JP4224262B2 - Digital information protection system, recording medium device, transmission device, and playback device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a technique for realizing copyright protection of a digital work, and more particularly, to a copyright protection technique for reproducing and recording a digital work.
[0002]
[Prior art]
In recent years, digital works such as digitized documents, music, video and programs have been distributed via networks such as the Internet, and users can easily retrieve and record various digital works via the network. It has become possible to record on a medium and reproduce it.
[0003]
However, although there is an advantage that the digital work can be easily copied in this way, there is a problem that the copyright of the author is easily infringed.
As a countermeasure, for example, a conventional electronic music distribution system is as follows.
(1) The content providing server stores encrypted content, a title key used for encrypting the content, and usage condition data for the content. Here, the encrypted content is obtained by encrypting content such as music with the title key unique to each content. In addition, the title key and usage condition data corresponding to the content transmitted in response to the request from the user are encrypted with the user unique key unique to the user to generate an encrypted title key and encrypted usage condition data. .
[0004]
The personal computer owned by the user acquires and stores the encrypted content, the encrypted title key, and the encrypted usage condition data from the content providing server connected via the network according to the user's instruction.
(2) The personal computer stores a user unique key in advance. In addition, a recording medium for recording content is attached to the personal computer by the user. The recording medium stores a unique medium unique key for each recording medium in advance.
[0005]
The personal computer decrypts the stored encrypted title key and encrypted usage condition data using the user specific key according to a user instruction, and temporarily generates a decrypted title key and decryption usage condition data. Next, the personal computer securely reads the medium unique key from the mounted recording medium, encrypts the decrypted title key and the decryption usage condition data using the read medium unique key, and re-encrypts the title key and the re-encrypted key. The encrypted use condition data is generated, and the encrypted content, the re-encrypted title key, and the re-encrypted use condition data are recorded on the recording medium. When recording on the recording medium is completed, the personal computer deletes the temporarily generated decryption title key and decryption usage condition data.
[0006]
(3) The user removes the recording medium from the personal computer and attaches the extracted recording medium to the playback device. The playback device securely reads the medium unique key from the recording medium, and reads the encrypted content, the re-encrypted title key, and the re-encrypted usage condition data. Next, the playback device decrypts the re-encrypted title key and the re-encrypted usage condition data using the read medium unique key, and generates a title key and usage condition data. Next, the playback device generates the content by decrypting the encrypted content using the generated title key, and plays back the generated content within the range permitted by the generated usage condition data.
[0007]
[Problems to be solved by the invention]
However, in such a system, since the encrypted title key is once decrypted on the personal computer and then encrypted again (hereinafter referred to as encryption conversion), a temporarily decrypted title key is generated on the personal computer. Is remembered. For this reason, it is technically possible for a malicious user to know the title key temporarily generated on the personal computer. Using the title key thus obtained illegally, the encrypted content is illegally decrypted. There is a problem that this can be done (hereinafter, such an act is called hacking).
[0008]
  In order to solve such a problem, conventionally, an originally unnecessary instruction or branch instruction is included in a computer program in a personal computer so that hacking becomes difficult. However, there is a problem that the program is increased and the speed performance is lowered.
  In order to solve the above-mentioned problems, the present invention is a digital which makes it difficult to hack as described above without increasing the amount of programs and without reducing the speed performance.informationAn object is to provide a protection system, a recording medium device, a transmission device, and a playback device.
[0009]
[Means for Solving the Problems]
  To achieve the above objective,The present invention is a digital information protection system in which digital information transmitted from a transmission device is written to a portable recording medium device via a reception device and reproduced by the reproduction device. Including the transmission device that encrypts information based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information via a network, wherein the recording medium device receives the reception The digital information protection system mounted on the apparatus further receives the first encrypted information via a network, and outputs the received first encrypted information to the recording medium apparatus; Including the information storage area for storing and the recording medium device including a tamper resistant module unit having tamper resistance, wherein the tamper resistant module unit includes: Obtaining the output first encrypted information, decrypting the first encrypted information based on a distribution decryption key to generate intermediate information, and generating the intermediate information based on a medium unique key unique to the recording medium device The information is encrypted to generate second encrypted information, and the generated second encrypted information is written to the information storage area, where the recording medium device to which the second encrypted information is written is the playback device The digital information protection system further reads the second encrypted information from the information storage area, securely reads the medium unique key, and reads the second encrypted information based on the medium unique key. It includes the playback device that generates decoded digital information by decoding, and plays back the generated decoded digital information.
  Also,The present invention is a digital work protection system for writing a digital work transmitted from a transmission apparatus to a portable recording medium device via a reception apparatus and reproducing the digital work by the playback apparatus. Includes the transmission device that encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information via a network, The recording medium device is attached to the receiving device, and the digital copyright protection system further receives the first encrypted information via a network, and the received first encrypted information is stored in the recording medium device. The recording medium device comprising: a receiving device that outputs information to an information storage area for storing information; and a tamper-resistant module unit having tamper resistance. The tamper resistant module section acquires the output first encrypted information, decrypts the first encrypted information based on a distribution decryption key, generates intermediate information, and is a medium unique to the recording medium device Based on the unique key, the intermediate information is encrypted to generate second encrypted information, and the generated second encrypted information is written to the information storage area, where the second encrypted information is written A recording medium device is attached to the playback device, and the digital copyright protection system further reads the second encrypted information from the information storage area, securely reads the medium unique key, and based on the medium unique key And the playback device that generates the decrypted content by decrypting the second encrypted information and plays back the generated decrypted content.
[0010]
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires the distribution encryption key used for distributing the digital work, and acquires the original content key. To encrypt the original content to generate an encrypted content, to encrypt the original content key using the acquired distribution encryption key to generate a first encrypted content key, and to generate the encrypted Transmitting the first encrypted information including a content and a first encrypted content key, and the receiving device receives the first encrypted information including the encrypted content and the first encrypted content key; The received encrypted content and the first encrypted content key are output, and the tamper resistant module unit receives a distribution decryption key and a medium unique key unique to the recording medium device. The first encrypted information including the output encrypted content and the first encrypted content key is acquired, and the first encrypted content key is decrypted using the distribution decryption key. An intermediate content key is generated, and the generated intermediate content key is encrypted using the medium unique key to generate a second encrypted content key. The acquired encrypted content and the generated second cipher The second encrypted information including the encrypted content key is written, and the playback device securely acquires the medium unique key from the recording medium device, and from the information storage area, the encrypted content and the second encrypted key are obtained. The second encrypted information including the encrypted content key is read out, and the second encrypted content key is decrypted using the acquired medium unique key to generate a decrypted content key , Using the generated decryption content key may be configured to generate decrypted content by decrypting the encrypted content read.
[0011]
The present invention also provides a transmitting device for transmitting a digital work, a receiving device for recording the digital work received via a network on a portable recording medium device, and the digital recorded on the recording medium device. A digital work protection system comprising a playback device for playing back a copyrighted work and the recording medium device, wherein the transmitting device receives an original content that is a digital work and an original content key unique to the original content. Pre-stored storage means, distribution encryption key acquisition means for acquiring a distribution encryption key used for distribution of digital works, and encrypted content by encrypting the original content using the original content key And encrypting the original content key using the acquired distribution encryption key to generate a first encrypted content key; and Transmitting means for transmitting the encoded content and the first encrypted content key via a network, wherein the recording medium device is attached to the receiving device, and the receiving device is connected via the network. Receiving means for receiving the encrypted content and the first encrypted content key; and output means for outputting the received encrypted content and the first encrypted content key. Information storage means having an area for storing, and tamper-resistant module means having tamper resistance, wherein the tamper-resistant module means has a distribution decryption key and a medium unique key unique to the recording medium device in advance. A stored key storage unit; an acquisition unit that acquires the output encrypted content and the first encrypted content key; and the distribution decryption key And decrypting the first encrypted content key to generate an intermediate content key, and generating the second encrypted content key by encrypting the generated intermediate content key using the medium unique key. And a writing unit that writes the acquired encrypted content and the generated second encrypted content key to the information storage unit, wherein the encrypted content and the second encrypted content The recording medium device in which a key is written is attached to the playback device, and the playback device securely acquires the medium unique key from the key storage unit; and the encrypted content from the information storage unit And a reading means for reading out the second encrypted content key, and using the acquired medium unique key, the read out second encrypted content key is decrypted and restored. Content key decrypting means for generating a content key, content decrypting means for decrypting the read encrypted content to generate decrypted content using the generated decrypted content key, and playing back the generated decrypted content And a reproducing means.
[0012]
The present invention is also a transmitting device for transmitting a digital work over a network, wherein the digital work is written in a portable recording medium device through a receiving device, and the transmitting device is a digital device. A storage means for storing in advance an original content that is a copyrighted work and an original content key unique to the original content; a distribution encryption key acquiring means for acquiring a distribution encryption key used for distributing a digital work; Encryption means for generating an encrypted content by encrypting the original content using the original content key, and generating a first encrypted content key by encrypting the original content key using the acquired distribution encryption key And transmitting means for transmitting the encrypted content and the first encrypted content key via a network.
[0013]
Here, the storage means further stores usage condition information indicating usage conditions of the digital work, and an original usage condition key unique to the usage condition information, and the encryption means further includes: Using the distribution encryption key, the original use condition key is encrypted to generate a first encrypted use condition key, and the use condition information is encrypted using the original use condition key to use the first encryption Condition information is generated, and the transmission means may further be configured to transmit the first encryption usage condition key and the first encryption usage condition information via a network.
[0014]
Here, the distribution encryption key acquisition means acquires the distribution encryption key that is a public key generated using a public key generation algorithm, and the encryption means uses a distribution encryption key that is a public key, You may comprise so that it may encrypt with a public key encryption algorithm.
Here, the transmission device is further exposed to a revoke list means having an area for recording an invalid distribution encryption key and a distribution decryption key based on generation of the distribution encryption key which is a public key. A registration unit that writes the distribution encryption key to the revoke list unit, wherein the transmission device newly transmits content that is a digital work, and the distribution key acquisition unit newly distributes Obtaining an encryption key, determining whether or not the acquired delivery encryption key is written in the revoke list means, and if determining that it is written, prohibiting the encryption means from encryption, You may comprise so that transmission may be prohibited with respect to the said transmission means.
[0015]
Here, the storage means further stores use condition information indicating use conditions of the digital work, and the transmission means further reads the use condition information from the storage means and reads the read use condition information. A hash algorithm may be generated by applying a hash algorithm to the condition information, and the generated hash value and the read use condition information may be securely transmitted via a network.
[0016]
Here, the transmission device further includes an authentication unit that mutually authenticates the validity of the device with the recording medium device, and the distribution encryption key acquisition unit is configured to perform the authentication only when the authentication is successful. A distribution encryption key is obtained from the recording medium device, the encryption means encrypts only when the authentication is successful, and the transmission means transmits only when the authentication is successful. May be.
[0017]
Here, the transmission device further reads update information from an update information storage unit that stores in advance update information for updating the tamper resistant module unit included in the recording medium device, and reads the update information from the update information storage unit. The update information transmitting means for transmitting the read update information to the recording medium device via a network and a receiving device may be included.
[0018]
Here, the transmission device further reads the update information from the update information storage unit, applies a hash algorithm to the read update information to generate a hash value, and transmits the generated hash value via the network and the reception device. In addition, it may be configured to include hash means for securely transmitting to the recording medium device.
Here, the update information stored in the update information storage means is information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format included in the tamper resistant module unit. And the update information transmitting means reads the update information including information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format provided in the tamper resistant module unit. The read update information may be transmitted.
[0019]
The present invention also relates to a portable recording medium device for recording a digital work transmitted from a transmitting device via a receiving device, wherein the recording medium device is attached to the receiving device, and the transmitting device Encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, transmits the generated first encrypted information to the receiving device via a network, and The recording medium device includes information storage means having an area for storing information, and tamper resistant module means having tamper resistance. The tamper resistant module means is unique to the distribution decryption key and the recording medium device. A key storage unit that stores a medium unique key in advance; an acquisition unit that acquires the first encrypted information transmitted via the receiving device; and the first encrypted information based on the distribution decryption key A decryption unit that decrypts and generates intermediate information; an encryption unit that encrypts the intermediate information based on the medium unique key to generate second encrypted information; and the generated second encrypted information in the information storage And a writing unit for writing to the means.
[0020]
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires a distribution encryption key used for distributing the digital work, and uses the original content key as the original content key. The encrypted content is generated by encrypting the original content, the first encrypted content key is generated by encrypting the original content key by using the acquired distribution encryption key, and the generated encrypted content and Transmitting the first encrypted information including the first encrypted content key, and the acquiring unit acquires the first encrypted information including the output encrypted content and the first encrypted content key; The decryption unit decrypts the first encrypted content key included in the first encrypted information using the distribution decryption key to generate an intermediate content key, and generates the first encrypted information. The intermediate information including the encrypted content included and the generated intermediate content key is generated, and the encryption unit encrypts the intermediate content key included in the intermediate information using the medium unique key. Generating a second encrypted content key, generating the second encrypted information including the encrypted content included in the intermediate information and the generated second encrypted content key, and the writing unit The second encrypted information including the encrypted content and the second encrypted content key may be written.
[0021]
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work and an original usage condition key unique to the usage condition information, and uses the distribution encryption key, The original usage condition key is encrypted to generate a first encrypted usage condition key, and the original usage condition key is used to encrypt the usage condition information to generate first encrypted usage condition information. 1 encryption use condition key and the first encryption use condition information are transmitted to the receiving device via a network, and the acquisition unit further passes the first encryption use condition via the receiving device. The key and the first encryption usage condition information are obtained, and the decryption unit further generates an intermediate usage condition key by decrypting the first encryption usage condition key using the distribution decryption key. Using the intermediate use condition key, the first cipher The usage condition information is decrypted to generate intermediate usage condition information, and the encryption unit further generates the second encrypted usage condition information by encrypting the intermediate usage condition information using the medium unique key. The writing unit may further be configured to write the generated second encryption usage condition information into the information storage unit.
[0022]
Here, the transmission device further acquires the distribution encryption key that is a public key generated using a public key generation algorithm based on a distribution decryption key that is a secret key, and distributes the distribution encryption that is a public key. The key may be used to encrypt using a public key encryption algorithm, and the decryption unit may be configured to decrypt using the distribution decryption key using a public key decryption algorithm.
[0023]
Here, the tamper resistant module means further includes a conversion unit that converts the intermediate information that is the distribution data format generated by the decryption unit to generate recording intermediate information in a recording data format, and the encryption The unit may be configured to encrypt the recording intermediate information instead of the intermediate information.
Here, the transmission device stores update information for updating the tamper resistant module means included in the recording medium device in advance, reads the update information, and uses the read update information as a network and a reception device. The tamper resistant module means includes a microprocessor and a semiconductor memory recording a computer program, and the microprocessor operates according to the computer program, whereby the anti-tamper module means The components included in the tamper module means operate, the acquisition unit acquires the update information via the receiving device, and the tamper resistant module means further uses the acquired update information to The computer program is updated, whereby the tamper resistant module It may be configured to include an update unit components are updated contained.
[0024]
Here, the transmission device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and generates the generated first hash value via the network and the reception device. The tamper resistant module means further securely transmits to the recording medium device, the tamper resistant module means further applies a hash algorithm to the acquired update information to generate a second hash value, and the acquired first hash value A comparison determination unit that determines whether or not the generated second hash value matches, and the update unit is configured to update only when it is determined by the comparison determination unit to match Also good.
[0025]
Here, the update information stored in the transmission device includes information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format provided in the tamper resistant module means. The update information is transmitted, and the acquisition unit acquires the update information for updating an encryption method, a decryption method, or a data conversion method via the reception device, and the update unit acquires the update information. The update program may be used to update the computer program, thereby updating the encryption unit, the decryption unit, or the conversion unit included in the tamper resistant module unit.
[0026]
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work, reads the usage condition information, applies a hash algorithm to the read usage condition information, and performs a first hash. A value is generated, the generated first hash value and the read usage condition information are securely transmitted via a network, and the acquisition unit is further configured to transmit the first hash transmitted via the receiver. The tamper resistant module means further applies a hash algorithm to the acquired usage condition information to generate a second hash value, and the acquired first hash. And a comparison / determination unit that determines whether or not the generated second hash value matches, and the encryption unit uses the comparison / determination unit. Only when it is determined that the matching, encrypts the write unit, only when it is determined that coincides with the comparing and judging section may be configured to write.
[0027]
Here, the transmission device further authenticates the validity of the device with the recording medium device, and acquires the distribution encryption key from the recording medium device only when the authentication is successful, The tamper resistant module means further includes an authentication means for mutually authenticating the validity of the device with the transmission device, and the acquisition unit only when the authentication is successful, And the decrypting unit decrypts only when the authentication is successful, the encryption unit encrypts only when the authentication is successful, and the writing unit is successful when the authentication is successful. It may be configured to write only.
[0028]
Here, the recording medium device is attached to a playback device, the playback device reads information from the information storage means, and the tamper-resistant module means is further connected to the playback device as a device. It may be configured to include authentication means for permitting the playback apparatus to read information only when the authentication is successful and the authentication is successful.
[0029]
Here, the decoding unit includes a plurality of decoding methods in advance, and performs decoding using one decoding method selected from the plurality of decoding methods, where the selected decoding method is the transmission method. You may comprise so that the reverse conversion of the encryption system used with an apparatus may be performed. The encryption unit may include a plurality of encryption methods in advance, and may be configured to perform encryption using a single encryption method selected from the plurality of encryption methods.
[0030]
Here, the key storage unit stores a plurality of distribution decryption key candidates, and one distribution decryption key candidate is selected as the distribution decryption key from the plurality of distribution decryption key candidates, and the decryption unit May be configured to use the selected delivery decryption key.
Here, the tamper resistant module means may be configured to realize tamper resistance by software, hardware, or a combination of software and hardware.
[0031]
The present invention also provides a playback device that plays back a digital work transmitted from a transmission device via a network and a reception device and written on a portable recording medium device, wherein the recording medium device is connected to the reception device. The transmitting device encrypts the original content, which is a digital work, based on the distribution encryption key to generate first encrypted information, and sends the generated first encrypted information to the receiving device via the network. The recording medium device includes an information storage area for storing information and a tamper resistant module unit having tamper resistance, and the tamper resistant module unit is transmitted via the receiving device. First encryption information is acquired, the first encryption information is decrypted based on a distribution decryption key to generate intermediate information, and the intermediate encryption key is generated based on a medium unique key unique to the recording medium device Information is encrypted to generate second encrypted information, and the generated second encrypted information is written to the information storage area, where the recording medium device in which the second encrypted information is written is the reproducing device. Attached to the recording medium device, wherein the playback device securely acquires the medium unique key from the recording medium device, read means for reading the second encrypted information from the information storage area, and the acquired medium unique key A decryption unit that decrypts the read second encryption based on the key to generate decrypted content, and a playback unit that plays back the generated decrypted content.
[0032]
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires a distribution encryption key used for distributing the digital work, and uses the original content key as the original content key. The encrypted content is generated by encrypting the original content, the first encrypted content key is generated by encrypting the original content key using the acquired distribution encryption key, and the generated encrypted content and The first encrypted information including the first encrypted content key is transmitted, and the tamper resistant module unit stores in advance the distribution decryption key and a medium unique key unique to the recording medium device, and outputs them. The first encrypted information including the encrypted content and the first encrypted content key is acquired, and the first encrypted content key is decrypted using the distribution decryption key. An intermediate content key is generated, the generated intermediate content key is encrypted using the medium unique key to generate a second encrypted content key, and the acquired encrypted content and the generated second encrypted content The second encrypted information including a key is written, the reading means reads the second encrypted information including the encrypted content and the second encrypted content key, and the decrypting means acquires the acquired Using the medium unique key, the read second encrypted content key is decrypted to generate a decrypted content key. Using the generated decrypted content key, the read encrypted content is decrypted to obtain the decrypted content. You may comprise so that it may produce | generate.
[0033]
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work and an original usage condition key unique to the usage condition information, and uses the distribution encryption key, The original usage condition key is encrypted to generate a first encrypted usage condition key, and the original usage condition key is used to encrypt the usage condition information to generate first encrypted usage condition information. 1 encryption use condition key and the first encryption use condition information are transmitted to the receiving device via a network, and the recording medium device further sends the first encryption use condition via the receiving device. Obtaining a condition key and the first encryption use condition information, decrypting the first encryption use condition key using the distribution decryption key, generating an intermediate use condition key, and generating the generated intermediate use condition key Using the first encryption usage condition information, Intermediate use condition information is generated, the medium unique key is used to encrypt the intermediate use condition information to generate second encrypted use condition information, and the generated second encrypted use condition information is Writing to the information storage area, the reading means further reads the second encryption usage condition information from the information storage area, and the decrypting means further reads the second read based on the medium unique key. The decryption usage condition information is generated by decrypting the encrypted usage condition information, and the reproduction means further determines whether or not the decrypted content can be reproduced based on the generated decryption usage condition information, and is determined to be possible to reproduce. Only in such a case, the generated decrypted content may be played back.
[0034]
Here, the usage condition information includes information for limiting the number of times the decrypted content is reproduced, information for restricting a reproduction period of the decrypted content, or information for restricting a cumulative reproduction time of the decrypted content, Further, it may be configured to determine whether or not the decrypted content can be reproduced based on information for restricting the number of times of reproduction, information for restricting the reproduction period, or information for controlling the accumulated reproduction time.
[0035]
Here, the playback device further includes an authentication unit that mutually authenticates the validity of the device with the recording medium device, and the key acquisition unit acquires only when the authentication is successful, The reading unit may be configured to read only when the authentication is successful.
[0036]
DETAILED DESCRIPTION OF THE INVENTION
1. Embodiment 1
A digital work protection system 100 as an embodiment according to the present invention will be described.
As shown in FIG. 1, the digital work protection system 100 includes a content distribution server device 200, a personal computer (PC) 300, a portable memory card 400, and a headphone stereo 500. 10 is connected to the server device 200 for content distribution via the network 10.
[0037]
The user attaches the memory card 400 to the PC 300. The PC 300 acquires encrypted content from the content distribution server device 200 according to a user instruction, and writes the acquired encrypted content into the memory card 400. Next, the user extracts the memory card 400 from the PC 300 and attaches the extracted memory card 400 to the headphone stereo 500. The headphone stereo 500 decrypts the encrypted content recorded on the memory card 400 to generate content, reproduces the generated content, and outputs the content to the headphone 700.
[0038]
In this way, the user can enjoy the reproduced content.
1.1 Configuration of server device 200 for content distribution
As shown in FIG. 2, the content distribution server device 200 includes a content storage unit 201, a distribution data storage unit 202, a first authentication unit 211, a distribution public key acquisition unit 212, an elliptic encryption unit 214, and a DES encryption unit 215. And the DES encryption unit 250.
[0039]
Specifically, the content distribution server device 200 is a computer system including a microprocessor, ROM, RAM, a hard disk unit, a LAN connection unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The content distribution server device 200 achieves its functions by the microprocessor operating according to the computer program.
[0040]
(1) Content storage unit 201
Specifically, the content storage unit 201 includes a hard disk unit, and stores in advance a content 600 that is a digital work such as music, a movie, an electronic book, and a game program.
(2) Distribution data storage unit 202
Specifically, the distribution data storage unit 202 includes a hard disk unit, and stores a title key, a usage condition key, and usage condition data in this order in advance as shown in FIG. The key and use condition data correspond to the content 600 stored in the content storage unit 201.
[0041]
The title key is a random number randomly generated for each content and is 56 bits long.
The usage condition key is a random number randomly generated for each usage condition and has a 56-bit length.
The usage condition data includes playback number information, playback period information, and playback cumulative time information.
[0042]
The reproduction count information has a 16-bit length, and restricts the total number of times that the content stored corresponding to the usage condition data can be reproduced. For example, when the reproduction count information is “10”, the user is permitted to reproduce the content up to 10 times. Further, when “FFFF” (hexadecimal number) is designated as the reproduction count information, it indicates that unlimited reproduction is possible.
[0043]
The reproduction period information is 64 bits long, and restricts the period during which the content stored corresponding to the use condition data can be reproduced for the user. A playback permission start date and time, and a playback permission end date and time indicating the end date and time of the playback period. The user is permitted to reproduce the content only within the period from the reproduction permission start date and time to the reproduction permission end date and time. Within this period, the user can reproduce the content any number of times.
[0044]
Here, when both the reproduction period information and the reproduction count information are specified, it is assumed that the content cannot be reproduced after the permitted period ends or after the reproduction is performed up to the reproduction count. .
The accumulated reproduction time information restricts the accumulated value of the time during which the content stored corresponding to the utilization condition data can be reproduced for the user. For example, when the accumulated reproduction time information is “10 hours”, the reproduction of the content is permitted to the user if the accumulated value of the reproduction time of the content is within 10 hours. If it exceeds 10 hours, playback is prohibited.
[0045]
Note that the usage condition data is composed of playback count information, playback period information, and playback cumulative time information. However, the usage condition data is any one of the playback count information, playback period information, and playback cumulative time information. It may be composed of a combination of any one or any one.
(3) First authentication unit 211
The first authentication unit 211 performs challenge-response type mutual device authentication with a first authentication unit 411 (described later) of the memory card 400 via the Internet 10 and the PC 300. Specifically, the first authentication unit 211 performs authentication of the first authentication unit 411. Next, the first authentication unit 211 receives authentication by the first authentication unit 411. Only when both authentications are successful, mutual device authentication is considered successful. Since challenge-response type device authentication is publicly known, a description thereof will be omitted.
[0046]
When both authentications are successful, the first authentication unit 211 outputs authentication success information indicating the success of authentication to the distribution public key acquisition unit 212, the elliptical encryption unit 214, and the DES encryption unit 215.
When the authentication fails, the first authentication unit 211 stops the subsequent processing. Accordingly, the content stored in the content distribution server device 200 is not output to the memory card 400.
[0047]
(4) Distribution public key acquisition unit 212
The distribution public key acquisition unit 212 receives authentication success information from the first authentication unit 211. Upon receiving the authentication success information, the distribution public key acquisition unit 212 securely receives the distribution public key from the distribution public key storage unit 412 (described later) of the memory card 400 via the Internet 10 and the PC 300, and receives the received distribution. The public key is output to the elliptical encryption unit 214.
[0048]
(5) Elliptical encryption unit 214
The elliptic encryption unit 214 receives the authentication success information from the first authentication unit 211.
Upon receiving the authentication success information, the elliptical encryption unit 214 receives the distribution public key from the distribution public key acquisition unit 212 and reads the title key and the use condition key from the distribution data storage unit 202. Next, the elliptical encryption unit 214 uses the received distribution public key as a key, and applies the encryption algorithm E1 based on the elliptical encryption method to the combined information obtained by combining the title key and the use condition key, thereby encrypting combined information. And the generated encrypted combined information is output to the elliptical decryption unit 414 (described later) of the memory card 400 via the Internet 10 and the PC 300.
[0049]
As for elliptic encryption, Douglas R.D. It is described in detail in “Basics of Cryptography” by K. Tinson (Kyoritsu Publishing Co., Ltd., 1996).
In FIG. 2, each block is connected to another block by a connection line. Here, each connection line indicates a path through which signals and information are transmitted. Among a plurality of connection lines connected to the block indicating the elliptical encryption unit 214, a key mark on the connection line indicates a path through which information as a key is transmitted to the elliptical encryption unit 214. ing. The same applies to the block indicating the DES encryption unit 215. The same applies to other drawings.
[0050]
(6) DES encryption unit 215
The DES encryption unit 215 receives authentication success information from the first authentication unit 211.
Upon receiving the authentication success information, the DES encryption unit 215 reads the use condition key and use condition data from the distribution data storage unit 202. Next, the DES encryption unit 215 generates encrypted usage condition data by applying the encryption algorithm E2 based on DES (Data Encryption Standard) to the read usage condition data using the read usage condition key as a key. Then, the generated encryption usage condition data is output to the DES decryption unit 415 (described later) of the memory card 400 via the Internet 10 and the PC 300.
[0051]
(7) DES encryption unit 250
The DES encryption unit 250 reads the title key from the distribution data storage unit 202 and reads the content 600 from the content storage unit 201. Next, the DES encryption unit 250 generates an encrypted content by applying the DES encryption algorithm E3 to the read content using the read title key as a key, and the generated encrypted content is transmitted to the Internet 10. The data is written into the first storage area 432 (described later) in the information storage unit 430 (described later) of the memory card 400 via the PC 300.
[0052]
1.2 Configuration of PC300
As shown in FIG. 4, the PC 300 includes a microprocessor 301, a ROM, a RAM, a memory unit 302 such as a hard disk unit, an input unit 303 such as a keyboard and a mouse, a display unit 304 such as a display unit, and an external device via the Internet 10. The computer system includes a communication unit 305 for performing communication, a memory card connection unit 306 for performing connection with the memory card 400, and the like. The memory unit 302 stores a computer program. The PC 300 achieves its functions by the microprocessor 301 operating according to the computer program.
[0053]
1.3 Configuration of memory card 400
As shown in FIG. 3, the memory card 400 includes a tamper-resistant module unit 410 and an information storage unit 430 that cannot be read and written from the outside. The tamper resistant module unit 410 includes a first authentication unit 411, a distribution public key storage unit 412, a distribution secret key storage unit 413, an elliptical decryption unit 414, a DES decryption unit 415, a conversion unit 416, a second authentication unit 417, and a recording medium key. The storage unit 418 includes a DES encryption unit 419, a distribution data storage unit 423, and a recording data storage unit 422. The information storage unit 430 includes a first storage area 432 and a second storage area 431. . Here, it is assumed that the tamper resistant module unit 410 is specifically configured by tamper resistant hardware. The tamper resistant module unit 410 may be configured by tamper resistant software or a combination of tamper resistant hardware and tamper resistant software.
[0054]
Further, the tamper resistant module unit 410 is specifically composed of a microprocessor, a ROM, a RAM, and the like, and a computer program is stored in the RAM. The tamper resistant module section 410 device achieves its function by the microprocessor operating according to the computer program.
[0055]
(1) Distribution private key storage unit 413
The distribution secret key storage unit 413 stores a distribution secret key in advance. The distribution secret key is 160-bit data.
(2) Distribution public key storage unit 412
The distribution public key storage unit 412 stores a distribution public key in advance. The distribution public key is 320-bit data. The distribution public key is generated based on the distribution secret key stored in the distribution secret key storage unit 413 using a public key generation algorithm based on an elliptical cryptosystem.
[0056]
The distribution public key storage unit 412 receives authentication success information from the first authentication unit 411. Upon receipt of the authentication success information, the distribution public key storage unit 412 reads and reads the distribution public key stored therein in response to a request from the distribution public key acquisition unit 212 of the content distribution server device 200. The distribution public key is output to the content distribution server device 200 via the PC 300 and the Internet 10.
[0057]
(3) Recording medium key storage unit 418
The recording medium key storage unit 418 stores a recording medium key unique to the memory card 400 in advance. The recording medium key is 56-bit data.
(4) Distribution data storage unit 423
The distribution data storage unit 423 includes an area for storing a title key, a use condition key, and use condition data.
[0058]
(5) Recording data storage unit 422
The recording data storage unit 422 includes an area for storing a title key and usage condition data.
The data format of the title key and usage condition data recorded in the recording data storage unit 422 is as shown in FIG. 7, and the title key and usage condition data are arranged in this order.
[0059]
(6) First storage area 432
The first storage area 432 includes an area for storing encrypted content.
The first storage area 432 receives encrypted content from the content distribution server device 200 via the Internet 10 and the PC 300, and stores the received encrypted content.
[0060]
(7) Second storage area 431
The second storage area 431 includes an area for storing a re-encrypted title key and re-encrypted use condition data.
The second storage area 431 receives authentication success information indicating successful authentication from the second authentication unit 417. When the authentication success information is received, the second storage area 431 reads and outputs the re-encrypted title key and the re-encrypted use condition data.
[0061]
(8) First authentication unit 411
The first authentication unit 411 performs challenge-response type mutual device authentication with the first authentication unit 211 of the content distribution server device 200 via the PC 300 and the Internet 10. Specifically, the first authentication unit 411 receives authentication by the first authentication unit 211. Next, the first authentication unit 411 authenticates the first authentication unit 211. Only when both authentications are successful, mutual device authentication is considered successful. Since challenge-response type device authentication is publicly known, a description thereof will be omitted.
[0062]
When both authentications are successful, the first authentication unit 411 outputs authentication success information indicating the success of the authentication to the distribution public key storage unit 412.
When the authentication fails, the first authentication unit 411 stops the subsequent processing. Therefore, various information is not written to the memory card 400 by the content distribution server device 200.
[0063]
(9) Elliptical decoding unit 414
The elliptic decryption unit 414 receives the encrypted combined information from the content distribution server device 200 via the Internet 10 and the PC 300. Upon receiving the encrypted combined information, the elliptic decryption unit 414 reads the distribution private key from the distribution private key storage unit 413, and uses the read distribution private key as a key to decrypt the received encrypted combined information by the elliptical cryptosystem. An algorithm D1 is applied to generate a title key and a use condition key, and the generated title key and use condition key are written in the distribution data storage unit 423.
[0064]
Here, the decryption algorithm D1 is an algorithm that performs reverse conversion of the encryption algorithm E1.
(10) DES decoding unit
The DES decryption unit receives encrypted usage condition data from the content distribution server device 200 via the Internet 10 and the PC 300. When receiving the encrypted use condition data, the DES decryption unit reads the use condition key from the distribution data storage unit 423. Next, using the read usage condition key as a key, the received encrypted usage condition data is subjected to a DES decryption algorithm D2 to generate usage condition data, and the generated usage condition data is sent to the distribution data storage unit 423. Write.
[0065]
Here, the decryption algorithm D2 is an algorithm that performs reverse conversion of the encryption algorithm E2.
(11) Conversion unit 416
The conversion unit 416 reads the title key and use condition data from the distribution data storage unit 423, and writes the read title key and use condition data to the recording data storage unit 422 in this order.
[0066]
(12) Second authentication unit 417
The second authentication unit 417 performs challenge-response type mutual device authentication with the first authentication unit 517 included in the headphone stereo 500. Specifically, the second authentication unit 417 receives authentication by the second authentication unit 517. Next, the second authentication unit 417 authenticates the second authentication unit 517. Only when both authentications are successful, mutual device authentication is considered successful. Since challenge-response type device authentication is publicly known, a description thereof will be omitted.
[0067]
When both authentications are successful, the second authentication unit 417 outputs authentication success information indicating the success of authentication to the information storage unit 430.
When the authentication fails, the second authentication unit 417 stops the subsequent processing. Therefore, various information is not read from the memory card 400 by the headphone stereo 500.
[0068]
(13) DES encryption unit 419
The DES encryption unit 419 reads the title key and usage condition data from the recording data storage unit 422 and reads the recording medium key from the recording medium key storage unit 418. Next, the DES encryption unit 419 performs a DES encryption algorithm E4 on each of the read title key and usage condition data using the read recording medium key as a key, and re-encrypts the title key and the re-encryption key. The encrypted use condition data is generated, and the generated re-encrypted title key and re-encrypted use condition data are written in the second storage area 431.
[0069]
1.4 Configuration of headphone stereo 500
As shown in FIG. 5, the headphone stereo 500 includes a second authentication unit 517, a recording medium key acquisition unit 518, a DES decryption unit 519, a re-encrypted data acquisition unit 531, a recording data storage unit 532, a usage condition determination unit 540, The DES decoding unit 550 and the playback unit 541 are configured.
[0070]
(1) Recording data storage unit 532
The recording data storage unit 532 includes an area for storing a title key and usage condition data.
(2) Second authentication unit 517
The second authentication unit 517 performs challenge-response type mutual device authentication with the second authentication unit 417 of the memory card 400. Specifically, the second authentication unit 517 authenticates the second authentication unit 417. Next, the second authentication unit 517 receives authentication by the second authentication unit 417. Only when both authentications are successful, mutual device authentication is considered successful. Since challenge-response type device authentication is publicly known, a description thereof will be omitted.
[0071]
When both authentications are successful, the second authentication unit 517 outputs authentication success information indicating the success of authentication to the recording medium key acquisition unit 518.
When the authentication fails, the second authentication unit 517 stops the subsequent processing. Therefore, the headphone stereo 500 does not read various information from the memory card 400.
[0072]
(3) Recording medium key acquisition unit 518
The recording medium key acquisition unit 518 receives authentication success information indicating the success of authentication from the second authentication unit 517. When the authentication success information is received, the recording medium key acquisition unit 518 securely reads the recording medium key from the recording medium key storage unit 418 of the memory card 400 and outputs the read recording medium key to the DES decryption unit 519.
[0073]
(4) Re-encrypted data acquisition unit 531
The re-encrypted data acquisition unit 531 reads the re-encrypted title key and the re-encrypted usage condition data from the second storage area 431 of the memory card 400, and reads the re-encrypted title key and the re-encrypted usage condition data. Is output to the DES decoder 519.
(5) DES decoding unit 519
The DES decryption unit 519 receives the recording medium key from the recording medium key acquisition unit 518 and receives the re-encrypted title key and the re-encrypted usage condition data from the re-encrypted data acquisition unit 531. Next, using the received recording medium key as a key, the DES decryption unit 519 performs a decryption algorithm D4 by DES on each of the received re-encrypted title key and re-encrypted usage condition data, and thereby obtains a title key. And usage condition data. Next, the generated title key and usage condition data are written into the recording data storage unit 532.
[0074]
Here, the decryption algorithm D4 is an algorithm that performs inverse transformation of the encryption algorithm E4.
(6) Usage condition determination unit 540
The use condition determining unit 540 reads the use condition data from the recording data storage unit 532, and determines whether or not to permit the content reproduction using the read use condition data.
[0075]
Specifically, the use condition determination unit 540 permits the reproduction if the reproduction is within the number of times indicated by the reproduction number information included in the use condition data. Otherwise, playback is not allowed. In addition, the use condition determining unit 540 permits the reproduction if the reproduction is within the period indicated by the reproduction period information included in the use condition data. Otherwise, playback is not allowed. In addition, the use condition determination unit 540 permits the reproduction if the reproduction is within the accumulated value indicated by the reproduction accumulated time information included in the use condition data. Otherwise, playback is not allowed. When it is determined that reproduction is permitted under all conditions, a determination result indicating that reproduction is possible is generated, and when it is determined that reproduction is not permitted under any one condition, a determination result indicating that reproduction is not possible is generated. .
[0076]
Next, the use condition determination unit 540 outputs a determination result indicating whether or not it is possible to the reproduction unit 541.
(7) DES decoding unit 550
The DES decryption unit 550 reads the title key from the recording data storage unit 532 and reads the encrypted content from the first storage area 432 of the memory card 400. Next, using the read title key as a key, the read encrypted content is subjected to the DES decryption algorithm D3 to generate the decrypted content, and the generated decrypted content is output to the playback unit 541.
[0077]
Here, the decryption algorithm D3 is an algorithm that performs reverse conversion of the encryption algorithm E3.
(8) Playback unit 541
The playback unit 541 receives the determination result from the use condition determination unit 540 and receives the decrypted content from the DES decryption unit 550. When the received determination result indicates that it is possible, the playback unit 541 plays back the received decrypted content.
[0078]
When the received decrypted content is music, the playback unit 541 converts the decrypted content into an analog electrical signal indicating music, and outputs the generated analog electrical signal to the headphones 700. The headphone 700 receives an analog electric signal, converts it into sound, and outputs it.
1.5 Operation of the digital work protection system 100
The operation of the digital work protection system 100 will be described.
[0079]
(1) Operation at the time of writing to the memory card 400
The operation when a user purchases the content 600 stored in the content storage unit 201 of the server device 200 for content distribution by mounting the memory card 400 on the PC 300 will be described with reference to the flowcharts shown in FIGS. explain.
[0080]
The PC 300 receives a content specification from the user (step S101), and transmits an instruction to acquire the content that has been specified to the content distribution server device 200 via the Internet 10 (step S102).
Next, when the content distribution server device 200 receives a content acquisition instruction (step S102), between the first authentication unit 211 included in the content distribution server device 200 and the first authentication unit 411 included in the memory card 400. Device authentication is performed mutually (steps S103 and S104).
[0081]
If the authentication is successful (step S105), the distribution public key acquisition unit 212 outputs a distribution public key acquisition instruction to the distribution public key storage unit 412 of the memory card 400 via the Internet 10 and the PC 300 (steps S107 to S107). Step S108).
If the authentication is successful (step S106), the distribution public key storage unit 412 receives a distribution public key acquisition instruction (step S108), and then the distribution public key storage unit 412 reads the distribution public key (step S109). The read distribution public key is securely output to the distribution public key acquisition unit 212 via the PC 300 and the Internet 10 (steps S110 to S111).
[0082]
Next, the elliptical encryption unit 214 uses the distribution public key as a key and combines the title key and the use condition key for encryption (step S112), and the encrypted combined information is transmitted via the Internet 10 and the PC 300. And output to the elliptic decoding unit 414 (steps S113 to S114).
The elliptic decryption unit 414 decrypts the encrypted combined information (step S115), and writes the title key and the use condition key to the distribution data storage unit 423 (step S116).
[0083]
Next, the DES encryption unit 215 encrypts the usage rule data (step S117), and outputs the encrypted usage rule data to the DES decryption unit 415 via the Internet 10 and the PC 300 (steps S118 to S119). .
The DES decryption unit 415 decrypts the encrypted use condition data (step S120), and writes the use condition data to the distribution data storage unit 423 (step S121).
[0084]
Next, the DES encryption unit 250 encrypts the content (step S122), and outputs the encrypted content to the first storage area 432 via the Internet 10 and the PC 300 (step S123 to step S124). The storage area 432 stores the encrypted content (step S125).
Next, the conversion unit 416 converts the distribution data stored in the distribution data storage unit 423 to generate recording data, and writes the generated recording data to the recording data storage unit 422 (step S126). Next, the DES encryption unit 419 encrypts the title key and use condition data recorded in the recording data storage unit 422 (step S127), and re-encrypts the title key and re-encryption use condition data. Writing to the second storage area 431 (step S128).
[0085]
(2) Operation when reading from the memory card 400
Next, an operation in the case where the user pulls out the memory card 400 from the PC 300, attaches the extracted memory card 400 to the headphone stereo 500, and reproduces content will be described with reference to the flowcharts shown in FIGS. To do.
[0086]
When the headphone stereo 500 receives a content reproduction instruction from the user (step S201), the second authentication unit 517 included in the headphone stereo and the second authentication unit 417 included in the memory card 400 perform mutual device authentication ( Step S202, Step S203).
If the authentication is successful (step S205), the recording medium key acquisition unit 518 outputs an instruction to acquire the recording medium key to the recording medium key storage unit 418 (step S206).
[0087]
When the authentication is successful (step S204), the recording medium key storage unit 418 receives an instruction to acquire the recording medium key (step S206), and the recording medium key storage unit 418 reads the recording medium key (step S207). The read recording medium key is output to the recording medium key acquisition unit 518 (step S208).
Next, the re-encrypted data acquisition unit 531 outputs an instruction to acquire re-encrypted data to the second storage area 431 (step S209), and the second storage area 431 stores the re-encrypted title key and the re-encrypted title key. The encrypted use condition data is read (step S210), and the read re-encrypted title key and re-encrypted use condition data are output to the re-encrypted data acquisition unit 531 (step S211). Next, the DES decryption unit 519 decrypts the re-encrypted title key and the re-encryption usage condition data, and writes them into the recording data storage unit 532 (step S212).
[0088]
The first storage area 432 reads the encrypted content (step S213), outputs the read encrypted content to the DES decryption unit 550 (step S214), and the DES decryption unit 550 decrypts the encrypted content (step S215). ).
The use condition determining unit 540 reads the use condition data from the recording data storage unit 532, determines whether or not content reproduction is permitted by the read use condition data, and if permitted (step S216). The playback unit 541 plays back the content generated by decryption (step S217).
[0089]
1.6 Summary
As described above, the decryption and re-encryption (encryption conversion) of the encrypted title key and usage condition data is performed by the tamper-resistant module unit of the recording medium device, thereby making it difficult for an unauthorized third party to hack. Is possible.
2. Embodiment 2
A digital work protection system 100b (not shown) as another embodiment according to the present invention will be described.
[0090]
The digital work protection system 100 b has the same configuration as that of the digital work protection system 100, includes a content distribution server device 200 b instead of the content distribution server device 200, and replaces the memory card 400 with a memory card. 400b. Here, the description will focus on differences from the digital work protection system 100.
[0091]
2.1 Content distribution server device 200b
The content distribution server device 200b has a configuration similar to that of the content distribution server device 200. As shown in FIG. 13, the first authentication unit 211, the distribution public key acquisition unit 212, the distribution data storage unit 202, An elliptic encryption unit 214, a hash unit 220, a content storage unit 201, a DES encryption unit 250, and a writing unit 221 are included. Here, the description will focus on differences from the server device 200 for content distribution.
[0092]
(1) Distribution data storage unit 202
As shown in FIG. 16, the distribution data storage unit 202 includes an area for storing a title key, a digest, and usage condition data, and stores the title key and usage condition data in advance. The title key, digest, and usage condition data correspond to the content 600 stored in the content storage unit 201.
[0093]
Since the title key and usage condition data have been described above, description thereof will be omitted.
The digest is a value obtained by applying a hash function to the use condition data, and is written in the distribution data storage unit 202 by the hash unit 220.
(2) First authentication unit 211
The first authentication unit 211 outputs authentication success information indicating the success of authentication to the distribution public key acquisition unit 212 and the ellipse encryption unit 214.
[0094]
(3) Hash part 220
The hash unit 220 reads the use condition data from the distribution data storage unit 202, applies a hash function F1 to the read use condition data, generates a digest, and writes the generated digest to the distribution data storage unit 202.
Here, as the hash function F1, specifically, an American standard SHA algorithm or the like can be used. The SHA algorithm is described in detail, for example, in “Introduction to Cryptography” by Eiji Okamoto (Kyoritsu Publishing Co., Ltd.).
[0095]
(4) Elliptical encryption unit 214
The ellipse encryption unit 214 reads the title key and digest from the distribution data storage unit 202. Next, using the received distribution public key as a key, the elliptical encryption unit 214 performs cryptographic algorithm E1 using an elliptical encryption method on the combined information obtained by combining the title key and the digest to generate encrypted combined information. To do.
[0096]
(5) Writing unit 221
The writing unit 221 reads the use condition data from the distribution data storage unit 202, and writes the read use condition data into the distribution data storage unit 423 of the memory card 400b via the Internet 10 and the PC 300.
2.2 Memory card 400b
The memory card 400b has a configuration similar to that of the memory card 400, and as shown in FIG. 14, includes a tamper-resistant module unit 410b and an information storage unit 430 that cannot be read / written from the outside. 410b includes a first authentication unit 411, a distribution public key storage unit 412, a distribution secret key storage unit 413, an elliptical decryption unit 414, a conversion unit 416, a second authentication unit 417, a recording medium key storage unit 418, and a DES encryption unit 419. , A hash unit 420, a comparison unit 421, a distribution data storage unit 423, and a recording data storage unit 422. Here, the description will focus on differences from the memory card 400.
[0097]
(1) Elliptical decoding unit 414
The elliptic decryption unit 414 performs the decryption algorithm D1 by the elliptic encryption method on the received encrypted combined information using the read distribution secret key as a key, generates a title key and a digest, and generates the generated title key and digest. Write to the distribution data storage unit 423.
[0098]
(2) Hash part 420
The hash unit 420 reads the use condition data from the distribution data storage unit 423, applies a hash function F 1 to the read use condition data, generates a digest, and outputs the generated digest to the comparison unit 421.
Here, the hash function F1 is the same as the hash function F1 used in the hash unit 220 included in the content distribution server device 200b.
[0099]
(3) Comparison unit 421
The comparison unit 421 reads the digest from the distribution data storage unit 423 and receives the digest from the hash unit 420. Next, the comparison unit 421 determines whether the read digest and the received digest match, and outputs determination information indicating match or mismatch to the conversion unit 416.
[0100]
(4) Conversion unit 416
The conversion unit 416 receives determination information from the comparison unit 421.
If the determination information indicates a match, the conversion unit 416 reads the title key and usage rule data from the distribution data storage unit 423, and writes the read title key and usage rule data to the recording data storage unit 422 in this order. . FIG. 17 shows the title key and usage condition data written in the recording data storage unit 422.
[0101]
If the determination information indicates a mismatch, the conversion unit 416 does nothing. Accordingly, in this case, the title key and the use condition data are not written to the recording data storage unit 422.
2.3 Configuration of headphone stereo 500
As shown in FIG. 15, the headphone stereo 500 includes a second authentication unit 517, a recording medium key acquisition unit 518, a DES decryption unit 519, a re-encrypted data acquisition unit 531, a recording data storage unit 532, a usage condition determination unit 540, Since the DES decrypting unit 550 and the reproducing unit 541 are configured in the same manner as the headphone stereo 500 of the digital work protection system 100, description thereof is omitted.
[0102]
2.4 Operation of Digital Work Protection System 100b
The operation of the digital work protection system 100b will be described.
(1) Operation at the time of writing to the memory card 400b
The operation when the user purchases the content 600 stored in the content storage unit 201 of the server device 200b for content distribution with the memory card 400b attached to the PC 300 will be described with reference to the flowcharts shown in FIGS. explain.
[0103]
The PC 300 receives a content specification from the user (step S301), and transmits an instruction to acquire the content that has been specified to the content distribution server device 200b via the Internet 10 (step S302).
Next, when the content distribution server device 200b receives a content acquisition instruction (step S302), between the first authentication unit 211 included in the content distribution server device 200b and the first authentication unit 411 included in the memory card 400b. Device authentication is performed mutually (steps S303 and S304).
[0104]
If the authentication is successful (step S305), the distribution public key acquisition unit 212 outputs a distribution public key acquisition instruction to the distribution public key storage unit 412 of the memory card 400b via the Internet 10 and the PC 300 (steps S307 to S307). Step S308).
If the authentication is successful (step S306), the distribution public key storage unit 412 receives a distribution public key acquisition instruction (step S308), and then the distribution public key storage unit 412 reads the distribution public key (step S309). The read distribution public key is output to the distribution public key acquisition unit 212 via the PC 300 and the Internet 10 (steps S310 to S311).
[0105]
Next, the hash unit 220 reads the use condition data, applies a hash function F1 to the read use condition data to generate a digest (step S312), and writes the generated digest to the distribution data storage unit 202 (step S313). .
Next, the elliptic encryption unit 214 uses the distribution public key as a key to combine and encrypt the title key and the digest (step S314), and the encrypted combined information is stored in the elliptical form via the Internet 10 and the PC 300. It outputs to the decoding part 414 (step S315-step S316).
[0106]
The elliptical decryption unit 414 decrypts the encrypted combined information (step S317), and writes the title key and digest to the distribution data storage unit 423 (step S318).
The writing unit 221 reads the use condition data, and writes the read use condition data to the distribution data storage unit 423 via the Internet 10 and the PC 300 (steps S319 to S320).
[0107]
Next, the DES encryption unit 250 encrypts the content (step S322), and outputs the encrypted content to the first storage area 432 via the Internet 10 and the PC 300 (steps S323 to S324). The storage area 432 stores the encrypted content (step S325).
Next, the hash unit 420 reads the use condition data from the distribution data storage unit 423, applies a hash function F1 to the read use condition data, generates a digest, and outputs the generated digest to the comparison unit 421 (step S326). ). Next, the comparison unit 421 reads the digest from the distribution data storage unit 423, receives the digest from the hash unit 420, determines whether the read digest matches the received digest, and indicates a match or mismatch. The determination information is output to the conversion unit 416, and the conversion unit 416 receives the determination information from the comparison unit 421. When the determination information indicates a match (step S327), the conversion unit 416 receives the title from the distribution data storage unit 423. The key and use condition data are read out, and the read title key and use condition data are written in this order in the recording data storage unit 422 (step S328). Next, the DES encryption unit 419 encrypts the title key and use condition data recorded in the recording data storage unit 422 (step S329), and re-encrypts the re-encrypted title key and re-encryption use condition data. Write to the second storage area 431 (step S330).
[0108]
If the determination information received from the comparison unit 421 indicates a mismatch (step S327), the conversion unit 416 ends the process without doing anything.
(2) Operation at the time of reading from the memory card 400b
Next, the operation in the case where the user pulls out the memory card 400b from the PC 300, attaches the extracted memory card 400b to the headphone stereo 500, and reproduces the content, and the operation shown in the flowcharts of FIGS. Since it is the same, explanation is omitted.
[0109]
2.5 Summary
As described above, the decryption and re-encryption (encryption conversion) of the encrypted title key and use condition data is performed by the tamper-resistant module unit included in the recording medium device, thereby making it difficult for an unauthorized third party to hack. It becomes possible.
3. Embodiment 3
A digital work protection system 100c (not shown) as another embodiment of the present invention will be described.
[0110]
The digital work protection system 100 c has the same configuration as that of the digital work protection system 100, includes a content distribution server device 200 c instead of the content distribution server device 200, and replaces the memory card 400 with a memory card. 400c. Here, the description will focus on differences from the digital work protection system 100.
[0111]
3.1 Content Distribution Server Device 200c
In addition to the components included in the content distribution server device 200, the content distribution server device 200c further includes a key storage unit 261, an information storage unit 262, a hash unit 263, an encryption unit 264, and A transmission / reception unit 265 is included.
[0112]
(1) Information storage unit 262
The information storage unit 262 stores update modules in advance.
The update module is information for updating a computer program, data, and the like included in the tamper resistant module unit included in the memory card. Specifically, the update module is for updating an encryption method, a decryption method, and a conversion method included in the tamper resistant module unit.
[0113]
(2) Key storage unit 261
The key storage unit 261 stores a determination key in advance. The determination key is 64-bit information.
(3) Hash part 263
The hash unit 263 reads the update module from the information storage unit 262, applies the hash function F2 to the read update module, generates a first hash value, and outputs the generated first hash value to the encryption unit 264.
[0114]
(4) Encryption unit 264
The encryption unit 264 reads the determination key from the key storage unit 261 and receives the first hash value from the hash unit 263. Next, the encryption unit 264 generates an encrypted hash value by applying the encryption algorithm E5 to the received first hash value using the read determination key as a key, and uses the generated encrypted hash value as the Internet 10 The data is transmitted to the decryption unit 462 (described later) of the memory card 400c via the PC 300.
[0115]
(5) Transmission / reception unit 265
The transmission / reception unit 265 reads the update module from the information storage unit 262, and transmits the read update module to the transmission / reception unit 463 (described later) of the memory card 400c via the Internet 10 and the PC 300.
3.2 Memory card 400c
The memory card 400c includes a tamper resistant module unit 410c instead of the tamper resistant module unit 410.
[0116]
In addition to the components included in the tamper resistant module unit 410, the tamper resistant module unit 410c is further configured as shown in FIG. 21 with a key storage unit 461, a decrypting unit 462, a transmitting / receiving unit 463, a hash unit 464, a determining unit 465, and An update unit 466 is provided.
(1) Key storage unit 461
The key storage unit 461 stores a determination key in advance. The determination key is 64-bit information. This determination key is the same as the determination key stored in the key storage unit 261.
[0117]
(2) Decoding unit 462
The decryption unit 462 receives the encrypted hash value from the content distribution server device 200c via the Internet 10 and the PC 300, and reads the determination key from the key storage unit 461. Next, using the read determination key as a key, the decryption unit 462 performs a decryption algorithm D5 on the received encrypted hash value to generate a first hash value, and the generated first hash value is sent to the determination unit 465. Output.
[0118]
Here, the decryption algorithm D5 is an algorithm that performs reverse conversion of the encryption algorithm E5.
(3) Transmission / reception unit 463
The transmission / reception unit 463 receives the update module from the content distribution server device 200c via the Internet 10 and the PC 300, and outputs the received update module to the hash unit 464 and the update unit 466.
[0119]
(4) Hash part 464
The hash unit 464 receives the update module from the transmission / reception unit 463, applies a hash function F2 to the received update module, generates a second hash value, and outputs the generated second hash value to the determination unit 465.
(5) Determination unit 465
The determination unit 465 receives the first hash value from the decryption unit 462 and receives the second hash value from the hash unit 464. Next, the determination unit 465 determines whether or not the received first hash value matches the received second hash value, and outputs determination information indicating whether or not they match to the update unit 466.
[0120]
(6) Update unit 466
The update unit 466 receives an update module from the transmission / reception unit 463 and receives determination information from the determination unit 465.
When the received determination information indicates that they match, the update unit 466 uses the received update module to update the computer program or data stored in the tamper resistant module unit 410c.
[0121]
3.3 Operation of digital copyright protection system 100c
An operation when the computer or data included in the tamper resistant module unit 410c in the memory card 400c is updated in the digital work protection system 100c will be described with reference to the flowchart shown in FIG.
In the content distribution server device 200c, the hash unit 263 reads the update module from the information storage unit 262, applies the hash function F2 to the read update module, generates a first hash value, and encrypts the generated first hash value. The data is output to the conversion unit 264 (step S401). Next, the encryption unit 264 reads the determination key from the key storage unit 261, receives the first hash value from the hash unit 263, and uses the read determination key as a key to convert the received first hash value into the encryption algorithm E5. To generate an encrypted hash value (step S402). Next, the encryption unit 264 transmits the generated encrypted hash value to the decryption unit 462 of the memory card 400c via the Internet 10 and the PC 300, and the transmission / reception unit 265 reads the update module from the information storage unit 262. Then, the read update module is transmitted to the transmission / reception unit 463 of the memory card 400c via the Internet 10 and the PC 300 (steps S403 and S404).
[0122]
Next, in the memory card 400c, the decryption unit 462 receives the encrypted hash value from the content distribution server device 200c via the Internet 10 and the PC 300, and the transmission / reception unit 463 transmits from the content distribution server device 200c to the Internet. 10 and the update module are received via the PC 300 (step S403, step S404). Next, the decryption unit 462 reads the determination key from the key storage unit 461, generates the first hash value by applying the decryption algorithm D5 to the received encrypted hash value using the read determination key as a key. The first hash value is output to the determination unit 465 (step S405). Next, the hash unit 464 receives the update module from the transmission / reception unit 463, applies a hash function F2 to the received update module to generate a second hash value, and outputs the generated second hash value to the determination unit 465 ( Step S406). Next, the determination unit 465 determines whether or not the received first hash value matches the received second hash value, and outputs determination information indicating whether or not they match to the update unit 466 for reception. When the determination information indicates that they match (step S407), the update unit 466 updates the computer program or data stored in the tamper resistant module unit 410c using the received update module (step S408). ).
[0123]
When the received determination information indicates that they do not match (step S407), the update unit 466 does nothing and ends the process.
3.6 Summary
In the conventional system, the title key and usage condition data are encrypted according to a predetermined distribution data format and distribution encryption method, and the encrypted title key and usage condition data are decrypted on the user's personal computer. Thereafter, the data is re-encrypted and recorded on a recording medium in accordance with a predetermined recording data format or recording encryption method.
[0124]
However, when the encryption conversion and data format conversion performed on the personal computer is realized by the tamper-resistant module of the recording medium device, it will easily cope with contents according to different distribution encryption methods and different distribution data formats in the future. I can't.
As a countermeasure, the present invention provides a digital work protection system, a recording medium device, a server device, and a playback device that can safely update a tamper-resistant module that performs cryptographic conversion and format conversion on the recording medium device. With the goal.
[0125]
4). Summary
As described above, the present invention is a digital work protection system that handles content that is a digital work, and includes a server device, a recording medium device, and a playback device. The server device records a usage condition data representing a usage condition of the content in accordance with a first encryption unit that encrypts the content uniquely for each content to generate an encrypted content, and a predetermined distribution data format. And a second encryption unit that encrypts each medium device uniquely to generate encrypted usage condition data. The recording medium device includes an acquisition unit that acquires the encrypted content and the encrypted use condition data from the server device, a first storage area that stores the encrypted content acquired by the acquisition unit, and the acquisition A second decryption unit corresponding to the second encryption unit for decrypting the encrypted use condition data acquired by the unit; and the use condition data decrypted by the second decryption unit, the distribution data format A data format converting means for converting the data into a predetermined recording data format, and the use condition data converted by the data format converting means is uniquely encrypted for each recording medium device to generate re-encrypted use condition data 3, and a second storage area for storing the re-encryption usage condition data, the second decryption unit and the data Wherein the formatting conversion means a third encryption means is constituted by a tamper-resistant module having the tamper resistance. The playback device reads out the encrypted content stored in the first storage area of the recording medium device and the re-encryption usage condition data stored in the second storage area of the recording medium device; A third decryption unit corresponding to the third encryption unit for decrypting the re-encryption use condition data read by the read unit; and a decryption of the encrypted content read by the read unit, First decryption means corresponding to the encryption means, and reproduction for reproducing the content decrypted by the first decryption means within a range permitted by the use condition data decrypted by the third decryption means Means.
[0126]
Here, the server device further securely acquires a distribution public key corresponding to a distribution secret key unique to the recording medium device stored in the distribution secret key storage area of the recording medium device. Public key acquisition means, the first encryption means encrypts the content by a common key encryption method using a unique title key for each content, generates encrypted content, and the second encryption The encryption unit encrypts the title key and usage condition data by a public key cryptosystem using the distribution public key acquired by the distribution public key acquisition unit, and generates an encrypted title key and encrypted usage condition data To do. The recording medium device further includes a distribution secret key storage area for storing a distribution secret key corresponding to the distribution public key, and a recording medium unique key for storing a recording medium unique key unique to each recording medium device. A key storage area, wherein the acquisition unit acquires the encrypted content, the encrypted title key, and the encryption usage condition data from the server device, and the second decryption unit includes the distribution private key storage area. The encrypted title key and the encryption usage condition data are decrypted using the public key cryptosystem using the distribution private key stored in the distribution key, and the third encrypting means includes the decrypted title key And re-encrypted title key and re-encrypted use condition data by encrypting the use condition data by a common key encryption method using the recording medium unique key stored in the recording medium unique key storage area. In addition to the second decryption means, the data format conversion means, and the third encryption means, the distribution private key storage area and the recording medium unique key storage area are tamper resistant. It consists of a tamper-resistant module. The playback apparatus further includes medium unique key acquisition means for securely acquiring a recording medium unique key stored in a recording medium unique key storage area of the recording medium apparatus, and the reading means includes the re-encryption The title key and the re-encryption usage condition data are read from the recording medium device, and the third decryption unit uses the medium unique key to read the re-encrypted title key and the re-encryption usage condition data read by the reading unit. Decrypting by the common key cryptosystem, the first decryption means decrypts the encrypted content by the common key cryptosystem using the title key, and the reproduction means is licensed by the use condition data. Play back the decrypted content within the specified range.
[0127]
Here, the second encryption means of the server device includes a use condition including at least one of the title key and a digest value of the use condition data or a use condition key used for encryption and decryption of the use condition data. The related information is encrypted by a public key cryptosystem using the public key for distribution to generate an encrypted title key and encrypted usage condition related information, and the usage condition related information includes a digest value of the usage condition data If the usage condition data includes a hash function to generate a digest value of the usage condition data, or the usage condition related information includes the usage condition key, the usage condition data is used as the usage condition data. The condition key is used for encryption with a common key encryption method, and the acquisition unit of the recording medium device receives an encrypted title key from the server device. And when the usage condition related information includes only the digest value of the usage condition data, the usage condition data is acquired and the usage condition key is included in the usage condition related information. The encryption usage condition data is acquired, and the second decryption means uses the distribution secret key to transmit the encrypted title key and the encryption usage condition related information to the public key cryptosystem. If the usage condition key is included in the decrypted previous term usage condition related information, the encrypted usage condition data is decrypted by the common key method using the usage condition key to obtain usage condition data. Or, if the digest value of the usage condition data is included in the previous period usage condition related information, the usage condition data is referred to by using the hash function. To generate a digest value, this reference digest value, it determines whether or not to coincide with the digest value of the usage condition data included in the use condition related information.
[0128]
Here, each of the recording medium device and the server device further includes a first authentication unit, and the server device obtains the distribution public key from the recording medium device, or Before the recording medium device acquires the encrypted title key and the encrypted use condition data from the server device, the first authentication unit of the server device authenticates the validity of the recording medium device, and The first authentication unit of the recording medium device authenticates the validity of the server device, and when each authentication is successful, the server device acquires the distribution public key from the recording medium device, or The recording medium device acquires the encrypted title key and the encrypted use condition data.
[0129]
Here, each of the recording medium device and the reproduction device further includes a second authentication unit, and the reproduction device obtains the medium unique key from the recording medium device, or Prior to reading out the encrypted title key and the encryption usage condition data from the playback device, the recording medium device authenticates the recording medium device and records the recording medium device. The second authentication unit of the medium device authenticates the validity of the playback device, and when each authentication is successful, the playback device acquires the medium unique key from the recording medium device, or The encryption usage condition data is read from the recording medium device.
[0130]
Here, when the distribution secret key of the recording medium device is exposed, the server device registers the distribution public key corresponding to the distribution secret key in the revocation list, and is registered in the revocation list. It is prohibited to encrypt the title key and the use condition data using a distribution public key and provide them to the recording medium device.
Here, the use condition data includes information for controlling the number of times the content is reproduced, information for controlling the reproduction period of the content, or information for controlling the accumulated reproduction time of the content.
[0131]
Here, the tamper resistant module is constituted by tamper resistant hardware, tamper resistant software, or a combination of both.
The present invention is also a recording medium device for recording content that is a digital work, an encrypted content, an acquisition unit that acquires encrypted usage condition data, and an encrypted content acquired by the acquisition unit A first storage area for storing the data, a second decryption unit for decrypting the encrypted use condition data acquired by the acquisition unit, and a use condition data decrypted by the second decryption unit. Data format conversion means for converting the distribution data format to a predetermined recording data format, and the usage condition data converted by the data format conversion means are uniquely encrypted for each recording medium device to re-encrypt usage condition data. A third encryption unit to be generated; a second storage area for storing the re-encryption usage condition data encrypted by the third encryption unit; Wherein the second decoding means and said data format conversion means and said third encryption means is constituted by a tamper resistant module having the tamper resistance.
[0132]
Here, the recording medium device further includes a distribution secret key storage area for storing a distribution secret key corresponding to the distribution public key, and a recording for storing a recording medium unique key unique to each recording medium device. A storage medium unique key storage area, wherein the acquisition means acquires encrypted content, an encrypted title key, and encrypted usage condition data from the server device, and the second decryption means includes the distribution secret. Decrypting the encrypted title key and the encryption usage condition data using the public key cryptosystem using the distribution private key stored in the key storage area, and the third encryption means The title key and the use condition data are encrypted by a common key encryption method using the recording medium unique key stored in the recording medium unique key storage area, and re-encrypted title key and re-encrypted use condition data In addition to the second decryption means, the data format conversion means, and the third encryption means, the distribution private key storage area and the recording medium unique key storage area It consists of a tamper resistant tamper resistant module.
[0133]
Here, the acquisition unit of the recording medium device acquires an encrypted title key and encrypted usage condition related information from the server device, and further includes only a digest value of usage condition data in the usage condition related information. The usage condition data is acquired, and when the usage condition related information includes the usage condition key, the encrypted usage condition data is acquired, and the second decryption means includes the encrypted title. When the key and the encryption usage condition related information are decrypted by the public key cryptosystem using the distribution secret key, and the decrypted previous period usage condition related information includes the usage condition key, the encryption usage conditions Decrypt the data by the common key method using the usage condition key to obtain usage condition data, or the previous period usage condition related information includes the digest value of the usage condition data A digest value for reference of the use condition data is generated using the hash function for the use condition data, and the digest value for reference is a digest value of the use condition data included in the use condition related information. Determine whether they match.
[0134]
Here, the recording medium device further includes a first authentication unit and a second authentication unit, and the recording medium device is prior to the distribution public key being acquired by the server device, or Before the recording medium device acquires the encrypted title key and the encrypted usage condition data from the server device, the first authentication unit of the server device authenticates the validity of the recording medium device. The first authentication unit of the recording medium device authenticates the validity of the server device, and when each authentication is successful, the recording medium device obtains the distribution public key by the server device. Alternatively, the recording medium device acquires the encrypted title key and the encryption usage condition data, and the recording medium device prior to acquiring the medium unique key by the playback device. Alternatively, prior to reading out the encrypted title key and the encryption usage condition data from the playback device, the recording medium device is configured such that the second authentication unit of the playback device includes the recording medium device. The second authentication unit of the recording medium device authenticates the validity of the reproducing device, and when each authentication is successful, the recording medium device acquires the medium unique key by the reproducing device. Alternatively, the encryption usage conditions are read from the recording medium device.
[0135]
Here, when the distribution data format or the recording data format is changed, the tamper resistant module constituting the data format conversion means of the recording medium device is updated.
Here, when there is a change in the encryption method used by the second decryption unit of the recording medium device or the encryption method used by the third encryption unit, the second decryption unit, or The tamper resistant module constituting the third encryption means is updated.
[0136]
Here, the recording medium device further includes a tamper resistant module determining unit that determines the validity of the tamper resistant module to be updated, and the tamper resistant module determining unit determines that the tamper resistant module is valid. Update the module.
Here, the second decryption unit of the recording medium device can select and decrypt one from a plurality of encryption methods, and the third encryption unit can select one from a plurality of encryption methods. Select to decrypt.
[0137]
Here, the distribution key storage area of the recording medium device stores a plurality of distribution secret keys, and the second decryption means selects and uses one of the plurality of distribution secret keys.
Here, the tamper resistant module is constituted by tamper resistant hardware, tamper resistant software, or a combination of both.
[0138]
The present invention is also a server device for providing content that is a digital work to a recording medium device, and a first encryption unit that encrypts content uniquely for each content to generate encrypted content; And second encryption means for generating encrypted usage rule data by encrypting the usage rule data representing the usage rule of the content uniquely for each recording medium device in accordance with a predetermined distribution format.
[0139]
Here, the server device further securely acquires a distribution public key corresponding to a distribution secret key unique to the recording medium device stored in the distribution secret key storage area of the recording medium device. Public key acquisition means, the first encryption means encrypts the content by a common key encryption method using a unique title key for each content, generates encrypted content, and the second encryption The encryption unit encrypts the title key and usage condition data by a public key cryptosystem using the distribution public key acquired by the distribution public key acquisition unit, and generates an encrypted title key and encrypted usage condition data To do.
[0140]
Here, the second encryption means of the server device includes a use condition including at least one of the title key and a digest value of the use condition data or a use condition key used for encryption and decryption of the use condition data. The related information is encrypted by a public key cryptosystem using the public key for distribution to generate an encrypted title key and encrypted usage condition related information, and the usage condition related information includes a digest value of the usage condition data If the usage condition data includes a hash function to generate a digest value of the usage condition data, or the usage condition related information includes the usage condition key, the usage condition data is used as the usage condition data. Encrypt using the common key cryptosystem with the condition key.
[0141]
Here, the server device further includes a first authentication unit, and the server device acquires the distribution public key from the recording medium device or the server device stores the recording medium. Prior to acquisition of the encrypted title key and the encrypted use condition data by the device, the first authentication means of the server device authenticates the validity of the recording medium device, and The authentication means authenticates the validity of the server device, and when each authentication is successful, the server device acquires the distribution public key from the recording medium device, or the server device An encrypted title key and encrypted use condition data are acquired by the recording medium device.
[0142]
Here, the second encryption unit of the server device registers a distribution public key corresponding to the distribution secret key in a revocation list when the distribution secret key of the recording medium device is exposed. In addition, it is prohibited to encrypt the title key and the use condition data using the distribution public key registered in the revoke list and provide them to the recording medium device.
[0143]
The present invention is also a playback device for reading out and playing back a content that is a digital work from a recording medium device, the playback device encrypting data stored in a first storage area of the recording medium device. Read means for reading the content and re-encryption usage condition data stored in the second storage area of the recording medium device; and a first recording medium device for decrypting the re-encryption usage condition data read by the reading means A third decryption unit corresponding to the third encryption unit, a first decryption unit corresponding to the first encryption unit of the server device for decrypting the encrypted content read by the read unit, Reproduction means for reproducing the content decrypted by the first decryption means within a range permitted by the use condition data decrypted by the third decryption means.
[0144]
Here, the previous playback device further comprises medium unique key acquisition means for securely acquiring the recording medium unique key stored in the recording medium unique key storage area of the recording medium device, and the reading means comprises The re-encrypted title key and the re-encrypted use condition data are read from the recording medium device, and the third decryption unit reads the re-encrypted title key and the re-encrypted use condition data read by the read unit. The unique key is used to decrypt the encrypted content using the common key encryption method, the first decryption unit decrypts the encrypted content using the title key using the common key encryption method, and the reproduction unit includes the use condition data. The content decrypted within the range permitted by is reproduced.
[0145]
Here, each of the playback device and the recording medium device further includes a second authentication unit, and the playback device obtains the medium unique key from the recording medium device, or Prior to reading out the encrypted title key and the encrypted use condition data by the recording medium device, the reproducing device authenticates the recording medium device, and the second authentication unit of the reproducing device authenticates the recording medium device. The second authentication unit of the medium device authenticates the validity of the playback device, and when each authentication is successful, the playback device acquires the medium unique key from the recording medium device, or In the reproducing apparatus, the encrypted title key and the encrypted use condition data are read by the recording medium device.
[0146]
Here, the use condition data includes information for controlling the number of times the content is reproduced, information for controlling the reproduction period of the content, or information for controlling the accumulated reproduction time of the content.
As is clear from the above description, the copyright protection system, the recording medium device, the server device, and the playback device according to the present invention record the encrypted title key and usage condition data, and re-encrypt (encryption conversion). By using the tamper resistant module portion of the medium device, it becomes possible to make it difficult for an unauthorized third party to hack.
[0147]
In addition, it is possible to safely update the tamper resistant module that performs encryption conversion and format conversion on the recording medium device.
Although the digital work protection system according to the present invention has been described above, the present invention is of course not limited to these embodiments. You may comprise as follows.
[0148]
(1) In the above embodiment, the case where DES and elliptic encryption are used as the encryption algorithm has been described, but the present invention is not limited to these. Other cryptographic techniques may be applied.
(2) In the above embodiment, the procedure for storing the purchased content with usage conditions in the memory card or reproducing the content from the memory card has been described, but whether or not the content has been purchased is not the essence of the invention. . For example, the same procedure can be executed even for a trial version of free content with usage condition data.
[0149]
(3) In the above embodiment, the content is stored in the memory card. However, the recording medium is not limited to the memory card. Other types of recording media may be used.
(4) In the above embodiment, the content is encrypted. However, a part of the content may be encrypted.
[0150]
(5) In the above embodiment, the case where usage condition data is added for each content has been described, but the present invention is not limited to this.
For example, the usage condition data may be such that up to 100 pieces of music data are purchased on a monthly basis. In this case, for example, when the monthly contract is canceled, the use condition determination unit may not permit the reproduction of the content stored in the storage area of the memory card from the next month.
[0151]
(6) In the above embodiment, the case where the usage condition data is added for each content has been described. Needless to say, the case where the usage condition data is not added can be dealt with.
(7) Further, when the distribution secret key of the memory card is exposed, the content distribution server device registers the distribution public key corresponding to the distribution secret key in the revoke list and is registered in the revoke list. The configuration may be such that the title key or the like is encrypted using the distribution public key and is provided to the memory card.
[0152]
(8) Further, the tamper resistant module portion of the memory card may be configured by tamper resistant hardware, tamper resistant software, or a combination of both.
(9) Further, when the distribution data format or the recording data format is changed, the tamper-resistant module constituting the data format conversion means of the memory card may be updated to cope with it.
[0153]
(10) Also, it is necessary to change or add to the encryption method used in the tamper resistant module part of the memory card in response to the change or addition of the encryption method (elliptical encryption or DES encryption) used by the content distribution server. The tamper-resistant module may be updated by updating the tamper-resistant module.
(11) In the above (9) or (10), the memory card includes a tamper resistant module determining unit that determines the validity of the tamper resistant module to be updated, and the tamper resistant module determining unit determines that the tamper resistant module is valid. In such a case, the tamper resistant module may be updated.
[0154]
(12) The memory card is provided with a plurality of encryption methods in advance, and one of the plurality of encryption methods is selected, and the memory card may be configured to be encrypted or decrypted using the selected encryption method. Good.
(13) The memory card may store a plurality of distribution secret keys in advance, and the elliptic decoding means may be configured to selectively use one of the plurality of distribution secret keys.
[0155]
(14) In the present embodiment, a digital work distribution system using a headphone stereo has been described, but the present invention is not limited to this. For example, instead of the headphone stereo, a mobile phone, an L-mode stationary phone, a portable information terminal device, a personal computer, or a home appliance such as a television having an Internet connection function may be used. These playback devices play back digital works such as music, movies, electronic books, and game programs.
[0156]
In addition, although the content distribution server device 200 and the PC 300 are connected via the Internet 10, the present invention is not limited to this connection form.
For example, the content distribution server device and the PC 300 may be connected via the Internet and a mobile phone network. In addition, a broadcast device is connected to the content distribution server device, and various types of information such as content are broadcast on broadcast waves. Home appliances such as televisions receive broadcast waves and receive various types of information from the received broadcast waves. May be extracted.
[0157]
(15) In the above embodiment, the challenge-response mutual device authentication is performed between the content distribution server and the memory card. However, other methods can be applied.
(16) In the above embodiment, the case where a PC is used as the receiving device has been described. However, other devices such as a mobile phone and a KIOSK terminal may be used.
[0158]
(17) In the above embodiment, SHA-1 is used as the hash function applied to the use condition data, but other hash functions can also be used.
(18) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
[0159]
The present invention also records the computer program or the digital signal on a computer-readable recording medium, such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, semiconductor memory, etc. It is good also as what you did. Further, the present invention may be the computer program or the digital signal recorded on these recording media.
[0160]
In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.
[0161]
In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and is executed by another independent computer system. It is good.
(19) The above embodiment and the above modifications may be combined.
[0162]
【The invention's effect】
As described above, the present invention is a digital work protection system in which a digital work transmitted from a transmission device is written to a portable recording medium device via a reception device and played back by the playback device, The digital work protection system encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information via a network. Wherein the recording medium device is mounted on the receiving device, and the digital copyright protection system further receives the first encrypted information via a network, and receives the received first encrypted information. A receiving device that outputs information to the recording medium device; an information storage area for storing information; and a tamper-resistant module unit having tamper resistance. The tamper resistant module unit obtains the output first encrypted information, decrypts the first encrypted information based on a distribution decryption key, generates intermediate information, and The intermediate information is encrypted based on a medium unique key unique to the recording medium device to generate second encrypted information, and the generated second encrypted information is written to the information storage area, where the second encryption The recording medium device in which the encrypted information is written is attached to the playback device, and the digital copyright protection system further reads the second encrypted information from the information storage area and securely reads the medium unique key And the playback device that generates the decrypted content by decrypting the second encrypted information based on the medium unique key, and plays back the generated decrypted content.
[0163]
According to this configuration, the tamper-resistant module unit included in the recording medium device decrypts and further encrypts the first encrypted information composed of the encrypted original content. Can be difficult.
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires the distribution encryption key used for distributing the digital work, and acquires the original content key. To encrypt the original content to generate an encrypted content, to encrypt the original content key using the acquired distribution encryption key to generate a first encrypted content key, and to generate the encrypted Transmitting the first encrypted information including a content and a first encrypted content key, and the receiving device receives the first encrypted information including the encrypted content and the first encrypted content key; The received encrypted content and the first encrypted content key are output, and the tamper resistant module unit receives a distribution decryption key and a medium unique key unique to the recording medium device. The first encrypted information including the output encrypted content and the first encrypted content key is acquired, and the first encrypted content key is decrypted using the distribution decryption key. An intermediate content key is generated, and the generated intermediate content key is encrypted using the medium unique key to generate a second encrypted content key. The acquired encrypted content and the generated second cipher The second encrypted information including the encrypted content key is written, and the playback device securely acquires the medium unique key from the recording medium device, and from the information storage area, the encrypted content and the second encrypted key are obtained. The second encrypted information including the encrypted content key is read out, and the second encrypted content key is decrypted using the acquired medium unique key to generate a decrypted content key , Using the generated decryption content key, and decrypts the encrypted content read to generate a decrypted content.
[0164]
According to this configuration, in the recording medium device, the content key is only decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. The processing load on the medium device can be reduced.
The present invention also provides a transmitting device for transmitting a digital work, a receiving device for recording the digital work received via a network on a portable recording medium device, and the digital recorded on the recording medium device. A digital work protection system comprising a playback device for playing back a copyrighted work and the recording medium device, wherein the transmitting device receives an original content that is a digital work and an original content key unique to the original content. Pre-stored storage means, distribution encryption key acquisition means for acquiring a distribution encryption key used for distribution of digital works, and encrypted content by encrypting the original content using the original content key And encrypting the original content key using the acquired distribution encryption key to generate a first encrypted content key; and Transmitting means for transmitting the encoded content and the first encrypted content key via a network, wherein the recording medium device is attached to the receiving device, and the receiving device is connected via the network. Receiving means for receiving the encrypted content and the first encrypted content key; and output means for outputting the received encrypted content and the first encrypted content key. Information storage means having an area for storing, and tamper-resistant module means having tamper resistance, wherein the tamper-resistant module means has a distribution decryption key and a medium unique key unique to the recording medium device in advance. A stored key storage unit; an acquisition unit that acquires the output encrypted content and the first encrypted content key; and the distribution decryption key And decrypting the first encrypted content key to generate an intermediate content key, and generating the second encrypted content key by encrypting the generated intermediate content key using the medium unique key. And a writing unit that writes the acquired encrypted content and the generated second encrypted content key to the information storage unit, wherein the encrypted content and the second encrypted content The recording medium device in which a key is written is attached to the playback device, and the playback device securely acquires the medium unique key from the key storage unit; and the encrypted content from the information storage unit And a reading means for reading out the second encrypted content key, and using the acquired medium unique key, the read out second encrypted content key is decrypted and restored. Content key decrypting means for generating a content key, content decrypting means for decrypting the read encrypted content to generate decrypted content using the generated decrypted content key, and playing back the generated decrypted content Playing means.
[0165]
According to this configuration, the tamper-resistant module unit included in the recording medium device decrypts and re-encrypts, making it difficult for an unauthorized third party to hack, decrypting the encrypted content, and further encrypting it. Therefore, the processing load on the recording medium device can be reduced.
The present invention is also a transmitting device for transmitting a digital work over a network, wherein the digital work is written in a portable recording medium device through a receiving device, and the transmitting device is a digital device. A storage means for storing in advance an original content that is a copyrighted work and an original content key unique to the original content; a distribution encryption key acquiring means for acquiring a distribution encryption key used for distributing a digital work; Encryption means for generating an encrypted content by encrypting the original content using the original content key, and generating a first encrypted content key by encrypting the original content key using the acquired distribution encryption key And transmitting means for transmitting the encrypted content and the first encrypted content key via a network.
[0166]
According to this configuration, the tamper-resistant module unit included in the recording medium device is encrypted so that it is difficult for an unauthorized third party to hack and the processing load on the recording medium device can be reduced. A transmission device for transmitting a digital work can be provided.
Here, the storage means further stores usage condition information indicating usage conditions of the digital work, and an original usage condition key unique to the usage condition information, and the encryption means further includes: Using the distribution encryption key, the original use condition key is encrypted to generate a first encrypted use condition key, and the use condition information is encrypted using the original use condition key to use the first encryption Condition information is generated, and the transmission means further transmits the first encryption usage condition key and the first encryption usage condition information via a network.
[0167]
According to this configuration, the usage condition information indicating the usage condition of the content is transmitted, so that the usage of the content can be controlled in the playback device.
Here, the distribution encryption key acquisition means acquires the distribution encryption key that is a public key generated using a public key generation algorithm, and the encryption means uses a distribution encryption key that is a public key, Encrypt using the public key encryption algorithm.
[0168]
According to this configuration, since the encryption is performed using the public key, the key can be safely distributed.
Here, the transmission device is further exposed to a revoke list means having an area for recording an invalid distribution encryption key and a distribution decryption key based on generation of the distribution encryption key which is a public key. A registration unit that writes the distribution encryption key to the revoke list unit, wherein the transmission device newly transmits content that is a digital work, and the distribution key acquisition unit newly distributes Obtaining an encryption key, determining whether or not the acquired delivery encryption key is written in the revoke list means, and if determining that it is written, prohibiting the encryption means from encryption, Transmission is prohibited to the transmission means.
[0169]
According to this configuration, since the use of the public key corresponding to the exposed secret key is restricted, the content can be distributed more securely.
Here, the storage means further stores use condition information indicating use conditions of the digital work, and the transmission means further reads the use condition information from the storage means and reads the read use condition information. A hash algorithm is generated by applying a hash algorithm to the condition information, and the generated hash value and the read use condition information are securely transmitted via the network.
[0170]
According to this configuration, when the use condition information is falsified in the distribution route, the use of the digital work corresponding to the use condition information can be prohibited.
Here, the transmission device further includes an authentication unit that mutually authenticates the validity of the device with the recording medium device, and the distribution encryption key acquisition unit is configured to perform the authentication only when the authentication is successful. The distribution encryption key is obtained from the recording medium device, the encryption means encrypts only when the authentication is successful, and the transmission means transmits only when the authentication is successful.
[0171]
According to this configuration, since the validity of the device is mutually authenticated between the transmission device and the recording medium device, it is possible to prevent the digital work from being output to an unauthorized device.
Here, the transmission device further reads update information from an update information storage unit that stores in advance update information for updating the tamper resistant module unit included in the recording medium device, and reads the update information from the update information storage unit. Update information transmitting means for transmitting the read update information to the recording medium device via a network and a receiving device.
[0172]
According to this configuration, since the information for updating the tamper resistant module is transmitted, the tamper resistant module can be updated in the recording medium device.
Here, the transmission device further reads the update information from the update information storage unit, applies a hash algorithm to the read update information to generate a hash value, and transmits the generated hash value via the network and the reception device. And hash means for securely transmitting to the recording medium device.
[0173]
According to this configuration, when the tamper resistant module update information is falsified in the distribution path, the use of the update information can be prohibited.
Here, the update information stored in the update information storage means is information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format included in the tamper resistant module unit. And the update information transmitting means reads the update information including information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format provided in the tamper resistant module unit. The read update information is transmitted.
[0174]
According to this configuration, since the update information includes information for updating the encryption method, the decryption method, or the conversion method, the encryption method, the decryption method, or the conversion method in the tamper resistant module can be updated. .
The present invention also relates to a portable recording medium device for recording a digital work transmitted from a transmitting device via a receiving device, wherein the recording medium device is attached to the receiving device, and the transmitting device Encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, transmits the generated first encrypted information to the receiving device via a network, and The recording medium device includes information storage means having an area for storing information, and tamper resistant module means having tamper resistance. The tamper resistant module means is unique to the distribution decryption key and the recording medium device. A key storage unit that stores a medium unique key in advance; an acquisition unit that acquires the first encrypted information transmitted via the receiving device; and the first encrypted information based on the distribution decryption key A decryption unit that decrypts and generates intermediate information; an encryption unit that encrypts the intermediate information based on the medium unique key to generate second encrypted information; and the generated second encrypted information in the information storage And a writing unit for writing to the means.
[0175]
According to this configuration, it is possible to provide a recording medium device that makes hacking by an unauthorized third party difficult.
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires a distribution encryption key used for distributing the digital work, and uses the original content key as the original content key. The encrypted content is generated by encrypting the original content, the first encrypted content key is generated by encrypting the original content key by using the acquired distribution encryption key, and the generated encrypted content and Transmitting the first encrypted information including the first encrypted content key, and the acquiring unit acquires the first encrypted information including the output encrypted content and the first encrypted content key; The decryption unit decrypts the first encrypted content key included in the first encrypted information using the distribution decryption key to generate an intermediate content key, and generates the first encrypted information. The intermediate information including the encrypted content included and the generated intermediate content key is generated, and the encryption unit encrypts the intermediate content key included in the intermediate information using the medium unique key. Generating a second encrypted content key, generating the second encrypted information including the encrypted content included in the intermediate information and the generated second encrypted content key, and the writing unit The second encrypted information including the encrypted content and the second encrypted content key is written.
[0176]
According to this configuration, in the recording medium device, the content key is only decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. The processing load on the medium device can be reduced.
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work and an original usage condition key unique to the usage condition information, and uses the distribution encryption key, The original usage condition key is encrypted to generate a first encrypted usage condition key, and the original usage condition key is used to encrypt the usage condition information to generate first encrypted usage condition information. 1 encryption use condition key and the first encryption use condition information are transmitted to the receiving device via a network, and the acquisition unit further passes the first encryption use condition via the receiving device. The key and the first encryption usage condition information are obtained, and the decryption unit further generates an intermediate usage condition key by decrypting the first encryption usage condition key using the distribution decryption key. Using the intermediate use condition key, the first cipher The usage condition information is decrypted to generate intermediate usage condition information, and the encryption unit further generates the second encrypted usage condition information by encrypting the intermediate usage condition information using the medium unique key. Then, the writing unit further writes the generated second encryption usage condition information in the information storage means.
[0177]
According to this configuration, the usage condition information indicating the usage condition of the content is stored, so that the usage of the content can be controlled in the playback device.
Here, the transmission device further acquires the distribution encryption key, which is a public key generated using a public key generation algorithm based on a distribution decryption key, which is a secret key, and distributes the distribution encryption, which is a public key. The key is used for encryption using a public key encryption algorithm, and the decryption unit decrypts using the distribution decryption key using a public key decryption algorithm.
[0178]
According to this configuration, since the encryption is performed using the public key and the decryption is performed using the secret key, the key can be safely distributed.
Here, the tamper resistant module means further includes a conversion unit that converts the intermediate information that is the distribution data format generated by the decryption unit to generate recording intermediate information in a recording data format, and the encryption The unit encrypts the recording intermediate information instead of the intermediate information.
[0179]
According to this configuration, since the data format for distribution is converted into the data format for recording, it is possible to cope with a case where the data format for distribution and the data format for recording are different. Even if a data format is newly added, it can be easily handled.
Here, the transmission device stores update information for updating the tamper resistant module means included in the recording medium device in advance, reads the update information, and uses the read update information as a network and a reception device. The tamper resistant module means includes a microprocessor and a semiconductor memory recording a computer program, and the microprocessor operates according to the computer program, whereby the anti-tamper module means The components included in the tamper module means operate, the acquisition unit acquires the update information via the receiving device, and the tamper resistant module means further uses the acquired update information to The computer program is updated, whereby the tamper resistant module Components included in includes an update unit to be updated.
[0180]
According to this configuration, it is possible to acquire information for updating the tamper resistant module and update the tamper resistant module in the recording medium device.
Here, the transmission device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and generates the generated first hash value via the network and the reception device. The tamper resistant module means further securely transmits to the recording medium device, the tamper resistant module means further applies a hash algorithm to the acquired update information to generate a second hash value, and the acquired first hash value A comparison / determination unit that determines whether or not the generated second hash value matches, and the update unit updates only when it is determined by the comparison / determination unit to match.
[0181]
According to this configuration, when the tamper resistant module update information is falsified in the distribution path, the use of the update information can be prohibited.
Here, the update information stored in the transmission device includes information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format provided in the tamper resistant module means. The update information is transmitted, and the acquisition unit acquires the update information for updating an encryption method, a decryption method, or a data conversion method via the reception device, and the update unit acquires the update information. The computer program is updated using the update information, whereby the encryption unit, the decryption unit, or the conversion unit included in the tamper resistant module unit is updated.
[0182]
According to this configuration, since the update information includes information for updating the encryption method, the decryption method, or the conversion method, the encryption method, the decryption method, or the conversion method in the tamper resistant module can be updated. .
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work, reads the usage condition information, applies a hash algorithm to the read usage condition information, and performs a first hash. A value is generated, the generated first hash value and the read usage condition information are securely transmitted via a network, and the acquisition unit is further configured to transmit the first hash transmitted via the receiver. The tamper resistant module means further applies a hash algorithm to the acquired usage condition information to generate a second hash value, and the acquired first hash. And a comparison / determination unit that determines whether or not the generated second hash value matches, and the encryption unit uses the comparison / determination unit. Only when it is determined that the matching, encrypts the write unit, only when it is determined that coincides with the comparing and judging section writes.
[0183]
According to this configuration, when the use condition information is falsified in the distribution route, the use of the digital work corresponding to the use condition information can be prohibited.
Here, the transmission device further authenticates the validity of the device with the recording medium device, and acquires the distribution encryption key from the recording medium device only when the authentication is successful, The tamper resistant module means further includes an authentication means for mutually authenticating the validity of the device with the transmission device, and the acquisition unit only when the authentication is successful, And the decrypting unit decrypts only when the authentication is successful, the encryption unit encrypts only when the authentication is successful, and the writing unit is successful when the authentication is successful. Only write to.
[0184]
According to this configuration, since the validity of the device is mutually authenticated between the transmission device and the recording medium device, it is possible to prevent a digital work from being obtained from an unauthorized device.
Here, the recording medium device is attached to a playback device, the playback device reads information from the information storage means, and the tamper-resistant module means is further connected to the playback device as a device. And authenticating means for permitting the playback apparatus to read information only when the authentication is successful.
[0185]
According to this configuration, since the validity of the device is mutually authenticated between the recording medium device and the playback device, it is possible to prevent the digital work from being output to an unauthorized device.
Here, the decoding unit includes a plurality of decoding methods in advance, and performs decoding using one decoding method selected from the plurality of decoding methods, where the selected decoding method is the transmission method. Inverse conversion of the encryption method used in the apparatus is performed. The encryption unit includes a plurality of encryption methods in advance, and performs encryption using one encryption method selected from the plurality of encryption methods.
[0186]
According to this configuration, since one recording medium device is selected from a plurality of decryption methods or from a plurality of encryption methods, it can be easily changed in accordance with the method possessed by the transmission device or the playback device.
Here, the key storage unit stores a plurality of distribution decryption key candidates, and one distribution decryption key candidate is selected as the distribution decryption key from the plurality of distribution decryption key candidates, and the decryption unit Uses the selected delivery decryption key.
[0187]
According to this configuration, since the recording medium device selects and uses one of the plurality of distribution secret keys, even if the selected distribution secret key is exposed, another distribution secret key is used. By using it, the recording medium device can be used continuously.
Here, the tamper resistant module means realizes tamper resistance by software, hardware, or a combination of software and hardware.
[0188]
According to this configuration, it is possible to protect against an unauthorized attack on the tamper resistant module.
Here, a playback device that plays back a digital work transmitted from a transmission device via a network and a reception device and written on a portable recording medium device, the recording medium device being attached to the reception device, The transmitting device encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, transmits the generated first encrypted information to the receiving device via a network, The recording medium device includes an information storage area for storing information and a tamper resistant module unit having tamper resistance, and the tamper resistant module unit transmits the first encryption transmitted via the receiving device. To obtain intermediate information by decrypting the first encrypted information based on the distribution decryption key, and encrypting the intermediate information based on the medium unique key unique to the recording medium device. To generate second encrypted information, and write the generated second encrypted information to the information storage area. Here, the recording medium device in which the second encrypted information is written is attached to the playback device. The reproduction apparatus is based on the key acquisition means for securely acquiring the medium unique key from the recording medium apparatus, the reading means for reading the second encrypted information from the information storage area, and the acquired medium unique key. The decryption means for decrypting the read second encryption and generating the decrypted content, and the playback means for reproducing the generated decrypted content.
[0189]
According to this configuration, it is possible to reproduce a digital work recorded on a recording medium device that makes it difficult for an unauthorized third party to hack.
Here, the transmission device stores the original content and the original content key unique to the original content in advance, acquires a distribution encryption key used for distributing the digital work, and uses the original content key as the original content key. The encrypted content is generated by encrypting the original content, the first encrypted content key is generated by encrypting the original content key using the acquired distribution encryption key, and the generated encrypted content and The first encrypted information including the first encrypted content key is transmitted, and the tamper resistant module unit stores in advance the distribution decryption key and a medium unique key unique to the recording medium device, and outputs them. The first encrypted information including the encrypted content and the first encrypted content key is acquired, and the first encrypted content key is decrypted using the distribution decryption key. An intermediate content key is generated, the generated intermediate content key is encrypted using the medium unique key to generate a second encrypted content key, and the acquired encrypted content and the generated second encrypted content The second encrypted information including a key is written, the reading means reads the second encrypted information including the encrypted content and the second encrypted content key, and the decrypting means acquires the acquired Using the medium unique key, the read second encrypted content key is decrypted to generate a decrypted content key. Using the generated decrypted content key, the read encrypted content is decrypted to obtain the decrypted content. Generate.
[0190]
According to this configuration, in the recording medium device, the content key is only decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. The processing load on the medium device can be reduced.
Here, the transmission device further stores usage condition information indicating a usage condition of the digital work and an original usage condition key unique to the usage condition information, and uses the distribution encryption key, The original usage condition key is encrypted to generate a first encrypted usage condition key, and the original usage condition key is used to encrypt the usage condition information to generate first encrypted usage condition information. 1 encryption use condition key and the first encryption use condition information are transmitted to the receiving device via a network, and the recording medium device further sends the first encryption use condition via the receiving device. Obtaining a condition key and the first encryption use condition information, decrypting the first encryption use condition key using the distribution decryption key, generating an intermediate use condition key, and generating the generated intermediate use condition key Using the first encryption usage condition information, Intermediate use condition information is generated, the medium unique key is used to encrypt the intermediate use condition information to generate second encrypted use condition information, and the generated second encrypted use condition information is Writing to the information storage area, the reading means further reads the second encryption usage condition information from the information storage area, and the decrypting means further reads the second read based on the medium unique key. The decryption usage condition information is generated by decrypting the encrypted usage condition information, and the reproduction means further determines whether or not the decrypted content can be reproduced based on the generated decryption usage condition information, and is determined to be reproducible. Only in this case, the generated decrypted content is reproduced.
[0191]
According to this configuration, content usage can be controlled based on the acquired usage condition information.
Here, the usage condition information includes information for limiting the number of times the decrypted content is reproduced, information for restricting a reproduction period of the decrypted content, or information for restricting a cumulative reproduction time of the decrypted content, Based on the information for limiting the number of playbacks, the information for limiting the playback period, or the information for controlling the cumulative playback time, it is determined whether or not the decoded content can be played.
[0192]
According to this configuration, permission / prohibition of content playback is determined based on information for limiting the number of times the decrypted content is played, information for limiting the playback period of the decrypted content, or information for limiting the cumulative playback time of the decrypted content it can.
Here, the playback device further includes an authentication unit that mutually authenticates the validity of the device with the recording medium device, and the key acquisition unit acquires only when the authentication is successful, The reading means reads only when the authentication is successful.
[0193]
According to this configuration, since the validity of the device is mutually authenticated between the playback device and the recording medium device, it is possible to prevent the digital work from being obtained from an unauthorized device.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of a digital work protection system 100. FIG.
FIG. 2 is a block diagram showing configurations of a content distribution server device 200 and a memory card 400. FIG.
3 is a block diagram showing a configuration of a memory card 400. FIG.
FIG. 4 is a block diagram showing a configuration of a PC 300
FIG. 5 is a block diagram showing configurations of a memory card 400 and a headphone stereo 500. FIG.
FIG. 6 shows a configuration of a distribution data format.
FIG. 7 shows a configuration of a recording data format.
FIG. 8 is a flowchart showing an operation at the time of writing to the memory card 400; Continue to FIG.
FIG. 9 is a flowchart showing an operation at the time of writing to the memory card 400; Continue to FIG.
10 is a flowchart showing an operation at the time of writing to the memory card 400. FIG. It continues from FIG.
FIG. 11 is a flowchart showing an operation at the time of reading from the memory card 400; Continuing to FIG.
12 is a flowchart showing an operation at the time of reading from the memory card 400. FIG. Continuing from FIG.
FIG. 13 is a block diagram showing the configuration of a content distribution server device 200b and a memory card 400b.
FIG. 14 is a block diagram showing a configuration of a memory card 400b.
15 is a block diagram showing configurations of a memory card 400b and a headphone stereo 500. FIG.
FIG. 16 shows a configuration of a distribution data format.
FIG. 17 shows a configuration of a recording data format.
FIG. 18 is a flowchart showing an operation at the time of writing to the memory card 400b. Continued to FIG.
FIG. 19 is a flowchart showing an operation at the time of writing to the memory card 400b. Continued to FIG.
FIG. 20 is a flowchart showing an operation at the time of writing to the memory card 400b. It continues from FIG.
FIG. 21 is a block diagram illustrating a configuration of a content distribution server device 200c and a memory card 400c.
FIG. 22 is a flowchart showing an operation when the computer or data included in the tamper resistant module unit 410c in the memory card 400c is updated in the digital work protection system 100c.
[Explanation of symbols]
10 Internet
100 Digital copyright protection system
200 server device for content distribution
201 Content storage unit
202 Distribution data storage unit
211 First authentication unit
212 Distribution Public Key Acquisition Unit
214 Elliptical encryption unit
215 DES encryption unit
250 DES encryption unit
300 PC
301 Microprocessor
302 Memory unit
303 Input section
304 display unit
305 communication unit
306 Memory card connection
400 memory card
410 Tamper resistant module
411 First authentication unit
412 Distribution public key storage unit
413 Distribution private key storage
414 Elliptical decoding unit
415 DES decryption unit
416 conversion unit
417 Second authentication unit
418 Recording medium key storage unit
419 DES encryption unit
422 Recording data storage unit
423 Distribution data storage unit
430 Information storage unit
431 Second storage area
432 First storage area
500 Headphone stereo
517 Second authentication unit
518 Recording medium key acquisition unit
519 DES decryption unit
531 Re-encrypted Data Acquisition Unit
532 Recording data storage
540 Usage condition determination unit
541 Playback unit
550 DES decryption unit
700 headphones

Claims (19)

A transmitting device; a receiving device that outputs information transmitted from the transmitting device to a portable recording medium device; A digital information protection system comprising a device,
The playback device is a playback device that decrypts and plays back encrypted content obtained by encrypting the original content based on an original content key,
The transmitting device encrypts the original content key based on a distribution encryption key to generate first encrypted information, transmits the generated first encrypted information via a network,
The receiving device receives the first encrypted information via the network, and outputs the received first encrypted information to the recording medium device;
The recording medium device includes an information storage area for storing information, and a tamper-resistant module unit having tamper resistance,
The tamper resistant module section acquires the output first encrypted information, decrypts the first encrypted information based on a distribution decryption key, generates intermediate information, and is a medium unique to the recording medium device Based on the unique key, the intermediate information is encrypted without using information outside the recording medium device to generate second encrypted information, and the generated second encrypted information is written to the information storage area,
When the recording medium device in which the second encrypted information is written is attached to the reproducing device, the reproducing device reads the second encrypted information from the information storage area, and secures the medium unique key. Read, decrypt the second encrypted information based on the medium unique key to generate a decrypted content key, and decrypt the encrypted content based on the decrypted content key to reproduce
A digital information protection system characterized by that. A transmission device, a reception device that outputs information transmitted from the transmission device to a portable recording medium device, and reproduction that reproduces an original content that is a digital work using the information written in the recording medium device A digital information protection system comprising a device,
The transmission device generates first encrypted information by encrypting use condition data indicating a use condition of the original content based on a distribution encryption key, and transmits the generated first encrypted information via a network.
The receiving device receives the first encrypted information via the network, and outputs the received first encrypted information to the recording medium device;
The recording medium device includes an information storage area for storing information, and a tamper-resistant module unit having tamper resistance,
The tamper resistant module unit obtains the output first encrypted information, decrypts the first encrypted information based on a distribution decryption key, generates intermediate information, and based on the medium unique key, Encrypting the intermediate information without using information outside the recording medium device to generate second encrypted information, writing the generated second encrypted information in the information storage area,
When the recording medium device in which the second encrypted information is written is attached to the reproducing device, the reproducing device reads the second encrypted information from the information storage area, and secures the medium unique key. Read, decrypt the second encrypted information based on the medium unique key to generate decryption usage condition data, and reproduce the original content according to the usage conditions indicated by the decryption usage condition data
A digital information protection system characterized by that. A portable recording medium device for recording digital information transmitted from a transmission device via a reception device,
The digital information, use condition data indicating a usage rule of the original content is a digital work, or a original content key using the original content to decrypt the encrypted content generated by encrypting,
The recording medium device receives first encrypted information obtained by encrypting the digital information based on a distribution encryption key from the transmitting device via the receiving device,
The recording medium device includes:
An information storage means comprising an area for storing information;
Tamper resistant module means having tamper resistance,
The tamper resistant module means includes:
A key storage unit that prestores a distribution decryption key and a medium unique key unique to the recording medium device;
An acquisition unit that acquires the transmitted first encrypted information via the receiving device;
A decryption unit that decrypts the first encrypted information based on the distribution decryption key to generate intermediate information;
An encryption unit that generates the second encrypted information by encrypting the intermediate information without using information outside the recording medium device based on the medium unique key;
A recording medium device comprising: a writing unit that writes the generated second encrypted information into the information storage unit. The transmitting device further said use condition information, the utilization condition information has stored therein a unique original usage condition key, using the distribution encryption key, first encrypts the original usage condition key An encryption usage condition key is generated, the usage condition information is encrypted using the original usage condition key to generate the first encrypted information, and the first encryption usage condition key and the first encryption are generated. Sending information to the receiving device via the network;
The acquisition unit acquires the first encryption use condition key and the first encryption information via the reception device;
The decoder uses the previous SL distribution decryption key, the first by decrypting the encrypted usage condition key and generates an intermediate usage condition key, using the generated the intermediate usage condition key, the first encrypted It decodes the information to generate the intermediate information,
The encrypted part of the previous SL with medium unique key, to encrypt the intermediate information to generate the second encryption information,
The recording medium device according to claim 3 , wherein the writing unit writes the generated second encrypted information in the information storage unit. The transmitting device further acquires the distribution encryption key that is a public key generated using a public key generation algorithm based on a distribution decryption key that is a secret key, and uses the distribution encryption key that is a public key. Encrypted by public key encryption algorithm,
The recording medium device according to claim 4 , wherein the decryption unit decrypts using the distribution decryption key by a public key decryption algorithm. The tamper resistant module means further comprises:
A conversion unit that converts the intermediate information that is the distribution data format generated by the decoding unit to generate recording intermediate information in a recording data format;
The recording medium device according to claim 3 , wherein the encryption unit encrypts the recording intermediate information instead of the intermediate information. The transmission device stores update information for updating the tamper resistant module means included in the recording medium device in advance, reads the update information, and transmits the read update information via a network and a reception device. , To the recording medium device,
The tamper resistant module means includes a microprocessor and a semiconductor memory storing a computer program, and the components included in the tamper resistant module means operate when the microprocessor operates according to the computer program,
The acquisition unit acquires the update information via the receiving device,
The tamper resistant module means further includes an updating unit that updates the computer program using the acquired update information, and thereby updates the components included in the tamper resistant module means. The recording medium device according to claim 6 . The transmission device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and generates the generated first hash value via the network and the reception device. Send securely to the device,
The tamper resistant module means further comprises:
A hash unit that applies the hash algorithm to the acquired update information to generate a second hash value;
A comparison determination unit that determines whether or not the acquired first hash value matches the generated second hash value;
The recording medium device according to claim 7 , wherein the update unit updates only when it is determined by the comparison determination unit that they match. The update information stored in the transmitting device includes information for updating a data conversion method from an encryption method, a decryption method, or a distribution data format to a recording data format provided in the tamper resistant module means,
The transmitting device transmits the update information;
The acquisition unit acquires the update information for updating an encryption method, a decryption method, or a data conversion method via the receiving device,
The update unit updates the computer program using the acquired update information, whereby the encryption unit, the decryption unit, or the conversion unit included in the tamper resistant module unit is updated. The recording medium device according to claim 8 . The transmission device further stores usage condition information indicating usage conditions of the digital work, reads the usage condition information, and applies a hash algorithm to the read usage condition information to generate a first hash value. And securely transmitting the generated first hash value and the read use condition information via the network,
The acquisition unit further acquires the transmitted first hash value and the use condition information via the receiving device,
The tamper resistant module means further comprises:
A hash unit that applies the hash algorithm to the acquired use condition information to generate a second hash value;
A comparison determination unit that determines whether or not the acquired first hash value matches the generated second hash value;
The encryption unit encrypts only when it is determined by the comparison determination unit to match,
The recording medium device according to claim 3 , wherein the writing unit writes only when the comparison determination unit determines that they match. The transmission device further authenticates the validity of the device with the recording medium device, acquires the distribution encryption key from the recording medium device only when the authentication is successful, encrypts it, Send
The tamper resistant module means further includes an authentication means for authenticating the validity of the device with the transmission device,
The acquisition unit acquires only when the authentication is successful,
The decryption unit decrypts only when the authentication is successful,
The encryption unit encrypts only when the authentication is successful,
The recording medium device according to claim 3 , wherein the writing unit writes only when the authentication is successful. The recording medium device is inserted into the playback apparatus, the playback apparatus is to read out information from the information storage means,
The tamper resistant module means further authenticates the authenticity of the device with the playback apparatus, and authenticates the read apparatus with permission to read information only when the authentication is successful. The recording medium device according to claim 3 , further comprising: The decoding unit includes a plurality of decoding schemes in advance, and decodes using one decoding scheme selected from the plurality of decoding schemes, where the selected decoding scheme is used in the transmitting apparatus. The recording medium device according to claim 3 , wherein reverse conversion of an encryption method is performed. The recording according to claim 3 , wherein the encryption unit includes a plurality of encryption methods in advance, and performs encryption using one encryption method selected from the plurality of encryption methods. Media device. The key storage unit stores a plurality of distribution decryption key candidates, and one distribution decryption key candidate is selected as the distribution decryption key from the plurality of distribution decryption key candidates,
The recording medium device according to claim 3 , wherein the decryption unit uses the selected distribution decryption key. The recording medium device according to claim 3 , wherein the tamper resistant module means realizes tamper resistance by software, hardware, or a combination of software and hardware. The tamper resistant module means further comprises:
A conversion unit that converts the intermediate information that is the distribution data format generated by the decoding unit to generate recording intermediate information in a recording data format;
The recording medium device according to claim 3 , wherein the encryption unit encrypts the recording intermediate information instead of the intermediate information. A recording method used in a portable recording medium device for recording digital information transmitted from a transmitting device via a receiving device,
The digital information is usage condition data indicating usage conditions of the original content that is a digital work, or an original content key used for decrypting the encrypted content generated by encrypting the original content,
The recording medium device receives first encrypted information obtained by encrypting the digital information based on a distribution encryption key from the transmitting device via the receiving device,
The recording medium device includes information storage means having an area for storing information, and tamper resistant module means having tamper resistance. The tamper resistant module means is unique to the distribution decryption key and the recording medium device. Including a key storage unit for storing the medium unique key in advance,
The recording method is:
In the tamper resistant module means, an obtaining step of obtaining the transmitted first encrypted information via the receiving device;
In the tamper resistant module means, a decrypting step of decrypting the first encrypted information based on the delivery decryption key to generate intermediate information;
In the tamper resistant module means, based on the medium unique key, an encryption step of encrypting the intermediate information without using information outside the recording medium device to generate second encrypted information;
A writing step of writing the generated second encrypted information into the information storage means by the tamper resistant module means;
A recording method comprising: A recording program used in a portable recording medium device for recording digital information transmitted from a transmitting device via a receiving device,
The digital information is usage condition data indicating usage conditions of the original content that is a digital work, or an original content key used for decrypting the encrypted content generated by encrypting the original content,
The recording medium device receives first encrypted information obtained by encrypting the digital information based on a distribution encryption key from the transmitting device via the receiving device, and the recording medium device stores the information And a tamper resistant module means having tamper resistance. The tamper resistant module means stores in advance a distribution decryption key and a medium unique key unique to the recording medium device. A key storage unit,
The recording program is
Obtaining the first encrypted information transmitted via the receiving device; and
A decryption step of decrypting the first encrypted information based on the distribution decryption key to generate intermediate information;
An encryption step of encrypting the intermediate information and generating second encrypted information based on the medium unique key without using information outside the recording medium device;
A writing step of writing the generated second encrypted information into the information storage means;
The tamper resistant module means which is a computer
A recording program characterized by that.