JP4192499B2 - Information processing apparatus, information processing method, content input / output processing system, content input / output processing method, and computer program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an information processing apparatus, an information processing method, a content input / output processing system, a content input / output processing method, and a computer program. In particular, an information processing apparatus capable of realizing efficient processing in consideration of usage restrictions in the movement (move) and duplication (copying) processing of contents, for which usage restrictions are preferably added, due to copyright protection or the like The present invention relates to an information processing method, a content input / output processing system, a content input / output processing method, and a computer program.
[0002]
[Prior art]
Recently, various software data such as music data, game programs, and image data (hereinafter referred to as “Content”) can be distributed on networks such as the Internet, memory cards, HD, DVD, CD, etc. Distribution via various storage media has become popular. These distribution contents are stored in a personal computer (PC) owned by the user, a recording / playback device, a playback-only device, or storage means in a game device, for example, a card-type storage device having HD or flash memory, a CD, a DVD, or the like. Then, the reproduction process is executed.
[0003]
Information devices such as recording / playback devices, game machines, and PCs have an interface for receiving content from a network or an interface for accessing a memory card, HD, DVD, CD, etc. Control means, a program, and a RAM, ROM, etc. used as data memory areas.
[0004]
Various contents such as music data, image data, or programs are recorded by a user from a recording / playback device used as a playback device, a game device, an information device main body such as a PC, or a user's input via a connected input means. In response to the instruction, it is called from, for example, a built-in or detachable storage medium, and is reproduced through the information device main body, a connected display, a speaker, or the like.
[0005]
Many software contents such as game programs, music data, and image data generally have distribution rights and the like for their creators and sellers. Therefore, when distributing these contents, certain usage restrictions, that is, permission to use the software only for legitimate users, to prevent unauthorized copying, etc. It is common to take a configuration.
[0006]
In particular, in recent years, recording devices and storage media for digitally recording information are becoming widespread. According to such a digital recording apparatus and storage medium, for example, recording and reproduction can be repeated without deteriorating images and sound. In this way, digital data can be copied over and over again while maintaining image quality and sound quality, so when storage media that have been illegally copied is distributed to the market, various contents such as music, movies, etc. The profits of the copyright holders or the rightful sales rights holders will be harmed. In recent years, in order to prevent such illegal copying of digital data, various processing configurations for preventing illegal copying of digital recording devices and storage media have been realized or proposed.
[0007]
For example, SDMI (Secure Digital Music Initiative), which proposes various specifications in music distribution technology, proposes a standard for copyright protection functions in portable players. There are various forms of realizing the copyright protection function, such as a limitation on the number of copies of content and a limitation on the usage period of the content.
[0008]
[Problems to be solved by the invention]
In a system for recording and reproducing contents such as audio data and video data by applying a small storage medium such as a flash memory, a card type HD, a memory card, etc., for example, contents such as music from a storage medium such as a DVD or CD are stored in a small size. There is a usage form in which a copy content is reproduced on a portable device in which a small storage medium is mounted by copying to a medium. Also, content distributed from the network is temporarily stored in a large-capacity storage medium such as a hard disk, DVD, or CD built in the personal computer, and then the content is stored on the memory card or portable small hard disk (HD) from the personal computer. There are many forms of moving and playing content on a portable device to which a memory card or HD can be mounted, that is, using a PC as a personal server for content.
[0009]
Content from a storage medium such as a CD or content obtained via communication such as the Internet is temporarily stored in a large-capacity storage medium such as a hard disk, DVD, or CD, and the content is copied or moved from the storage medium to a memory card. To do. In addition, there is a problem in the copyright of the content that the content usage such as content reproduction on the memory card side is performed randomly. Note that the move, that is, the movement of content is realized by copying the content from, for example, a large-capacity storage medium to a memory card and then erasing the content from the storage medium (HD, DVD, CD, etc.) that is the copy source. This is an operation mode.
[0010]
It is necessary to restrict copying and moving to some extent from the viewpoint of copyright protection. On the other hand, completely prohibiting copying / moving is not appropriate because it prevents the use of content such as moving content from a PC to portable media and enjoying the playback of content outside. . Therefore, it is required to realize appropriate copy / move management that can maintain the copyright of the user while maintaining copyright protection.
[0011]
In content transfer processing and usage processing from a PC to a portable device, it is preferable that the content is used within the range permitted by the usage conditions set corresponding to the content. For example, the usage period and the usage count limit should be set, the status corresponding to the content usage should be recorded, and the content should be used within the range of usage conditions in each device such as a portable device, PC, etc.
[0012]
In a device having a large-capacity storage medium such as a PC and a processor having a high processing capability, the processing load for content availability determination based on such content usage condition information or the storage processing of content usage condition information is Although it can be executed without any problem, it is not always easy to perform processing and information storage equivalent to those of a PC or the like in a terminal device or content storage device such as a portable device having a small storage capacity and low CPU capability. Absent.
[0013]
In a system that separately distributes content and usage right information corresponding to the content, a matching process for verifying the validity of the correspondence between the terminal device and the content storage device such as a portable device is required. This process is heavy and difficult to execute in a terminal device such as a portable device. It is portable to use terminal devices such as portable devices having a low processing capacity for content to search for usage right data corresponding to the content, verify the validity of the data, and execute the processing for permitting the use of the content. It has been difficult to apply and execute limited resources of a terminal device such as a device.
[0014]
The present invention has been made in view of such a situation, and even in an information processing apparatus such as a portable device having a small data storage capacity and a low processing capacity such as a processor, a content use condition set corresponding to the content To provide an information processing apparatus, an information processing method, a content input / output processing system, a content input / output processing method, and a computer program that can use content according to the standards and prevent unauthorized use of content It is what.
[0015]
[Means for Solving the Problems]
  The first aspect of the present invention is:
  An information processing apparatus that executes content reproduction processing,
  Storage means for storing encrypted content and storing an index file including content usage condition information;
  Control means for determining whether or not the content can be used based on content usage condition information in the index file, and executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content usage;
  HaveAnd
  The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
Content usage status informationThe information processing apparatus is characterized by the above.
[0016]
Furthermore, in an embodiment of the information processing apparatus of the present invention, the index file includes a message authentication code (MAC) as a falsification verification value generated based on at least the content use condition information, and the control means Based on the comparison between the MAC and the MAC calculated based on the content use condition information, the content use condition information is determined to be falsified, and the content key acquisition process is performed on the condition that there is no falsification. It has the structure to perform.
[0018]
Furthermore, in one embodiment of the information processing apparatus of the present invention, the encrypted content is content encrypted with a content key Kc, and the content key Kc adopts an enabling key block (EKB) distribution tree configuration. The key that can be obtained only by applying a key that can be obtained by decrypting the enabling key block (EKB) provided in the above manner, and the control means obtains a content key by decrypting the enabling key block (EKB) It is the structure which performs a process.
[0019]
Furthermore, in an embodiment of the information processing apparatus according to the present invention, the content usage condition information is configured to include a content usage period and a usage count.
[0020]
Furthermore, in one embodiment of the information processing apparatus of the present invention, the index file has a data structure according to a mobile quick time format including attribute information corresponding to content.
[0021]
  Furthermore, the present inventionIn one embodiment of the information processing apparatus, the information processing apparatus inputs an encrypted content file including the encrypted content and the index file from an external content output device, and the control means includes the encrypted content file And storing the index file in the storage unit and executing processing for storing a message authentication code (MAC) as a falsification verification value based on data including the use condition information in the storage unit. Features.
[0022]
  Furthermore, the present inventionIn one embodiment of the information processing apparatus, the control means reads the message authentication code (MAC) as a falsification verification value based on data including the use condition information according to a specific access permission program. It is the structure which performs the process written in an in-area.
[0023]
  Furthermore, the present inventionIn an embodiment of the information processing apparatus, the control unit is required to generate a message authentication code (MAC) as a falsification verification value based on data including the use condition information and a content key Kc applied to content decryption processing. The sub-key Ksub is associated with each other, and the writing process is executed in the lead-in area of the storage means accessible according to a specific access permission program.
[0024]
  Furthermore, the present inventionIn one embodiment of the information processing apparatus, the control means is provided by applying an encrypted content E (Kc, Content) obtained by encrypting the content with a content key Kc and an enabling key block (EKB) distribution tree configuration. Data E (Kroot, CID + Kcm) obtained by encrypting the content ID (CID) and the main key Kcm required to generate the content key Kc with the key Kroot that can be obtained by decrypting the enabling key block (EKB). The present invention is characterized in that a process of storing an encrypted content file including the validation key block (EKB) in the storage means is executed.
[0025]
  Furthermore, the present invention2The side of
  In information processing equipmentAn information processing method for executing content playback processing,
  A determination processing step for determining whether or not the content can be used based on the content usage condition information in the index file including the content usage condition information;
  A content key acquisition process step of executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content availability;
  A decryption processing step for decrypting the encrypted content based on the content key KcHave
  The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
Content usage status informationThere is an information processing method characterized by this.
[0026]
Furthermore, in an embodiment of the information processing method of the present invention, the index file includes at least a message authentication code (MAC) as a falsification verification value generated based on the content use condition information, and the information processing method Further includes a step of determining whether or not the content usage condition information has been falsified based on a comparison between the MAC and a MAC calculated based on the content usage condition information, and the content key acquisition processing step includes: The content use condition information is determined to be not falsified as a condition.
[0028]
Furthermore, in one embodiment of the information processing method of the present invention, the encrypted content is content encrypted with a content key Kc, and the content key Kc adopts an enabling key block (EKB) distribution tree configuration. The key that can be obtained only by applying a key that can be obtained by decrypting the enabling key block (EKB) provided in the above-described manner, and the content key obtaining processing step is based on the decrypting process of the enabling key block (EKB). The content key acquisition process is executed.
[0029]
  Furthermore, the present inventionIn one embodiment of the information processing method, the information processing method further includes: an encrypted content file including the encrypted content from an external content output device; the step of inputting the index file; and the encrypted content file; Storing the index file in the storage unit and executing a process of storing a message authentication code (MAC) as a falsification verification value based on data including the use condition information in the storage unit. It is characterized by.
[0030]
  Furthermore, the present inventionIn one embodiment of the information processing method, the information processing apparatus further includes a memory that can access a message authentication code (MAC) as a falsification verification value based on data including the use condition information according to a specific access permission program. A process of writing in the lead-in area of the means is executed.
[0031]
  Furthermore, the present inventionIn an embodiment of the information processing method, the information processing apparatus further includes a message authentication code (MAC) as a falsification verification value based on data including the use condition information, and a content key Kc applied to content decryption processing. A process of writing in the lead-in area of the storage means that is accessible in accordance with a specific access permission program in association with the subkey Ksub required for generation is performed.
[0032]
  Furthermore, the present inventionIn an embodiment of the information processing method, the information processing apparatus further applies an encrypted content E (Kc, Content) obtained by encrypting the content with a content key Kc and an enabling key block (EKB) distribution tree configuration. Data E (Kroot, CID + Kcm) obtained by encrypting the content ID (CID) and the main key Kcm required to generate the content key Kc with the key Kroot that can be obtained by decrypting the enabling key block (EKB) provided ) And the enabling key block (EKB), and storing the encrypted content file in the storage means.
[0033]
  Furthermore, the present invention3The side of
  In an information processing device,A computer program that executes information processing for executing content reproduction processing,
  A determination processing step for determining whether or not the content can be used based on the content usage condition information in the index file including the content usage condition information;
  A content key acquisition process step of executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content availability;
  A decryption processing step for decrypting the encrypted content based on the content key KcHave
  The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
Content usage status informationThe computer program is characterized by that.
[0034]
[Action]
Since the present invention is configured to include content usage condition information in an index file as content index data, the content usage condition information of the index file can be applied even to a portable device having a small storage capacity and a low processing capacity such as a processor. The legitimate content can be used.
[0035]
Furthermore, in the configuration of the present invention, content availability is determined based on content usage condition information in the index file, and content key Kc acquisition processing applied to decryption of encrypted content is executed based on the content availability determination. Since the content key can be acquired only when the content usage based on the usage conditions is permitted, it is possible to strictly comply with the content usage conditions.
[0036]
Further, in the present invention, the index file includes a message authentication code (MAC) as a falsification verification value generated based on the content usage condition information, and the MAC is compared with the MAC calculated based on the content usage condition information. Based on the above, the content key acquisition process is executed on the condition that the content usage condition information is falsified and is determined not to be falsified, so that unauthorized use of the content based on the falsification of the usage condition information is prevented. .
[0037]
Furthermore, in the present invention, the content key Kc is a key that can be acquired only by applying a key that can be acquired by decryption of the enabling key block (EKB) provided by applying the enabling key block (EKB) distribution tree configuration. Therefore, it is possible to use content based on strict content usage authority determination processing.
[0038]
The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format to a general-purpose computer system capable of executing various program codes, such as a CD, FD, MO, etc. Or a computer program that can be provided by a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.
[0039]
Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.
[0040]
DETAILED DESCRIPTION OF THE INVENTION
[System Overview]
FIG. 1 is a diagram illustrating an outline of a content management system to which the present invention is applicable. User devices that use content include information processing apparatuses such as the PC 31 and various portable devices 32. The content is provided from the service provider 12 to the user device 30 as the encrypted content 51. Furthermore, content usage right information 52 corresponding to the content is provided from the service provider 12 to the user device 30, and the encrypted content distributed according to the usage right information 52 in the user device 30 such as the PC 31 or the portable device 32. Is decrypted and used.
[0041]
The original content is provided from the content provider 11 to the service provider 12 together with the content usage condition information. The key management center 13 provides key data such as an enabling key block (EKB) and a device node key (DNK). An enabling key block (EKB) and a device node key (DNK) can be used by decrypting the encrypted content only on a user device having a right to use the content. Key data for acquiring an encryption key necessary for using the content. EKB and DNK will be described later.
[0042]
The key management center 13 is a key distribution center (KDC) that executes a key issuance process for a user device 30 to which an enabling key block (EKB) is applied, and a key distribution tree administrator. The structure includes a top level category entity (TLCE).
[0043]
The service provider 12 encrypts the content provided from the content provider 11 to generate the encrypted content 51 and provides it to the user device 30. Furthermore, usage right information 52 is generated based on the content usage condition information provided from the content provider and provided to the user device 30. Furthermore, service data 53 is generated based on a device node key (DNK) and an enabling key block (EKB) provided by the key management center 13 and provided to the user device 30. The service data includes an enabling key block (EKB) having a service / device node key (SDNK) necessary for the decryption process of the encrypted content.
[0044]
The detailed configuration of the encrypted content 51, the usage right information 52, and the service data 53, and the details of the usage processing of these data will be described later.
[0045]
The usage conditions of the content include a usage period limitation condition, a copy frequency limit, and the number of portable media (PM) that can use the content simultaneously (so-called check-out count). Response).
[0046]
For example, the maximum number of checkouts can be set as the number of portable media (PM) that can simultaneously use each content stored in the hard disk of the PC 31 in correspondence with each content. The portable media (PM) is a storage medium that can be used in the portable device 32, such as a flash memory, a small HD, an optical disc, a magneto-optical disc, an MD (Mini Disk), or the like.
[0047]
The personal computer (PC) 31 transfers (checks out) the content from the hard disk of the PC 31 to the portable media storing the content, and the content can be used (reproduced) in the portable device 32 storing the portable media. At this time, it is necessary to adopt a configuration in which the usage condition information corresponding to the content can also be applied to the portable device 32.
[0048]
The portable device 32 to which a flash memory or a small HD, an optical disk, a magneto-optical disk, or the like is attached is a flash memory or a small HD, an optical disk, an optical, and the contents supplied from the personal computer 31 together with incidental data including usage condition information. Store in a storage medium such as a magnetic disk. The portable device 32 reproduces the content stored in the storage medium in accordance with the usage conditions as the supplementary data of the content, and outputs it via output means such as headphones or speakers.
[0049]
A configuration example of the personal computer 31 and a portable device 32 to which a portable medium such as a flash memory capable of storing contents or a small HD, an optical disk, a magneto-optical disk, or the like can be mounted will be described with reference to FIGS.
[0050]
First, the configuration of the personal computer 31 will be described with reference to FIG. A CPU (Central Processing Unit) 101 actually executes various application programs and an OS (Operating System). Further, as content encryption and decryption processing, for example, encryption processing applying a DES (Data Encryption Standard) encryption algorithm, MAC generation, verification processing, and the like are executed, and the connected information recording processing apparatus (portable device) is connected. It functions as a control means for performing authentication, session key sharing processing, content input / output processing control, and the like during content input / output executed between them.
[0051]
A ROM (Read Only Memory) 102 stores fixed data and the like among programs used by the CPU 101 and calculation parameters. A data processing program or the like at the time of content input / output executed with the portable device described above is stored. A RAM (Random Access Memory) 103 stores programs used in the execution of the CPU 101, parameters that change as appropriate during the execution, and the like. These are connected to each other by a host bus 104 including a CPU bus.
[0052]
The host bus 104 is connected to an external bus 106 such as a PCI (Peripheral Component Interconnect / Interface) bus via a bridge 105.
[0053]
The keyboard 108 is operated by the user when inputting various commands to the CPU 101. The pointing device 109 is operated by a user when specifying or selecting a point on the screen of the display 110. The display 110 includes a liquid crystal display device, a CRT (Cathode Ray Tube), or the like, and displays various types of information as text or images. An HDD (Hard Disk Drive) 111 drives a hard disk and records or reproduces a program executed by the CPU 101 and information.
[0054]
The drive 112 reads data or a program recorded on a mounted removable recording medium 121 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and the data or program is read from the interface 107 and the external bus 106. , To the RAM 103 connected via the bridge 105 and the host bus 104.
[0055]
A PD (portable device) connection port 114 is a port for connecting a portable device, and the portable device is connected by connection of USB, IEEE1394 or the like. A PD (portable device) connection port 114 is data supplied from the HDD 111, the CPU 101, or the RAM 103 via the interface 107, the external bus 106, the bridge 105, the host bus 104, etc., for example, contents or commands of the portable device 122. Are output to the portable device 122.
[0056]
The audio input / output interface 115 executes, for example, digital audio input / output or analog audio input / output interface processing having an IEC (Internationl Electrotechnical Commission) 60958 terminal, is connected to output means such as a speaker, and is supplied from the input / output interface 115. Based on the audio signal, a predetermined audio corresponding to the content is output.
[0057]
These keyboard 108 to voice input / output interface 115 are connected to an interface 107, and the interface 107 is connected to the CPU 101 via the external bus 106, the bridge 105, and the host bus 104.
[0058]
The communication unit 116 is connected to a network, stores data (for example, a registration request or a content transmission request) supplied from the CPU 101, the HDD 111, or the like in a packet of a predetermined method, and transmits the data via the network 2. The data (for example, an authentication key or content) stored in the received packet is output to the CPU 101, RAM 103, or HDD 111 via the network 2.
[0059]
Next, a configuration example of a portable device using portable media will be described with reference to FIG. Note that a medium as a content storage medium is a flash memory, a small HD, an optical disk, a magneto-optical disk, or the like.
[0060]
The power supply circuit 152 converts the supplied power supply voltage into internal power of a predetermined voltage and supplies it to the CPU 153 through the display unit 167, thereby driving the entire apparatus. The input / output I / F 157 is an interface that is connected to a personal computer (PC) 172 that is a content provider, and performs connection according to a connection mode such as USB, IEEE1394.
[0061]
The data transferred from the personal computer 172 is composed of, for example, 64 bytes of data per packet, and is transferred from the personal computer to the portable device at a transfer rate of 12 Mbit / sec. Data transferred to the portable device is composed of content and incidental information such as content usage conditions.
[0062]
When the portable device receives the content writing command from the personal computer together with the content, the CPU 153 serving as a control unit that executes the main program read from the ROM 155 to the RAM 154 receives the writing command, and receives the write command. , Write content to DVD, CD. In the example shown in the figure, flash memory, HD, DVD, and CD are shown as the storage medium 161. However, these storage media are examples, and it is sufficient that at least one type of storage medium can be used.
[0063]
Data writing processing to the storage medium 161 is executed via a storage medium controller or drive 160 corresponding to the storage medium 161. For example, if the storage medium 161 is a flash memory, writing is executed via a flash memory controller, and if the storage medium 161 is a hard disk (HD), writing is executed via an HDD. Note that the storage medium 161 such as a flash memory, HD, DVD, or CD can be configured to be detachable from the portable device.
[0064]
When a content reproduction command by the user is supplied to the CPU 153 via the operation key controller 162, the CPU 153 as a control unit causes the storage medium controller or the drive 160 to execute content reading processing from the storage medium 161 and transfer it to the DSP 159. .
[0065]
A DSP (Digital Signal Processor) 159 executes processing for reproducing the content transferred from the storage medium 161. The DSP 159 has an encryption / decryption processing function, an equalizer adjustment (gain adjustment corresponding to the frequency band of the audio signal) function, and a compression / decompression (encoding / decoding) processing function. For example, high-efficiency encoding is performed for writing a digital audio signal to the storage medium 161, and data read from the memory card 161 is decoded. As the high-efficiency encoding method, for example, ATRAC3 improved from ATRAC (Adaptive Transform Acoustic Coding) adopted in minidiscs is used.
[0066]
In ATRAC3, audio data having a quantization bit of 16 bits sampled at a sampling frequency of 44.1 kHz is subjected to a high-efficiency encoding process. The minimum data unit when processing audio data with ATRAC3 is a sound unit SU. One SU is 1024 samples (1024 × 16 bits × 2 channels) compressed to several hundred bytes, and is about 23 milliseconds in time. Audio data is compressed to about 1/10 by the high-efficiency encoding process described above.
[0067]
The digital-analog conversion circuit 163 converts the reproduced content into an analog audio signal, and supplies this to the amplifier circuit 164. The amplifier circuit 164 amplifies the audio signal and supplies the audio signal to the headphones or the speaker via the output unit 165.
[0068]
From the input I / F 171, a digital signal or an analog signal is input from an external source, and A / D conversion is performed when the analog signal is input. In the A / D conversion, an input signal is converted into a digital audio signal having a sampling frequency = 44.1 kHz and a quantization bit = 16 bits, for example. Similarly, a digital signal from an external source is converted into a digital audio signal having a sampling frequency of 44.1 kHz and a quantization bit of 16 bits by an SRC (sampling rate converter).
[0069]
In addition, the CPU 153 controls the LCD controller 166 to display on the display unit 167 the state of the playback mode (for example, repeat playback, intro playback, etc.), equalizer adjustment (gain adjustment corresponding to the frequency band of the audio signal), music Information such as number, performance time, playback, stop, fast forward, fast reverse, etc., volume, and remaining battery level are displayed.
[0070]
For example, a DES (Data Encryption Standard) encryption algorithm is applied to the content encryption and decryption processing executed by the DSP 159. Content encryption is processing for protecting the copyright of content, and content encryption processing is executed in content transfer processing between a PC and a portable device and content transfer processing between a portable device and a storage medium. .
[0071]
For example, an EEPROM 168 composed of a flash memory stores keys applied to encryption and decryption processing, content transfer processing between a PC and a portable device, authentication processing and session in content transfer processing between a portable device and a storage medium This is applied to key sharing processing, transfer data, or encryption / decryption processing of stored data.
[About tree structure as key distribution configuration]
Next, a device and key management configuration based on a tree configuration, which is an aspect of the broadcast encryption method, in order to allow content to be used only by a user device having a valid content usage right, will be described.
[0072]
Numbers 0 to 15 shown at the bottom of FIG. 4 are user devices that use content. That is, each leaf (leaf) of the hierarchical tree (tree) structure shown in FIG. 4 corresponds to each device.
[0073]
Each device 0 to 15 has a key (node key) assigned to a node from its leaf to the root in the hierarchical tree (tree) structure shown in FIG. A key set composed of leaf keys (device node key (DNK)) is stored in the memory. K0000 to K1111 shown at the bottom of FIG. 4 are leaf keys assigned to the devices 0 to 15, respectively, and keys described from the topmost KR (root key) to the second node (node) from the bottom. : KR to K111 are used as node keys.
[0074]
In the tree configuration shown in FIG. 4, for example, the device 0 has a leaf key K0000 and node keys: K000, K00, K0, and KR. The device 5 owns K0101, K010, K01, K0, and KR. The device 15 owns K1111, K111, K11, K1, and KR. Note that only 16 devices 0 to 15 are shown in the tree of FIG. 4 and the tree structure is shown as a balanced configuration with a four-stage configuration, but more devices are configured in the tree. In addition, it is possible to have a different number of stages in each part of the tree.
[0075]
In addition, each device included in the tree structure of FIG. 4 includes various types of recording media, for example, various types using a device embedded type or a DVD, CD, MD, flash memory, etc. that are configured to be detachable from the device. The device is included. Furthermore, various application services can coexist. The hierarchical tree structure as the content or key distribution configuration shown in FIG. 4 is applied on such a coexistence configuration of different devices and different applications.
[0076]
In a system in which these various devices and applications coexist, for example, the portions surrounded by dotted lines in FIG. 4, that is, devices 0, 1, 2, and 3 are set as one group using the same recording medium. For example, for devices included in the group surrounded by the dotted line, the common content is encrypted and sent from the provider, the content key used in common for each device is sent, or each device is sent. Then, the process of encrypting and outputting the content fee payment data to the provider or the settlement institution is executed. An institution that performs data transmission / reception with each device, such as a content provider or a payment processing institution, sends data collectively as a group of the parts surrounded by the dotted lines in FIG. 4, that is, devices 0, 1, 2, and 3. Execute the process. There are a plurality of such groups in the tree of FIG. An organization that transmits / receives data to / from each device, such as a content provider or a payment processing organization, functions as message data distribution means.
[0077]
The node key and the leaf key may be managed by a single key management center, or may be managed for each group by message data distribution means such as a provider or a settlement organization that performs various data transmission / reception for each group. It is good. These node keys and leaf keys are updated when, for example, a key is leaked, and this updating process is executed by a key management center, a provider, a settlement organization, or the like.
[0078]
In this tree structure, as is apparent from FIG. 4, the three devices 0, 1, 2, 3 included in one group have common keys K00, K0, KR as device node keys (DNK). Holds a device node key (DNK). By using this node key sharing configuration, for example, a common key can be provided only to devices 0, 1, 2, and 3. For example, a common node key K00 is a common key for devices 0, 1, 2, and 3. If the value Enc (K00, Knew) obtained by encrypting the new key Knew with the node key K00 is stored in a recording medium via a network or distributed to the devices 0, 1, 2, 3, the devices 0, 1 , 2 and 3 can use the shared node key K00 possessed by each device to decrypt the encryption Enc (K00, Knew) and obtain a new key Knew. Enc (Ka, Kb) indicates data obtained by encrypting Kb with Ka.
[0079]
Further, at a certain time t, when it is discovered that the keys possessed by the device 3: K0011, K001, K00, K0, KR are analyzed and exposed by an attacker (hacker), thereafter, the system (devices 0, 1) is detected. , 2 and 3), the device 3 needs to be disconnected from the system. For this purpose, the node keys: K001, K00, K0, KR are updated to new keys K (t) 001, K (t) 00, K (t) 0, K (t) R, respectively, and devices 0, 1, 2 must be notified of the update key. Here, K (t) aaa indicates that the key is a renewal key of Generation: t.
[0080]
The update key distribution process will be described. The key is updated by, for example, storing a table composed of block data called an enabling key block (EKB) shown in FIG. 2 is executed. The enabling key block (EKB) is composed of an encryption key for distributing a newly updated key to devices corresponding to each leaf constituting the tree structure as shown in FIG. The enabling key block (EKB) is sometimes called a key renewal block (KRB).
[0081]
The enabling key block (EKB) shown in FIG. 5A is configured as block data having a data configuration that can be updated only by a device that requires updating of the node key. The example of FIG. 5 is block data formed for the purpose of distributing the update node key of generation t to the devices 0, 1, and 2 in the tree structure shown in FIG. As is apparent from FIG. 4, device 0 and device 1 require K (t) 00, K (t) 0, and K (t) R as update node keys, and device 2 uses K (t) as an update node key. ) 001, K (t) 00, K (t) 0, K (t) R are required.
[0082]
As shown in the EKB of FIG. 5A, the EKB includes a plurality of encryption keys. The lowest encryption key is Enc (K0010, K (t) 001). This is an update node key K (t) 001 encrypted with the leaf key K0010 of the device 2, and the device 2 can decrypt this encryption key with the leaf key of itself and obtain K (t) 001. . Also, using K (t) 001 obtained by decryption, the encryption key Enc (K (t) 001, K (t) 00) in the second stage from the bottom of FIG. 5A can be decrypted and updated. The node key K (t) 00 can be obtained. Subsequently, the encryption key Enc (K (t) 00, K (t) 0) in the second stage from the top of FIG. 5A is sequentially decrypted, and the update node key K (t) 0, as shown in FIG. The first-stage encryption key Enc (K (t) 0, K (t) R) is decrypted to obtain K (t) R. On the other hand, the device K0000. K0001 is not included in the node key K000 to be updated, and K (t) 00, K (t) 0, and K (t) R are required as update node keys. Device K0000. K0001 obtains K (t) 00 by decrypting the third-stage encryption key Enc (K000, K (t) 00) from the top of FIG. 5A. The second-stage encryption key Enc (K (t) 00, K (t) 0) is decrypted from the update node key K (t) 0, and the first-stage encryption key Enc from the top in FIG. (K (t) 0, K (t) R) is decoded to obtain K (t) R. In this way, the devices 0, 1, and 2 can obtain the updated key K (t) R. Note that the index in FIG. 5A indicates the absolute addresses of node keys and leaf keys used as decryption keys.
[0083]
In the case where it is not necessary to update the node keys: K (t) 0, K (t) R in the upper level of the tree structure shown in FIG. 4, and only the node key K00 needs to be updated, the processing shown in FIG. By using the enabling key block (EKB), the updated node key K (t) 00 can be distributed to the devices 0, 1, and 2.
[0084]
The EKB shown in FIG. 5B can be used, for example, when a new content key shared in a specific group is distributed. As a specific example, it is assumed that a recording medium having devices 0, 1, 2, and 3 in a group indicated by a dotted line in FIG. 4 is used and a new common content key K (t) con is required. At this time, the data Enc (K (t (K)) is obtained by encrypting a new common updated content key: K (t) con using K (t) 00 that has updated the common node key K00 of the devices 0, 1, 2, and 3. ), K (t) con) is distributed together with the EKB shown in FIG. This distribution enables distribution as data that is not decrypted in other groups of devices such as the device 4.
[0085]
That is, if the devices 0, 1, and 2 decrypt the ciphertext using K (t) 00 obtained by processing the EKB, a key at the time point t, for example, a content key applied to content encryption / decryption K (t) con can be obtained.
[0086]
[Distribution of keys using EKB]
FIG. 6 shows a new common content key K (t (t) using K (t) 00 as an example of processing for obtaining a key at time t, for example, a content key K (t) con applied to content encryption / decryption. ) A processing example of the device 0 that has received the data Enc (K (t) 00, K (t) con) encrypted with con and the EKB shown in FIG. 5B via the recording medium. That is, this is an example in which the encrypted message data by EKB is used as the content key K (t) con.
[0087]
As shown in FIG. 6, the device 0 uses the EKB at the time of generation: t stored in the recording medium and the node key K000 stored in advance to perform the node key K (t ) 00 is generated. Further, the update content key K (t) con is decrypted using the decrypted update node key K (t) 00, and is encrypted and stored with the leaf key K0000 that only the user has in order to use it later.
[0088]
[EKB format]
FIG. 7 shows a format example of the enabling key block (EKB). Version 201 is an identifier indicating the version of the enabling key block (EKB). Note that the version has a function for identifying the latest EKB and a function for indicating a correspondence relationship between contents. The depth indicates the number of hierarchies of the hierarchical tree for the device to which the enabling key block (EKB) is distributed. The data pointer 203 is a pointer indicating the position of the data part in the enabling key block (EKB), the tag pointer 204 is the position of the tag part, and the signature pointer 205 is a pointer indicating the position of the signature.
[0089]
The data unit 206 stores, for example, data obtained by encrypting the node key to be updated. For example, each encryption key related to the updated node key as shown in FIG. 6 is stored.
[0090]
The tag part 207 is a tag indicating the positional relationship between the encrypted node key and leaf key stored in the data part. The tag assignment rule will be described with reference to FIG. FIG. 8 shows an example in which the enabling key block (EKB) described above with reference to FIG. 5A is sent as data. The data at this time is as shown in the table (b) of FIG. The top node address included in the encryption key at this time is set as the top node address. In this case, since the update key K (t) R of the root key is included, the top node address is KR. At this time, for example, the uppermost data Enc (K (t) 0, K (t) R) is at the position shown in the hierarchical tree shown in FIG. Here, the next data is Enc (K (t) 00, K (t) 0), and is in the lower left position of the previous data on the tree. When there is data, the tag is set to 0, and when there is no data, 1 is set. The tags are set as {left (L) tag, right (R) tag}. Since there is data on the left of the uppermost data Enc (K (t) 0, K (t) R), L tag = 0, and there is no data on the right, so R tag = 1. Hereinafter, tags are set for all data, and a data string and a tag string shown in FIG. 8C are configured.
[0091]
The tag is set to indicate where the data Enc (Kxxx, Kyyy) is located in the tree structure. Key data Enc (Kxxx, Kyyy) stored in the data part. . . Is merely enumerated data of encrypted keys, so that the position of the encryption key stored as data on the tree can be determined by the above-described tag. Without using the tag described above, using a node index corresponding to the encrypted data as in the configuration described in FIG. 5, for example,
0: Enc (K (t) 0, K (t) root)
00: Enc (K (t) 00, K (t) 0)
000: Enc (K ((t) 000, K (T) 00)
. . . However, if such a configuration using an index is used, redundant data is generated and the amount of data increases, which is not preferable for distribution via a network. On the other hand, by using the above-described tag as index data indicating the key position, the key position can be determined with a small amount of data.
[0092]
Returning to FIG. 7, the EKB format will be further described. A signature 208 is an electronic signature executed by, for example, a key management center, a content provider, a service provider, or a settlement organization that has issued an enabling key block (EKB). The device that has received the EKB confirms by the signature verification that it is an activation key block (EKB) issued by a valid activation key block (EKB) issuer.
[0093]
Tree categorization
A configuration in which a hierarchical tree structure defining node keys and the like is classified for each device category to perform efficient key update processing, encryption key distribution, and data distribution will be described below.
[0094]
FIG. 9 shows an example of category classification of a hierarchical tree structure. In FIG. 9, a root key Kroot 301 is set at the top level of the hierarchical tree structure, a node key 302 is set at the intermediate level below, and a leaf key 303 is set at the bottom level. Each device has an individual leaf key and a series of node keys and root keys from the leaf key to the root key.
[0095]
Here, as an example, a node at the Mth stage from the top is set as the category node 304. That is, each of the M-th level nodes is set as a device setting node of a specific category. The nodes and leaves of the Mth stage below are assumed to be nodes and leaves related to devices included in the category, with one node at the Mth stage as a vertex.
[0096]
For example, a category [memory stick (trademark)] is set in one node 305 in the M-th stage in FIG. 9, and nodes and leaves connected to this node are dedicated to the category including various devices using the memory stick. Set as a node or leaf. That is, nodes 305 and below are defined as a set of related nodes and leaves of devices defined in the category of the memory stick.
[0097]
Furthermore, a stage that is several stages lower than the M stage can be set as the subcategory node 306. For example, as shown in the figure, a node of [play-only device] is set as a sub-category node included in the category of the device using the memory stick in a node two steps below the category [memory stick] node 305. Further, a node 307 of a telephone with music playback function included in the category of the playback-only device is set below the node 306 of the playback-only device that is a subcategory node, and further below that is included in the category of the phone with music playback function. [PHS] node 308 and [mobile phone] node 309 can be set.
[0098]
Furthermore, categories and subcategories are not limited to device types, for example, nodes managed independently by a certain manufacturer, content provider, payment institution, etc., that is, arbitrary units such as processing units, jurisdiction units, or service units provided (these are (Hereinafter collectively referred to as an entity). For example, if one category node is set as a vertex node dedicated to the game device XYZ sold by the game device manufacturer, the node key and leaf key below the vertex node can be stored and sold in the game device XYZ sold by the manufacturer. After that, distribution of encrypted contents or distribution and update of various keys is performed by generating and distributing an activation key block (EKB) composed of node keys and leaf keys below the vertex node key, and below the vertex nodes. Data that can be used only for these devices can be distributed.
[0099]
In this way, by setting one node as a vertex and setting the following nodes as related nodes in the category or subcategory defined in the vertex node, one vertex node in the category stage or subcategory stage is set. It becomes possible for the manufacturer, content provider, etc. to manage to create an enabling key block (EKB) with the node as a vertex and distribute it to devices belonging to the vertex node or lower, and other categories that do not belong to the vertex node The key update can be executed without affecting the devices belonging to this node.
[0100]
In the system of the present invention, as shown in FIG. 10, management of device keys and content keys is performed in a tree-structured system. In the example of FIG. 10, nodes of 8 + 24 + 32 levels have a tree structure, and categories correspond to the nodes from the root node to the lower 8 levels. The category here means a category such as a category of a device that uses a semiconductor memory such as a memory stick and a category of a device that receives a digital broadcast. This system (referred to as a T system) corresponds to one of the category nodes as a system for managing licenses.
[0101]
That is, a service provider or a service provided by a service provider is associated with a key corresponding to a node of 24 levels in a lower hierarchy than the node of the T system. For this example, this would result in 2^{twenty four}(About 16 mega) service providers or services can be defined. In addition, the lowest 32 levels are 2³²(About 4 Giga) users (or user devices) can be defined. A key corresponding to each node on the path from the lowest 32 nodes to the T system node constitutes a DNK (Device Node Key), and an ID corresponding to the lowest leaf is a leaf ID.
[0102]
For example, the content key obtained by encrypting the content is encrypted by the updated root key KR ′, and the update node key of the upper hierarchy is encrypted using the update node key of the immediately lower hierarchy and placed in the EKB. Is done. The update node key one level above the end in the EKB is encrypted by the node key or leaf key at the end of the EKB, and placed in the EKB.
[0103]
Using one of the DNK keys described in the service data, the user device decrypts and obtains the update node key of the latest higher hierarchy described in the EKB distributed with the content data. Using the obtained key, the update node key of the hierarchy further described in the EKB is decrypted. By sequentially performing the above processing, the user device can obtain the updated root key KR ′.
[0104]
[Content processing using multiple EKBs]
As described above, the category classification of the tree enables a configuration in which one node is set as a vertex and the following nodes are set as related nodes of the category or subcategory defined in the vertex node. A configuration is realized in which a manufacturer, service provider, or the like that manages one of the vertex nodes independently generates an enabling key block (EKB) having that node as a vertex and distributes it to devices belonging to the vertex node or lower.
[0105]
In the following, content distribution and usage modes adopting an EKB distribution configuration based on a plurality of categories by applying the above-described tree management EKB distribution system by device management will be described.
[0106]
The two categories will be described with reference to FIG. As shown in FIG. 11, a T system node 351 is set in the lower stage of the root node 350, and a T service node 352 and a T hard node 353 are set in the lower stage. The tree having the T hard node 353 as a vertex is a category tree in which the user device device itself is set as a leaf 355 and hardware-compatible EKB [EKB (H)] issued for the device is distributed. On the other hand, the tree having the T service node 352 as a vertex is a category tree that distributes service-corresponding EKB [EKB (S)] issued corresponding to the service provided to the user device device.
[0107]
Both the hardware-compatible EKB [EKB (H)] and the service-compatible EKB [EKB (S)] are given to each device having a legitimate authority, that is, a path from the leaf to the node of the T system. By having a key corresponding to each of the above nodes, each EKB can be decrypted.
[0108]
With reference to FIG. 12, a content use processing sequence based on content decryption processing to which hardware-compatible EKB [EKB (H)] and service-compatible EKB [EKB (S)] are applied will be described.
[0109]
The service data 401, the encrypted content file 402, and the usage right information 403 shown in FIG. 12 correspond to the service data 53, the encrypted content 51, and the usage right information 52 shown in FIG. 1, and the user device passes through the service provider. Data to receive. The service data 401 includes a leaf ID as a leaf identifier, an EKB version to be applied, and a service-compatible device node key (SDNK) necessary for decrypting the service-compatible EKB [EKB (S)] in a hardware-compatible category tree. The data E (Kroot ′, SDNK) encrypted by the root key Kroot ′ set in this way is stored.
[0110]
The encrypted content file 402 includes a service-corresponding EKB [EKB (S)] storing a root key Kroot set corresponding to a service-corresponding category tree, a content ID (CID) with the root key Kroot, content encryption processing, and The file includes data E (Kroot, CID + Kc) obtained by encrypting the content key (Kc) applied to the decryption process, and data E (Kc, Content) obtained by encrypting the content (Content) with the content key Kc.
[0111]
The usage right information 403 is data that stores a leaf ID and content usage condition information. The content usage condition information includes various usage conditions such as a usage period, a usage count, and a copy restriction set in correspondence with the content. The user device that has received the usage right information 403 stores the usage right information as security information corresponding to the content, or stores it in an AV index file as index data of the content.
[0112]
For example, in a user device having a large-capacity storage means such as a PC and having a high processing capacity such as a processor, the usage right information can be stored as security information corresponding to the content. Is preferably stored, and processing using the content information is referred to when the content is used. On the other hand, in a user device such as a portable device (PD) that does not have a large-capacity storage means and has a low processing capacity such as a processor, the usage right information 403 including the selected information is used as an AV index as content index data. Processing such as storing in a file and referring to the usage condition information in the AV index file when using the content is possible.
[0113]
A configuration example of the AV index file is shown in FIG. The AV index file configuration shown in FIG. 13 has a configuration in which usage condition information is added to the Mobile Quick Time AV index file.
[0114]
The AV index file 421 includes header information 422 and index file information 423, and the index file information 423 includes properties, titles, thumbnails, intros (in the case of music content) and the like as information corresponding to each content. Furthermore, it has a configuration including usage condition information 425 corresponding to the content. The AV file 424 as actual content is stored in association with each index information.
[0115]
A configuration example of usage condition information is shown in FIG. The usage condition information includes a leaf ID 451 and a content ID 452 that are set for each user who uses the content and each content and can identify each of them. The content usage period information, usage (playback) number information, copy restriction information, and other devices Usage condition field 453 that stores various usage conditions relating to movement to other devices, input from other devices, a usage status field 454 as a field for recording usage status according to content usage, and further, It has a configuration including a message authentication code (MAC) 455 as a verification value for preventing falsification.
[0116]
A message authentication code (MAC) 455 is generated as data for verifying falsification of data based on data including content usage condition information. FIG. 15 shows an example of MAC value generation using the DES encryption processing configuration. As shown in the configuration of FIG. 15, the target message is divided into units of 8 bytes (hereinafter, the divided messages are referred to as M1, M2,..., MN). , IV)) and M1 are XORed (the result is I1). Next, I1 is put into the DES encryption unit and encrypted using a key (hereinafter referred to as K1) (the output is assumed to be E1). Subsequently, E1 and M2 are exclusively ORed, and the output I2 is input to the DES encryption unit and encrypted using the key K1 (output E2). Thereafter, this is repeated, and encryption processing is performed on all messages. The EN that comes out last is a message authentication code (MAC).
[0117]
When the source data is changed, the MAC value becomes a different value, and the MAC generated based on the data (message) to be verified is compared with the recorded MAC. It is proved that the data (message) to be verified has not been changed or altered.
[0118]
Returning to FIG. 12, a content use processing sequence based on content decryption processing to which hardware-compatible EKB [EKB (H)] and service-compatible EKB [EKB (S)] are applied will be described.
[0119]
The user device has received service data 401, encrypted content file 402, and usage right information 403. As described above, the usage right information 403 is held as security information corresponding to content in a PC, for example, and stored in an AV index file 421 set in correspondence with stored content in a portable device (PD). . When executing content transfer / copy processing from the PC to the PD, the usage right information stored in the security information corresponding to the content held in the PC or the like is adapted to the AV index file 421 set in the PD. Is converted as follows. For example, the conversion mode is changed according to the storage medium, such as storing only usage conditions limited to content playback time, playback count, move conditions, copy conditions, and the like.
[0120]
The user device further has a hardware-compatible EKB (H) 411 and a hardware-compatible device node key (HDNK) 412 applied to the processing (decryption) of the hardware-compatible EKB (H). Note that the hardware-compatible EKB (H) 411 can extract the root key Kroot 'set corresponding to the hardware-compatible category tree by decryption.
[0121]
In step S11 shown in FIG. 12, the hardware-compatible device node key (HDNK) 412 is applied to execute the hardware-compatible EKB (H) 411 decryption process, and from the EKB (H) 411 to the hardware-compatible category tree. The root key Kroot ′ set correspondingly is acquired. The EKB process to which DNK is applied is a process according to the method described above with reference to FIG.
[0122]
Next, in step S12, using the root key Kroot ′ extracted from EKB (H), the encrypted data E (Kroot ′, SDNK) in the service data 401 is decrypted, and the service corresponding EKB [EKB ( S)] to obtain the device node key (SDNK) to be applied (decryption).
[0123]
Next, in step S13, using the device node key (SDNK) extracted from the service data, processing (decryption) of service-compatible EKB [EKB (S)] stored in the encrypted content file 402 is executed. The root key Kroot set corresponding to the service corresponding category tree stored in the service corresponding EKB [EKB (S)] is acquired.
[0124]
Next, in step S14, decryption processing of the encrypted data E (Kroot, CID + Kc) stored in the encrypted content file 402 is executed using the root key Kroot extracted from the service-compatible EKB [EKB (S)]. The content ID (CID) and the content key (Kc) are acquired.
[0125]
Next, in step S15, the content ID (CID) extracted from the encrypted content file 402 is matched with the content ID stored in the usage condition information in the AV index file 421. If the matching process confirms that the content can be used, the content key (Kc) extracted from the encrypted content file 402 is applied in step S16, and the encryption stored in the encrypted content file 402 is applied. The encrypted content E (Kc, Content) is decrypted to reproduce the content.
[0126]
As described above, the hardware-compatible EKB [EKB (H)] as the EKB corresponding to the category tree set corresponding to the hardware as the content use device, and the category tree set corresponding to the content use service Service-corresponding EKB [EKB (S)] as an EKB corresponding to each of the EKBs is individually provided to the user, and only a user having a valid DNK for each EKB can use the service.
[0127]
A DNK for decrypting service-compatible EKB [EKB (S)], that is, SDNK, can be provided as service data 401 corresponding to content, and only devices that have a valid hardware-compatible DNK, that is, HDNK, can be provided. Therefore, only the user device having a valid HDNK can acquire the SDNK and the service is used. Become.
[0128]
Further, in content use, since the matching process between the content identifier (CID) acquired from the encrypted content file 402 and the CID acquired from the usage condition information of the AV index file 421 is executed, the usage right information Acquiring 403 and storing the usage condition information in the AV index file can be an indispensable requirement for the content reproduction process, and content usage in accordance with the usage conditions is realized.
[0129]
[Use with content copy between PD and PC]
Next, the encrypted content file stored in the PC or the like is moved or copied to a medium (for example, a disk or memory) in the portable device, and the generated subkey Ksub is generated corresponding to the content, and the subkey Ksub is applied. A configuration in which content is decrypted and used in the portable device will be described.
[0130]
(Checkout process)
With reference to FIG. 16, an outline of data stored in the portable device 502 in the process of outputting content from the PC 501 to the portable device 502 will be described.
[0131]
The encrypted content file 511 includes a service-corresponding EKB [EKB (S)] storing a root key Kroot set corresponding to a service-corresponding category tree, a content ID (CID) with the root key Kroot, content encryption processing, and Data E (Kroot, CID + Kcm) obtained by encrypting the main key Kcm as a generation key for the content key (Kc) applied to the decryption process, and data E (Kc) obtained by encrypting the content (Content) with the content key Kc , Content).
[0132]
The AV index file 512 has the configuration described above with reference to FIGS. 13 and 14, and has a configuration in which usage condition information is added to the mobile quick time AV index file.
[0133]
Note that the usage condition information stored in the portable device (PD) may be converted into the minimum data and stored in consideration of the data capacity of the media used by the PD. For example, only the usage conditions limited to the content reproduction time, the number of reproductions, the move condition, the copy condition, and the like are stored, and the mode is changed according to the storage medium.
[0134]
As described above with reference to FIG. 12, the service data 513 includes the leaf ID as the leaf identifier, the version of the EKB to be applied, and the service correspondence necessary for decoding the service correspondence EKB [EKB (S)]. Stored is data E (Kroot ', SDNK) obtained by encrypting a device node key (SDNK) with a root key Kroot' set in correspondence with the hardware corresponding category tree.
[0135]
The sequence page 514 generates a MAC #n as a message authentication code (MAC) as a falsification verification value of the usage rule information corresponding to the content described above with reference to FIG. 14 and a content key Kc. This is table data in which the subkey Ksubn to be applied is stored for each of the contents 0-n.
[0136]
The relationship between the content key Kc applied to the content encryption / decryption processing, the main key Kcm stored in the encrypted content file 511, and the sub key Ksub stored in the sequence page 514 is as follows:
Kc = Kcm XOR Ksub
It is. That is, the content key Kc is calculated by the exclusive logical ring operation of the main key Kcm and the sub key Ksub.
[0137]
The encrypted content file 511, the AV index file 512, and the service data 513 are written to the normal data storage area of the medium of the portable device 502, and the sequence page 514 is confirmed to have a specific access authority. Are written in the lead-in area 521 where data can be read and written.
[0138]
With reference to FIG. 17, a content output from a PC to a portable device (PD) medium, that is, a checkout processing sequence will be described.
[0139]
Each step will be described. In step S101, it is confirmed whether there is a slot for storing the content in the PD medium. If there is no slot, the content cannot be stored and the process ends in error. If it is confirmed that there is an empty slot, it is determined in step S102 whether usage condition information corresponding to the encrypted content file to be checked out is stored in the PD. If there is no usage condition information, the content cannot be used and the process ends in error. If there is usage condition information, it is determined in step S103 whether service data corresponding to the encrypted content file is stored in the PD. Copy the data.
[0140]
In step S105, the encrypted content file 511 (see FIG. 15) is copied to the PD medium. Next, in step S106, a Kroot sharing process is performed between the PC and the PD using the service-compatible EKB, that is, EKB (S). Here, the latest version of EKB (S) Kroot is shared between the PC and the PD.
[0141]
Next, on the PC side, MAC calculation based on usage condition information corresponding to the content to be checked out is executed. The MAC calculation follows the calculation process described above with reference to FIG.
[0142]
In step S108, an AV index file (see FIG. 13) writing area (track) for the PD medium is created, and in step S109, an AV index file (see FIG. 14) including use condition information (see FIG. 14) for the PD medium is created. 13) is written.
[0143]
Next, in step S110, session key sharing processing is performed by applying Kroot previously shared between the PC and PD. The session key sharing process can be executed, for example, by a process using a MAC represented by ISO / IEC 9798-4. The processing sequence will be described with reference to FIG.
[0144]
In FIG. 18, PCs and B corresponding to any one of a content transmitting device and a receiving device, such as a personal computer (PC) and a portable device (PD), have a common key Kroot. Note that the symbol “||” in FIG. 18 represents a connection.
[0145]
Next, the PC generates random numbers Ra and Sa and sends MAC (Kroot, Ra || Rb || Sa) together with Ra and Sa to the PD. MAC (Kroot, Ra || Rb || Sa) represents inputting Kroot as a key and Ra || Rb || Sa as data.
[0146]
The PD calculates the MAC (Kroot, Ra || Rb || Sa) using the received data and checks whether it matches the received data. If they match, it is recognized that the communication partner PC is valid, and the processing is continued, but if they do not match, it is determined to be illegal and the processing is stopped.
[0147]
Next, the PD generates a random number Sb and sends this and the MAC (Kroot, Rb || Ra || Sb) to the PC. The PC also calculates the MAC (Kroot, Rb || Ra || Sb) by itself using the received data, and confirms whether it matches the received data. If they match, the communication partner PD is recognized as valid, and the process continues. If they do not match, it is determined to be invalid and the process is stopped. Finally, both sides compute the MAC (Kroot, Sa || Sb) and use this as the session key for that session.
[0148]
As described above, the personal computer and the portable device as the content transmitting device and the receiving device can check each other's validity, and can securely share the session key.
[0149]
Returning to the flow of FIG. 17, the description will be continued. When the generation of the session key Kses is completed based on Kroot in step S110, the MAC of the use condition information corresponding to the content, the sub key Ksub, the slot No. is received from the PC in step S111. Is encrypted with the session key Kses and transmitted to the PD.
[0150]
In step S112, the PD determines whether or not the MAC received from the PC matches the MAC of the use condition information calculated in step S107. If they do not match, the use condition information has been tampered with, and proper use of content cannot be guaranteed, and the process ends in error.
[0151]
If the MAC received from the PC matches the MAC of the use condition information calculated in step S107, in step S113, the PD medium (the table in which the MAC and the subkey Ksub are associated with the lead-in area of the disco). Data is written as a sequence page (see FIG. 12).
[0152]
(Content playback processing)
Next, FIG. 19 and FIG. 20 show processing for using the content (decoding) by generating the content key: Kc by applying the sub key Ksub in the portable device (PD) and decrypting the encrypted content. The description will be given with reference.
[0153]
The portable device (PD) has service data 601, an encrypted content file 602, an AV index file 621, and a sequence page 622. Further, the portable device (PD) has a hardware-compatible EKB (H) 611, and has a hardware-compatible device node key (HDNK) 612 applied to the processing (decryption) of hardware-compatible EKB (H). is doing. Note that the hardware-compatible EKB (H) 611 can extract the root key Kroot 'set corresponding to the hardware-compatible category tree by decryption.
[0154]
The service data 601 includes a leaf ID as a leaf identifier, an EKB version to be applied, and a service compatible device node key (SDNK) necessary for decrypting the service compatible EKB [EKB (S)] in the hardware compatible category tree. Stored is data E (Kroot ′, SDNK) encrypted with a corresponding root key Kroot ′.
[0155]
The encrypted content file 602 includes a service-corresponding EKB [EKB (S)] storing a root key Kroot set corresponding to a service-corresponding category tree, a content ID (CID) with the root key Kroot, content encryption processing, and Data E (Kroot, CID + Kcm) obtained by encrypting the main key Kcm applied to generation of the content key (Kc) applied to the decryption process, and data E (Kc, (Content).
[0156]
As described above with reference to FIG. 13, the AV index file 621 has a configuration in which usage condition information is added to an AV index file of mobile quick time.
[0157]
The sequence page 622 is used to generate a MAC #n as a message authentication code (MAC) as a falsification verification value of the use condition information corresponding to the content described above with reference to FIG. 14 and a content key Kc. This is table data in which the subkey Ksubn to be applied is stored for each of the contents 0-n.
[0158]
The relationship between the content key Kc applied to the content encryption / decryption process, the main key Kcm stored in the encrypted content file 602, and the sub key Ksub stored in the sequence page 621 is as follows.
Kc = Kcm XOR Ksub
It is. That is, the content key Kc is calculated by the exclusive logical ring operation of the main key Kcm and the sub key Ksub.
[0159]
In step S21 shown in FIG. 19, the portable device (PD) applies the hardware-compatible device node key (HDNK) 612 to execute the decryption processing of the hardware-compatible EKB (H) 611, and the EKB (H) 611. To obtain the root key Kroot ′ set in correspondence with the hardware corresponding category tree. The EKB process to which DNK is applied follows the method described above with reference to FIG.
[0160]
Next, in step S22, using the root key Kroot ′ extracted from EKB (H), the encrypted data E (Kroot ′, SDNK) in the service data 601 is decrypted, and the service corresponding EKB [EKB ( S)] to obtain the device node key (SDNK) to be applied (decryption).
[0161]
Next, in step S23, using the device node key (SDNK) extracted from the service data, processing (decryption) of service-compatible EKB [EKB (S)] stored in the encrypted content file 602 is executed. The root key Kroot set corresponding to the service corresponding category tree stored in the service corresponding EKB [EKB (S)] is acquired.
[0162]
Next, in step S24, decryption processing of the encrypted data E (Kroot, CID + Kcm) stored in the encrypted content file 602 is executed using the root key Kroot extracted from the service-compatible EKB [EKB (S)]. Then, the content ID (CID) and the main key (Kcm) are acquired.
[0163]
Next, in step S25, the content ID (CID) extracted from the encrypted content file 602 and the content ID stored in the usage condition information in the AV index file 621, ie, corresponding to the content To determine whether there is usage condition information to be used, and whether usage is permitted in the usage condition information. If the matching process confirms that the content can be used, it is obtained from the main key (Kcm) extracted from the encrypted content file 602 and the sequence page 622 recorded in the lead-in area in step S26. An exclusive OR operation with the sub key Ksub is executed to generate a content key Kc.
[0164]
Next, in step S27, the content key Kc is applied to calculate the MAC of the usage condition information of the AV index file 621, and the MAC by the matching process with the MAC recorded in the sequence page 622 recorded in the lead-in area. Perform verification. If the verification is not established, the next step process is stopped as an error.
[0165]
In step S28, the content key Kc is applied and the encrypted content E (Kc, Content) stored in the encrypted content file 602 is decrypted and the content is reproduced on condition that the MAC verification is established. .
[0166]
As described above, when using content on a portable device, a subkey Ksub corresponding to the content is set, a sequence page is configured and stored together with a MAC based on usage condition information, and the subkey Ksub and main key Kcm are applied. As a configuration for acquiring the content key Kc by the calculated operation, the content is decrypted by the content key Kc generated by the calculation using the sub key Ksub and the main key Kcm on condition that the MAC verification is established.
[0167]
Next, content use (playback) processing on a portable device will be described with reference to the flow shown in FIG. In step S201, the portable device (PD) applies a hardware-compatible device node key (HDNK) to execute a hardware-compatible EKB (H) decryption process, and from EKB (H) to the hardware-compatible category tree. The root key Kroot ′ set correspondingly is acquired.
[0168]
Next, in step S202, it is determined whether service data corresponding to the content to be reproduced is stored in the PD. If there is no service data, it is obtained from the PC (S203). As shown in FIG. 19, the service data includes a service-compatible device node key (SDNK) necessary for decrypting the service-compatible EKB [EKB (S)] by a root key Kroot ′ set corresponding to the hardware-compatible category tree. This is data that stores encrypted data E (Kroot ', SDNK).
[0169]
In step S204, the encrypted data E (Kroot ', SDNK) in the service data is decrypted using the root key Kroot' extracted from the EKB (H), and the service-corresponding EKB [EKB (S)] A device node key (SDNK) to be applied to processing (decryption) is acquired.
[0170]
Next, in step S205, using the device node key (SDNK) extracted from the service data, processing (decryption) of the service-compatible EKB [EKB (S)] stored in the encrypted content file is executed, and the service The root key Kroot set corresponding to the service corresponding category tree stored in the corresponding EKB [EKB (S)] is acquired.
[0171]
Next, in step S206, decryption processing of the encrypted data E (Kroot, CID + Kcm) stored in the encrypted content file is executed using the root key Kroot extracted from the service-compatible EKB [EKB (S)]. The content ID (CID) and the main key (Kcm) are acquired.
[0172]
Next, in step S207, the content ID (CID) extracted from the encrypted content file is matched with the content ID stored in the usage condition information in the AV index file. That is, a process for determining whether or not usage condition information corresponding to the content exists and usage is permitted in the usage condition information is executed. If the matching is not established, the next step is not executed and the process ends in error.
[0173]
If matching is established, the sub key Ksub corresponding to the content scheduled to be used is extracted from the lead-in area of the medium in step S208, and the main key (Kcm) extracted from the encrypted content file and the lead-in area in step S209. An exclusive OR operation with the sub key Ksub acquired from the recorded sequence page is executed to generate a content key Kc.
[0174]
Next, in step S209, the content key Kc is applied to calculate the MAC of the AV index file usage condition information, and the MAC verification by the matching process with the MAC recorded in the sequence page recorded in the lead-in area is performed. Execute. If the verification is not established, the next step process is stopped as an error.
[0175]
If the MAC verification is successful, in step S212, the content key Kc is applied, the encrypted content E (Kc, Content) stored in the encrypted content file is decrypted, and the content is reproduced.
[0176]
As described above, in the portable device, the usage condition information stored in the AV index file is applied, and it is confirmed by MAC verification that the content usage conditions are not falsified. Further, the subkey corresponding to the content, the encrypted content file By adopting a configuration in which content decryption is performed using a content key that can be generated by a main key, it is possible to use content only in a legitimate device based on legitimate usage condition information.
[0177]
(Self-recording process)
Next, processing for recording content in a portable device or the like will be described with reference to FIGS.
[0178]
FIG. 21 is a diagram illustrating a sequence when content is self-recorded on a medium 702 such as a disc in the portable device 701.
[0179]
The portable device 701 includes a hardware-compatible EKB (EKB (H)) 703 provided via a hardware-compatible category tree and a hardware-compatible EKB (EKB (H)) 703 process (device node key applied to decryption processing ( HDNK) 702.
[0180]
Furthermore, it has self-recording service data 704 provided by a service provider that manages a service that allows self-recording. The self-recording service data 704 includes a leaf ID as a leaf identifier, a version of an EKB to be applied, and a service-compatible device node key (required for decrypting the service-compatible EKB [EKBc (S)]), as in the above-described service data. Data E (Kroot ′, SDNK) obtained by encrypting SDNK) with the root key Kroot ′ set in correspondence with the hardware corresponding category tree is stored. Here, the EKB corresponding to the service for self-recording is EKBc (S).
[0181]
The portable device 701 further has a self-recording usage condition 705 and a self-recording EKB [EKBc (S)] 706. The self-recording usage conditions 705 define conditions for content self-recording, such as the allowable period and the number of times of recording, and are similar to the usage conditions described above with reference to FIG.
[0182]
The self-recording EKB [EKBc (S)] 706 is an EKB storing a root key Kroot corresponding to a service category tree having a service provider that provides a content self-recording service as a vertex node.
[0183]
A sequence of content self-recording processing in a portable device will be described. First, in step S31, the portable device (PD) 701 copies and stores the self-recording EKB [EKBc (S)] 706 in the header area of the encrypted content file 711 corresponding to the self-recorded content. Further, the use conditions for self-recording are copied to the AV index file 712 as index data corresponding to the content (S32), and the leaf ID of the self-recording service data 704 is further copied (S33). Further, the self-recording service data is copied and stored in the medium 702 for recording the content (S34). The encrypted content file 711 and the AV index file 712 are also stored in the medium 702 for recording the content.
[0184]
Next, in step S35, the portable device 701 applies a hardware-compatible device node key (HDNK) 702 to execute a hardware-compatible EKB (H) 703 decryption process. The root key Kroot ′ set corresponding to the corresponding category tree is acquired. The EKB process to which DNK is applied follows the method described above with reference to FIG.
[0185]
Next, in step S36, decryption processing of the encrypted data E (Kroot ', SDNK) in the self-recording service data 704 is executed using the root key Kroot' extracted from EKB (H), and the self-recording A device node key (SDNK) to be applied to processing (decryption) of service-compatible EKB [EKBc (S)] is acquired.
[0186]
Next, in step S37, using the device node key (SDNK) extracted from the self-recording service data 704, the self-recording service-compatible EKB [EKBc (S)] copied and stored in the encrypted content file 711 is processed. (Decryption) is executed, and the root key Kroot set corresponding to the self-recording service compatible category tree stored in the self-recording service compatible EKB [EKBc (S)] is acquired.
[0187]
Next, in step S38, using the root key Kroot extracted from the self-recording service compatible EKB [EKBc (S)], a content ID (content ID (content identifier) corresponding to the content to be stored in the encrypted content file 711) CID) and the main key Kcm are encrypted to generate encrypted data E (Kroot, CUID, Kcm) and stored in the encrypted content file 711. The main key Kcm is a key applied when the content key Kc is generated by an exclusive OR operation with the sub key Ksub, and is generated based on a random number.
[0188]
Next, an exclusive OR operation of the main key Kcm generated from the random number and the sub key Ksub is executed to generate the content key Kc (S39), and the content is encrypted by applying the generated content key Kc (S40). And stored in the encrypted content file 711.
[0189]
Further, a write process is executed on the lead-in area of the medium 702 of the sequence page 713 in which the sub key Ksub generated for the content is associated with the MAC based on the use condition information (S41).
[0190]
As described above, in content self-recording on a portable device, a subkey Ksub corresponding to the content is generated, and a sequence page is configured and stored together with a MAC based on usage condition information. In content reproduction, it is necessary to generate the content key Kc by calculation using the sub key Ksub and the main key Kcm. Therefore, reproduction is possible only in a device having a valid subkey Ksub in the sequence page.
[0191]
FIG. 22 shows a processing flow of the content self-recording processing procedure in the portable device. The core steps of the processing flow will be described.
[0192]
In step S301, the self-recording EKB [EKBc (S)] is copied and stored in the header area of the encrypted content file corresponding to the self-recorded content. In step S302, the self-recording use condition information is copied and stored in the AV index file. In step S303, the leaf ID of the self-recording service data is copied and stored.
[0193]
Next, in step S304, the hardware-compatible device node key (HDNK) is applied to execute the hardware-compatible EKB (H) decryption process, and the EKB (H) is set corresponding to the hardware-compatible category tree. The root key Kroot ′ to be acquired is acquired. Further, in step S305, the self-recording service data is copied and stored in a medium for recording the content.
[0194]
Next, in step S306, the encrypted data E in the self-recording service data is applied using the root key Kroot 'extracted from the hardware-compatible EKB (H) by applying the hardware-compatible device node key (HDNK). (Kroot ′, SDNK) decryption processing is executed, and a device node key (SDNK) applied to the processing (decryption) of the self-recording service compatible EKB [EKBc (S)] is acquired.
[0195]
Next, in step S307, using the device node key (SDNK) extracted from the self-recording service data, the self-recording service-compatible EKB [EKBc (S)] copied and stored in the encrypted content file (decryption) ) To obtain the root key Kroot set corresponding to the self-recording service-compatible category tree stored in the self-recording service-compatible EKB [EKBc (S)].
[0196]
Next, in step S308, the main key Kcm and the sub key Ksub are generated based on the random numbers, and in step S309, the content key Kc is generated by exclusive OR operation with the main key Kcm and the sub key Ksub.
[0197]
In step S310, the main key Kcm and the content identifier (CID) are encrypted with the root key Kroot and stored in the encrypted content file. In step S311, the generated content key Kc is applied to encrypt the content, and the encrypted content file is stored.
[0198]
Further, in step S312, a process for writing to the lead-in area of the media of the sequence page in which the sub key Ksub generated for the content is associated with the MAC based on the use condition information is executed, and the content self-recording is terminated. .
[0199]
As described above, in the content self-recording in the portable device, the MAC based on the usage condition data of the AV index file for the encrypted content file, the AV index file, and the lead-in area for the media, and the subkey Ksub In the use of self-recorded content, the validity of the use condition is verified by the MAC, and the generation process of the content key Kc using the subkey Ksub is essential. Content usage according to usage conditions is realized.
[0200]
(Content import process)
Next, copy processing of self-recorded content from the portable device (PD) to the PC, that is, import processing will be described.
[0201]
FIG. 23 is a diagram for explaining the outline of the content import process and data moved (copied) from the portable device (PD) to the PC.
[0202]
In the import process, the encrypted content data E (Kc, Content) 811 encrypted with the content key Kc is copied from the portable device (PD) 810 to the PC 820, and further, Kroot is used as the secure information 812. The stored EKB 813 and the key information E (Kroot, Kc) 814 obtained by encrypting the content key Kc with Kroot are copied, and further the usage condition information 815 in the AV index file generated in the self-recording process described above is copied. Is done.
[0203]
As shown in the figure, the data storage configuration in the PC 820 is a configuration having content 821 and secure information 822 for the content. In the import process, conversion according to these data storage configurations or processing for adding necessary information is performed. It is necessary to execute.
[0204]
The PC 820 stores the encrypted content data E (Kc, Content) 821 encrypted with the content key Kc, and encrypts the EKB 823 storing Kroot as the secure information 822 corresponding to the stored content, and the content key Kc with Kroot. Key information E (Kroot, Kc) 824, attribute information 825 corresponding to use condition information, a public key certificate 826, and a signature 827.
[0205]
In the copy process of the self-recorded content from the portable device (PD) to the PC, that is, the import process, processes (1) to (5) shown in FIG. 23 are executed.
[0206]
(1) is a copy process of the encrypted content data E (Kc, Content). (2) is a copy process of EKB storing Kroot and key information E (Kroot, Kc) obtained by encrypting the content key Kc with Kroot.
[0207]
(3) is a MAC verification process that is executed as a falsification verification process of the usage condition information in the AV index file in the PD. (4) is a process of converting and copying usage condition information in the AV index file, which is executed on the condition that the result of the MAC verification in (3) is no falsification. In the PC, content usage conditions are stored as content attribute information, and the AV index file usage condition information is converted into the attribute information format in the PC and then copied to the PC. (5) is a process of generating and adding a public key certificate 826 and an electronic signature 827 as data to be stored as secure information corresponding to the content of the PC.
[0208]
As shown in FIG. 23, when contents are transferred between a portable device (PD) having a different data storage configuration and a PC, processing such as conversion and data addition corresponding to each data storage configuration is executed, and usage conditions are set. Information is copied after confirmation that no data has been tampered with.
[0209]
FIG. 24 is a flowchart for explaining the procedure of import processing. Processing of each step shown in the flowchart will be described.
[0210]
First, in step S401, the encrypted content data E (Kc, Content) is copied from the portable device (PD) to the PC. Next, in step S402, the EKB storing Kroot and the key information E (Kroot, Kc) obtained by encrypting the content key Kc with Kroot are copied from the portable device (PD) to the PC.
[0211]
Next, in step S403, the MAC is calculated based on the use condition information in the AV index file in the PD, and compared with the stored MAC of the sequence page stored in the sequence page of the lead-in area, and used. Perform falsification verification of condition information. If the MACs match, it is determined that there is no falsification, and the process proceeds to step S405. If the MACs do not match, it is determined that there has been a falsification and the process ends in error.
[0212]
In step S405, it is determined whether or not the import process permission flag in the use condition information indicates process permission. As shown in FIG. 14, the usage condition information in the AV index file includes a bit indicating whether or not import is possible, and import processing is executed only when there is bit information that can be imported. In some cases, the import process is not executed and the process ends in error.
[0213]
In step S406, the usage condition information in the AV index file is converted and copied. In the PC, content usage conditions are held as content attribute information. The AV index file usage condition information is converted into the attribute information format in the PC, and then copied to the PC. Step S407 is a process of storing a public key certificate as data to be stored as secure information corresponding to the content of the PC. Step S408 is processing for generating and adding an electronic signature for the stored information in the secure information.
[0214]
As described above, in content import processing, processing such as conversion and data addition adapted to each data storage configuration is executed, and usage condition information is copied after confirming that there is no data falsification.
[0215]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0216]
The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.
[0217]
For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a storage medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, CD-ROM (Compact Disc Read Only Memory), MO (Magneto optical) disk, DVD (Digital Versatile Disc), magnetic disk, and semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.
[0218]
The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it in a storage medium such as a built-in hard disk.
[0219]
Note that the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary.
[0220]
【The invention's effect】
As described above, according to the configuration of the present invention, since the content file usage condition information is included in the index file as the content index data, the portable device has a small storage capacity and a low processing capacity such as a processor. In addition, it is possible to use valid contents to which the contents use condition information of the index file is applied.
[0221]
Furthermore, according to the configuration of the present invention, the content key Kc acquisition process to be applied to the decryption of the encrypted content is determined based on the content usage condition information based on the content usage condition information in the index file. Since the content key can be acquired only when the content usage based on the usage conditions is permitted, it is possible to strictly comply with the content usage conditions.
[0222]
Furthermore, according to the configuration of the present invention, the index file includes a message authentication code (MAC) as a falsification verification value generated based on the content usage condition information, and is calculated based on the MAC and the content usage condition information. Based on the comparison with the MAC, the content usage condition information is determined to be falsified, and the content key acquisition process is executed on the condition that no falsification is determined. Content usage is prevented.
[0223]
Furthermore, according to the configuration of the present invention, the content key Kc is obtained only by applying a key that can be obtained by decryption of the enabling key block (EKB) provided by applying the enabling key block (EKB) distribution tree configuration Since the key is set as an acquirable key, the content can be used based on a strict content use authority determination process.
[Brief description of the drawings]
FIG. 1 is a diagram showing an outline of a content providing system to which the present invention is applied.
FIG. 2 is a diagram illustrating a configuration example of a personal computer (PC) capable of using content according to the present invention.
FIG. 3 is a diagram illustrating a configuration example of a portable device (PD) capable of using content according to the present invention.
FIG. 4 is a tree configuration diagram for explaining various keys, data encryption processing, and distribution processing;
FIG. 5 is a diagram showing an example of an enabling key block (EKB) used for distributing various keys and data.
FIG. 6 is a diagram illustrating a distribution example and a decryption processing example using a content key validation key block (EKB).
FIG. 7 is a diagram illustrating a format example of an enabling key block (EKB).
FIG. 8 is a diagram for explaining a configuration of a tag of an enabling key block (EKB).
FIG. 9 is a diagram illustrating category division in a tree configuration.
FIG. 10 is a diagram illustrating category division in a tree configuration.
FIG. 11 is a diagram illustrating a specific example of category division in a tree configuration.
FIG. 12 is a diagram illustrating an example of content decryption and usage processing using a plurality of enabling key blocks (EKB).
FIG. 13 is a diagram illustrating a configuration example of an AV index file.
FIG. 14 is a diagram illustrating a configuration example of usage condition information.
FIG. 15 is a diagram illustrating a MAC generation processing configuration;
FIG. 16 is a diagram illustrating content copy processing from a PC to a portable device (PD).
FIG. 17 is a flowchart illustrating content copy processing from a PC to a portable device (PD).
FIG. 18 is a sequence diagram for explaining session key sharing processing;
FIG. 19 is a diagram illustrating an example of content decryption and usage processing to which a sub key and a plurality of enabling key blocks (EKB) are applied in a portable device.
FIG. 20 is a flowchart illustrating an example of content decryption and usage processing to which a sub key and a plurality of enabling key blocks (EKB) are applied in a portable device.
FIG. 21 is a diagram illustrating an example of content self-recording processing to which a sub key is applied in a portable device.
FIG. 22 is a flowchart illustrating an example of content self-recording processing to which a sub key is applied in a portable device.
FIG. 23 is a diagram illustrating content import processing from a portable device to a PC.
FIG. 24 is a flowchart for explaining content import processing from a portable device to a PC.
[Explanation of symbols]
11 Content provider
12 Service Provider
13 Key Management Center
30 user devices
31 PC
32 Portable Device (PD)
51 Encrypted content
52 Usage Rights Information
53 Service data
101 CPU (Central processing Unit)
102 ROM (Read-Only-Memory)
103 RAM (Random Access Memory)
104 Host bus 104
105 bridge
106 External bus
107 interface
108 keyboard
109 pointing device
110 display
111 HDD (Hard Disk Drive)
112 drive
114 PD (portable device) connection port
115 Voice input / output interface
116 communication unit
121 Removable recording medium
122 Portable Device
152 Power supply circuit
153 CPU
154 RAM
155 ROM
157 I / O I / F
159 DSP
160 Storage media controller or drive
161 storage media
162 Operation key controller
163 D / A converter
164 Amplifier circuit
165 output section
166 LCD controller
167 display
171 Input I / F
172 PC
201 version
202 depth
203 Data pointer
204 Tag pointer
205 Signature pointer
206 Data part
207 Tag part
208 signature
301 Root key
302 Node key
303 Leaf Key
304 Category node
350 root node
351 T system node
352 T service node
353 T hard node
354 Service Provider Node
355 leaf
401 Service data
402 Encrypted content file
403 Usage right information
411 EKB (H)
412 HDNK
421 AV index file
422 header information
423 Index file information
424 AV file
425 Usage condition information
451 Leaf ID
452 Content ID
453 Terms of use information
454 Usage status information
455 MAC
501 PC
502 Portable device (PD)
511 Encrypted content file
512 AV index file
513 service data
514 Sequence page
601 service data
602 Encrypted content file
611 EKB (H)
612 HDNK
621 AV index file
622 Sequence page
701 Portable device
702 DNK (HDNK)
703 EKB (H)
704 Service data for self-recording
705 Terms of use for self-recording
706 EKB for self-recording
711 Encrypted content file
712 AV index file
713 Sequence page
810 Portable Device (PD)
811 Encrypted content
812 Secure information
813 EKB
814 Key information
815 AV index file
820 PC
821 Encrypted content
822 Secure information
823 EKB
824 key information
825 Attribute information
826 public key certificate
827 Signature

Claims (17)

An information processing apparatus that executes content reproduction processing,
Storage means for storing encrypted content and storing an index file including content usage condition information;
Control means for determining whether or not the content can be used based on content usage condition information in the index file, and executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content usage;
I have a,
The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
An information processing apparatus having a configuration including content usage status information . The index file includes a message authentication code (MAC) as a falsification verification value generated based on at least the content usage condition information,
The control means includes
Based on the comparison between the MAC and the MAC calculated based on the content usage condition information, it is determined whether the content usage condition information is falsified, and the content key acquisition process is executed on the condition that there is no falsification. The information processing apparatus according to claim 1, further comprising: The encrypted content is
The content key Kc is a content encrypted by a content key Kc, and the content key Kc is a key that can be obtained by decryption of an enabling key block (EKB) provided by applying an enabling key block (EKB) distribution tree configuration. A key that can be obtained only by application,
The control means includes
The information processing apparatus according to claim 1, wherein the content key acquisition process is performed by a decryption process of the validation key block (EKB). The content usage condition information is
The information processing apparatus according to claim 1, wherein the information processing apparatus includes a content usable period and a usable number of times. The index file is
The information processing apparatus according to claim 1, wherein the information processing apparatus has a data configuration according to a mobile quick time format including attribute information corresponding to content. The information processing apparatus includes:
  An encrypted content file including the encrypted content and an index file are input from an external content output device,
  The control means includes
  The encrypted content file and the index file are stored in the storage unit, and a message authentication code (MAC) as a falsification verification value based on data including the use condition information is stored in the storage unit. The information processing apparatus according to claim 1, wherein the information processing apparatus is configured. The control means includes
  The message authentication code (MAC) as a falsification verification value based on the data including the use condition information is configured to execute a process of writing in a lead-in area of the storage unit accessible according to a specific access permission program. The information processing apparatus according to claim 6. The control means includes
Access according to a specific access permission program by associating a message authentication code (MAC) as a falsification verification value based on the data including the use condition information and a sub key Ksub required for generating a content key Kc applied to content decryption processing The information processing apparatus according to claim 6, wherein the information processing apparatus is configured to execute a process of writing in a possible lead-in area of the storage unit. The control means includes
Encrypted content E (Kc, Content) obtained by encrypting the content with the content key Kc;
  Main key required to generate the content ID (CID) and the content key Kc by using the key Kroot that can be obtained by decrypting the enabling key block (EKB) provided by applying the enabling key block (EKB) distribution tree structure. Data E (Kroot, CID + Kcm) obtained by encrypting the key Kcm,
  The enabling key block (EKB);
  The information processing apparatus according to claim 6, wherein the information processing apparatus is configured to execute a process of storing an encrypted content file including the file in the storage unit. An information processing method for executing content reproduction processing in an information processing device ,
A determination processing step for determining whether or not the content can be used based on the content usage condition information in the index file including the content usage condition information;
A content key acquisition process step of executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content availability;
A decryption processing step for decrypting the encrypted content based on the content key Kc ;
The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
An information processing method characterized by comprising a content usage status information . The index file includes a message authentication code (MAC) as a falsification verification value generated based on at least the content usage condition information,
The information processing method further includes:
Determining whether the content usage rule information has been tampered with based on a comparison between the MAC and the MAC calculated based on the content usage rule information;
The content key acquisition processing step includes:
The information processing method according to claim 10 , wherein the content usage condition information is determined to be not falsified as a condition. The encrypted content is
The content key Kc is a content encrypted by a content key Kc, and the content key Kc is a key that can be obtained by decryption of an enabling key block (EKB) provided by applying an enabling key block (EKB) distribution tree configuration. A key that can be obtained only by application,
The content key acquisition processing step includes:
The information processing method according to claim 10 , wherein the content key acquisition process is performed by the decryption process of the validation key block (EKB). The information processing method further includes:
An encrypted content file containing the encrypted content from an external content output device, and inputting the index file;
  The encrypted content file and the index file are stored in the storage unit, and a message authentication code (MAC) as a falsification verification value based on data including the use condition information is stored in the storage unit. Steps,
  The information processing method according to claim 10, further comprising: The information processing apparatus further includes:
  A process of writing a message authentication code (MAC) as a falsification verification value based on data including the use condition information into a lead-in area of the storage means accessible according to a specific access permission program is performed. Item 14. The information processing method according to Item 13. The information processing apparatus further includes:
Access according to a specific access permission program by associating a message authentication code (MAC) as a falsification verification value based on the data including the use condition information and a sub key Ksub required for generating a content key Kc applied to content decryption processing The information processing method according to claim 13, wherein a process of writing in a possible lead-in area of the storage unit is executed. The information processing apparatus further includes:
  Encrypted content E (Kc, Content) obtained by encrypting the content with the content key Kc;
  Main key required to generate the content ID (CID) and the content key Kc by using the key Kroot that can be obtained by decrypting the enabling key block (EKB) provided by applying the enabling key block (EKB) distribution tree structure. Data E (Kroot, CID + Kcm) obtained by encrypting the key Kcm,
  The enabling key block (EKB);
  The information processing method according to claim 13, wherein a process of storing an encrypted content file including the file in the storage unit is executed. A computer program for executing information processing for executing content reproduction processing in an information processing apparatus ,
A determination processing step for determining whether or not the content can be used based on the content usage condition information in the index file including the content usage condition information;
A content key acquisition process step of executing a content key Kc acquisition process applied to decryption of the encrypted content based on the determination of content availability;
A decryption processing step for decrypting the encrypted content based on the content key Kc ;
The content usage condition information is
A leaf ID as a leaf identifier in the enabling key block (EKB) distribution tree configuration;
A content ID as a content identifier;
Content usage condition information,
A computer program comprising content usage status information .

Images