JP4114538B2 - Information processing apparatus, information recording medium drive apparatus, information recording medium, information processing method, and computer program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an information processing device, an information recording medium drive device, an information recording medium, an information processing method, and a computer program. More particularly, the present invention relates to an information processing apparatus, an information recording medium drive apparatus, an information recording medium, an information processing method, and a computer program that can prevent unauthorized use of content in data recording / playback processing using the information recording medium.
[0002]
[Prior art]
Recently, various software data (hereinafter referred to as content) such as audio data such as music, image data such as movies, game programs, various application programs, etc. are transmitted via a network such as the Internet or It is distributed via information recording media (media) such as CD (Compact Disc), DVD (Digital Versatile Disc), MD (Mini Disc). These distributed contents are played back and used in playback devices such as PCs (Personal Computers), CD players, DVD players, MD players, etc., game machines, etc. owned by users.
[0003]
Many contents, such as music data and image data, generally have distribution rights or the like held by the creator or seller. Therefore, when distributing these contents, it is common to adopt a configuration that restricts the use of the contents, that is, permits the use of the contents only to authorized users and prevents unauthorized copying or the like. It is the target.
[0004]
In particular, in recent years, recording devices and recording media for digitally recording information are becoming widespread. According to such a digital recording apparatus and recording medium, for example, recording and reproduction can be repeated without deteriorating images and audio, distribution of illegally copied content via the Internet, and content can be distributed on a CD-R or the like. There is a problem that a large number of so-called pirated discs are distributed.
[0005]
In particular, a large-capacity recording medium such as a DVD developed in recent years can record a large amount of data, for example, one movie as digital information on one medium. As video information and the like can be recorded as digital information in this way, it is an increasingly important issue to prevent unauthorized copying and to protect the copyright holder.
[0006]
According to a recording apparatus and a digital recording medium that perform digital recording and reproduction, recording and reproduction can be repeated without deteriorating images and sound. In this way, digital data can be copied over and over again while maintaining the image quality and sound quality. If illegally copied recording media are distributed in the market, the copyrights of various contents such as music and movies are copyrighted. The profits of the seller or the rightful sales rights holder will be harmed. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been put into practical use.
[0007]
For example, a DVD (Content Scramble System) is adopted in a DVD player. In CSS, a DVD-ROM (Read Only Memory) stores video data, audio data, etc. encrypted, and the key used to decrypt the encrypted data is a licensed DVD player. Given to. The license is given to a DVD player designed to comply with a predetermined operation rule such as not performing illegal copying. Therefore, a licensed DVD player can reproduce images and sounds from the DVD-ROM by decrypting the encrypted data recorded on the DVD-ROM using a given key.
[0008]
On the other hand, an unlicensed DVD player does not have a key for decrypting encrypted data, and therefore cannot decrypt encrypted data recorded on a DVD-ROM. As described above, in the CSS configuration, a DVD player that does not satisfy the conditions required at the time of licensing cannot reproduce the DVD-ROM on which the digital data is recorded, thereby preventing unauthorized copying. .
[0009]
However, the CSS employed in the DVD-ROM is intended for a recording medium in which data cannot be written by the user, and is not considered for application to a recording medium in which data can be written by the user.
[0010]
In other words, even if the data recorded on the recording medium to which data can be written is encrypted, if all the encrypted data is copied as it is to the RAM medium, the licensed legitimate device It is possible to create a so-called pirated version that can be replayed with.
[0011]
In addition, software programs that break the CSS encryption, such as DeCSS software, are distributed on the Internet. By applying this program, it is possible to decrypt DVD Video encryption and write to a recordable DVD in plain text. It has become. The reason why DeCSS appeared was the reverse engineer of DVD player software that was designed without taking any action on the key data for CSS decryption, which should be obliged to be concealed when implemented to prevent decryption. This is because the key data has been decrypted, and the entire CSS algorithm has been decrypted in a chain from the decrypted key data.
[0012]
When implementing a copyright protection technology execution program including key data in an application program executed on a PC, it is common to provide tamper resistance to prevent analysis of the copyright protection technology. an index indicating the intensity of tampering without therefore is how whether to respond to reverse engineering is fact is that the discretion and capability of the individual impressions mentor, when the CSS is breached as a result of As a result, a flood of illegal copy contents is caused.
[0013]
In addition to CSS, CPPM (Content Protection for Prerecorded Media) and CPRM (Content Protection for Recordable Media) are copyright protection technologies (copy control technologies) employed in the DVD standard. CPPM is a copy control technology developed for playback-only media (Prerecorded Media), and CPRM is a copy control technology developed for recordable media. These store key information called media key blocks on the media (for example, disc) side, while storing device keys on the device side, such as playback devices and PCs, and perform copy control by combining these keys It is.
[0014]
However, even in such CPRM and CPPM, there is no proposal for a technique for fundamentally solving the problem of eliminating the risk of leakage of key information stored in a disk as a PC or a medium as a device. In CPRM and CPPM, there is always a risk that the copy control system will collapse due to key leakage.
[0015]
As a technique for preventing unauthorized use of content, the present applicant has proposed, for example, an encryption processing technique in which a different key is applied to each data block of content stored in a recording medium in Patent Document 1 and Patent Document 2. That is, a seed is set as key generation information for each data block, and the configuration in which the seed set for each block is applied to generation of an encryption key complicates conventional content encryption using only one key, This increases the difficulty of decoding.
[0016]
However, in the above configuration, the seed is used as the key generation information for each data block, and the information stored in the recording medium is used. The key data is decrypted and decrypted in the same manner as the CSS described above. It can be said that there is no concern that leakage of contents is caused by the block key being derived from a different seed for each key data and data block.
[0017]
[Patent Document 1]
Japanese Patent Publication 2001-351324
[Patent Document 2]
Japanese Patent Publication No. 2002-236622
[0018]
[Problems to be solved by the invention]
The present invention has been made in view of the above-described problems in the prior art. In a configuration in which content stored in various information recording media such as a DVD and a CD is used in a playback apparatus and a PC (personal computer), the recording medium is used. Information processing apparatus, information recording medium drive apparatus, information recording medium, and information processing apparatus that make it more difficult to leak key information applied to encryption of content stored in the disk, and increase the difficulty of decryption of keys and encryption algorithms, and An object is to provide an information processing method and a computer program.
[0025]
[Means for Solving the Problems]
The first aspect of the present invention is:
  An information processing apparatus having an encryption processing unit that performs decryption processing of encrypted data,
  Having storage means for storing master key generation information;
  The cryptographic processing means includes
  A master key is generated based on the master key generation information, two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium, and the generated first recording key K1 and the aboveAs the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording mediumBy data processing based on the first seedFirst1 block key Kb1 is generated, and the generated first block key Kb1To encrypt and store the second seed as the second key generation informationAccording to the data processing based on the acquired second seed and the second recording key K2, the second seed is obtained by executing the first decryption process of the second seed storage encrypted data area.FirstGenerating a two-block key Kb2, and performing a decryption process of the encrypted data stored in the information recording medium by a decryption process based on the generated second block key Kb2,A decryption process in which a third encryption key K3 different from the first block key Kb1 and the second block key Kb2 is applied to the second seed storage encrypted data area,Configuration for executing the second decryption process of the second seed storage encrypted data area to obtain the decrypted data of the second seed storage encrypted data areaHaveIt is characterized byIt is in the information processing device.
[0026]
  Furthermore, the present inventionThe second aspect is
  An information processing apparatus having an encryption processing unit that performs decryption processing of encrypted data,
  Having storage means for storing master key generation information;
  The cryptographic processing means includes
  A master key is generated based on the master key generation information, two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium, and the generated first recording key K1 and the aboveAs the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording mediumBy data processing based on the first seedFirst1 block key Kb1 is generated, and the generated first block key Kb1To encrypt and store the second seed as the second key generation informationA first decryption process of the second seed storage encrypted data area;Different from the first block key Kb1 and the second block key Kb2 for the second seed storage encrypted data areaData processing based on the acquired second seed and the second recording key K2 is performed by executing the second decryption process of the second seed storage encrypted data area based on the third encryption key K3 to acquire the second seed. To generate the second block key Kb2 and execute the decryption process of the encrypted data stored in the information recording medium by the decryption process based on the generated second block key Kb2.HaveIt is characterized byIt is in the information processing device.
[0041]
  Furthermore, the present inventionThe third aspect of
  An information processing method in an information processing apparatus for performing decryption processing of encrypted data stored in an information recording medium,
  A master key is generated based on master key generation information stored in a storage unit in the information processing apparatus, and two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium. And the generated first recording key K1As the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording mediumBy data processing based on the first seedFirst1 block key Kb1 is generated, and the generated first block key Kb1To encrypt and store the second seed as the second key generation informationAccording to the data processing based on the acquired second seed and the second recording key K2, the second seed is obtained by executing the first decryption process of the second seed storage encrypted data area.FirstGenerating a two-block key Kb2, and performing a decryption process of the encrypted data stored in the information recording medium by a decryption process based on the generated second block key Kb2,A decryption process in which a third encryption key K3 different from the first block key Kb1 and the second block key Kb2 is applied to the second seed storage encrypted data area,Executing a second decryption process of the second seed storage encrypted data area to obtain decrypted data of the second seed storage encrypted data areaHaveIt is characterized byThere is an information processing method.
[0042]
  Furthermore, the present inventionThe fourth aspect of
  An information processing method in an information processing apparatus for performing decryption processing of encrypted data stored in an information recording medium,
  A master key is generated based on master key generation information stored in a storage unit in the information processing apparatus, and two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium. And the generated first recording key K1 and theAs the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording mediumBy data processing based on the first seedFirst1 block key Kb1 is generated, and the generated first block key Kb1To encrypt and store the second seed as the second key generation informationA first decryption process of the second seed storage encrypted data area;Different from the first block key Kb1 and the second block key Kb2 for the second seed storage encrypted data areaData processing based on the acquired second seed and the second recording key K2 is performed by executing the second decryption process of the second seed storage encrypted data area based on the third encryption key K3 to acquire the second seed. Generating the second block key Kb2, and executing a decryption process of the encrypted data stored in the information recording medium by a decryption process based on the generated second block key Kb2.HaveIt is characterized byThere is an information processing method.
[0047]
[Action]
According to the configuration of the present invention, the second seed storage encrypted data area storing the seed information (seed 2) necessary for generating the key (block key Kb2) applied to the decryption of the encrypted content is stored in the first seed storage. A first block key Kb1 that is generated based on a first seed as one-key generation information, and a third block key K3 that is different from the first block key Kb1 and the second block key Kb2 Therefore, it is impossible to read the seed information (seed 2) directly from the disc. Therefore, it is difficult to analyze the key information generated by using the seed information and the analysis of the encryption algorithm, and the content has a high security level. Protection is realized.
[0048]
Furthermore, according to the configuration of the present invention, in the reproduction process of data stored in the information recording medium, the encrypted content is transferred between the devices, and a key (block key Kb2) for generating the decrypted encrypted content is generated. In a configuration where it is necessary to transfer seed information (seed 2) between devices, block key generation information, specifically, both seed information (seed 2) and recording key K2 are encrypted with a session key and transmitted / received. In addition, since it has a structure that requires the application of the third encryption key K3 for decrypting the encrypted content, even if data leakage from the transfer path occurs, It becomes difficult to obtain the seed information (seed 2) and the recording key K2, and analysis of key information generated using the seed information and analysis of encryption algorithm With difficulty increases, the content reproduction becomes impossible in an apparatus that does not have a third encryption key K3, a high security level content protection is achieved.
[0049]
The computer program of the present invention is, for example, a storage medium or a communication medium provided in a computer-readable format to a general-purpose computer system capable of executing various program codes, such as a CD, a DVD, or an MO. Or a computer program that can be provided by a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.
[0050]
Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.
[0051]
DETAILED DESCRIPTION OF THE INVENTION
[Data recording configuration on recording medium]
First, the data structure stored in the information recording medium according to the present invention will be described. The encrypted data stored in the information recording medium is read, decrypted and reproduced by a data recording / reproducing apparatus or a PC (personal computer).
[0052]
Data stored in the information recording medium is, for example, a transport stream (TS) as encoded data defined by the MPEG-2 system. A transport stream can constitute a plurality of programs in one stream, and an ATS (Arrival Time Stamp) is set as appearance timing information of each transport packet. This time stamp is determined at the time of encoding so as not to break down a T-STD (Transport Stream System Target Decoder), which is a virtual decoder defined in the MPEG-2 system. Decoding and reproduction are performed by controlling the appearance timing according to the ATS added to.
[0053]
For example, when a transport stream packet is recorded on a recording medium, it is recorded as a source packet with the intervals between the packets reduced. However, by storing the appearance timing of each transport packet together on the recording medium, It becomes possible to control the output timing of each packet.
[0054]
With reference to FIG. 1, an outline of a data recording configuration stored in an information recording medium and a process of decoding and reproducing recorded data will be described. The data stored in the information recording medium is encrypted data, and it is necessary to perform a decryption process when reproducing. FIG. 1A shows a data recording configuration stored in an information recording medium. 18-byte control data (User Control Data) and 2048-byte user data (User Data) are configured as one sector data. For example, data for three sectors is defined as one encryption processing unit. The number of bytes and the processing unit described here are one representative example, and various settings can be made for the number of bytes of control data and user data and the setting of the processing unit.
[0055]
(B) shows the configuration of one unit (1 AU: Aligned Unit) which is a cryptographic processing unit. An information processing apparatus that reproduces encrypted data stored in an information recording medium extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on a flag in control data.
[0056]
One unit (1AU), which is an encryption processing unit, has a seed 1 storage area 11 and a seed 2 storage area 12 as shown in (c) encryption configuration. Seed 1 stored in the seed 1 storage area 11 is seed information applied to generation of a block key Kb1 based on an encryption key K1 (recording key K1) described later. The seed 2 stored in the seed 2 storage area 12 is seed information applied to generation of a block key Kb2 based on an encryption key K2 (recording key K2) described later.
[0057]
The seed 2 storage area 12 is set as a data area encrypted with the block key Kb1 and the third encryption key K3. Further, the subsequent user data area is set as an area encrypted by the block key Kb2 generated based on the seed 2 and the encryption key K2 (recording key K2).
[0058]
The seed information storage mode and encryption mode shown in FIG. 1 (c) are only examples, and a plurality of configuration examples will be described later. For example, an area double-encrypted by block keys Kb1 and Kb2 It is good also as a structure to include. In order to generate each block key, seed information as key generation information is required. The seed information (seed 1) is key generation information for generating the block key Kb1, and the seed information (seed 2) is key generation information for generating the block key Kb2. These are stored in the control data area or the user data area.
[0059]
In order to decrypt the encrypted content stored in the user data area, it is necessary to read the seed information stored in the information recording medium and generate a key based on the seed information.
[0060]
In the configuration of the present invention, as shown in FIG. 1 (c), seed information (seed 1) necessary for generating the block key Kb1 and seed information (seed necessary for generating the block key Kb2) The seed 2) is stored on the information recording medium, one seed information (seed 2) is encrypted with the block key Kb1 generated by the seed information (seed 1), and the third encryption key It is configured to be further encrypted by K3 and stored.
[0061]
As described above, the configuration of the present invention stores data that has been subjected to encryption processing using three different keys in a recording medium, and performs decryption processing using three different keys in the reproduction processing. That is, block keys Kb1 and Kb2 are generated by encryption processing using seed 1 and seed 2 which are different key generation information for each predetermined encryption processing unit, and these block keys Kb1 and Kb2 and the third encryption key K3 are generated. The decryption process to which is applied is executed.
[0062]
After the decoding process for each processing unit, the decoded transport stream packet is input to the MPEG-2 decoder, the decoding process is executed, and the content reproduction is performed. One processing unit (3 sectors) includes, for example, 32 transport stream (TS) packets. That is, 32 × 192 = 6144 byte data is used as one encryption and decryption processing unit. Note that various settings can be made for the processing unit.
[0063]
At the time of decryption and reproduction, two seed information (seed 1 and seed 2) is acquired from the information recording medium for each processing unit, two block keys Kb1 and Kb2 are generated based on each seed information, and the generated block key Kb1 is generated. , Kb2 and the third encryption key K3 are decrypted to reproduce the content.
[0064]
The third encryption key K3 is generated based on data acquired from the information recording medium, is configured to apply the storage key of the information processing apparatus that performs the reproduction process, or is stored in the information processing apparatus that performs the reproduction process. There is a configuration in which a key that can be generated based on information is applied. These processing configurations will be described later.
[0065]
Further, at the time of content recording, a process reverse to the decryption / playback process is executed, two seed information (seed 1 and seed 2) is set for each processing unit, and two block keys Kb1, Content is recorded by performing encryption processing using the block keys Kb1 and Kb2 generated by generating Kb2 and the third encryption key K3.
[0066]
[Information processor configuration]
FIG. 2 is a block diagram showing the configuration of an embodiment of the information processing apparatus 100 that executes the recording / playback processing of content having the above-described encrypted content mode. The information processing apparatus 100 includes an input / output I / F (Interface) 120, an MPEG (Moving Picture Experts Group) codec 130, an input / output I / F (Interface) 140 including an A / D and D / A converter 141, and cryptographic processing. Means 150, ROM (Read Only Memory) 160, CPU (Central Processing Unit) 170, memory 180, drive 190 of the recording medium 195, and transport stream processing means (TS processing means) 198, which are connected by a bus 110. Are connected to each other.
[0067]
The input / output I / F 120 receives digital signals constituting various contents such as images, sounds, and programs supplied from the outside, outputs the digital signals to the bus 110, receives the digital signals on the bus 110, and externally receives them. Output. The MPEG codec 130 MPEG-decodes MPEG-encoded data supplied via the bus 110 and outputs the decoded data to the input / output I / F 140 and MPEG-encodes a digital signal supplied from the input / output I / F 140. Output on the bus 110. The input / output I / F 140 includes an A / D and D / A converter 141. The input / output I / F 140 receives an analog signal as content supplied from the outside and performs A / D (Analog Digital) conversion by the A / D and D / A converter 141, thereby converting the MPEG codec 130 as a digital signal. In addition, the digital signal from the MPEG codec 130 is D / A (Digital Analog) converted by the A / D and D / A converter 141 to be output to the outside as an analog signal.
[0068]
The encryption processing unit 150 is configured by, for example, a one-chip LSI (Large Scale Integrated Circuit), and encrypts or decrypts a digital signal as content supplied via the bus 110 and outputs the encrypted signal to the bus 110. have. The cryptographic processing means 150 is not limited to a one-chip LSI, and can be realized by a configuration combining various types of software or hardware. The cryptographic processing unit 150 further functions as an authentication processing unit that executes an authentication process executed when content is input / output with an external device connected via the input / output I / F 120, for example.
[0069]
The ROM 160 stores, for example, a device key unique to each information processing device or a device key unique to each group of information processing devices and an authentication key required for mutual authentication. The device key is used to acquire a master key by decrypting an EKB (Enabling Key Block) as encryption key block information provided based on, for example, a key distribution tree configuration. That is, the device key is applied as master key generation information.
[0070]
The CPU 170 controls the MPEG codec 130, the encryption processing unit 150, and the like by executing a program stored in the memory 180. The memory 180 is, for example, a non-volatile memory, and stores a program executed by the CPU 170 and data necessary for the operation of the CPU 170. The drive 190 drives a recording medium 195 capable of recording / reproducing digital data, thereby reading (reproducing) the digital data from the recording medium 195, outputting the data to the bus 110, and supplying the digital data via the bus 110. Data is supplied to the recording medium 195 and recorded. The program may be stored in the ROM 160, and the master key generation information and the authentication key may be stored in the memory 180.
[0071]
The recording medium 195 is a medium capable of storing digital data, such as an optical disk such as a DVD or a CD, a magneto-optical disk, a magnetic disk, a magnetic tape, or a semiconductor memory such as a flash ROM, MRAM, or RAM. In the embodiment, it is assumed that the configuration is detachable from the drive 190. However, the recording medium 195 may be built in the information processing apparatus 100.
[0072]
The transport stream processing means (TS processing means) 198 takes out a transport packet corresponding to a specific content from a transport stream in which a plurality of contents are multiplexed, and outputs the appearance timing information of the taken out transport stream for each packet. At the same time, data processing for storage in the recording medium 195 is executed, and at the time of decryption / reproduction of the encrypted content from the recording medium 195, appearance timing control of the transport stream is performed.
[0073]
As described above, ATS (Arrival Time Stamp) as appearance timing information of each transport packet is set in the transport stream, and timing control is executed by ATS at the time of decoding by the MPEG2 decoder. The transport stream processing means (TS processing means) 198 records, for example, a transport packet on a recording medium as a source packet with the interval between the packets reduced. By storing the data in a recording medium, the output timing of each packet can be controlled during reproduction.
[0074]
The information processing apparatus 100 according to the present invention executes recording / reproduction of encrypted content configured by, for example, the above-described transport stream. Details of these processes will be described later. Note that the encryption processing means 150 and the TS processing means 198 shown in FIG. 2 are shown as separate blocks for easy understanding, but may be configured as one single-chip LSI that executes both functions. Also, a configuration in which both functions are realized by a combination of software or hardware may be adopted. Furthermore, all the blocks except the drive 190 and the recording medium 195 may be configured as a one-chip LSI, or these functions may be realized by a combination of software or hardware, thereby enabling information The robustness against the invalidation of the security function due to the modification of the processing apparatus 100 can be improved.
[0075]
[Data playback processing]
Next, decryption processing of encrypted data stored in the recording medium will be described. FIG. 3 is a diagram for explaining the procedure of the data decoding process. The process shown in FIG. 3 is a process mainly executed by the cryptographic processing means 150 shown in FIG.
[0076]
The information processing apparatus 210 reads the master key 211 stored in its own memory 180 (see FIG. 2). The master key 211 is an encryption provided based on a key distribution tree configuration based on a key stored as a key common to a plurality of information processing apparatuses or a device key stored in a licensed information processing apparatus. This is a key obtained by decrypting EKB (Enabling Key Block) as the encryption key block information.
[0077]
The information processing apparatus 210 checks whether or not a disc ID (Disc ID) 221 as identification information is already recorded on the information recording medium 220. If recorded, the disc ID (Disc ID) 221 is read from the information recording medium 220. A disc ID (Disc ID) 221 is disc-specific information and is stored in, for example, a general data storage area or a lead-in area.
[0078]
Next, in step S101, the information processing apparatus 210 generates a disk unique key (Disc Unique Key) using the master key 211 and the disk ID 221. As a specific method for generating a disk unique key (Disc Unique Key), for example, as shown in FIG. 4A, a disk ID (Disc ID) is used as an input value, and AES (Advanced Encryption) which is a common key encryption method is used. Standard) encryption is executed by using a master key as an encryption key, and as shown in FIG. 4B, a hash function SHA-1 defined by FIPS 180-1 is added to a master key and a disk. It is possible to apply a method in which data generated by bit concatenation with an ID (Disc ID) is input, and only a necessary data length is used as a disk unique key from the output.
[0079]
Next, title keys (Title Keys) 1 and 223 and title keys 2 and 224 which are two unique keys for each recorded content are read from the information recording medium 220. On the disc, there is a data management file that stores information about what data constitutes what title, and the title key is stored in this file. When there is only one title key for one disc, that is, when the title key for the disc ID 221 can be uniquely determined, it is stored in the general data storage area or the lead-in area, for example, in the same manner as the disc ID 221. You may make it do.
[0080]
Next, in step S102 and step S103, two title unique keys (Title Unique Keys) 1 and 2 are generated from a disc unique key (Disc Unique Key) and title keys (Title Key) 1 and 2. As a specific method for this generation, as described above, a method using SHA-1 or a method using a hash function based on a block cipher can be applied.
[0081]
Furthermore, the information processing apparatus 210 includes two title unique keys (Title Unique Keys) 1 and 2 generated in Steps S102 and S103, a recording seed (REC SEED) 225 read from the information recording medium 220, and a physical index 226. Based on the above, two recording keys (REC keys) K1 and K2 are generated in steps S104 and S105.
[0082]
An example of generation processing of the two recording keys (REC key) K1 and K2 executed in steps S102 to S105 will be described with reference to FIG.
[0083]
FIG. 5A shows the generation of the recording key K1 by the processing of steps S102 and S104 in FIG. 3, and FIG. 5B shows the generation processing example of the recording key K2 by the processing of steps S103 and S105 of FIG. Yes.
[0084]
In the process of FIG. 5A, first, the title key 1 read from the information recording medium is input to an AES (Advanced Encryption Standard) encryption processing unit 271 and the decryption process (Decryption) using the disc unique key generated in step S101 is applied. Is executed to generate the title unique key 1 (S102), and the physical index 226 read from the information recording medium is input to an AES (Advanced Encryption Standard) encryption processing unit 272, and the encryption using the title unique key 1 is applied. This is a process of executing the process (Encryption), and further executing the exclusive OR operation of the encryption process result and the title unique key 1 in the exclusive OR unit 273 and setting the output as the recording key 1 (S104). .
[0085]
In the process of FIG. 5B, the title key 2 read from the information recording medium is input to an AES (Advanced Encryption Standard) encryption processing unit 274, and the decryption process (Decryption) using the disc unique key generated in step S101 is performed. The title unique key 2 is generated (S103), and the recording seed (REC SEED) 225 read from the information recording medium is input to an Advanced Encryption Standard (AES) encryption processing unit 275. In this process, the applied encryption process (Encryption) is executed to generate the recording key 2 (S105).
[0086]
The recording keys K1 and K2 are keys that need to be used in the above-described reproduction processing process, but are also applied in encryption processing for recording content on an information recording medium.
[0087]
As shown in FIG. 6, the encrypted content stored in the information recording medium 284 is first edited in the content editing studio 282, and the edited content is transferred to a disc manufacturing entity 283 such as a disc manufacturing factory, so that information on the disc and the like is obtained. It is stored in a recording medium and provided to the user.
[0088]
In this manufacturing process, the content editing studio 282 sets a physical index and executes an encryption process to which the recording key K2 is applied to the edited content, and the disc manufacturing entity 283 sets a recording seed and records data. An encryption process using the key K1 is executed. As a result, the information recording medium 284 stores encrypted data that has been subjected to encryption processing using the two encryption keys of the recording keys K1 and K2. In such a disc manufacturing process, the management center 281 that executes content management provides the content editing studio with information that can acquire the title-specific key 2, and the disc manufacturing entity 283 acquires the title-specific key 1. Provide possible information.
[0089]
When the management center 281 executes such key management, only the content editing studio that receives the key information from the management center 281 and the disc manufacturing entity manufacture the information recording medium in which the encrypted content is stored. This prevents the production of pirated discs by unauthorized third parties. In particular, a content editing studio stores an editing identifier (editing ID) in a TS packet applied to the editing content, and this is processed together with the editing content by the content editing studio to be processed in any editing studio. Thus, it is possible to pass data to the disc manufacturing entity while keeping the edited content confidential, and it becomes possible to track and manage the content accepted by the disc manufacturing entity.
[0090]
In the example shown in FIG. 3, in order to calculate the two title-specific keys 1 and 2, two title keys 1 and 2 are stored in the information recording medium 220. Based on these two title keys, 2 title keys 1 and 2 are stored. Although an example of processing for calculating one title unique key has been shown, two title unique keys 1 and 2 are calculated from only one stored information without storing two title keys in the information recording medium 220 in this way. Configuration is also possible.
[0091]
A configuration example in which two title unique keys 1 and 2 are calculated from only one stored information will be described with reference to FIG. A random value such as a random number set for each editing (authoring) is stored in the information recording medium 220 as a disc key seed.
[0092]
In the processing example of FIG. 7A, the disc unique key is applied to the disc key seed, the AES encryption processing unit 291 executes encryption processing, and the output is the title unique key 1. Further, the title unique key 1 is input to the AES encryption processing unit 292, the disc unique key is applied to execute AES encryption processing, and the result is set as the title unique key 2.
[0093]
In the processing example of FIG. 7B, the disc unique key is applied to the disc key seed, the AES encryption processing unit 293 performs encryption processing, and the output is the title unique key 1. Further, the title unique key 1 is calculated by the calculation unit 294, for example, (disc key seed + 1) mod 2¹²⁸The result is input to the AES encryption processing unit 295, the disc unique key is applied to execute the AES encryption process, and the result is used as the title unique key 2. According to the method shown in FIG. 7, the information stored in the information recording medium 220 can be reduced.
[0094]
Returning to FIG. 3, the description of the data decoding / reproduction processing from the information recording medium will be continued. When the two recording keys (REC key) 1 and 2 are generated in steps S104 and S105, the block key Kb1 generation process is executed in step S106.
[0095]
In the block key Kb1 generation process, the seed information (seed 1) 227 is read from the information recording medium 220 as the block key Kb1 generation information, and the seed information (seed 1) 227 and the recording key K1 generated in step S104 are used. Data processing such as AES encryption processing is executed to generate the block key Kb1.
[0096]
Processing executed after the block key Kb1 generation processing in step S106 will be described with reference to FIG.
[0097]
In FIG. 8, the decoding process is executed in units of processing units 300. This processing unit corresponds to the processing unit (b) described above with reference to FIG. That is, one unit (1 AU: Aligned Unit) which is a cryptographic processing unit. The information processing apparatus 210 that performs reproduction of the encrypted data stored in the information recording medium 220 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0098]
The processing unit 300 includes 18-byte control data 301 and 6144-byte user data (including encrypted content). The 6144-byte user data is divided into 192 bytes, which are units of transport stream packets. The first TS packet 302 of user data and the subsequent 5952-byte TS packet group 303 will be described separately. In this example, seed information (seed 1) 311 is stored in the control data 301, and seed information (seed 2) 312 is encrypted and stored in the first TS packet 302 in the user data.
[0099]
Note that there are a plurality of modes for storing seeds 1 and 2 as seed information, and one example is shown here. Other examples will be described later.
[0100]
In FIG. 8, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0101]
In step S106 (FIGS. 3 and 8), seed information (seed 1) 311 read from the control data of the information recording medium is input to the AES encryption processing unit, and the recording key K1 generated in the previous step S104 is applied. The process of generating the block key Kb1 is executed by executing the AES encryption process. In FIG. 8, AES_G indicates a key generation process that applies AES encryption processing, and AES_D indicates a data decryption process that applies AES encryption processing.
[0102]
Next, in step S107 of FIG. 3, only the encrypted data portion that is the object of the decryption process in step S108 is extracted from the user data consisting of 32 TS packets, the decryption process of the extracted data is executed in step S108, and further in step S109. Only the encrypted data part to be decrypted in step S111 is extracted, and the decryption process of the extracted data is executed in step S111.
[0103]
Further, in step S112, only the encrypted data part to be decrypted in step S114 is extracted, the decrypted data is decrypted in step S114, and output from the decryption processing result data in step S114 and the selector step S112. The remaining unencrypted data is concatenated in step S114a, and is input as a decrypted TS packet group to, for example, an MPEG decoder, where it is decoded.
[0104]
In step S108 (see FIGS. 3 and 8), an AES decryption process using the block key Kb1 generated in step S106 is executed. In step S108, the decryption process is executed only for the data part that has been subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least the seed information (seed 2) of the first TS packet 302 of the user data is subjected to the encryption process using the block key Kb1 and the encryption process using the third encryption key K3. Data part.
[0105]
The third encryption key K3 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in advance in the information processing apparatus 210, or an encryption provided based on a key distribution tree configuration This key is set as a key obtained by decrypting an EKB (Enabling Key Block) as the encryption key block information or a key generated based on data stored in the information recording medium 220.
[0106]
In the example shown in FIG. 3, an example is shown in which a key generated based on data stored in the information recording medium 220 is applied as the third encryption key K3. In FIG. 3, the third encryption key K3 is the title unique key K3 generated in step S113 from the title keys 3 and 229 stored in the information recording medium 220 and the disc unique key generated in step S101. The generation process of the title unique key K3 is the same as the title unique key generation process in steps S102 and S103 described above with reference to FIGS. 5 and 7. For example, the title key 3,229 and the disc unique key It is generated by AES encryption processing based on the above.
[0107]
Note that the title keys 3 and 229 are read from the data management file stored in the general data storage area or the lead-in area of the information recording medium 220 in the same manner as the title keys 1 and 223 and the title keys 2 and 224.
[0108]
Note that there are several patterns regarding which data area the data portion subjected to the encryption processing to which the block key Kb1 and the third encryption key K3 are applied, and these will be described later.
[0109]
The head TS packet 302 shown in FIG. 8 includes seed information (seed 2) necessary for calculating another user data portion, that is, the block key Kb2 applied to the decryption process of the subsequent 5952-byte TS packet group 303. ) 312 is included. The head TS packet 302 including the seed information (seed 2) 312 is encrypted data that has been subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3, as described above. .
[0110]
As a result of the decryption process to which the block key Kb1 is applied in step S108, an encrypted TS packet 304 subjected to only the encryption process to which the third encryption key K3 is applied is calculated, and seed information (seed 2) is obtained from the encrypted TS packet 304. Extract. The TS packet 304 in which the seed information (seed 2) is stored is encrypted with the third encryption key K3 (title unique key K3), but the seed information (seed 2) is extracted from the encrypted TS packet. Information.
[0111]
The selector step S109 in FIG. 3 outputs the seed information (seed 2) from the result of the decryption process to which the block key Kb1 is applied to the block key Kb2 generation step in step S110, and the encrypted data encrypted with the block key Kb2. Is output to the decoding step S111, and other data is output to the selector step S112.
[0112]
In step S110 (see FIG. 3 and FIG. 8), in the seed information (seed 2) extracted from the TS packet 304 obtained as a result of the decryption process using the block key Kb1 in step S108, and in step S105 (see FIG. 3) Based on the generated recording key K2, AES encryption processing is executed to calculate a block key Kb2.
[0113]
Next, in step S111, the encryption unit (the data area 303 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 305 is generated.
[0114]
Further, the selector step S112 of FIG. 3 is a step of selectively outputting the TS packet 304 encrypted with the third encryption key K3, that is, the title unique key K3, to the decryption step S114.
[0115]
In step S114 (see FIGS. 3 and 8), the encrypted TS packet 304 is decrypted with the title unique key K3, and the decrypted TS packet 306 is output. The encrypted TS packet 304 is data obtained by decrypting the TS packet 302 by applying the block key Kb1 in step S108. That is, the first TS packet 302 including the seed information (seed 2) 312 shown in FIG. 8 is configured as data that is encrypted with the block key Kb1 and further encrypted with the third encryption key K3. The decryption TS packet 306 is obtained by executing the decryption process applying the block key Kb1 in step S108 and the decryption process applying the third encryption key K3 (title unique key K3) in step S114.
[0116]
The decoded TS packet group 305 and the decoded TS packet 306 are combined and input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0117]
As described above, in the configuration of the present invention, the seed information (seed 2) necessary for generating the key (block key Kb2) applied to the decryption of the encrypted content is used as a plurality of other keys, that is, the block key. Since it is configured to be encrypted and stored with Kb1 and the third encryption key K3, it is impossible to read the seed information (seed 2) directly from the disk. Therefore, the key information generated using the seed information is analyzed. As a result, it becomes difficult to analyze cryptographic algorithms, and content protection with a high security level is realized.
[0118]
There are various modes for storing the two seed information, and a plurality of examples will be described below.
[0119]
FIG. 9 shows an example in which seed information (seed 1) and seed information (seed 2) are both stored in the first TS packet 302 in the user data. In the example described above with reference to FIG. 8, the seed information (seed 1) 311 is stored in the control data 301, and the seed information (seed 2) 312 is encrypted in the first TS packet 302 in the user data. In the configuration example shown in FIG. 9, seed information (seed 1) 321 and seed information (seed 2) 322 are both stored in the first TS packet 302 in the user data. It is an example.
[0120]
The head TS packet 302 is encrypted with the block key Kb1 obtained by applying the seed information (seed 1) 321 and encrypted with the third encryption key K3, as in the example described in FIG. It is set as a data area that has been double-encrypted.
[0121]
In FIG. 9, the decoding process is executed in units of processing units 300. This processing unit is one unit (1 AU: Aligned Unit) corresponding to the processing unit (b) described above with reference to FIG. The information processing apparatus 210 that performs reproduction of the encrypted data stored in the information recording medium 220 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0122]
The process of FIG. 9 will be described. In FIG. 9, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0123]
In step S106 (FIGS. 3 and 9), the seed information (seed 1) 321 read from the first TS packet of the user data of the information recording medium is input to the AES encryption processing unit, and the previous step S104 (see FIG. 3). This is the step of executing the AES encryption process to which the recording key K1 generated in step 1 is applied and the block key Kb1 generation process.
[0124]
Next, in step S107 of FIG. 3, the data part to be subjected to the decryption process to which the block key Kb1 in step S108 is applied, that is, the head TS packet 302 is selected from the user data consisting of 32 TS packets, and the block key is selected in step S108. A decoding process (AES decoding process) to which Kb1 is applied is executed, and a TS packet 304 is obtained. The TS packet 304 is data encrypted with the third encryption key K3 (title unique key K3).
[0125]
In the encrypted data area of the first TS packet 302, seed information (in order to calculate the block key Kb2 applied to the decryption process of the other user data portion, that is, the subsequent 5952-byte TS packet group 303). Seed 2) 322 is included.
[0126]
In step S108 (see FIGS. 3 and 9), an AES decryption process using the block key Kb1 generated in step S106 is executed. In step S108, the decryption process is executed only for the data part that has been subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least the seed information (seed 2) of the first TS packet 302 of the user data is subjected to the encryption process using the block key Kb1 and the encryption process using the third encryption key K3. Data part.
[0127]
The third encryption key K3 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in advance in the information processing apparatus 210, or an encryption provided based on a key distribution tree configuration This key is set as a key obtained by decrypting an EKB (Enabling Key Block) as the encryption key block information or a key generated based on data stored in the information recording medium 220. In this example, the title unique key K3 generated based on the title keys 3 and 229 stored in the information recording medium 220 is applied as the third encryption key K3.
[0128]
The head TS packet 302 shown in FIG. 9 includes seed information (seed 2) necessary for calculating another user data part, that is, the block key Kb2 applied to the decryption process of the subsequent 5952-byte TS packet group 303. ) 322, and the first TS packet 302 including the seed information (seed 2) 322 is subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3, as described above. Encrypted data.
[0129]
As a result of the decryption process to which the block key Kb1 is applied in step S108, an encrypted TS packet 304 subjected to only the encryption process to which the third encryption key K3 is applied is calculated, and seed information (seed 2) is obtained from the encrypted TS packet 304. Extract.
[0130]
The selector step S109 in FIG. 3 outputs the seed information (seed 2) from the result of the decryption process to which the block key Kb1 is applied to the block key Kb2 generation step in step S110, and the encrypted data encrypted with the block key Kb2. Is output to the decoding step S111, and other data is output to the selector step S112.
[0131]
In step S110 (see FIG. 3 and FIG. 9), in the seed information (seed 2) extracted from the TS packet 304 obtained as a result of the decryption process using the block key Kb1 in step S108, and in step S105 (see FIG. 3) Based on the generated recording key K2, AES encryption processing is executed to calculate a block key Kb2.
[0132]
Next, in step S111, the encryption unit (the data area 303 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 305 is generated.
[0133]
Further, the selector step S112 of FIG. 3 is a step of selectively outputting the TS packet 304 encrypted with the third encryption key K3, that is, the title unique key K3, to the decryption step S114.
[0134]
In step S114 (see FIGS. 3 and 9), the encrypted TS packet 304 is decrypted with the title unique key K3, and the decrypted TS packet 306 is output. The encrypted TS packet 304 is data obtained by decrypting the TS packet 302 by applying the block key Kb1 in step S108. That is, the first TS packet 302 including the seed information (seed 2) 322 shown in FIG. 9 is configured as data encrypted with the block key Kb1 and further encrypted twice with the third encryption key K3. The decryption TS packet 306 is obtained by executing the decryption process applying the block key Kb1 in step S108 and the decryption process applying the third encryption key K3 (title unique key K3) in step S114.
[0135]
The decoded TS packet group 305 and the decoded TS packet 306 are combined and input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0136]
As described above, in this configuration, seed information (seed 1) and seed information (seed 2) are both stored in the first TS packet in the user data, and the seed required for generating the block key Kb2 The information (seed 2) is encrypted with the block key Kb1 generated based on the seed information (seed 1) and the recording key K1, and is further encrypted with the third encryption key K3 (first TS packet). Therefore, it is impossible to read the seed information (seed 2) directly from the disk. Therefore, it is difficult to analyze the key information generated using the seed information and the cryptographic algorithm, Content protection with a high security level is realized.
[0137]
The example shown in FIG. 10 is an example in which seed information (seed 1) 331 is stored in the first TS packet 302 in the user data, and seed information (seed 2) 332 is stored in the next second TS packet 341 in the user data. is there.
[0138]
The first TS packet 302 and the second TS packet 341 are encrypted with the block key Kb1 acquired by applying the seed information (seed 1) 331, and further encrypted with the third encryption key K3. It is set as a data area that has been double-encrypted.
[0139]
In FIG. 10, the decoding process is executed in units of processing units 300. This processing unit is one unit (1 AU: Aligned Unit) corresponding to the processing unit (b) described above with reference to FIG. The information processing apparatus 210 that performs reproduction of the encrypted data stored in the information recording medium 220 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0140]
The process of FIG. 10 will be described. In FIG. 10, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0141]
In step S106 (FIGS. 3 and 10), the seed information (seed 1) 331 read from the first TS packet of the user data of the information recording medium is input to the AES encryption processing unit, and the previous step S104 (see FIG. 3). This is a step of generating the block key Kb1 by executing the AES encryption process to which the recording key K1 generated in step 1 is applied.
[0142]
Next, in step S107 of FIG. 3, the data part to be subjected to the decryption process to which the block key Kb1 in step S108 is applied, ie, the first TS packet 302 and the second TS packet 341 are selected from the user data consisting of 32 TS packets. In S108, decryption processing (AES decryption processing) to which the block key Kb1 is applied is executed to obtain a TS packet 304. The TS packet 304 is data encrypted with the third encryption key K3 (title unique key K3).
[0143]
As a result of the decryption process to which the block key Kb1 is applied in step S108, an encrypted TS packet 304 subjected to only the encryption process to which the third encryption key K3 is applied is calculated, and seed information (seed 2) is obtained from the encrypted TS packet 304. Extract.
[0144]
The selector step S109 in FIG. 3 outputs the seed information (seed 2) from the result of the decryption process to which the block key Kb1 is applied to the block key Kb2 generation step in step S110, and the encrypted data encrypted with the block key Kb2. Is output to the decoding step S111, and other data is output to the selector step S112.
[0145]
In step S110 (see FIG. 3 and FIG. 10), in the seed information (seed 2) extracted from the TS packet 304 acquired as a result of the decryption process using the block key Kb1 in step S108, and in step S105 (see FIG. 3) Based on the generated recording key K2, AES encryption processing is executed to calculate a block key Kb2.
[0146]
Next, in step S111, the encryption part (data area 342 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 305 is generated.
[0147]
Further, the selector step S112 in FIG. 3 is a step of selectively outputting to the decryption step S114 the TS packet 304 composed of the first and next TS packets encrypted with the third encryption key K3, that is, the title unique key K3. .
[0148]
In step S114 (see FIGS. 3 and 10), the encrypted TS packet 304 is decrypted with the title unique key K3, and the decrypted TS packet 306 is output. The top TS packet 302 and the next TS packet 341 shown in FIG. 10 are configured as data encrypted with the block key Kb1 and further double-encrypted with the third encryption key K3, and the block key in step S108. The decryption TS packet 306 is obtained by executing the decryption process applying Kb1 and the decryption process applying the third encryption key K3 (title unique key K3) in step S114.
[0149]
The decoded TS packet group 305 and the decoded TS packet 306 are combined and input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0150]
As described above, in this configuration, seed information (seed 1) and seed information (seed 2) are both stored in the first TS packet in the user data, and the seed required for generating the block key Kb2 The information (seed 2) is stored in the second TS packet in the user data, and the first TS packet and the second TS packet including the seed information (seed 2) are based on the seed information (seed 1) and the recording key K1. In this case, the seed information (seed 2) can be read directly from the disk because it is encrypted with the block key Kb1 that is generated in this way and further stored in the area (first TS packet) that is encrypted with the third encryption key K3. Therefore, it is difficult to analyze the key information generated by using the seed information and the analysis of the cryptographic algorithm. Content protection is achieved high Ireberu.
[0151]
In the above-described example, the example in which the third encryption key K3 is set as a key generated based on the data (title key 3) stored in the information recording medium 220 has been described, but the third encryption key K3 is EKB as a secret key stored in advance in information processing device 210, a key generated based on information stored in advance in information processing device 210, or encryption key block information provided based on a key distribution tree configuration It is possible to set (Enabling Key Block) as a key to be obtained by decryption.
[0152]
For example, as shown in FIG. 11, the third encryption key K3, 230 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in the information processing apparatus 210, or key distribution A configuration in which EKB (Enabling Key Block) as encryption key block information provided based on the tree configuration is set as a key to be acquired by decryption, and generation processing based on acquired data from the information recording medium 220 is unnecessary. Is possible.
[0153]
In the above-described example, the decryption process for the seed information (seed 2) storage area encrypted with the block key Kb1 and the third encryption key K3 is first executed by applying the block key Kb1, The configuration example in which the seed information (seed 2) is acquired from the result of the first decryption processing and the block key Kb2 is generated by applying the acquired seed information (seed 2) has been described. For the seed information (seed 2) storage area encrypted with the third encryption key K3, the decryption process to which the block key Kb1 is applied and the decryption process to which the third encryption key K3 is applied are continuously executed. It is also possible to obtain seed information (seed 2) from the result of the decryption process and generate the block key Kb2 by applying this obtained seed information (seed 2). Hereinafter, a processing example in which the decryption process using the block key Kb1 and the decryption process using the third encryption key K3 are executed in succession will be described.
[0154]
FIG. 12 is a diagram for explaining the procedure of the data decryption process in which the decryption process to which the block key Kb1 is applied and the decryption process to which the third encryption key K3 is applied are continuously performed. The processing shown in FIG. 12 is mainly processing executed by the cryptographic processing means 150 shown in FIG.
[0155]
The information processing apparatus 210 reads the master key 211 stored in its own memory 180 (see FIG. 2). The master key 211 is an encryption provided based on a key distribution tree configuration based on a key stored as a key common to a plurality of information processing apparatuses or a device key stored in a licensed information processing apparatus. This is a key obtained by decrypting EKB (Enabling Key Block) as the encryption key block information.
[0156]
The information processing apparatus 210 checks whether or not a disc ID (Disc ID) 221 as identification information is already recorded on the information recording medium 220. If recorded, the disc ID (Disc ID) 221 is read from the information recording medium 220. A disc ID (Disc ID) 221 is disc-specific information and is stored in, for example, a general data storage area or a lead-in area.
[0157]
Next, the information processing apparatus 210 generates a disk unique key (Disc Unique Key) using the master key 211 and the disk ID 221 in step S201. As a specific method for generating a disc unique key, the processing described above with reference to FIG. 4 can be applied.
[0158]
Next, in steps S202 to S204, title keys 1 and 223, title keys 2 and 224, and title keys 3 and 229, which are three unique keys for each recorded content, are read from the information recording medium 220, and are recorded on the disc. From the key (Disc Unique Key) and each title key (Title Key) 1, 2, 3, three title unique keys (Title Unique Key) 1, 2, 3 are generated. The title unique key 3 is used as a third encryption key.
[0159]
Furthermore, the information processing apparatus 210 uses the recording key (REC key) in steps S205 and S206 based on the title unique keys 1 and 2, the recording seed (REC SEED) 225 and the physical index 226 read from the information recording medium 220. ) K1 and K2 are generated. A method similar to that described above with reference to FIGS. 5 and 7 is applied to generate the recording key (REC key).
[0160]
In step S207, the block key Kb1 generation process is executed. In the block key Kb1 generation process, the seed information (seed 1) 227 is read from the information recording medium 220 as the block key Kb1 generation information, and the seed information (seed 1) 227 and the recording key K1 generated in step S104 are used. Data processing such as AES encryption processing is executed to generate the block key Kb1.
[0161]
Processing executed after the block key Kb1 generation processing in step S207 will be described with reference to FIG.
[0162]
In FIG. 13, the decoding process is executed in units of processing units 350. This processing unit corresponds to the processing unit (b) described above with reference to FIG. That is, one unit (1 AU: Aligned Unit) which is a cryptographic processing unit. The information processing apparatus 210 that performs reproduction of the encrypted data stored in the information recording medium 220 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0163]
The processing unit 350 includes 18-byte control data 351 and 6144-byte user data (including encrypted content). The 6144-byte user data is divided into 192 bytes, which are units of transport stream packets. The first TS packet 352 of user data and the subsequent 5952-byte TS packet group 353 will be described separately. In this example, seed information (seed 1) 361 is stored in the control data 351, and seed information (seed 2) 362 is encrypted and stored in the first TS packet 352 in the user data.
[0164]
In FIG. 13, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0165]
In step S207 (FIGS. 12 and 13), seed information (seed 1) 361 read from the control data of the information recording medium is input to the AES encryption processing unit, and the recording key K1 generated in the previous step S206 is applied. The process of generating the block key Kb1 is executed by executing the AES encryption process.
[0166]
Next, in step S208 of FIG. 12, only the encrypted data portion that is the object of the decryption process in step S209 is extracted from the user data consisting of 32 TS packets, the decryption process of the extracted data is executed in step S209, and further in step S210 Only the encrypted data part to be decrypted in step S211 is extracted, and the decryption process of the extracted data is executed in step S211.
[0167]
Furthermore, in step S212, only the encrypted data part to be decrypted in step S214 is extracted, the decrypted data is decrypted in step S214, and output from the decryption processing result data in step S214 and the selector step S212. The remaining unencrypted data is concatenated in the selector step S215, and is input as a decoded TS packet group to, for example, an MPEG decoder for decoding processing.
[0168]
In step S209 (see FIGS. 12 and 13), an AES decryption process using the block key Kb1 generated in step S207 is executed. In step S209, a decryption process is executed only for the data part subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least seed information (seed 2) of the first TS packet 352 of the user data is subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3. Data part.
[0169]
The third encryption key K3 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in advance in the information processing apparatus 210, or an encryption provided based on a key distribution tree configuration This key is set as a key obtained by decrypting an EKB (Enabling Key Block) as the encryption key block information or a key generated based on data stored in the information recording medium 220.
[0170]
In the example shown in FIG. 12, a key generated based on data stored in the information recording medium 220 is applied as the third encryption key K3. In FIG. 12, the third encryption key K3 is the title unique key K3 generated in step S203 from the title keys 3 and 229 stored in the information recording medium 220 and the disc unique key generated in step S201.
[0171]
The head TS packet 352 shown in FIG. 13 includes seed information (seed 2) necessary for calculating another user data part, that is, the block key Kb2 applied to the decryption process of the subsequent 5952-byte TS packet group 353. ) 362 is included. The head TS packet 352 including the seed information (seed 2) 362 is encrypted data that has been subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3, as described above. .
[0172]
As a result of the decryption process applying the block key Kb1 in step S209, an encrypted TS packet subjected to only the encryption process applying the third encryption key K3 is calculated. This TS packet is combined with other data in the selector step S210, and in step S211, a decryption process using the third encryption key K3 (title unique key K3) is executed.
[0173]
In the example of FIG. 13, the data that is the target of the decryption process to which the third encryption key K3 in step S211 is applied is the first TS packet 352 including the seed information (seed 2) 362. As described above, the decryption TS packet 354 is obtained by performing the continuous decryption process by applying the block key Kb1 and the third encryption key (title unique key K3) to the top TS packet 352, and the seed information is obtained therefrom. (Seed 2) is extracted.
[0174]
The selector step S212 in FIG. 12 outputs seed information (seed 2) to the block key Kb2 generation step in step S213 from the result of the decryption process using the block key Kb1 and the third encryption key (title unique key K3). The encrypted data encrypted with the block key Kb2 is output to the decryption step S214, and the other data is output to the selector step S215.
[0175]
In step S213 (see FIGS. 12 and 13), seed information extracted from the TS packet 354 acquired as a result of the decryption process using the block key Kb1 and the third encryption key (title specific key K3) in steps S209 and S211. Based on (Seed 2) and the recording key K2 generated in step S206 (see FIG. 12), AES encryption processing is executed to calculate a block key Kb2.
[0176]
Next, in step S214, the encryption part (data area 353 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 355 is generated.
[0177]
The decoded TS packet group 355 and the decoded TS packet 354 are combined, input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0178]
As described above, in the configuration of the present invention, the seed information (seed 2) necessary for generating the key (block key Kb2) applied to the decryption of the encrypted content is used as a plurality of other keys, that is, the block key. Since it is configured to be encrypted and stored with Kb1 and the third encryption key K3, it is impossible to read the seed information (seed 2) directly from the disk. Therefore, the key information generated using the seed information is analyzed. As a result, it becomes difficult to analyze cryptographic algorithms, and content protection with a high security level is realized.
[0179]
FIG. 14 shows an example in which both seed information (seed 1) and seed information (seed 2) are stored in the first TS packet 302 in the user data. In the example described above with reference to FIG. 13, the seed information (seed 1) 361 is stored in the control data 351, and the seed information (seed 2) 362 is encrypted in the first TS packet 352 in the user data. In the configuration example shown in FIG. 14, seed information (seed 1) 371 and seed information (seed 2) 372 are both stored in the first TS packet 352 in the user data. It is an example.
[0180]
The head TS packet 352 is encrypted by the block key Kb1 obtained by applying the seed information (seed 1) 371 and encrypted by the third encryption key K3, as in the example described in FIG. It is set as a data area that has been double-encrypted.
[0181]
In step S207 (FIGS. 12 and 14), seed information (seed 1) 371 read from the first TS packet 352 of the information recording medium is input to the AES encryption processing unit, and the recording key K1 generated in the previous step S206 is used. A process of generating the block key Kb1 by executing the applied AES encryption process is executed.
[0182]
Next, in step S208 of FIG. 12, only the encrypted data portion that is the object of the decryption process in step S209 is extracted from the user data consisting of 32 TS packets, the decryption process of the extracted data is executed in step S209, and further in step S210 Only the encrypted data part to be decrypted in step S211 is extracted, and the decryption process of the extracted data is executed in step S211.
[0183]
Furthermore, in step S212, only the encrypted data part to be decrypted in step S214 is extracted, the decrypted data is decrypted in step S214, and output from the decryption processing result data in step S214 and the selector step S212. The remaining unencrypted data is concatenated in the selector step S215, and is input as a decoded TS packet group to, for example, an MPEG decoder for decoding processing.
[0184]
In step S209 (see FIGS. 12 and 14), an AES decryption process using the block key Kb1 generated in step S207 is executed. In step S209, a decryption process is executed only for the data part subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least seed information (seed 2) of the first TS packet 352 of the user data is subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3. Data part.
[0185]
The third encryption key K3 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in advance in the information processing apparatus 210, or an encryption provided based on a key distribution tree configuration This key is set as a key obtained by decrypting an EKB (Enabling Key Block) as the encryption key block information or a key generated based on data stored in the information recording medium 220.
[0186]
In the example shown in FIG. 12, a key generated based on data stored in the information recording medium 220 is applied as the third encryption key K3. In FIG. 12, the third encryption key K3 is the title unique key K3 generated in step S203 from the title keys 3 and 229 stored in the information recording medium 220 and the disc unique key generated in step S201.
[0187]
The head TS packet 352 shown in FIG. 14 includes seed information (seed 2) necessary for calculating another user data part, that is, the block key Kb2 applied to the decryption process of the subsequent 5952-byte TS packet group 353. ) 372. The head TS packet 352 including the seed information (seed 2) 372 is encrypted data that has been subjected to encryption processing using the block key Kb1 and encryption processing applying the third encryption key K3, as described above. .
[0188]
As a result of the decryption process applying the block key Kb1 in step S209, an encrypted TS packet subjected to only the encryption process applying the third encryption key K3 is calculated. This TS packet is combined with other data in the selector step S210, and in step S211, a decryption process using the third encryption key K3 (title unique key K3) is executed.
[0189]
In the example of FIG. 14, the data to be subjected to the decryption process to which the third encryption key K3 in step S211 is applied is the first TS packet 352 including the seed information (seed 2) 372. As described above, the decryption TS packet 354 is obtained by performing the continuous decryption process by applying the block key Kb1 and the third encryption key (title unique key K3) to the top TS packet 352, and the seed information is obtained therefrom. (Seed 2) is extracted.
[0190]
The selector step S212 in FIG. 12 outputs seed information (seed 2) to the block key Kb2 generation step in step S213 from the result of the decryption process using the block key Kb1 and the third encryption key (title unique key K3). The encrypted data encrypted with the block key Kb2 is output to the decryption step S214, and the other data is output to the selector step S215.
[0191]
In step S213 (see FIGS. 12 and 14), seed information extracted from the TS packet 354 acquired as a result of the decryption process using the block key Kb1 and the third encryption key (title specific key K3) in steps S209 and S211. Based on (Seed 2) and the recording key K2 generated in step S206 (see FIG. 12), AES encryption processing is executed to calculate a block key Kb2.
[0192]
Next, in step S214, the encryption part (data area 353 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 355 is generated.
[0193]
The decoded TS packet group 355 and the decoded TS packet 354 are combined, input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0194]
As described above, in this configuration, the seed information (seed 2) necessary for generating the key (block key Kb2) to be applied to the decryption of the encrypted content is converted into a plurality of other keys, that is, the block key Kb1. Since the third encryption key K3 encrypts and stores the seed information, it is impossible to read the seed information (seed 2) directly from the disk. Therefore, the key information generated using the seed information is analyzed and encrypted. The difficulty of algorithm analysis increases, and content protection with a high security level is realized.
[0195]
The example shown in FIG. 15 is an example in which seed information (seed 1) 381 is stored in the first TS packet 352 in the user data and seed information (seed 2) 382 is stored in the next second TS packet 391 in the user data. is there.
[0196]
The first TS packet 352 and the second TS packet 391 are encrypted with the block key Kb1 obtained by applying the seed information (seed 1) 381 and further encrypted with the third encryption key K3. It is set as a data area that has been double-encrypted.
[0197]
The process of FIG. 15 will be described. In FIG. 15, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0198]
In step S207 (FIGS. 12 and 15), the seed information (seed 1) 381 read from within the first TS packet of the user data of the information recording medium is input to the AES encryption processing unit, and the previous step S205 (see FIG. 12). This is a step of generating the block key Kb1 by executing the AES encryption process to which the recording key K1 generated in step 1 is applied.
[0199]
Next, in step S208 of FIG. 12, the data part to be subjected to the decryption process to which the block key Kb1 in step S209 is applied is selected from the user data consisting of 32 TS packets, that is, the first TS packet 352 and the second TS packet 391 are selected. In S209, a decryption process (AES decryption process) using the block key Kb1 is executed.
[0200]
As a result of the decryption process applying the block key Kb1 in step S209, an encrypted TS packet subjected to only the encryption process applying the third encryption key K3 is calculated. This TS packet is combined with other data in the selector step S210, and in step S211, a decryption process using the third encryption key K3 (title unique key K3) is executed.
[0201]
In the example of FIG. 15, the data to be subjected to the decryption process to which the third encryption key K3 in step S211 is applied is the first TS packet 352 and the second TS packet 391 including seed information (seed 2) 382. Thus, the decryption TS packet 354 is obtained by executing the continuous decryption process by applying the block key Kb1 and the third encryption key (title unique key K3) to the first TS packet 352 and the second TS packet 391, The seed information (seed 2) is extracted from the list.
[0202]
The selector step S212 in FIG. 12 outputs seed information (seed 2) to the block key Kb2 generation step in step S213 from the result of the decryption process using the block key Kb1 and the third encryption key (title unique key K3). The encrypted data encrypted with the block key Kb2 is output to the decryption step S214, and the other data is output to the selector step S215.
[0203]
In step S213 (see FIGS. 12 and 15), seed information extracted from the TS packet 354 acquired as a result of the decryption process using the block key Kb1 and the third encryption key (title specific key K3) in steps S209 and S211. Based on (Seed 2) and the recording key K2 generated in step S206 (see FIG. 12), AES encryption processing is executed to calculate a block key Kb2.
[0204]
Next, in step S214, the encryption part (data area 392 encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and the decrypted TS packet group 355 is generated.
[0205]
The decoded TS packet group 355 and the decoded TS packet 354 are combined, input to, for example, an MPEG2 decoder, decoded, and reproduced.
[0206]
As described above, in this configuration, seed information (seed 1) and seed information (seed 2) are both stored in the first TS packet in the user data, and the seed required for generating the block key Kb2 The information (seed 2) is stored in the second TS packet in the user data, and the first TS packet and the second TS packet including the seed information (seed 2) are based on the seed information (seed 1) and the recording key K1. In this case, the seed information (seed 2) can be read directly from the disk because it is encrypted with the block key Kb1 that is generated in this way and further stored in the area (first TS packet) that is encrypted with the third encryption key K3. Therefore, it is difficult to analyze the key information generated by using the seed information and the analysis of the cryptographic algorithm. Content protection is achieved high Ireberu.
[0207]
In the above-described example, the example in which the third encryption key K3 is set as a key generated based on the data (title key 3) stored in the information recording medium 220 has been described, but the third encryption key K3 is EKB as a secret key stored in advance in information processing device 210, a key generated based on information stored in advance in information processing device 210, or encryption key block information provided based on a key distribution tree configuration It is possible to set (Enabling Key Block) as a key to be obtained by decryption.
[0208]
For example, as shown in FIG. 16, the third encryption key K3, 230 is a secret key stored in advance in the information processing apparatus 210, a key generated based on information stored in the information processing apparatus 210, or key distribution A configuration in which EKB (Enabling Key Block) as encryption key block information provided based on the tree configuration is set as a key to be acquired by decryption, and generation processing based on acquired data from the information recording medium 220 is unnecessary. Is possible.
[0209]
Next, an example of an area to be encrypted with the block key Kb1 generated based on the seed information (seed 1) and the recording key K and the third encryption key K3 will be described with reference to FIGS. To do. FIG. 17 shows an example in which seed information (seed 1) is stored in the control block and seed information (seed 2) is included in one TS packet of user data.
[0210]
In the above-described example, the case where the seed information (seed 2) is included in the head of the user data or the second TS packet has been described, but the seed information (seed 2) is the head or the second one. It can be stored in any TS packet that constitutes the user data portion other than the TS packet.
[0211]
When seed information (seed 2) is stored in any TS packet of user data, encryption is performed using the block key Kb1 generated based on the seed information (seed 1) and the recording key K1, and the third encryption key K3. As an example of a region to be performed, for example, there are configurations shown in FIGS. (A) is an example in which only the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3. The other area is a non-encrypted area or a data area encrypted with the block information Kb2 generated by the seed information (seed 2) and the recording key K2.
[0212]
(B) is an example in which a partial region of the TS packet including the seed information (seed 2) is encrypted with the block key Kb1, and the entire region of the TS packet is encrypted with the third encryption key K3.
[0213]
For example, seed information (seed 2) and edit identifier (edit ID) are stored in the TS packet in the content editing studio 282 (see FIG. 6), and the seed information (seed 1) is stored in the disc manufacturing entity 283 (see FIG. 6). The seed information (seed 2) is encrypted using the record key K1 that can be generated on the basis of the recording key K1, and then stored in the disk.
[0214]
(C) is an example in which the entire region of one TS packet including the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3.
[0215]
The example shown in FIG. 18 shows an example in which seed information (seed 1) and seed information (seed 2) are stored in the same TS packet. The seed information (seed 1) is stored as non-encrypted information using the block keys Kb1 and Kb2. The seed information (seed 2) is encrypted with the block key Kb1 generated based on the seed information (seed 1) and the recording key K1, and the third encryption key K3, and is the same TS as the seed information (seed 1). Stored in the packet.
[0216]
(D) is an example in which only the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3. The other area is a non-encrypted area or a data area encrypted with the block information Kb2 generated by the seed information (seed 2) and the recording key K2.
[0217]
(E) is an example in which a partial region of the TS packet including the seed information (seed 2) is encrypted with the block key Kb1, and the entire region of the TS packet is encrypted with the third encryption key K3. (F) is an example in which the entire region of one TS packet including the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3.
[0218]
The example shown in FIG. 19 shows an example in which seed information (seed 1) and seed information (seed 2) are stored in different TS packets. The seed information (seed 1) is stored as non-encrypted information using the block keys Kb1 and Kb2. The seed information (seed 2) is encrypted with the block key Kb1 generated based on the seed information (seed 1) and the recording key K1, and the third encryption key K3, and is a TS packet different from the seed information (seed 1). Stored in.
[0219]
(G) is an example in which only the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3. The other area is a non-encrypted area or a data area encrypted with the block information Kb2 generated by the seed information (seed 2) and the recording key K2.
[0220]
(H) is an example in which the entire region of one TS packet including the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3. (I) is an example in which the entire region of one TS packet including the seed information (seed 2) is encrypted with the block key Kb1 and the third encryption key K3.
[0221]
As described above with reference to FIGS. 17 to 19, various settings are possible for the storage mode of the seed information (seed 1) and the seed information (seed 2) and the setting mode of the encrypted data area. However, in any case, the seed information (seed 2) is stored by being encrypted with the key generated using the seed information (seed 1), that is, the block key Kb1 and the third encryption key K3. Direct reading from the information recording medium becomes impossible, analysis of seed information (seed 2), analysis of block key Kb2 generated by applying seed information (seed 2), and user data encrypted by block key Kb2 It becomes possible to increase the analysis difficulty of the encryption algorithm. Further, when the seed information (seed 1) is encrypted with the third encryption key K3, analysis of the seed information (seed 1), analysis of the block key Kb1 generated by applying the seed information (seed 1), It becomes possible to increase the difficulty of analyzing the user data encryption algorithm encrypted by the block key Kb1.
[0222]
[Data Input / Output Configuration via Interface with Information Recording Medium Drive Device]
Next, in an information processing apparatus such as a PC, it is connected to an information recording medium drive loaded with an information recording medium such as a DVD or CD via various interfaces, for example, an interface such as SCSI, IEEE 1394, or USB. A processing example when executing data transfer will be described.
[0223]
For example, as shown in FIG. 20, an information processing apparatus 410 such as a PC and an information recording medium drive 420 equipped with an information recording medium 430 such as a DVD or CD are connected via both interfaces 411 and 421. The information recording medium drive 420 accesses the information recording medium 430, transfers the data via both interfaces 411 and 421, and reproduces the information on the information processing apparatus 410 such as a PC.
[0224]
As shown in the figure, when data is transferred via the interfaces 411 and 421, if the above-mentioned seed information (seed 2) is included in the unencrypted state in the transfer data, seed information (seed 2 from the transfer data) is transmitted. ) May occur.
[0225]
Therefore, in the configuration of the present invention, when data transfer is performed between the information processing apparatus 410 and the information recording medium drive 420 via an interface, an authentication process is executed between both apparatuses, and the result of the authentication process is The transfer data is encrypted and transmitted using the session key acquired by both devices. Details of this processing configuration will be described below.
[0226]
FIG. 21 is a diagram for explaining processing in the case of executing data reading and reproduction of the information recording medium 520 storing the encrypted content in the information processing apparatus 500 such as a PC and the information recording medium drive 510. Note that both the information processing apparatus 500 and the information recording medium drive 510 have substantially the same configuration as that described above with reference to FIG. However, in the information processing apparatus 500 such as a PC, the recording medium 195 and the drive 190 shown in FIG. 2 are not essential, and only the information recording medium drive 510 needs to be provided. Further, the MPEG codec 130 and the TS processing means 198 may be configured only in the information processing apparatus 500 such as a PC, and need not be configured in the information recording medium drive 510.
[0227]
With reference to FIG. 21, processing when data in the information recording medium 520 is read by the information recording medium drive 510 and transferred to the information processing apparatus 500 for reproduction will be described.
[0228]
The information recording medium drive 510 reads the master key 511 stored in its own memory 180 (see FIG. 2). Note that the master key 511 may be transmitted from the information processing apparatus 500 to the information recording medium drive 510 when stored on the information processing apparatus 500 side. The master key 511 is a key stored in a licensed information processing apparatus (including an information recording medium drive) or a key generated based on stored information.
[0229]
The information recording medium drive 510 reads a disc ID (Disc ID) 521 from the information recording medium 520. A disc ID (Disc ID) 521 is disc-specific information and is stored in, for example, a general data storage area or a lead-in area.
[0230]
Next, in step S551, the information recording medium drive 510 uses the master key 511 and the disc ID 521 to generate a disc unique key. As a specific method for generating a disc unique key, the same method as described above with reference to FIG. 4 can be applied.
[0231]
Next, title key (Title Key) 1 523 and title key 2 524, which are two unique keys for each recorded content, are read from the information recording medium 520. On the disc, there is a data management file that stores information about what data constitutes what title, and the title key is stored in this file. When there is only one title key for one disc, that is, when the title key for the disc ID 521 can be uniquely determined, it is stored in the general data storage area or the lead-in area in the same manner as the disc ID 521, for example. You may make it do.
[0232]
Next, in step S552 and step S553, two title unique keys 1 and 2 are generated from the disc unique key and title keys 1 and 2.
[0233]
Further, the information recording medium drive 510 includes two title unique keys (Title Unique Keys) 1 and 2 generated in steps S552 and S553, a recording seed (REC SEED) 525 read from the information recording medium 520, and a physical index 526. Based on the above, two recording keys (REC key) K1 and K2 are generated in steps S554 and S555.
[0234]
As described above with reference to FIG. 5, the two recording keys (REC keys) K1 and K2 that are executed in steps S552 to S555 are generated as described above with reference to FIG. It is generated by AES (Advanced Encryption Standard) encryption processing based on the recording seed (REC SEED) 525 and the physical index 526 read from the information recording medium 520.
[0235]
As described above with reference to FIG. 7, instead of storing the recording seed (REC SEED) 525 and the physical index 526 in the information recording medium 520, a random value such as a random number set for each editing (authoring) is used. As a method of storing in the information recording medium 520 as a disc key seed, applying a disc unique key to the disc key seed, executing AES encryption processing, and obtaining title unique key 1 and title unique key 2 from the output Also good.
[0236]
When the two recording keys (REC key) 1 and 2 are generated in steps S554 and S555 by any of the above-described methods, the block key Kb1 generation process is executed in step S556.
[0237]
In the generation process of the block key Kb1, the seed information (seed 1) 527 as the block key Kb1 generation information is read from the information recording medium 520, and the seed information (seed 1) 527 and the recording key K1 generated in step S554 are used. Data processing such as AES encryption processing is executed to generate the block key Kb1.
[0238]
Processing executed after the block key Kb1 generation processing in step S556 will be described with reference to FIG.
[0239]
In FIG. 22, the decoding process is executed in units of processing units 600. This processing unit corresponds to the processing unit (b) described above with reference to FIG. That is, one unit (1 AU: Aligned Unit) which is a cryptographic processing unit. The information recording medium drive 510 that reads the encrypted data stored in the information recording medium 520 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0240]
The processing unit 600 includes 18-byte control data 601 and 6144-byte user data (including encrypted content). The 6144-byte user data is divided into 192 bytes, which are units of transport stream packets. The first TS packet 602 of user data and the subsequent 5952-byte TS packet group 603 will be described separately. In this example, seed information (seed 1) 611 is stored in the control data 601, and seed information (seed 2) 612 is encrypted and stored in the first TS packet 602 in the user data. The TS packet 602 which is a data area including the seed information (seed 2) 612 is a data area encrypted with the block key Kb1 and the third encryption key K3 acquired by applying the seed information (seed 1) 611. is there.
[0241]
Note that there are a plurality of modes for storing seeds 1 and 2 as seed information, and one example is shown here. Other examples will be described later.
[0242]
In FIG. 22, the same process step number is attached | subjected to the process step similar to the process step of FIG.
[0243]
In step S556 (FIGS. 21 and 22), seed information (seed 1) 611 read from the control data of the information recording medium is input to the AES encryption processing unit, and the recording key K1 generated in the previous step S554 is applied. In this step, AES encryption processing is executed and block key Kb1 generation processing is executed.
[0244]
Next, in step S557 of FIG. 21, only the encrypted data portion with the block key Kb1 is extracted from the user data consisting of 32 TS packets. The data part to be decrypted by the block key Kb1 and other data parts are separated in step S557, and only the selected data part is decrypted in step S558. The other data part skips step S558, and in step S559, it is concatenated with the decrypted data again by the selector step, and is encrypted by the session key in step S563.
[0245]
In step S558 (see FIGS. 21 and 22), an AES decryption process using the block key Kb1 generated in step S556 is executed. In step S558, a decryption process is executed only for the data part subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least the seed information (seed 2) of the first TS packet 602 of the user data is a data portion that has been subjected to encryption processing using the block key Kb1. Therefore, a decryption process using the block key Kb1 is executed for the data area including the seed information (seed 2).
[0246]
Note that the data portion that has been subjected to the encryption process to which the block key Kb1 is applied is also encrypted by the third encryption key K3. There are several patterns as to which data area the encryption area by the block key Kb1 and the third encryption key K3 is used, and these are as described above with reference to FIGS. It is.
[0247]
The first TS packet 602 includes seed information (seed 2) 612 necessary for calculating another user data part, that is, a block key Kb2 applied to decryption processing of the subsequent 5952-byte TS packet group 603. It is. That is, the seed information (seed 2) 612 is recorded in the leading TS packet 602 as encrypted data that has been subjected to double encryption processing using the block key Kb1 and the third encryption key K3.
[0248]
As a result of the decryption process using the block key Kb1 in step S558, an encrypted TS packet 604 encrypted with the third encryption key K3 is calculated, and includes seed information (seed 2). .
[0249]
The selector step S559 in FIG. 21 indicates that the data including the seed information (seed 2) and other data are combined from the result of the decryption process using the block key Kb1 and output to the encryption step S563. Yes.
[0250]
The encryption processing in step S563 is encryption processing executed based on a session key shared by both as a result of mutual authentication processing executed between the information recording medium drive 510 and the information processing apparatus 500. The mutual authentication process is executed based on authentication keys Km 530 and 540 shared by the information recording medium drive 510 and the information processing apparatus 500.
[0251]
A sequence of mutual authentication processing will be described with reference to FIG. The authentication and session key sharing process shown in FIG. 23 is an example based on a common key processing method. The authentication sequence and the session key sharing sequence are not limited to this processing sequence, and other processing methods may be applied.
[0252]
The information recording medium drive 510 and the information processing apparatus 500 have authentication keys Km 530 and 540. First, in step S571, the information processing apparatus 500 generates a random number Rb1 (64 bits) and transmits it to the information recording medium drive 510. The information recording medium drive 510 generates a random number Ra1 in step S581, and generates a MAC (Message Authentication Code) based on the AES encryption process for the combined data [Ra1‖Rb1] of the random number Ra1 and the random number Rb1 in step S682. . Let the generated MAC value be eKm (Ra1‖Rb1). Note that eKa (B) indicates encryption of data B with the key Ka, and A‖B indicates connection between data A and data B. The information recording medium drive 510 transmits the generated MAC value: eKm (Ra1‖Rb1) and the generated random number Ra1 to the information processing apparatus 500.
[0253]
Based on the random number Ra1 received from the information recording medium drive 510 and the random number Rb1 generated in step S571, the information processing apparatus 500 calculates a MAC value: eKm (Ra1‖Rb1) in step S572. In step S573, the calculated MAC value is compared with the MAC value received from the information recording medium drive 510. If they match, the information processing apparatus 500 authenticates that the information recording medium drive 510 is a legitimate device having a correct authentication key. If they do not match, it is an authentication error and the subsequent processing is stopped.
[0254]
Further, the information processing apparatus 500 generates a random number Rb2 and transmits it to the information recording medium drive 510 in step S574. In step S583, the information recording medium drive 510 generates a random number Ra2, and transmits the generated random number Ra2 to the information processing apparatus 500.
[0255]
In step S575, the information processing apparatus 500 calculates a MAC value: eKm (Ra2‖Rb2) based on the received random number Ra2 and the generated random number Rb2, and transmits it to the information recording medium drive 510.
[0256]
In step S584, the information recording medium drive 510 calculates a MAC value: eKm (Ra2‖Rb2) based on the received random number Rb2 and the random number Ra2 generated in step S583. In step S585, the calculated MAC value is compared with the MAC value received from the information processing apparatus 500. If they match, the information recording medium drive 510 authenticates that the information processing apparatus 500 is a legitimate device having a correct authentication key. If they do not match, it is an authentication error and the subsequent processing is stopped.
[0257]
Further, the information processing apparatus 500 generates a random number Ra3 and transmits it to the information recording medium drive 510 in step S576.
[0258]
In step S586, the information recording medium drive 510 generates a random number Ra3. In step S587, the information recording medium drive 510 performs an AES encryption process using the shared authentication key Km for the concatenated data of the generated random number Ra3 and the received random number Rb3 from the information processing apparatus 500. Execute and calculate session key Ks = eKm (Ra3‖Rb3).
[0259]
In step S577, the information processing apparatus 500 executes the AES encryption process using the shared authentication key Km for the concatenated data of the generated random number Rb3 and the received random number Ra3 from the information recording medium drive 510, and the session key Ks = eKm (Ra3 ‖Rb3) is calculated.
[0260]
Through the processing described above, the information processing apparatus 500 and the information recording medium drive 510 can confirm that they are correct devices and can share the session key Ks = eKm (Ra3‖Rb3). The processing in steps S560 and S561 shown in FIG. 21 corresponds to the processing described with reference to FIG.
[0261]
When the session key Ks is shared between the information processing apparatus 500 and the information recording medium drive 510 by the above-described processing, the information recording medium drive 510 executes the encryption processing in steps S562 and S563 shown in FIG.
[0262]
The encryption process of step S562 is a process of encrypting the recording key K2 generated in step S555 with the session key Ks (AES encryption) to generate an encrypted recording key eKs (K2). Step S563 is a process of encrypting the decrypted TS packet 604 acquired as a result of the decryption process to which the block key Kb1 is applied in step S558, using the session key Ks. In this case, the processing mode should be a secret included in the TS packet, such as when the target to be encrypted is the entire TS packet 604, a part, or only the seed information (seed 2). The information storage mode, that is, the range encrypted by the block key Kb1 and the third encryption key K3 may be determined. Each of these aspects is as described with reference to FIGS.
[0263]
In step S562, encrypted data by the session key Ks of the recording key K2 is generated. In step S563, secret information including the seed information (seed 2) is encrypted by the session key Ks, and these encrypted data (FIG. 22). TS packet 605) is transmitted from the information recording medium drive 510 to the information processing apparatus 500. That is, in the data communication path, the transferred data is data encrypted by the session key Ks.
[0264]
When receiving the data from the information recording medium drive 510, the information processing apparatus 500 decrypts the received encrypted data in steps S564 and S565. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2, and in step S565, the session key Ks is applied to obtain seed information (seed 2). The secret information including the seed information (seed 2) is obtained by decrypting the secret information included. A TS packet 606 shown in FIG. 22 includes seed information (seed 2).
[0265]
Step S566 is a selector step for separating seed information (seed 2), data to be decrypted by the block key Kb2, and other data. In step S567 (see FIGS. 21 and 22), AES is based on the seed information (seed 2) obtained as a result of the decryption process using the session key Ks in step S565 and the recording key K2 generated in step S564. Cryptographic processing is executed to calculate the block key Kb2.
[0266]
Next, in step S568, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0267]
Further, the TS packet 606 including the seed information (seed 2) is selected in the selector step S569 (see FIG. 21), the decryption process is executed by applying the third encryption key K3, 550, and the decrypted TS packet 608 (FIG. 22). Browse).
[0268]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0269]
The decoded TS packet group 607 and the decoded TS packet 608 are combined, input to the MPEG2 decoder, for example, as a decoded TS packet, decoded, and reproduced.
[0270]
As described above, in this configuration, seed information (seed 2) necessary for generating a key (block key Kb2) to be used for decryption of encrypted content in the reproduction process of data stored in the information recording medium. Is transferred between devices, the seed information (seed 2) required for generating the block key Kb2 and the recording key K2 are both encrypted with the session key and transmitted / received. Even if data leakage from the road occurs, it is difficult to obtain the seed information (seed 2) and the recording key K2, and therefore, analysis of key information generated using the seed information, encryption algorithm The difficulty of analysis increases and content protection with a high security level is realized. In the information processing apparatus 500, for example, the method for calculating the block key Kb1 from the method for obtaining the recording key K1, the method for generating the session key Ks, and the method for encrypting with the session key Ks are included in one LSI package. By increasing the secrecy as the process, it becomes more robust.
[0271]
As in the example described above, there are various modes for storing the two seed information, and a plurality of examples will be described below.
[0272]
FIG. 24 shows an example in which both seed information (seed 1) and seed information (seed 2) are stored in the first TS packet 602 in the user data. In the example described above with reference to FIG. 22, the seed information (seed 1) 611 is stored in the control data 601 and the seed information (seed 2) 612 is encrypted in the first TS packet 602 in the user data. In the configuration example shown in FIG. 24, seed information (seed 1) 621 and seed information (seed 2) 622 are both stored in the first TS packet 602 in the user data. It is an example.
[0273]
Note that the TS packet 602 which is a data area including the seed information (seed 2) 622 is similar to the example described with reference to FIG. 22 and the block key Kb1 obtained by applying the seed information (seed 1) 621 and the third key This is a data area encrypted with the encryption key K3.
[0274]
In FIG. 24, the decoding process is executed in units of processing units 600. This processing unit is one unit (1 AU: Aligned Unit) corresponding to the processing unit (b) described above with reference to FIG. The information recording medium drive 510 that reads the encrypted data stored in the information recording medium 520 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0275]
The process of FIG. 24 will be described. In FIG. 24, the same process step number is attached | subjected to the process step similar to the process step of FIG.
[0276]
In step S556 (FIGS. 21 and 24), seed information (seed 1) 621 read from the first TS packet of the user data of the information recording medium is generated in the AES encryption processing unit in the previous step S554 (see FIG. 21). The AES encryption process to which the recording key K1 is applied is executed, and the block key Kb1 generation process is executed.
[0277]
Next, in step S557 of FIG. 21, only the encrypted data portion with the block key Kb1 is extracted from the user data consisting of 32 TS packets. The encrypted data part and non-encrypted part by the block key Kb1 are separated in step S557, and only the encrypted part is decrypted in step S558. The non-encrypting unit skips step S558, and in step S559, is connected to the decrypted data again by the selector step, and in step S563, encryption is performed using the session key.
[0278]
In step S558 (see FIGS. 21 and 24), an AES decryption process using the block key Kb1 generated in step S556 is executed. In step S558, a decryption process is executed only for the data part subjected to the encryption process to which the block key Kb1 is applied. In this example, the data area including at least the seed information (seed 2) of the first TS packet 602 of the user data is a data portion that has been subjected to encryption processing using the block key Kb1. Therefore, a decryption process using the block key Kb1 is executed for the data area including the seed information (seed 2).
[0279]
In the encrypted data area of the first TS packet 602, seed information (in order to calculate a block key Kb2 applied to decryption processing of another user data portion, that is, the subsequent 5952-byte TS packet group 603) Seed 2) 622 is included. That is, the seed information (seed 2) 622 is recorded in the leading TS packet 602 as encrypted data that has been subjected to encryption processing using the block key Kb1.
[0280]
As a result of the decryption process to which the block key Kb1 is applied in step S556, a TS packet 604 encrypted with the third encryption key K3 is calculated, and includes seed information (seed 2).
[0281]
The selector step S559 in FIG. 21 indicates that the decryption data including the seed information (seed 2) and other data are combined from the result of the decryption process using the block key Kb1 and output to the encryption step S563. ing.
[0282]
The encryption processing in step S563 is encryption processing executed based on a session key shared by both as a result of mutual authentication processing executed between the information recording medium drive 510 and the information processing apparatus 500. The mutual authentication process is executed based on authentication keys Km 530 and 540 shared by the information recording medium drive 510 and the information processing apparatus 500. The mutual authentication process and the session key sharing process are as described with reference to FIG.
[0283]
When the authentication is established and the session key Ks is shared, the information recording medium drive 510 executes the encryption processing in steps S562 and S563 shown in FIGS. That is, in step S562, encrypted data by the session key Ks of the recording key K2 is generated. In step S563, the secret information including the seed information (seed 2) is encrypted by the session key Ks, and the encrypted data ( A TS packet 605) in FIG. 24 is transmitted from the information recording medium drive 510 to the information processing apparatus 500. That is, in the data communication path, the transferred data is data encrypted by the session key Ks.
[0284]
When receiving the data from the information recording medium drive 510, the information processing apparatus 500 decrypts the received encrypted data in steps S564 and S565. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2, and in step S565, the session key Ks is applied to obtain seed information (seed 2). The secret information including the seed information (seed 2) is obtained by decrypting the secret information included. A TS packet 606 shown in FIG. 24 is a TS packet encrypted only with the third encryption key K3, and includes seed information (seed 2).
[0285]
Step S566 is a selector step for separating the decrypted seed information (seed 2), data to be decrypted by the block key Kb2, and other data. In step S567 (see FIGS. 21 and 24), based on the seed information (seed 2) obtained as a result of the decryption process using the session key Ks in step S565 and the recording key K2 generated in step S564, AES Cryptographic processing is executed to calculate the block key Kb2.
[0286]
Next, in step S568, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0287]
Further, the TS packet 606 including the seed information (seed 2) is selected in the selector step S569 (see FIG. 21), the decryption process is executed by applying the third encryption key K3, 550, and the decrypted TS packet 608 (FIG. 24). Browse).
[0288]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0289]
The decoded TS packet group 607 and the decoded TS packet 608 are combined, input to the MPEG2 decoder, for example, as a decoded TS packet, decoded, and reproduced.
[0290]
As described above, in this configuration, seed information (seed 1) and seed information (seed 2) are both stored in the first TS packet in the user data, and the seed required for generating the block key Kb2 Information (seed 2) is stored in the service area by encrypting it with the block key Kb1 generated based on the seed information (seed 1) and the recording key K1 and the third encryption key K3.
[0291]
Even in this configuration, it is impossible to read the seed information (seed 2) directly from the disk and from the data transfer path. Therefore, the analysis of the key information generated using the seed information, the encryption algorithm The difficulty of analysis increases and content protection with a high security level is realized. In the information processing apparatus 500, for example, the method for calculating the block key Kb1 from the method for obtaining the recording key K1, the method for generating the session key Ks, and the method for encrypting with the session key Ks are included in one LSI package. By increasing the secrecy as the process, it becomes more robust.
[0292]
The example shown in FIG. 25 is an example in which seed information (seed 1) 631 is stored in the first TS packet 602 in the user data, and seed information (seed 2) 632 is stored in the next TS packet 641 in the user data. .
[0293]
Note that the seed information (seed 1) 631 is applied to the area in which the seed information (seed 2) 632 is stored, in this case, the first TS packet 602 and the second TS packet 641 as in the example described in FIGS. Are encrypted with the block key Kb1 and the third encryption key K3 acquired in this way and stored in the second TS packet 641 in the user data.
[0294]
In FIG. 25, the decoding process is executed in units of processing units 600. This processing unit is one unit (1 AU: Aligned Unit) corresponding to the processing unit (b) described above with reference to FIG.
[0295]
The process of FIG. 25 will be described. In FIG. 25, the same process step number is attached | subjected to the process step similar to the process step of FIG.
[0296]
In step S556 (FIGS. 21 and 25), the seed information (seed 1) 631 read from the first TS packet of the user data of the information recording medium is input to the AES encryption processing unit, and the previous step S554 (see FIG. 21). The block key Kb1 is generated by executing the AES encryption process to which the recording key K1 generated in step 1 is applied.
[0297]
Next, in step S557 of FIG. 21, only the encrypted data portion with the block key Kb1 is extracted from the user data consisting of 32 TS packets. The encrypted data part and non-encrypted part by the block key Kb1 are separated in step S557, and only the encrypted part is decrypted in step S558. The non-encrypting unit skips step S558, and in step S559, is connected to the decrypted data again by the selector step, and in step S563, encryption is performed using the session key.
[0298]
In step S558 (see FIGS. 21 and 25), an AES decryption process using the block key Kb1 generated in step S556 is executed. The decryption target is a data area to which the encryption process using the block key Kb1 is applied. The encryption area of the data area excluding the seed information (seed 1) 521 in the first TS packet of the user data, and the second TS packet The decoding process of the data area including at least the seed information (seed 2) 632 is executed. There are several patterns as to which data area the data portion subjected to the encryption processing to which the block key Kb1 is applied is, and these are as described above.
[0299]
In this example, in the encrypted data area of the second TS packet 641, seed information necessary for calculating another user data part, that is, the block key Kb2 applied to the decryption process of the subsequent TS packet group 642 is obtained. (Seed 2) 632 is included. That is, the seed information (seed 2) 632 is recorded in the second TS packet 641 as encrypted data that has been encrypted using the block key Kb1.
[0300]
As a result of the decryption process using the block key Kb1 in step S606, the TS packet 604 encrypted with the third encryption key K3 is calculated, and includes seed information (seed 2).
[0301]
The selector step S559 in FIG. 21 indicates that the decryption data including the seed information (seed 2) and other data are combined from the result of the decryption process using the block key Kb1 and output to the encryption step S563. ing.
[0302]
The encryption processing in step S563 is encryption processing executed based on a session key shared by both as a result of mutual authentication processing executed between the information recording medium drive 510 and the information processing apparatus 500. The mutual authentication process is executed based on authentication keys Km 530 and 540 shared by the information recording medium drive 510 and the information processing apparatus 500. The mutual authentication process and the session key sharing process are as described with reference to FIG.
[0303]
When authentication is established and the session key Ks is shared, the information recording medium drive 510 executes the encryption processing in steps S562 and S563 shown in FIGS. That is, in step S562, encrypted data by the session key Ks of the recording key K2 is generated. In step S563, the secret information including the seed information (seed 2) is encrypted by the session key Ks, and the encrypted data ( The TS packet 605) in FIG. 21 is transmitted from the information recording medium drive 510 to the information processing apparatus 500. That is, in the data communication path, the transferred data is data encrypted by the session key Ks.
[0304]
When receiving the data from the information recording medium drive 510, the information processing apparatus 500 decrypts the received encrypted data in steps S564 and S565. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2, and in step S565, the session key Ks is applied to obtain seed information (seed 2). The secret information including the seed information (seed 2) is obtained by decrypting the secret information included. A TS packet 606 shown in FIG. 25 is a TS packet encrypted only with the third encryption key K3, and includes seed information (seed 2).
[0305]
Step S566 is a selector step for separating the decrypted seed information (seed 2), the data to be decrypted by the block key Kb2, and the unencrypted data. In step S567 (see FIGS. 21 and 25), based on the seed information (seed 2) acquired as a result of the decryption process using the session key Ks in step S565 and the recording key K2 generated in step S564, AES Cryptographic processing is executed to calculate the block key Kb2.
[0306]
Next, in step S568, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0307]
Further, the TS packet 606 including the seed information (seed 2) is selected in the selector step S569 (see FIG. 21), decryption processing is executed by applying the third encryption key K3, 550, and the decrypted TS packet 608 (FIG. 25) is selected. Browse).
[0308]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0309]
The decoded TS packet group 607 and the decoded TS packet 608 are combined, input to the MPEG2 decoder, for example, as a decoded TS packet, decoded, and reproduced.
[0310]
As described above, in this configuration, the seed information (seed 1) stored in the first TS packet in the user data and the seed information (seed 2) necessary for generating the block key Kb2 is stored in the user data. It is stored in the 2TS packet, and the seed information (seed 2) is encrypted and stored with the block key Kb1 generated based on the seed information (seed 1) and the recording key K1.
[0311]
Even in this configuration, it is impossible to read the seed information (seed 2) directly from the disk or read from the data transfer path. Therefore, the analysis of the key information generated using the seed information, the encryption algorithm The difficulty of analysis increases and content protection with a high security level is realized. In the information processing apparatus 500, for example, the method for calculating the block key Kb1 from the method for obtaining the recording key K1, the method for generating the session key Ks, and the method for encrypting with the session key Ks are included in one LSI package. By increasing the secrecy as the process, it becomes more robust.
[0312]
In the above-described example, the decryption process using the block key Kb1 is performed on the seed information (seed 2) storage area encrypted with the block key Kb1 and the third encryption key K3, and the result of this decryption process is used. The configuration example of acquiring the seed information (seed 2) and generating the block key Kb2 by applying the acquired seed information (seed 2) has been described, but the block key Kb1 and the third encryption key K3 are used for encryption. For the seed information (seed 2) storage area, the decryption process using the block key Kb1 and the decryption process using the third encryption key K3 are successively executed, and the seed information (see It is also possible to obtain the seed 2) and apply the obtained seed information (seed 2) to generate the block key Kb2. Hereinafter, a processing example in which the decryption process using the block key Kb1 and the decryption process using the third encryption key K3 are executed in succession will be described.
[0313]
In FIG. 26, the processing after step S591 is different from the processing described with reference to FIG. The other processing is the same as the processing described with reference to FIG. The processing after step S591 will be described with reference to FIG. 21 and FIGS. FIGS. 27 to 29 correspond to FIGS. 22, 24, and 25, and are examples in which the storage areas of seed 1 and seed 2 have different patterns.
[0314]
26 and 27, seed information (seed 1) 611 is stored in control data 601 and seed information (seed 2) 612 is encrypted in the first TS packet 602 in the user data. Processing in the stored example will be described. A TS packet 602 shown in FIG. 27 is a data area encrypted with the block key Kb1 and the third encryption key K3 acquired by applying the seed information (seed 1) 611.
[0315]
Processing after step S564 of the information processing apparatus will be described. In step S564, the information processing apparatus 500 decrypts the received encrypted data from the information recording medium drive 510. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2.
[0316]
In step S565, the secret information including the seed information (seed 2) is decrypted by applying the session key Ks to generate an encrypted TS packet encrypted only with the third encryption key K3. Further, in step S591, the decryption process is executed by applying the third encryption key K3, 550 to obtain the decrypted TS packet 610 (see FIG. 27).
[0317]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0318]
The decoded TS packet 610 (see FIG. 27) includes seed information (seed 2). Step S592 (see FIG. 26) is a selector step for separating the seed information (seed 2), the data to be decrypted by the block key Kb2, and other data. In step S593 (see FIGS. 26 and 27), seed information (seed 2) obtained as a result of the decryption process applying the session key Ks and the decryption process applying the third encryption key K3 in steps S565 and S591, Based on the recording key K2 generated in step S564, AES encryption processing is executed to calculate a block key Kb2.
[0319]
Next, in step S593, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0320]
The decoded TS packet group 607 and the decoded TS packet 610 are combined in selector step S595 (see FIG. 26), input as a decoded TS packet to, for example, an MPEG2 decoder, decoded, and reproduced.
[0321]
FIG. 28 is an example in which both seed information (seed 1) 621 and seed information (seed 2) 622 are stored in the first TS packet 602 in the user data. The TS packet 602, which is a data area including the seed information (seed 2) 622, is obtained by applying the seed information (seed 1) 621 to the block key Kb1 and the third encryption key, as in the example described in FIG. This is a data area encrypted by K3.
[0322]
Processing after step S564 of the information processing apparatus will be described. In step S564, the information processing apparatus 500 decrypts the received encrypted data from the information recording medium drive 510. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2.
[0323]
In step S565, the secret information including the seed information (seed 2) is decrypted by applying the session key Ks to generate an encrypted TS packet encrypted only with the third encryption key K3. Further, in step S591, the decryption process is executed by applying the third encryption key K3, 550 to obtain the decrypted TS packet 610 (see FIG. 28).
[0324]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0325]
The decoded TS packet 610 (see FIG. 28) includes seed information (seed 2). Step S592 (see FIG. 26) is a selector step for separating the seed information (seed 2), the data to be decrypted by the block key Kb2, and other data. In step S593 (see FIGS. 26 and 28), seed information (seed 2) acquired as a result of the decryption process applying the session key Ks and the decryption process applying the third encryption key K3 in steps S565 and S591, Based on the recording key K2 generated in step S564, AES encryption processing is executed to calculate a block key Kb2.
[0326]
Next, in step S593, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0327]
The decoded TS packet group 607 and the decoded TS packet 610 are combined in selector step S595 (see FIG. 26), input as a decoded TS packet to, for example, an MPEG2 decoder, decoded, and reproduced.
[0328]
FIG. 29 shows an example in which seed information (seed 1) 631 is stored in the first TS packet 602 and seed information (seed 2) 632 is stored in the second TS packet 641. In this example, as the data area including the seed information (seed 2) 641, the first TS packet 602 and the second TS packet 641 are obtained by applying the seed information (seed 1) 631 and the block key Kb1 and the third encryption. This is a data area encrypted with the key K3.
[0329]
Processing after step S564 of the information processing apparatus will be described. In step S564, the information processing apparatus 500 decrypts the received encrypted data from the information recording medium drive 510. That is, in step S564, the session key Ks is applied to decrypt the encrypted recording key eKs (K2) to obtain the recording key K2.
[0330]
In step S565, the secret information including the seed information (seed 2) is decrypted by applying the session key Ks to generate an encrypted TS packet encrypted only with the third encryption key K3. Further, in step S591, the decryption process is executed by applying the third encryption key K3, 550 to obtain the decrypted TS packet 610 (see FIG. 29).
[0331]
Here, the third encryption key K3, 550 is based on a secret key stored in advance in the information processing apparatus 500, a key generated based on information stored in advance in the information processing apparatus 500, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0332]
The decoded TS packet 610 (see FIG. 29) includes seed information (seed 2). Step S592 (see FIG. 26) is a selector step for separating the seed information (seed 2), the data to be decrypted by the block key Kb2, and other data. In step S593 (see FIGS. 26 and 29), seed information (seed 2) acquired as a result of the decryption process applying the session key Ks and the decryption process applying the third encryption key K3 in steps S565 and S591, Based on the recording key K2 generated in step S564, AES encryption processing is executed to calculate a block key Kb2.
[0333]
Next, in step S593, the encryption part (data area encrypted with the block key Kb2) of the user data part is decrypted by applying the block key Kb2, and a decrypted TS packet group 607 is generated.
[0334]
The decoded TS packet group 607 and the decoded TS packet 610 are combined in selector step S595 (see FIG. 26), input as a decoded TS packet to, for example, an MPEG2 decoder, decoded, and reproduced.
[0335]
[Application in other data structures]
In the above-described example, the example in which the data stored in the information recording medium is the TS packet has been described. However, the configuration of the present invention can be applied to various data configurations other than the TS packet. That is, the second seed information (seed 2) for encrypting the encrypted data in units of blocks is generated by the block key Kb1 and the third encryption key K3 generated by applying other seed information (seed 1). With the configuration of encrypting and storing in the information storage medium, leakage of the second seed information (seed 2) is prevented, and high-security content protection is realized. This is effective even when the data structure is other than the transport stream, as long as the block key encryption process is applied and the block key is generated using the seed information.
[0336]
Further, in the configuration example in which data encryption using a session key is performed at the time of data transfer via the interface, in the above-described example, a processing example in which one of two seed information is encrypted using a session key has been described. Data transfer processing involving data encryption with a key is not limited to the above-described configuration example, but is effective in a general encrypted content storage configuration.
[0337]
A processing example in which data transfer is performed between the information processing apparatus and the information recording medium drive in a configuration having seed information that is not encrypted on the recording medium will be described with reference to FIG.
[0338]
In the processing example shown in FIG. 30, encrypted content 675 is recorded on the information recording medium 670, and the encrypted content 675 is encrypted with the block key Kb1 generated by the seed information 674 set for each processing unit. Are recorded.
[0339]
A process in the case where the information recording medium drive 660 reads the data of the information recording medium 670 storing the encrypted content and reproduces the data on the information processing apparatus 650 such as a PC will be described.
[0340]
The information recording medium drive 660 reads the master key 661 stored in its own memory. Note that the master key 661 may be transmitted from the information processing device 650 to the information recording medium drive 660 when stored on the information processing device 650 side. The master key 661 is a key that can be generated based on secret information stored in a licensed information processing apparatus (including an information recording medium drive).
[0341]
The information recording medium drive 660 reads a disc ID (Disc ID) 671 from the information recording medium 670. A disc ID (Disc ID) 671 is disc-specific information and is stored in, for example, a general data storage area or a lead-in area.
[0342]
Next, in step S651, the information recording medium drive 660 generates a disc unique key using the master key 661 and the disc ID 671. As a specific method for generating a disc unique key, the same method as described above with reference to FIG. 4 can be applied.
[0343]
Next, a title key (Title Key) 1,672, which is a unique key for each recorded content, is read from the information recording medium 670. On the disc, there is a data management file that stores information about what data constitutes what title, and the title key is stored in this file.
[0344]
In step S652, a title unique key (Title Unique Key) 1 is generated from the disc unique key (Disc Unique Key) and the title key (Title Key) 1,672.
[0345]
Further, the information recording medium drive 660, based on the title unique key (Title Unique Key) 1 generated in step S652 and the physical index 673 read from the information recording medium 670, records a recording key (REC key) in step S653. K1 is generated.
[0346]
The recording key (REC key) K1 generation process executed in step S653 includes the title unique key 1 and the physical index 673 read from the information recording medium 670, as described above with reference to FIG. It is generated by AES (Advanced Encryption Standard) encryption processing based on the above.
[0347]
In the generation process of the block key Kb1 in step S654, the seed information 674 as the block key Kb1 generation information is read from the information recording medium 670, and the AES encryption process based on the seed information 674 and the recording key K1 generated in step S653. The block key Kb1 is generated by executing the data processing.
[0348]
Processing executed after the generation processing of the block key Kb1 in step S654 will be described with reference to FIG.
[0349]
In FIG. 31, the decryption processing is executed in units of user data 701 within a processing unit of 2048 bytes, for example. Control data 711 is set for each processing unit. The information recording medium drive 660 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0350]
The processing unit includes 18-byte control data 711 and 2048-byte encrypted user data 701. Seed information 674 is stored in the control data 711. The encrypted user data 701 is data encrypted by the block key Kb1 generated based on the seed information 721.
[0351]
In FIG. 31, processing steps similar to those in FIG. 30 are given the same processing step numbers.
[0352]
In step S654 (FIGS. 30 and 31), the seed information 674 read from the control data of the information recording medium is input to the AES encryption processing unit, and the AES encryption process using the recording key K1 generated in the previous step S653 is performed. This is a step of executing the block key Kb1 generation process.
[0353]
In step S655 (see FIGS. 30 and 31), an AES decryption process using the block key Kb1 generated in step S654 is executed. In step S655, a decryption process is performed on the user data 701 that has been subjected to the encryption process using the block key Kb1. For example, a process to which an AES CBC (Cipher Block Chaining) mode is applied is executed.
[0354]
The encryption process in the next step S663 is an encryption process executed based on a session key shared by both as a result of the mutual authentication process executed between the information recording medium drive 660 and the information processing device 650. The mutual authentication process is executed based on authentication keys Km 680 and 690 shared by the information recording medium drive 660 and the information processing device 650. The sequence of mutual authentication processing is executed according to the sequence described above with reference to FIG.
[0355]
In steps S661 and S662 shown in FIG. 30, mutual authentication processing and session key Ks generation are executed, and the session key Ks is shared by the information processing device 650 and the information recording medium drive 660.
[0356]
Next, the encryption process in step S663 (see FIGS. 30 and 31) is executed by the information recording medium drive 660.
[0357]
The encryption process of step S663 is a process of encrypting the decryption user data acquired as a result of the decryption process in step S655 with the session key Ks. For example, encryption processing using an AES CBC (Cipher Block Chaining) mode is executed to generate encrypted user data 702.
[0358]
This encrypted data (user data 702 in FIG. 31) is transmitted from the information recording medium drive 660 to the information processing device 650. That is, in the data communication path, the transferred data is data encrypted by the session key Ks.
[0359]
When receiving the encrypted user data from the information recording medium drive 660, the information processing device 650 decrypts the received encrypted data in step S664. That is, a decryption process is executed by applying the session key Ks and applying, for example, the AES CBC (Cipher Block Chaining) mode.
[0360]
In step S665, decryption processing using the third encryption key K3, 685 is executed, and user data 703 is acquired. Here, the third encryption key K3, 685 is a secret key stored in advance in the information processing apparatus 650, a key generated based on information stored in the information processing apparatus 650, or a key distribution tree configuration. This is a key that is obtained by decrypting an EKB (Enabling Key Block) as encryption key block information provided.
[0361]
Also in this example, in the reproduction process of the data stored in the information recording medium, the transfer data between the devices is configured to be transmitted / received by encrypting with a session key. Content leakage is prevented, and content protection with a high security level is realized. In the information processing device 650, for example, the method for calculating the block key Kb1 from the method for obtaining the recording key K1, the method for generating the session key Ks, and the method for encrypting with the session key Ks are included in one LSI package. By increasing the secrecy as the process, it becomes more robust.
[0362]
Furthermore, in a configuration in which seed information that is not encrypted is stored on the recording medium, a second processing example in which data transfer is performed between the information processing apparatus and the information recording medium drive will be described with reference to FIGS. 32 and 33. I will explain.
[0363]
In the processing example shown in FIG. 32, the encrypted content 675 is recorded on the information recording medium 670, and the encrypted content 675 is encrypted with the block key Kb1 generated by the seed information 674 set for each processing unit. Are recorded.
[0364]
A process in the case where the information recording medium drive 660 reads the data of the information recording medium 670 storing the encrypted content and reproduces the data on the information processing apparatus 650 such as a PC will be described.
[0365]
The information recording medium drive 660 reads the master key 661 stored in its own memory. Note that the master key 661 may be transmitted from the information processing device 650 to the information recording medium drive 660 when stored on the information processing device 650 side. The master key 661 is a key that can be generated based on secret information stored in a licensed information processing apparatus (including an information recording medium drive).
[0366]
The information recording medium drive 660 reads a disc ID (Disc ID) 671 from the information recording medium 670. A disc ID (Disc ID) 671 is disc-specific information and is stored in, for example, a general data storage area or a lead-in area.
[0367]
Next, in step S651, the information recording medium drive 660 generates a disc unique key using the master key 661 and the disc ID 671. As a specific method for generating a disc unique key, the same method as described above with reference to FIG. 4 can be applied.
[0368]
Next, a title key (Title Key) 1,672, which is a unique key for each recorded content, is read from the information recording medium 670. On the disc, there is a data management file that stores information about what data constitutes what title, and the title key is stored in this file.
[0369]
In step S652, a title unique key (Title Unique Key) 1 is generated from the disc unique key (Disc Unique Key) and the title key (Title Key) 1,672.
[0370]
Further, the information recording medium drive 660, based on the title unique key (Title Unique Key) 1 generated in step S652 and the physical index 673 read from the information recording medium 670, records a recording key (REC key) in step S653. K1 is generated.
[0371]
The recording key (REC key) K1 generation process executed in step S653 includes the title unique key 1 and the physical index 673 read from the information recording medium 670, as described above with reference to FIG. It is generated by AES (Advanced Encryption Standard) encryption processing based on the above.
[0372]
In the generation process of the block key Kb1 in step S654, the seed information 674 as the block key Kb1 generation information is read from the information recording medium 670, and the AES encryption process based on the seed information 674 and the recording key K1 generated in step S653. The block key Kb1 is generated by executing the data processing.
[0373]
In step S656, the title unique key (Title Unique key (Title Unique key) is extracted from the title keys 3 and 677 read from the information recording medium 670 and the disc unique key.
Key) 3, that is, a third encryption key K3 is generated.
[0374]
Processing executed after the block key Kb1 generation processing in step S654 will be described with reference to FIG.
[0375]
In FIG. 33, the decoding process is executed in units of user data 701 within a processing unit of 2048 bytes, for example. Control data 711 is set for each processing unit. The information recording medium drive 660 extracts 1 AU (Aligned Unit), which is an encryption processing unit, based on the flag in the control data.
[0376]
The processing unit includes 18-byte control data 711 and 2048-byte encrypted user data 701. Seed information 674 is stored in the control data 711. The encrypted user data 701 is data encrypted by the block key Kb1 generated based on the seed information 721.
[0377]
In FIG. 33, the same processing step number is attached | subjected to the processing step similar to the processing step of FIG.
[0378]
In step S654 (FIGS. 32 and 33), the seed information 674 read from the control data of the information recording medium is input to the AES encryption processing unit, and AES encryption processing using the recording key K1 generated in the previous step S653 is performed. This is a step of executing the block key Kb1 generation process.
[0379]
In step S655 (see FIGS. 32 and 33), an AES decryption process using the block key Kb1 generated in step S654 is executed. In step S655, a decryption process is performed on the user data 701 that has been subjected to the encryption process using the block key Kb1. For example, a process to which an AES CBC (Cipher Block Chaining) mode is applied is executed.
[0380]
The encryption process in the next step S663 is an encryption process executed based on a session key shared by both as a result of the mutual authentication process executed between the information recording medium drive 660 and the information processing device 650. The mutual authentication process is executed based on authentication keys Km 680 and 690 shared by the information recording medium drive 660 and the information processing device 650. The sequence of mutual authentication processing is executed according to the sequence described above with reference to FIG.
[0381]
In steps S661 and S662 shown in FIG. 32, mutual authentication processing and session key Ks generation are executed, and the session key Ks is shared by the information processing device 650 and the information recording medium drive 660.
[0382]
Next, the encryption process in step S663 (see FIGS. 32 and 33) is executed by the information recording medium drive 660.
[0383]
The encryption process of step S663 is a process of encrypting the decryption user data acquired as a result of the decryption process in step S655 with the session key Ks. For example, encryption processing using an AES CBC (Cipher Block Chaining) mode is executed to generate encrypted user data 702.
[0384]
Further, the information recording medium drive 660 executes the encryption process in step S664 (see FIGS. 32 and 33).
[0385]
The encryption process of step S664 is a process of encrypting the third encryption key K3 generated in step S656 with the session key Ks. For example, an encryption process using an AES CBC (Cipher Block Chaining) mode is executed to generate an encrypted third encryption key Ks (K3).
[0386]
The encrypted data (user data 702 in FIG. 33) and the encrypted third encryption key Ks (K3) 704 are transmitted from the information recording medium drive 660 to the information processing device 650. That is, in the data communication path, the transferred data becomes the user data encrypted with the session key Ks and the third encryption key K3.
[0387]
When receiving the encrypted user data from the information recording medium drive 660, the information processing device 650 decrypts the received encrypted data in step S665. That is, a decryption process is executed by applying the session key Ks and applying, for example, the AES CBC (Cipher Block Chaining) mode.
[0388]
In step S666, the third encryption key Ks (K3) 704 is decrypted by applying the session key Ks and applying, for example, the AES CBC (Cipher Block Chaining) mode to the third encryption key Ks (K3) 704. The key K3 is acquired.
[0389]
In step S667, decryption processing using the third encryption key K3 is executed, and user data 703 is acquired.
[0390]
Also in this example, in the reproduction process of the data stored in the information recording medium, the transfer data between the devices is configured to be transmitted / received by encrypting with a session key. Content leakage is prevented, and content protection with a high security level is realized. In the information processing device 650, for example, the method for calculating the block key Kb1 from the method for obtaining the recording key K1, the method for generating the session key Ks, and the method for encrypting with the session key Ks are included in one LSI package. By increasing the secrecy as the process, it becomes more robust.
[0390]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0392]
The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.
[0393]
For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, CD-ROM (Compact Disc Read Only Memory), MO (Magneto optical) disk, DVD (Digital Versatile Disc), magnetic disk, and semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.
[0394]
The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.
[0395]
Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.
[0396]
【The invention's effect】
As described above, according to the configuration of the present invention, the second seed storage storing the seed information (seed 2) necessary for generating the key (block key Kb2) applied to the decryption of the encrypted content is stored. A first block key Kb1 that generates an encrypted data area based on a first seed as first key generation information, and a third encryption key K3 that is different from the first block key Kb1 and the second block key Kb2 are applied. Therefore, it is impossible to read the seed information (seed 2) directly from the disk. Therefore, it is difficult to analyze the key information generated using the seed information and the encryption algorithm. As a result, content protection with a high security level is realized.
[0397]
Furthermore, according to the configuration of the present invention, in the reproduction process of data stored in the information recording medium, the encrypted content is transferred between the devices, and a key (block key Kb2) for generating the decrypted encrypted content is generated. In a configuration where it is necessary to transfer seed information (seed 2) between devices, block key generation information, specifically, both seed information (seed 2) and recording key K2 are encrypted with a session key and transmitted / received. In addition, since it has a structure that requires the application of the third encryption key K3 for decrypting the encrypted content, even if data leakage from the transfer path occurs, It becomes difficult to obtain the seed information (seed 2) and the recording key K2, and analysis of key information generated using the seed information and analysis of encryption algorithm With difficulty increases, the content reproduction becomes impossible in an apparatus that does not have a third encryption key K3, a high security level content protection is achieved.
[Brief description of the drawings]
FIG. 1 is a diagram illustrating a data configuration stored in an information recording medium.
FIG. 2 is a diagram illustrating an example of the configuration of an information processing apparatus.
FIG. 3 is a diagram illustrating a decoding process executed in the information processing apparatus.
FIG. 4 is a diagram for explaining an example of a process for generating a disk unique key.
FIG. 5 is a diagram illustrating an example of a recording key generation process.
FIG. 6 is a diagram illustrating a data recording process using a recording key.
[Fig. 7] Fig. 7 is a diagram for describing an example of a title unique key generation process.
FIG. 8 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 9 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 10 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 11 is a diagram illustrating a decoding process executed in the information processing apparatus.
Fig. 12 is a diagram for describing a decoding process executed in the information processing apparatus.
FIG. 13 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 14 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 15 is a diagram illustrating a decryption processing sequence of encrypted data.
FIG. 16 is a diagram illustrating a decoding process executed in the information processing apparatus.
FIG. 17 is a diagram illustrating an example of a storage configuration of seed information.
FIG. 18 is a diagram illustrating an example of a storage configuration of seed information.
FIG. 19 is a diagram illustrating an example of a storage configuration of seed information.
FIG. 20 is a diagram illustrating a connection configuration between an information recording medium drive device and an information processing device.
FIG. 21 is a diagram illustrating data transfer processing between an information recording medium drive device and an information processing device.
FIG. 22 is a diagram for explaining a decoding processing sequence involving data transfer between the information recording medium drive device and the information processing device.
FIG. 23 is a diagram illustrating an authentication processing sequence between an information recording medium drive device and an information processing device.
FIG. 24 is a diagram for explaining a decoding processing sequence involving data transfer between the information recording medium drive device and the information processing device.
FIG. 25 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 26 is a diagram for explaining a decoding processing sequence involving data transfer between the information recording medium drive device and the information processing device.
FIG. 27 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 28 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 29 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 30 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 31 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
FIG. 32 is a diagram for explaining a decoding processing sequence involving data transfer between the information recording medium drive device and the information processing device.
FIG. 33 is a diagram for explaining a decoding processing sequence involving data transfer between an information recording medium drive device and an information processing device.
[Explanation of symbols]
100 Information processing apparatus
110 bus
120 I / O interface
130 MPEG codec
140 I / O interface
141 A / D, D / A converter
150 Cryptographic processing means
160 ROM
170 RAM
180 memory
190 Recording medium I / F
195 Recording medium
198 TS processing means
210 Information processing apparatus
211 Master key
220 Information recording medium
221 Disc ID
223,224 title key
225 record seed
226 physical index
227 seed information
228 encrypted content
229 Title key
230 Third encryption key K3
271 to 275 Cryptographic processing unit
281 Management Center
282 Content Editing Studio
283 Disc manufacturing entity
284 Information recording medium
291,292 Cryptographic processing unit
293,295 Cryptographic processing part
294 arithmetic unit
300 cryptographic processing units
301 Control data
302 First TS packet
303,342 Subsequent TS packet
304 Encrypted TS packet
305 Decoded TS packet group
306 Decoded TS packet
311 321 331 Seed information (seed 1)
312,322,332 seed information (seed 2)
341 Second TS packet
350 cryptographic processing units
351 control data
352 First TS packet
353,392 Subsequent TS packet
354 Decrypted TS packet
355 Decoded TS packet group
361, 371, 381 Seed information (seed 1)
362, 372, 382 Seed information (seed 2)
391 Second TS packet
410 Information processing apparatus
411 interface
420 Information recording medium drive device
421 interface
430 Information recording medium
500 Information processing device
510 Information recording medium drive
511 Master key
520 Information recording medium
521 Disk ID
523,524 Title key
525 record seed
526 physical index
527 seed information
528 Encrypted content
530,540 Authentication key
550 Third encryption key K3
600 cryptographic processing units
601 Control data
602 First TS packet
603 Subsequent TS packet
604 Encrypted TS packet
605 Encrypted TS packet
606 Encrypted TS packet
607 Decoded TS packet group
608 Decoded TS packet
610 Decrypted TS packet
611, 621, 631 Seed information (seed 1)
612, 622, 632 Seed information (seed 2)
641 Second TS packet
650 Information processing apparatus
660 Information recording medium drive
611 Master key
670 Information recording medium
671 Disc ID
672 Title key
673 physical index
674 Seed information
675 encrypted content
680, 690 authentication key
685 Third encryption key K3
701 Encrypted user data
702 Encrypted user data
703 User data
704 Third encryption key Ks (K3)
711 Control data

Claims (4)

An information processing apparatus having an encryption processing unit that performs decryption processing of encrypted data,
Having storage means for storing master key generation information;
The cryptographic processing means includes
A master key is generated based on the master key generation information, two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium, and the generated first recording key and K1, the information recording first block key Kb1 Ri by the data processing based on a first seed of a first key generation information set for each encryption processing unit constituting the encrypted data stored in the medium Generate the first block key Kb1 and execute the first decryption process of the second seed storage encrypted data area in which the second seed as the second key generation information is encrypted and stored . get the second seed, acquired second generates a seed and a second block key Kb2 Ri by the data processing based on the second recording key K2, generated decoded processing based on the second block key Kb2 The information stored in the recording medium is to execute decryption of the encrypted data, to the second seed stored encrypted data area, the first block key Kb 1, and the second block key Kb2 different third by of the application the decryption encryption key K3, to have a configuration which performs a second decoding process of the second seed stored encrypted data area to obtain the decoded data of the second seed stored encrypted data area information processing apparatus shall be the features. An information processing apparatus having an encryption processing unit that performs decryption processing of encrypted data,
Having storage means for storing master key generation information;
The cryptographic processing means includes
A master key is generated based on the master key generation information, two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium, and the generated first recording key K1 and generates the information recording first block key Kb1 Ri by the data processing based on a first seed of a first key generation information set for each encryption processing unit constituting the encrypted data stored in the medium And applying the generated first block key Kb1 to encrypt the second seed as the second key generation information and storing it in the second seed storage encrypted data area, and the second seed against stored encrypted data area, the first block key Kb 1, and the second block key Kb2 different third of the second seed stored encrypted data based on the encryption key K3 The second decryption process is executed to obtain the second seed, the second block key Kb2 is generated by the data processing based on the obtained second seed and the second recording key K2, and the generated second block information processing apparatus by the decoding process based on the key Kb2 you characterized by having a configuration that executes decryption processing of the encrypted data stored in the information recording medium. An information processing method in an information processing apparatus for performing decryption processing of encrypted data stored in an information recording medium,
A master key is generated based on master key generation information stored in a storage unit in the information processing apparatus, and two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium. Data processing based on the generated first recording key K1 and the first seed as the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording medium I Ri generates a first block key Kb1 on, by applying the first block key Kb1 generated, the second seed stored encrypted data region of the second seed as the second key generation information may be encrypted and stored in run the first decoding process obtains the second seed, acquired second generates a seed and a second block key Kb2 Ri by the data processing based on the second recording key K2, generated second Bro And executes decryption processing of the encrypted data stored in the information recording medium by the decoding process based on Kuki Kb2, with respect to the second seed stored encrypted data area, the first block key Kb 1, and the second block By performing a decryption process using a third encryption key K3 different from the key Kb2 , the second decryption process of the second seed storage encrypted data area is executed to obtain the decrypted data of the second seed storage encrypted data area information processing method characterized by the step of. An information processing method in an information processing apparatus for performing decryption processing of encrypted data stored in an information recording medium,
A master key is generated based on master key generation information stored in a storage unit in the information processing apparatus, and two recording keys K1, K2 are generated based on the generated master key and information read from the information recording medium. Data processing based on the generated first recording key K1 and the first seed as the first key generation information set for each encryption processing unit constituting the encrypted data stored in the information recording medium I Ri generates a first block key Kb1 on, by applying the first block key Kb1 generated, the second seed stored encrypted data region of the second seed as the second key generation information may be encrypted and stored in based first decoding process and, with respect to the second seed stored encrypted data area, the first block key Kb 1, and a different third encryption key K3 and the second block key Kb2 The second seed storage encrypted data area is subjected to a second decryption process to obtain a second seed, and the second block key Kb2 is obtained by a data process based on the obtained second seed and the second recording key K2. produced, information processing method you characterized in that the generated second based on the block key Kb2 decoding process has the step of executing a decryption process of the encrypted data stored in the information recording medium.

Images