applicable to the information recording / reproducing apparatus of the present invention.
FIG. 11 is a block diagram for explaining a decryption process during a data reproduction process using a media key in the information recording / reproducing apparatus of the present invention.
FIG. 12 is a diagram showing a format example of a key update block (KRB) used in the information recording / reproducing apparatus of the present invention.
FIG. 13 is a diagram for explaining a configuration of a key update block (KRB) tag used in the information recording / reproducing apparatus of the present invention.
FIG. 14 is a diagram for explaining update processing of a key update block (KRB) stored in the recording / reproducing apparatus in the information recording / reproducing apparatus of the present invention.
FIG. 15 is a diagram for explaining update processing of a key update block (KRB) stored in a recording medium in the information recording / reproducing apparatus of the present invention.
FIG. 16 is a diagram for explaining a deletion process of a key update block (KRB) stored in a recording medium in the information recording / reproducing apparatus of the present invention.
FIG. 17 is a flowchart for explaining key update block (KRB) update / delete processing in the information recording / reproducing apparatus of the present invention;
FIG. 18 is a flowchart for explaining the encryption and content storage processing procedure using a key acquired using a key update block (KRB) in the information recording / reproducing apparatus of the present invention.
FIG. 19 is a flowchart for explaining a decryption process using a key acquired by using a key update block (KRB) and a content reproduction process procedure in the information recording / reproducing apparatus of the present invention.
FIG. 20 is a flowchart illustrating a copy control process during a data recording process in the information recording / reproducing apparatus of the present invention.
FIG. 21 is a flowchart illustrating a copy control process during a data reproduction process in the information recording / reproducing apparatus of the present invention.
FIG. 22 is a block diagram showing a configuration of processing means when data processing is executed by software in the information recording / reproducing apparatus of the present invention.
[Explanation of symbols]
100 Recording / reproducing apparatus
110 bus
120 Input / output I / F
130 MPEG codec
140 I / O I / F
141 A / D, D / A converter
150 Cryptographic processing means
160 ROM
170 CPU
180 memory
190 drive
195 Recording medium
700 Recording / reproducing apparatus
701 Media key
702 recording medium
1201 version
1202 depth
1203 Data pointer
1204 Tag pointer
1205 Signature pointer
1206 Data part
1207 Tag part
1208 Signature
1410 Recording / reproducing apparatus
1411, 1412 Key update block (KRB)
1420 Recording medium
1421, 1422 Key update block (KRB)
1431 content
1510 Recording / reproducing apparatus
1511 Key update block (KRB)
1520 Recording medium
1521, 1522, 1523 Key update block (KRB)
1531 content
1610 Recording / reproducing apparatus
1611 Key update block (KRB)
1620 Recording medium
1621, 1622, 1623 Key update block (KRB)
1631 content
2201 Bus
2202 CPU
2203 ROM
2204 RAM
2205 hard disk
2206 Output unit
2207 Input section
2208 Communication Department
2209 drive
2210 Removable recording medium
2211 I / O interface

Claims (20)

In an information recording apparatus for recording information on a removable recording medium,
A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are used as leaves and nodes above the leaves are used as nodes is stored, and the key information is stored. A memory that stores a key update block that is a block that can be decrypted by using an encryption processing key for decrypting stored data recorded on the recording medium, and that is configured as storage data for an update key for decrypting Means,
A decryption process of a key update block that can be decrypted using the key information incorporated in the information recording apparatus is executed, and a calculation process of a cryptographic process key used for an encryption process of data stored in the recording medium is executed. Encryption processing means for performing encryption processing of the stored data on the recording medium using the calculated encryption processing key;
When accessing the recording medium, a version comparison between the key update block stored in the recording medium and the key update block of the information recording apparatus itself is performed, and the new version key update block is stored in the memory of the information recording apparatus itself A key update block update processing means for executing a write process of the key update block of the new version on the recording medium when the key update block of the new version is not stored in the recording medium.
An information recording apparatus comprising: The key update block update processing means includes:
The key update block stored in the recording medium and the latest available key update block in the key update block of the information recording apparatus itself are the key update blocks stored in the recording medium, and the latest key update block is The information recording apparatus according to claim 1, wherein the information recording apparatus has a configuration for executing the writing process of the latest key update block in the memory of the information recording apparatus itself when the information recording apparatus itself is not stored in the memory. . The key update block update processing means includes:
Among the key update blocks stored in the recording medium, the key update block that is not used for encryption of any content data that is stored data stored in the recording medium and is not the latest on the recording medium 2. The information recording apparatus according to claim 1, wherein the information recording apparatus is configured to execute the detection process and delete the detected key update block from the recording medium. The cryptographic processing means includes
In the process of encrypting and storing content that is stored data in the recording medium, the key update block stored in the recording medium and the latest key update block that can be used from the key update block stored in the memory of the information recording apparatus itself And an encryption process of stored data on the recording medium is executed using an encryption processing key obtained by decrypting the detected latest available key update block. The information recording apparatus according to 1.   2. The encryption processing key is any one of a master key common to a plurality of information recording devices, a device key unique to the information recording device, and a media key uniquely set to the recording medium. The information recording device described in 1. The node key is configured as an updatable key, and a key update block obtained by encrypting the updated node key with a key including at least one of a lower layer node key or a leaf key at the time of the encryption key update processing is provided It is a configuration that is distributed to leaf information recording devices,
The encryption processing means in the information recording apparatus is:
Receiving an encryption key encrypted with the updated node key;
The information recording apparatus according to claim 1, wherein the update node key is acquired by encryption processing of a key update block, and the encryption processing key is calculated based on the acquired update node key.   The information recording apparatus according to claim 1, wherein the encryption processing key is configured to be associated with a version number as generation information. The cryptographic processing means includes
At the time of encryption processing of stored data for the recording medium, a block key is calculated using the encryption processing key using data at the beginning of block data of a predetermined size in the stored data as a seed, and the block key The information recording apparatus according to claim 1, wherein block data other than the head portion recorded on the recording medium is encrypted. In an information reproducing apparatus for reproducing information from a removable recording medium,
A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information reproducing devices are leaves and nodes are nodes higher than the leaves is stored, and the key information A memory that stores a key update block that is a block that can be decrypted by using an encryption processing key for decrypting stored data recorded on the recording medium, and that is configured as storage data for an update key for decrypting Means,
Perform decryption processing of a key update block that can be decrypted using the key information built in the information reproducing apparatus, and perform computation processing of a cryptographic processing key used for decryption processing of encrypted data stored in the recording medium And an encryption processing means for executing decryption processing of the encrypted data stored in the recording medium using the calculated encryption processing key;
When accessing the recording medium, a version comparison is performed between the key update block stored in the recording medium and the key update block of the information reproducing apparatus itself, and the new version key update block is stored in the memory of the information reproducing apparatus itself. A key update block update processing means for executing a write process of the new version key update block to the recording medium when the key update block is stored and the new version key update block is not stored in the recording medium;
An information reproducing apparatus comprising: The key update block update processing means includes:
The key update block stored in the recording medium and the latest available key update block in the key update block of the information reproducing apparatus itself are the key update blocks stored in the recording medium, and the latest key update block is 10. The information reproducing apparatus according to claim 9, wherein the information reproducing apparatus has a configuration for executing the writing process of the latest key update block in the memory of the information reproducing apparatus when it is not stored in the memory of the information reproducing apparatus itself. . The key update block update processing means includes:
During the key update block stored in the recording medium, the key update which is not used for encryption of any content data which is stored data stored in the recording medium and which is not the latest on the recording medium The information reproducing apparatus according to claim 9, further comprising: a block detection process, and a process of deleting the detected key update block from the recording medium. The cryptographic processing means includes
In the decryption process of the encrypted data stored in the recording medium, a reproduction target that is stored data of the recording medium from among the key update block stored in the recording medium and the key update block stored in the memory of the information reproducing apparatus itself Detects a key update block that matches the version of the content encryption key and executes decryption processing of the encrypted data stored in the recording medium using the encryption key obtained by decrypting the detected key update block The information reproducing apparatus according to claim 9, comprising:   10. The encryption processing key is any one of a master key common to a plurality of information reproducing apparatuses, a device key unique to the information reproducing apparatus, and a media key uniquely set to a recording medium. An information reproducing apparatus described in 1. The node key is configured as an updatable key, and in the encryption process key update process, a key update block obtained by encrypting the update node key with a key including at least one of a lower layer node key and a leaf key is provided for encryption process key provision It is a configuration that is distributed to leaf information playback devices,
The encryption processing means in the information reproducing apparatus is:
Receiving an encryption key encrypted with the updated node key;
The information reproducing apparatus according to claim 9, wherein the update node key is acquired by encryption processing of a key update block, and the encryption processing key is calculated based on the acquired update node key.   The information reproducing apparatus according to claim 9, wherein the encryption processing key is configured to be associated with a version number as generation information. The cryptographic processing means includes
When decrypting encrypted data stored in the recording medium, a block key is calculated using a block seed of a predetermined size read from the recording medium and the encryption processing key, and decryption processing using the block key The information reproducing apparatus according to claim 9, wherein: A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are leaves and nodes are nodes above the leaves is stored and detachable. An encryption processing key update method in an information recording or reproducing apparatus for recording information on a recording medium,
The key update block stored in the recording medium is a detection step of a key update block for obtaining an update key applied to key generation used for information recording or reproduction using the recording medium by decryption processing using the key information A key update block detection step for detecting the latest version of the key update block available from the block and the key update block stored in the memory of the information recording or reproducing apparatus itself;
When the latest version key update block is a key update block stored in the memory of the information recording or reproducing apparatus itself, and the new version key update block is not stored in the recording medium, the new version key for the recording medium is stored. A key update block update process step for executing an update block write process;
And a cryptographic processing key update method. The key update block update processing step further includes:
The key update block stored in the recording medium and the latest available key update block in the key update block of the information recording or reproducing apparatus itself are the key update blocks stored in the recording medium, and the latest key update 18. The step of writing the latest key update block to the memory of the information recording or reproducing apparatus itself when the block is not stored in the memory of the information recording or reproducing apparatus itself is included. The cryptographic processing key update method described in 1. The key update block update processing step further includes:
Among the key update blocks stored in the recording medium, the key update block that is not used for encryption of any content data that is stored data stored in the recording medium and is not the latest on the recording medium 18. The encryption processing key update method according to claim 17, further comprising a step of executing detection processing and executing processing for deleting the detected key update block from the recording medium. A part of key information corresponding to the nodes and leaves constituting a hierarchical tree structure in which a plurality of different information recording devices are leaves and nodes are nodes higher than the leaves is stored and detachable A program recording medium recording a computer program for executing on a computer system an information recording or reproducing apparatus for recording / reproducing information on a recording medium, wherein the computer program includes:
Key update for causing key update block update processing means constituting the computer system to acquire an update key applied to key generation used for information recording or reproduction using the recording medium by decryption processing using the key information This is a block detection step that detects a key update block stored in the recording medium and a key update block of the latest version available from the key update block stored in the memory of the information recording or playback device itself. Steps,
In the key update block update processing means, when the latest version of the key update block is a key update block stored in the memory of the information recording or playback device itself, and the new version of the key update block is not stored in the recording medium, A key update block update processing step for executing a write process of the new version key update block on the recording medium; and
A program recording medium comprising:

Images