JP4337811B2 - Data recording device - Google Patents

Description

  The present invention relates to a data recording apparatus suitable for transferring / recording content data such as music.

  For example, an HDD (hard disk drive) of a personal computer is handled as a primary recording medium to store content data such as music, and the stored content data is transferred and recorded on another recording medium (secondary recording medium). There is a usage pattern in which music or the like is enjoyed on the next recording medium side. The content data refers to main data for the purpose of distribution / transfer / use of music data, video data, game data, computer software, and the like.

  In this case, the HDD stores content data such as music reproduced from package media such as CD-DA (Compact Disc Digital Audio) and DVD (Digital Versatile Disc), or a communication network to which a personal computer is connected. Content data downloaded from an external music server or the like is stored. Then, the user connects the recording device of the secondary recording medium to the personal computer, and copies (duplicates) or moves (moves) the content data stored in the HDD to the secondary recording medium, and supports the secondary recording medium. The content data such as music is played back by the playback device.

As the secondary recording medium, for example, a memory card using a semiconductor memory such as a flash memory, a mini disk as a magneto-optical disk, a CD-R (CD Recordable), a CD-RW (CD Rewitable), a DVD-RAM, DVD-R, DVD-RW, etc. can be considered.
Recorders / players compatible with these media (recording media) are widely used as recording devices and playback devices compatible with secondary recording media, such as stationary recording / playback devices and portable type recording / playback devices. Each user records / reproduces content data in accordance with his / her preference and owned equipment.

For example, when considering the usage form of such content data, it is necessary to consider copyright protection for the content data. For example, if a user uses content data distribution services or purchases package media and accumulates content data in the HDD and then the content data can be copied to a secondary recording medium without restriction, the copyright A situation occurs in which the legitimate protection of the person is not taken. For this reason, various technologies and data processing arrangements have been proposed that allow copyright protection to be maintained in the handling of content data as digital data, one of which is the standard called SDMI (SECURE DIGITAL MUSIC INITIATIVE). There is.
The data path established by this SDMI will be described later. For example, content stored in a personal computer having an HDD as a primary recording medium, for example, content data distributed from an external server via a network (hereinafter referred to as network content) For example, a CD-ROM drive or other disk drive device installed in a personal computer, or a content read from a package medium such as a CD-DA or DVD played on a disk drive device connected to the personal computer. Transfer / recording of data (hereinafter referred to as “disc content”) to a secondary recording medium is appropriately performed in consideration of copyright protection and the interests of general users (private duplication rights). .

  By the way, in the case where content data is transferred and copied from a primary recording medium such as an HDD to a secondary recording medium such as a mini disk, the content is protected in order to satisfy both copyright protection and private duplication rights as described above. As one method of data transfer, the data transfer device (primary recording medium side device) authenticates the data recording device (secondary recording medium side device) as the transfer destination, and the content data is transferred only when the authentication is OK. However, it is considered that the content data is transferred in an encrypted state, but is recorded on the secondary recording medium after being decrypted.

Here, the following examples are considered as methods for encrypting and decrypting the content data.
For example, it is assumed that the content data downloaded from an external server and stored in the HDD as the primary recording medium is encrypted with the content key CK.
For the sake of explanation, it is assumed that content data “A3D” compressed by the ATRAC3 method (or any other compression method) is encrypted and stored with the content key CK in the HDD that is the primary recording medium.

In the present specification, for the sake of explanation, the data y encrypted with the key x is
E (x, y)
It expresses.
For the encrypted data E (x, y), the data decrypted with the key x is
D {x, E (x, y)}
It shall be expressed as
Therefore, for example, when the compressed data of the ATRAC3 method is “A3D” as described above, the content data “A3D” encrypted with the content key CK is
E (CK, A3D)
It becomes. The data obtained by decrypting E (CK, A3D) with the key CK is
D {CK, E (CK, A3D)}
It can be expressed.

The HDD that is the primary recording medium stores the content key CK that is encrypted with the root key KR, that is, E (KR, CK), together with the encrypted content data E (CK, A3D). For example, the encrypted content key E (KR, CK) is downloaded together with the encrypted content data E (CK, A3D) from an external server.
In this case, when content data is transferred from the HDD as the primary recording medium to the secondary recording medium, the encrypted content data E (CK, A3D) and the encrypted content key E (KR, CK) may be transmitted.
Since the secondary recording medium side device holds the root key KR, the content key CK can be decrypted using the root key KR, and the encrypted content data can be decrypted using the decrypted content key CK. Become.
However, the root key KR is changed depending on the will of the copyright owner and various circumstances, and a different root key KR can be set for each content data. Although a specific example will be described later, the content distribution destination can be limited by processing of the root key KR.
For this reason, data called EKB (Enabling Key Block) may be distributed, and a regular terminal to which content data is transferred can adopt a method in which the root key can be confirmed by EKB. ing. That is, the EKB is distributed from the server together with the encrypted content data and the encrypted content key and stored in the HDD.

  Under such circumstances, when content data is transferred and copied from a primary recording medium such as an HDD to a secondary recording medium such as a mini-disc, the procedure shown in FIG. 15 is adopted as the transfer process. It will be.

FIG. 15A shows a case where one content data is transferred from the HDD to the mini disc and recorded.
First, in step c1, the primary recording medium side device incorporating the HDD authenticates the secondary recording medium side device which is a mini disk recording device.
If the authentication is successful, the root key KR is confirmed as a procedure c2. That is, the primary recording medium side device transmits the EKB for the content data to be transmitted to the secondary recording medium side device so that the root key KR can be determined by the secondary recording medium side device.
Next, in step c3, the primary recording medium side device transmits the encrypted content key CK to the secondary recording medium side device. The secondary recording medium side device decrypts the content key CK using the confirmed root key KR.
In step c4, the primary recording medium side device transmits the encrypted content data to the secondary recording medium side device. The secondary recording medium side device decrypts the content data using the decrypted content key CK, performs predetermined data processing, and records it on the mini-disc as the secondary recording medium.
Finally, as step c5, the secondary recording medium side device updates the management information on the mini-disc, that is, the management information known as U-TOC, as the content data is written to the mini-disc. The recording operation is completed.
By following the above procedure, transfer / copy recording of one content data is performed while ensuring copyright protection.

FIG. 15B shows a case where three pieces of content data are continuously transferred from the HDD to the mini disc for recording.
In this case, as steps d1 to d5, the same processing as steps c1 to c5 in FIG. 15A is performed to complete the transfer and recording of the first content data. In steps d6 to d10, the same processing as steps c1 to c5 in FIG. 15A is performed to complete the transfer and recording of the second content data. Further, as steps d11 to d15, the same processing as steps c1 to c5 in FIG. 15A is performed to complete the transfer and recording of the third content data.
For example, when transferring / recording a plurality of content data in this way, the procedure shown in FIG. 15A is repeated as many times as the number of content data to be transferred.

  Although it is considered that the processing procedure described above is taken for the transfer / recording of content data, in practice, the efficiency of the transfer processing of content data and the processing time for a series of transfers and recordings are shortened. Is required.

According to the present invention, as content unit information, content data encrypted with a first key, a first key encrypted with a second key, and activation information of a second key are temporarily stored. As a data recording apparatus to which data transfer is performed from a data transfer apparatus stored in a recording medium, communication means for performing data communication with the data transfer apparatus, and data recording with respect to a secondary recording medium are performed. When one or more series of encrypted content data are transmitted from the next recording medium drive means and the data transfer device, the stored decryption management information and the transmitted validation information are stored. One or more series of encrypted content data transmitted from the decrypted first key by decrypting the second key using the decrypted second key, decrypting the first key from the decrypted second key Non When the activation information is not transmitted corresponding to a certain content data, the second key based on the activation information related to the other content data already received The decryption means for decrypting the first key and the content data decrypted by the decryption means are recorded on the secondary recording medium by the secondary recording medium drive means, and the transmission data from the data transfer apparatus is 1 or Recording control means for causing the secondary recording medium drive means to update management information on the secondary recording medium according to the series of content data recording for a plurality of series of content data.
Furthermore, the recording control means, at the time when the recording to the next recording medium is completed for the one or more series of content data related to transmission from the data transfer device, according to the series of content data recording, The management information on the secondary recording medium is updated by the secondary recording medium drive means.

As can be seen from the above description, according to the present invention, when a plurality of content data is transmitted from the data transfer device on the primary recording medium side to the data recording device and recorded on the secondary recording medium, the second (second) At the time of transferring the content data, if the validation information of the content data is the same as the validation information of the already transferred content data, only the transfer of the first key (content key) and the transfer of the content data are performed. As a result, the confirmation process of the second key (such as the root key KR) using the validation information (EKB) can be made more efficient.
Further, at the time when the recording of one or a plurality of series of content data on the secondary recording medium is completed, the management information is updated on the secondary recording medium corresponding to the recording. Thus, the management information update process on the secondary recording medium can be made efficient.
For these reasons, the content data transfer process, particularly the process for transferring / recording a plurality of content data, is made more efficient, and the transfer process time can be shortened.

Hereinafter, embodiments of the present invention will be described in the following order.
1. Encryption key tree structure and EKB
2. 2. System configuration 3. Data path for SDMI content Configuration example of data transfer device (primary recording medium side device / PC)
5. Configuration example of data recording device (secondary recording medium side device / recording / reproducing device)
6). Authentication processing Content encryption method8. Content transfer process

1. Encryption key tree structure and EKB

First, prior to specific description of the transfer system of the embodiment, the structure of an encryption method key used for content distribution will be described.
Therefore, with reference to FIG. 1, FIG. 2, and FIG. 3, a description will be given of the encryption processing key (key) holding configuration and data distribution configuration in each device when the encrypted data is distributed from the content distribution side to each device on the content reception side. I will do it.

  FIG. 1 shows a tree structure of the encryption key, and numbers DV0 to DV15 shown at the bottom of FIG. 1 are individual devices on the content receiving side. That is, each leaf (leaf) in the hierarchical tree structure shown in the figure corresponds to each device.

Each device DV0 to DV15 is obtained from a key (node key) assigned to a node from its own leaf to the root and a leaf key of each leaf in the hierarchical tree structure shown in FIG. Is stored in memory. This key set is called DNK (Device Node Key), and a specific example thereof will be described later in an example of the embodiment.
K0000 to K1111 shown at the bottom of FIG. 1 are leaf keys assigned to the respective devices DV0 to DV15, and are described in the second section (node) from the bottom, following the top KR (root key). Keys: K0 to K111 are node keys. Note that the word “root key” may be included in the “node key”.

In the tree configuration shown in FIG. 1, for example, the device DV0 owns a leaf key K0000, node keys: K000, K00, K0, and a root key KR as the DNK. For example, the DNK owns the node keys: K000, K00, K0, and the root key KR encrypted with the leaf key K0000.
The device DV5 has a leaf key K0101, node keys K010, K01, K0, and a root key KR in the same manner. The device DV15 also has a leaf key K1111, node keys K111, K11, K1, and a root key KR in the same manner.
Note that only 16 devices DV0 to DV15 are shown in the tree of FIG. 1, and the tree structure is shown as a balanced configuration with a four-stage balance, but more devices are configured in the tree. Also, it is possible to have a different number of stages in each part of the tree.

  Each information processing apparatus (device) included in the tree structure of FIG. 1 uses various recording media such as a DVD, CD, MD, flash memory, etc. that are embedded in the device or configured to be detachable from the device. Various types of information processing devices are included. Furthermore, various application services can coexist. The hierarchical tree structure which is the content or key distribution configuration shown in FIG. 1 is applied on such a coexistence configuration of different devices and different applications.

  In a system in which these various information processing apparatuses (devices) and applications coexist, for example, the parts surrounded by dotted lines in FIG. 1, that is, the devices DV0, DV1, DV2, DV3 are set as one group using the same recording medium. . For example, for devices included in the group surrounded by the dotted line, the common content is encrypted and sent from the provider, the content key used in common for each device is sent, or each device is sent. Then, the process of encrypting and outputting the content fee payment data to the provider or the settlement institution is executed. An institution that performs data transmission / reception with each device, such as a content provider or a payment processing institution, sends data collectively as a group with the portions surrounded by dotted lines in FIG. 3, that is, devices DV0, DV1, DV2, DV3. Execute the process. There are a plurality of such groups in the tree of FIG. An organization that transmits / receives data to / from each device, such as a content provider or a payment processing organization, functions as message data distribution means.

  The node key and leaf key may be managed by a single key management center, or may be managed for each group by a message data distribution means such as a provider or a settlement organization that performs various data transmission / reception for each group. It is good. These node keys and leaf keys are updated when, for example, a key is leaked, and this updating process is executed by a key management center, a provider, a settlement organization, or the like.

In this tree structure, as is apparent from FIG. 1, the three devices DV0, DV1, DV2, DV3 included in one group have common keys K00, K0, KR as node keys / root keys. By using this node key sharing configuration, for example, a common content key can be provided only to the devices DV0, DV1, DV2, DV3.
For example, if the commonly held node key K00 itself is set as the content key, only the devices DV0, DV1, DV2, DV3 can set the common content key without executing new key transmission. Further, if the value E (K00, CK) obtained by encrypting the new content key CK with the node key K00 is stored on the recording medium via the network or distributed to the devices DV0, DV1, DV2, DV3, the device DV0, Only DV1, DV2, and DV3 can obtain the content key CK by breaking the encryption E (K00, CK) using the shared node key K00 possessed by each device.

Also, at a certain time t, when it is discovered that the keys K0011, K001, K00, K0, KR owned by the device DV3 are analyzed and exposed by an attacker (hacker), the system (devices DV0, DV1, DV1) In order to protect data transmitted and received in the DV2 and DV3 groups), it is necessary to disconnect the device DV3 from the system.
For this purpose, the node keys K001, K00, K0 and the root key KR are updated to new keys K (t) 001, K (t) 00, K (t) 0, K (t) R, respectively, and the devices DV0, DV1. , DV2 needs to be notified of the update key. Here, K (t) aaa indicates that the key is a renewal key of Generation: t.
Of course, when distributing content, the node key or the root key KR may be updated in accordance with other circumstances, for example, various circumstances such as a request from the copyright holder or convenience in system distribution.
For these reasons, it is necessary to communicate a key update to a legitimate device.

The update key distribution process will be described. For the key update, for example, a table composed of block data called an enabling key block (EKB) shown in FIG. 3A is stored in, for example, a network or a recording medium and supplied to the device. Is executed by. For example, when the device DV3 is disconnected as described above, the EKB is supplied to the devices DV0, DV1, DV2.
The enabling key block (EKB) is composed of an encryption key for distributing a newly updated key to devices corresponding to each leaf constituting the tree structure as shown in FIG. The enabling key block (EKB) is sometimes called a key renewal block (KRB).

The enabling key block (EKB) shown in FIG. 2A is configured as block data having a data configuration that can be updated only by a device that needs to update the node key. The example of FIG. 2 is block data formed for the purpose of distributing generation t update node keys in the devices DV0, DV1, DV2 in the tree structure shown in FIG.
For example, assuming that the keys K0011, K001, K00, K0, and KR are exposed in an unauthorized manner as described above, the device DV0 and the device DV1 have K (t) 00, K (t) 0, and K ( t) R is required, and the device DV2 requires K (t) 001, K (t) 00, K (t) 0, and K (t) R as update keys.

As shown in the EKB of FIG. 2A, in this case, the EKB includes a plurality of encryption keys. The lowest encryption key is E (K0010, K (t) 001). This is an update node key K (t) 001 encrypted with the leaf key K0010 of the device DV2, and the device DV2 can decrypt this encryption key with its own leaf key to obtain K (t) 001. .
Also, using K (t) 001 obtained by decryption, the second-stage encryption key E (K (t) 001, K (t) 00) from the bottom of FIG. 2A can be decrypted and updated. The node key K (t) 00 can be obtained. Thereafter, the encryption key E (K (t) 00, K (t) 0) in the second stage from the top in FIG. 2A is decrypted to obtain the updated node key K (t) 0, and one stage from the top. The encrypted key E (K (t) 0, K (t) R) is decrypted to obtain an updated root key K (t) R.

On the other hand, in the devices DV0 and DV1, the leaf keys K0000, K0001 and the node key K000 are not included in the update target, and K (t) 00, K (t) 0, K (t) R are required as update keys. It is.
Therefore, the devices DV0 and DV1 respectively decrypt the encryption key E (K000, K (t) 00) in the third row from the top in FIG. 2A to obtain the updated node key K (t) 00, and The encryption key E (K (t) 00, K (t) 0) is decrypted to obtain the updated node key K (t) 0, and further the encryption key E (K (t) 0, K (t) R) To obtain an updated root key K (t) R.
In this way, the devices DV0, DV1, DV2 can obtain the updated root key K (t) R. The index in FIG. 2A indicates the absolute address of the node key and leaf key used as the decryption key.

  In addition, when it is not necessary to update the node keys K (t) 0 and K (t) R in the upper stage of the tree structure shown in FIG. 1, and only the node key K00 needs to be updated, FIG. By using the activation key block (EKB), the updated node key K (t) 00 can be distributed to the devices DV0, DV1, DV2.

The EKB shown in FIG. 2B can be used, for example, when distributing a new content key shared in a specific group.
As a specific example, it is assumed that a recording medium having devices DV0, DV1, DV2, DV3 in a group indicated by a dotted line in FIG. 3 is used and a new common content key CK (t) is required. At this time, data E (K (t) 00 obtained by encrypting a new common updated content key CK (t) using K (t) 00 obtained by updating the common node key K00 of the devices DV0, DV1, DV2, DV3. , CK (t)) is distributed together with the EKB shown in FIG.
This distribution enables distribution as data that cannot be decrypted in other groups of devices such as the device DV4.
That is, if the device DV0, DV1, DV2 decrypts the ciphertext using K (t) 00 obtained by processing the EKB, it becomes possible to obtain the content key CK (t) at time t.

As described above, the key structure is a tree structure, and each key can be arbitrarily updated by EKB as in the above example.
By using this key structure, it becomes possible to easily update the root key KR and the node key according to various circumstances, and content distribution in a normal state can be executed flexibly.

FIG. 3 shows a format example of the enabling key block (EKB).
The number of node keys is indicated by 4 bytes.
The depth of the node key is indicated by 4 bytes. This indicates the number of hierarchies in the hierarchy tree for the device to which the enabling key block (EKB) is distributed.
Four bytes indicate the EKB version. Note that the version has a function for identifying the latest EKB and a function for indicating a correspondence relationship between contents.
The reserve is a reserved area.

An encrypted node key (one or more) that is the actual content of the EKB is shown in an area of 16 × M bytes from the position of 16 bytes as an offset address. That is, the encryption key is as described with reference to FIGS.
Further, an encrypted EKB version and an electronic signature (Signature) are shown. The electronic signature is an electronic signature executed by an EKB issuing authority that has issued the enabling key block (EKB), for example, a key management center, a content provider, a settlement organization, or the like. The device that has received the EKB confirms by the signature verification that it is an activation key block (EKB) issued by a valid activation key block (EKB) issuer.

2. System configuration

An embodiment of the present invention employing the above key structure will be described below.
FIG. 4 shows a system configuration example. The primary recording medium side device 1 corresponds to the data transfer device of the present invention, and the secondary recording medium side device 20A corresponds to the data recording device of the present invention. Therefore, the configuration of the primary recording medium side device 1 and the secondary recording medium side device 20A in FIG. 1 corresponds to the data transfer system of the present invention.

The primary recording medium side device 1 is formed by a personal computer, for example. Hereinafter, for convenience of explanation, the primary recording medium side device 1 may be referred to as a personal computer 1. However, the primary recording medium side device 1 is not necessarily formed by a personal computer.
The primary recording medium side device 1 performs the operation as the data transfer device according to the present invention, for example, by software that executes storage / transfer of SDMI content data activated on a personal computer.
The HDD 5 built in (or externally attached to) the personal computer 1 serves as a primary recording medium (and primary recording medium drive means). In the description of the embodiment, the HDD 5 is a primary recording medium. Of course, the recording medium corresponding to the primary recording medium is not limited to the HDD. For example, a medium such as an optical disk or a magneto-optical disk, a semiconductor memory built in a device, a portable type Various devices such as a semiconductor memory (memory card or the like) are conceivable.

The primary recording medium side device 1 is communicable with the content server 91 via the communication network 110, thereby enabling downloading of content data such as music. Of course, there are a plurality of content servers 91, and the user of the personal computer 1 can arbitrarily use various data download services.
The content data downloaded from the content server 91 to the personal computer 1 includes content data that conforms to SDMI and content data that does not conform to SDMI.

  The transmission path forming the network 110 may be a wired or wireless public line network, or may be a dedicated line for the personal computer 1 and the content server 91. Specifically, as the network 110, for example, the Internet, a satellite communication network, an optical fiber network, and other various communication lines can be applied.

  Further, the HDD 5 of the personal computer 1 stores content data such as music reproduced from a package medium 90 such as a CD-DA or DVD (hereinafter also referred to as a disk 90) by an internal or external disk drive device. You can also.

  The personal computer 1 is connected to the secondary recording medium side device 20A or 20B, and the content data stored in the HDD 5 can be transferred to the secondary recording medium side device 20A or 20B. The secondary recording medium side device 20A or 20B is a recording device (recording / reproducing device) for the secondary recording medium. The content data transferred from the personal computer 1 can be copied and recorded on the secondary recording medium.

  Various specific examples of the secondary recording medium side devices 20A and 20B are conceivable, but the secondary recording medium side device 20B here is a recording device compatible with SDMI. The SDMI-compatible recording apparatus will be described later in the description of the data path in FIG. In the SDMI compatible recording / reproducing apparatus 20B, an SDMI compatible memory card using a semiconductor memory such as a flash memory is assumed as a secondary recording medium. Therefore, the secondary recording medium side device 20B is, for example, a recording / reproducing device for a memory card compatible with SDMI. In this case, the SDMI content is recorded on the secondary recording medium in an encrypted state.

  On the other hand, the secondary recording medium side device 20A corresponds to the data recording device in the present embodiment, and will be described in detail later. It is recorded on a recording medium. An example of the secondary recording medium here is a mini-disc. Accordingly, the secondary recording medium side device 20A is a mini-disc recording / reproducing apparatus. Hereinafter, the secondary recording medium side device 20A may be referred to as a recording / reproducing device 20A.

  However, the medium recorded and reproduced by the secondary recording medium side device 20A is not only a mini disk, but also a memory card using a semiconductor memory such as a flash memory, a mini disk as a magneto-optical disk, or a CD-R (CD Recordable). CD-RW (CD Rewitable), DVD-RAM, DVD-R, DVD-RW, and the like. Accordingly, the secondary recording medium side device 20A may be a recording device corresponding to these media.

The personal computer 1 and the secondary recording medium side device 20A or 20B are connected based on a transmission standard such as USB (Universal Serial Bus) or IEEE1394. Of course, content data or the like may be transferred via a wired transmission line of another transmission standard or a wireless transmission line.

3. SDMI content data path

For example, FIG. 5 shows a data path established by SDMI when a system as shown in FIG. 4 is assumed.
This data path is a data path for storing music contents and transferring them to external devices (secondary recording medium side devices 20A and 20B) in the personal computer 1 having the HDD 5 as a primary recording medium, for example. In other words, the personal computer 1 is realized by software for storing / transferring music content.
The procedures / processes on the data path in FIG. 5 are denoted by reference numerals DP1 to DP9, and corresponding portions are indicated by the reference numerals in the following description.

The content data (network content) distributed from the external server 91 via the network 110 shown in FIG. 4 is first checked whether it is copyright-protected content compliant with SDMI (DP1). .
As network contents to be distributed, there are contents that the server transmits as contents compliant with SDMI (hereinafter referred to as SDMI compliant contents) and contents that are not related to SDMI (hereinafter referred to as non-SDMI contents).

  In the case of SDMI-compliant content, the data is encrypted with the content key CK by key encryption such as DES. If the content data itself is originally data (A3D) encoded by a compression method such as ATRAC3, the SDMI-compliant content is distributed in the state of E (CK, A3D).

If the distributed network content is SDMI-compliant content, it is stored as SDMI content in the HDD 5 as the primary recording medium (DP1 → DP2).
In this case, the content data is written to the HDD 5 in the delivered E (CK, A3D) state. Alternatively, after encryption is once decrypted, encryption may be performed with another key CK ′, that is, key replacement may be performed and written to the HDD 5 in the state of E (CK ′, A3D).

On the other hand, when the network content is non-SDMI content, a watermark check, that is, a screening process by digital watermarking is performed (DP1 → DP3).
Further, for example, content read from a built-in drive such as a CD-ROM drive equipped in the personal computer 1 or a package medium such as a CD-DA or DVD played on a disk drive device connected to the personal computer 1. For data (disc content), a direct watermark check is performed (DP3).
That is, a watermark check is performed for content data that does not conform to SDMI.

  If the watermark check is not passed, the content data cannot be copied on the SDMI data path (DP3 → DP5). Specific handling can be considered in various ways depending on the software design. For example, it can be handled as content data that is stored in the HDD 5 but cannot be transferred to other media for copying / moving, or SDMI. It is conceivable that the content is not stored in the HDD 5 on the compliant content processing.

  When the watermark check is passed, that is, when the digital watermark exists and the copy permission is confirmed as the copy control bit, it is determined that the content data can be legally copied, and the content data is subsequently treated as SDMI. It is confirmed whether or not to perform (DP4). Whether or not such content data is handled as being compliant with SDMI may be determined according to software design or user settings.

If not handled as SDMI, it is treated as non-SDMI and excluded from the content data path compliant with the SDMI (DP6). For example, transfer to a recording apparatus that does not support SDMI may be possible.
On the other hand, in the case of handling as SDMI, the content data is encrypted and stored in the HDD 5 as SDMI content (DP4 → DP2). For example, it is stored in the HDD 5 in the state of E (CK, A3D) or E (CK ′, A3D).

  With the above data path, the HDD 5 serving as the primary recording medium can store SDMI-treated content (SDMI network content) obtained via the network 110, or an SDMI-handled disc such as a CD-DA or other media. Content (SDMI disc content) is stored.

  The SDMI content (SDMI network content or SDMI disc content) stored in the HDD 5 can be transferred to the SDMI compatible recording / reproducing device 20B under a predetermined rule, and can be copied to an SDMI compatible secondary recording medium. Is done. In the case of this example, transfer to the recording / reproducing apparatus 20A in addition to the SDMI compatible recording / reproducing apparatus 20B is possible under predetermined conditions.

First, when the recording / reproducing apparatus 20B corresponding to SDMI is connected to the personal computer 1 having the HDD 5, the operation is as follows.
In the case of SDMI disc content, a transfer handling rule (Usage Rule) corresponding to the SDMI disc content is determined, and based on the handling rule, the SDMI disc recording / reproducing apparatus 20B performs copying. Transfer is allowed (DP8).

  Copy transfer from the primary recording medium (HDD 5) to the secondary recording medium (memory card or the like) recorded / reproduced by the SDMI compatible recording / reproducing apparatus 20B is called “checkout”. Conversely, the move transfer from the secondary recording medium to the primary recording medium is called “check-in”. In the case of a move from the secondary recording medium to the primary recording medium, the content data is erased on the secondary recording medium.

  As a handling rule of transfer corresponding to the SDMI disc content, a predetermined upper limit number of checkouts is defined such that, for example, up to three checkouts are allowed for one content data. Therefore, for example, copying is permitted up to three secondary recording media compatible with SDMI. When the check-in is performed, the number of check-outs for the content data is subtracted. Therefore, even after copying to three SDMI-compliant secondary recording media, if you check in from one of the secondary recording media, the content can be copied again to the SDMI-compliant secondary recording media. It is said. That is, content data is always allowed to coexist on up to three SDMI-compliant secondary recording media.

Also in the case of SDMI network content, a transfer handling rule (Usage Rule) corresponding to the SDMI network content is determined, and based on the handling rule, the SDMI compatible recording / playback apparatus 20B is configured to perform copying. Transfer is allowed (DP7).
As the handling rule, the upper limit of the number of checkouts is determined in the same manner as described above, but the upper limit number of times may be the same as the handling rule in the case of SDMI disc content or may be different. For example, it is conceivable that the upper limit of checkout is one time. In that case, one piece of content data can be copied only to one other SDMI-compliant secondary recording medium, but if transfer is checked in from the secondary recording medium, copy transfer can be performed again.

When SDMI content is transferred for copying to an SDMI-compliant secondary recording medium in accordance with these handling rules, data transmission is performed in an encrypted state on the transmission line. That is, for example, the data is transferred in the state of E (CK, A3D) or the state of E (CK ′, A3D).
Furthermore, in the SDMI compatible recording / reproducing apparatus 20B that has received the SDMI content transmitted after being encrypted, the SDMI content is copied and recorded on the secondary recording medium in the encrypted state.

When the SDMI compatible recording / reproducing apparatus 20B reproduces the SDMI content copied and recorded on the secondary recording medium, it decrypts and reproduces the encryption of the content data read from the secondary recording medium. That is, the content data recorded on the secondary recording medium in the state of E (CK, A3D) or E (CK ′, A3D) is decrypted with the key CK or key CK ′.
That is, the original content data is obtained as ATRAC3 data (A3D) decrypted as D {CK, E (CK, A3D)} = A3D or D {CK ′, E (CK ′, A3D)} = A3D. This content data is demodulated as, for example, audio data by performing decompression processing or the like for ATRAC3 compression, and reproduction output of music or the like is performed.

  As described above, SDMI-compliant content data is encrypted data until it is checked out to the SDMI-compatible recording / reproducing apparatus 20B and further onto the secondary recording medium. In addition, copy management based on the transfer handling rule check described above enables appropriate copyright protection for content data.

On the other hand, when the recording / reproducing apparatus 20A is connected to the personal computer 1, the following processing is performed.
As described above, the recording / reproducing apparatus 20A is different from the SDMI-compatible recording / reproducing apparatus 20B, and records on a mini-disc as a secondary recording medium in a state where the encryption is broken. By recording with decryption, the content data copied and recorded on the mini-disc can be played back by a general mini-disc playback device that is widely used, thereby improving user convenience. be able to.
However, recording with decryption is inconvenient in terms of copyright protection. Therefore, when content data is transferred to the recording / reproducing apparatus 20A, it is necessary to satisfy a predetermined condition.

As a condition for permitting copy recording on the secondary recording medium in a state where the SDMI network content is transferred to the recording / reproducing apparatus 20A and decrypted, for example, one recording / reproducing apparatus 20A has been authenticated OK, (2) The copyright holder must accept copy records for the content data to be transferred, (3) Check-in is prohibited, and the transfer rule (Usage Rule) is satisfied as the number of check-outs. The
By satisfying the 123 transfer conditions, unlimited copy transfer cannot be performed to devices other than the SDMI-compatible recording / reproducing apparatus 20B, and a copyright protection function is ensured. Also, the copyright protection function can be provided even when the transmission path for transfer is in an encrypted state (decryption is performed on the recording / reproducing apparatus 20A side).

When the SDMI network content is transferred to the recording / reproducing apparatus 20A, the above-mentioned 123 transfer conditions are checked (DP9).
That is, a predetermined authentication process is performed on the recording / reproducing apparatus 20A. Further, the intention of permission of copying on the copyright owner side is confirmed from the flag information included in the content data. Furthermore, check-in / check-out handling rules are imposed.

When transferring the SDMI network content to the recording / reproducing apparatus 20A in accordance with these conditions, data transmission is performed in an encrypted state on the transmission line. That is, for example, the data is transferred in the state of E (CK, A3D) or the state of E (CK ′, A3D).
The encrypted SDMI network content is received and processed by the recording / reproducing apparatus 20A having the configuration shown in FIG. 7 to be described later, and then decrypted by the decryption processing unit 28, for example, the original ATRAC3 compressed data (A3D) and Is done. Then, the decrypted content data is supplied to the recording / reproducing unit 25 through the encoding process by the encoding / decoding unit 24, and is copied and recorded on the mini disc 100.

Accordingly, when the recording / reproducing apparatus 20A reproduces the SDMI content copied and recorded on the mini disc 100, the data read from the mini disc 100 is decoded by an ordinary mini disc system, that is, EFM demodulation, ACIRC error correction, ATRAC compression. What is necessary is just to perform the expansion | extension process etc. with respect to a system.
This means that the copy-recorded minidisc 100 can normally reproduce the content data even when it is loaded into a normal minidisc playback device. That is, as described above, the user can enjoy the music and the like by playing the SDMI network content copied and recorded on the mini disc 100 with a normal mini disc playback device that does not support SDMI.

Needless to say, in the data path shown in FIG. 5, when the transfer permission is not confirmed by the handling rule check of DP7, DP8, and DP9, the transfer to the recording / reproducing devices 20A and 20B is not performed.

4). Configuration example of data transfer device (primary recording medium side device / PC)

FIG. 6 shows the configuration of the primary recording medium side device 1 which is a data transfer device. The example described here is a case where the primary recording medium side device 1 is formed by a personal computer. However, as a device having a similar function is constructed by dedicated hardware, the device is dedicated to data transfer. It may be formed.

In the case of this example, by installing a software program that causes the personal computer 1 to execute a function as a data transfer device, a primary recording medium side device that becomes the data transfer device is realized. In this specification, the term “personal computer” or “computer” has a broad meaning as a so-called general-purpose computer.
The program can be recorded in advance in a hard disk (HDD) 5 or ROM 3 as a recording medium built in the computer.
Alternatively, the program is stored temporarily or on a removable recording medium 90 such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored permanently (recorded). Such a removable recording medium 90 can be provided as so-called package software.

  The program is installed in the computer from the removable recording medium 90 as described above, or transferred from the download site to the computer wirelessly via a digital satellite broadcasting artificial satellite, or a LAN (Local Area Network), The program can be transferred to a computer via a network such as the Internet, and the computer can receive the program transferred in this way by the communication unit 8 and install it in the built-in HDD 5.

The computer 1 in FIG. 6 includes a CPU (Central Processing Unit) 2. An input / output interface 10 is connected to the CPU 2 via the bus 12. When a command is input by the user operating the input unit 7 including a keyboard, a mouse, a microphone, and the like via the input / output interface 10, the CPU 2 reads the ROM (Read Only Memory) accordingly. ) The program stored in 3 is executed. Alternatively, the CPU 2 is transferred from a program stored in the HDD 5, a program transferred from a satellite or a network, received by the communication unit 8 and installed in the HDD 5, or a removable recording medium 90 such as an optical disk attached to the drive 9. The program read and installed in the HDD 5 is loaded into a RAM (Random Access Memory) 4 and executed. As a result, the CPU 2 executes processing as a data transfer apparatus for SDMI content described later.
Then, the CPU 2 outputs the processing result from the output unit 6 constituted by an LCD (Liquid Crystal Display), a speaker, or the like, or from the communication unit 8 via the input / output interface 10 as necessary, Is recorded in the HDD 5.

  In this example, the communication unit 8 can communicate with various servers via the network 110 in FIG. That is, the computer 1 can download network content such as music content from the external content server 91. The downloaded network content is processed as SDMI-compliant content or non-SDMI-compliant content in accordance with the data path described above. For example, at least SDMI-compliant processing is stored in the HDD 5 as SDMI content. Is done. The SDMI content stored in the HDD 5 becomes a content to be transferred to the secondary recording medium side device 20B corresponding to SDMI or the authenticated secondary recording medium side device (recording / reproducing apparatus) 20A.

  The connection part 11 is a part connected so that data communication is possible between the secondary recording medium side devices 20A and 20B. For example, examples such as a USB interface and an IEEE 1394 interface are conceivable. Of course, another standard wired interface or a wireless interface using infrared rays or radio waves may be used.

Note that the various processes for realizing the data path described in FIG. 5 do not need to be performed in time series, and include processes that are executed in parallel or individually (for example, parallel processing or object processing). .
Further, the program may be processed by one computer, or may be processed in a distributed manner by a plurality of computers. Furthermore, the program may be transferred to a remote computer and executed.

5. Configuration example of data recording device (secondary recording medium side device / recording / reproducing device)

A configuration example of the secondary recording medium side device (recording / reproducing apparatus) 20A is shown in FIG.
In this example, the recording / reproducing apparatus 20A is configured as a mini disk recorder, for example. Therefore, the secondary recording medium 100 is an example of a mini disk (a magneto-optical disk). Hereinafter, it is also referred to as “mini disk 100”.
FIG. 7 shows only a processing system for recording / reproducing data with respect to the mini-disc as the secondary recording medium 100 and a processing system for authentication processing and data transfer with the primary recording medium side device 1. Since the drive system, servo system, reproduction output system, etc. for 100 are the same as those of a normal mini-disc recording / reproduction apparatus, detailed illustration is omitted.

The CPU 21 is a system controller that controls the entire recording / reproducing apparatus 20A. Specifically, for recording / reproduction with respect to the mini-disc 100, control of rotational drive, spindle servo, focus servo, tracking servo, thread servo, control of laser light and magnetic field application operation of the optical head / magnetic head, recording / reproduction Controls encoding / decoding of data. It also controls communication with the personal computer 1 and instructions for data generation, exchange of various commands from the personal computer 1, and processing of transferred content data.
Although not shown, an operation unit and a display unit are provided as a user interface. However, a user operation from the operation unit is monitored, processing according to the operation, display control of the display unit, and the like are also performed.

  The recording / reproducing unit 25 includes an optical head, a magnetic head, a disk rotation drive system, a servo system, and the like, and is a part that actually records / reproduces data with respect to the mini disk 100.

The encoding / decoding unit 24 encodes recording data for the mini disc 100 and decodes reproduction data reproduced from the mini disc 100. As is well known, in the case of a mini-disc system, the recording data is subjected to an ACIRC error correction code encoding process and an EFM modulation process. The encoding / decoding unit 24 performs ACIRC encoding and EFM encoding on the recording data and supplies the recording data to the recording / reproducing unit 25.
Further, at the time of reproduction, decoding processing such as binarization processing, EFM demodulation, and ACIRC error correction processing is performed on the data (RF signal) read and supplied from the recording / reproducing unit 25.

The codec 23 is a part that performs compression processing and decompression processing by compression encoding of the ATRAC / ATRAC3 system.
Data recorded on the mini-disc 100 is subjected to the encoding process after ATRAC or ATRAC3 compression encoding. Accordingly, when data that has not been compression-encoded, such as PCM audio data, is input as recording data to the recording / reproducing apparatus 20A, the codec 23 performs ATRAC / ATRAC3 compression encoding, and the compressed data Is supplied to the encoding / decoding unit 24.
At the time of reproduction, the data read out by the recording / reproducing unit 25 and decoded by the encoding / decoding unit 24 is data in a compression encoded state of the ATRAC / ATRAC3 system. For this reason, the codec 23 performs a decompression process for the compression of the ATRAC or ATRAC3 system, thereby demodulating digital audio data of, for example, 44.1 KHz and 16-bit quantization. The digital audio data is subjected to, for example, D / A conversion, analog signal processing, amplification processing, and the like in an output system circuit (not shown) to be output as a speaker output signal and reproduced as music or the like.
Alternatively, the digital audio data can be output to another device.

  The above configuration is a component provided in a recording / reproducing apparatus of a normal mini-disc system, but in the recording / reproducing apparatus 20A of this example, an interface is provided as a part corresponding to the personal computer as the primary recording medium side device 1. A unit 26 and a decoding unit 29 are provided.

The interface unit 26 is a part that is connected to the connection unit 11 of the personal computer 1 in FIG. 6 and performs data communication with the personal computer 1. For this reason, a buffer unit 27 that buffers transmission / reception data and a transmission / reception processing unit 28 that performs signal processing on the interface are provided. For example, signal processing corresponding to a communication method such as USB or IEEE1394 is performed.
Communication with the personal computer 1 via the interface unit 26 includes reception of various commands from the personal computer 1, transmission / reception of data for authentication processing described later, reception of SDMI content, and the like.

The decryption unit 29 is a part for dealing with encryption processing of SDMI content, and includes a key storage unit 30 and a decryption processing unit 31.
The key storage unit 30 stores key information for decrypting the encrypted SDMI content transferred.
Since the SDMI content is encrypted with the content keys CK and CK ′, at least information capable of recognizing the content keys CK and CK ′ is stored. Although specifically described later, the DNK (Device Node Key) referred to in the description of FIG. 1 is stored. The recording / reproducing apparatus 20B corresponds to one device (DVx) in FIG. 1, and therefore, a leaf key, a node key encrypted by the leaf key, and a root key are stored in the DNK. Then, the content key CK can be recognized using such a DNK and, in some cases, the above-described EKB transmitted.

  By storing DNK, which is information capable of recognizing the content key CK for the SDMI content, the decryption processing unit 31 transmits the SDMI content that has been encrypted with the content key CK, for example, E ( CK, A3D) content can be decrypted. That is, the decoded ATRAC3 compressed data can be obtained as D {CK, E (CK, A3D)} = A3D. The ATRAC3 compressed data decoded in this way can be recorded on the mini-disc 100 by the recording / reproducing unit 25 after being encoded by the encoding / decoding unit 24.

  Note that SDMI content is not necessarily obtained by encrypting ATRAC3 compressed data. For example, the linear PCM data encrypted with the key CK can be considered. That is, for example, content in the state of E (CK, PCM) may be transferred out. In that case, as a matter of course, the decoded linear PCM data is obtained by the decoding processing unit as D {CK, E (CK, PCM)} = PCM. In this case, the PCM data can be recorded on the mini disc 100 by the recording / playback unit 25 after the ATRAC3 compression processing is performed by the codec 23 and then the encoding / decoding unit 24.

The key storage unit 30 may further store a key for authentication processing. In an example of an authentication process described later, a public key P and a secret key S stored in the recording / reproducing apparatus 20A are used. In this case, the public key P and the secret key S are also stored in the key storage unit 30.

6). Authentication process

For the recording / reproducing apparatus 20A that records the content data in a state where the encryption of the mini disc is released, the authentication from the personal computer 1 must be OK as one of the transfer / recording conditions. The authentication is a process for confirming whether or not the device that is permitted to record content data in an unencrypted state is authorized.

  This authentication process is performed when a recording / reproducing apparatus other than the SDMI compatible recording / reproducing apparatus 20B is connected to the connection unit 11 of the personal computer 1. When the SDMI compatible recording / reproducing apparatus 20B is connected, processing for confirming that the device is the SDMI compatible recording / reproducing apparatus 20B in this example is performed. That is, when the connected device is not confirmed as the SDMI-compatible recording / reproducing device 20B, an authentication process described below is performed, and it is confirmed whether or not the connected device is the recording / reproducing device 20A.

In the authentication processing in this example, an authentication method using asymmetric encryption (public key encryption) is executed. In the asymmetric encryption, the encryption key and the decryption key are different. Now, assuming that the data before encryption is Db, the encryption key is Ke, and the decryption key is Kd, the encrypted data C is encrypted with C = E (Ke, Db), and D (Kd, C) = Data Db is decoded by Db.
Here, the encryption key Ke and the decryption key Kd are called a key pair, one is disclosed as a public key, and the other is held in a predetermined part as a secret key.
In the authentication process described below, the public key is represented as P and the secret key is represented as S among the key pairs Ke and Kd. As described above, in this case, the recording / reproducing apparatus 20A stores the public key P and the secret key S, which are the encryption key Ke and the decryption key Kd, in the key storage unit 30.

  In the authentication process, for example, after the CPU 2 of the primary recording medium side device (personal computer) 1 transmits an authentication request command to the CPU 21 of the secondary recording medium side device (recording / reproducing apparatus) 20A, the CPU 2 (primary recording) The processing shown in FIG. 8 is performed between the medium side device (personal computer) 1) and the CPU 21 (secondary recording medium side device (recording / reproducing apparatus) 20A).

When the authentication process is started, first, the CPU 21 of the secondary recording medium side device 20A causes the public key P stored in the key storage unit 30 to be transmitted from the interface unit 26 to the primary recording medium side device 1 as processing S1. . The public key P is a key that is also known by the primary recording medium side device 1 side.
When receiving the public key P, the CPU 2 of the primary recording medium side device 1 subsequently generates a random number r as a process S2. In step S3, the random number r is transmitted to the secondary recording medium side device 20A.
Next, the CPU 21 of the secondary recording medium side device 20 </ b> A encrypts the random number r received as processing S <b> 4 using the secret key S stored in the key storage unit 30. In step S5, the encrypted data E (S, r) is transmitted to the primary recording medium side device 1.

When receiving the encrypted data E (S, r), the CPU 2 of the primary recording medium side device 1 decrypts the encrypted data E (S, r) with the public key P as a process S6. That is, the process of D {P, E (S, r)} is performed.
In step S7, the random number r generated in step S2 is compared with the decryption result D {P, E (S, r)} in step S6.
Here, if the public key P and the secret key S are an appropriate key pair, a result of r = D {P, E (S, r)} should be obtained.
Therefore, if the comparison results match, it is confirmed that the secondary recording medium side device 20A holds the secret key S for the public key P, so that the process goes from step S8 to step S9. Then, the secondary recording medium side device 20A is authenticated as a valid connection partner.
On the other hand, if the comparison results do not match, the process proceeds from step S8 to step S10, and the connected secondary recording medium side device is determined not to be a valid connection partner (that is, a device to which SDMI content may be transferred) and the authentication NG. To do.

For example, when the connected device is authenticated by the secondary recording medium side device 20A of the present example by the authentication process as described above, the primary recording medium side device 1 transmits the SDMI content to the connected device. One of the conditions for permitting the transfer is recognized as being satisfied.

7). Content encryption method

In the system of this example, the recording / reproducing apparatuses 20A and 20B correspond to the lowest device of the structure shown in FIG. 1, but the encryption structure as shown in FIG. 1 is realized in the system. An example will be described.

First, FIG. 9 shows the flow of content data and keys.
When certain content data CT1 is distributed from the external server 91 shown in FIG. 4 to the personal computer 1, for this one unit of content data CT1, E (CK, A3D), E (KR, CK), and EKB Is transmitted and stored in the HDD 5.
E (CK, A3D) is ATRAC3 compressed content data encrypted with the content key CK, that is, actual music or other information for distribution purposes.
E (KR, CK) is information obtained by encrypting the content key CK for decrypting the content data with the root key KR described in FIG.
EKB is information on the enabling key block described with reference to FIGS. 1 to 3, and in the description of the present embodiment, it is assumed that it is information for updating the root key KR.

  In response to the distribution of one piece of content data, these are distributed as a set, and the HDD 5 stores content data CT1, CT2,.

When the personal computer 1 performs content data transfer to the recording / reproducing apparatus 20A or 20B, E (CK, A3D), E (KR, CK), and EKB are transmitted as information as a set according to the procedure described later. To do.
In the recording / reproducing apparatuses 20A and 20B corresponding to the devices (terminals) described in FIG. 1, unique leaf IDs are set and DNK (Device Node Key) is stored.

  Then, in response to the content data of the set being transmitted from the personal computer 1, the content data is decrypted (or remains in the encrypted state) and recorded on the secondary recording medium. In the case of the recording / reproducing apparatus 20B corresponding to SDMI, the decryption is performed at the time of reproduction. In the case of the recording / reproducing apparatus 20A, decryption is performed at the time of recording.

In this decryption process, as shown in the figure, the root key KR is first decrypted using the stored DNK and the transmitted EKB.
Subsequently, the content key CK is decrypted using the decrypted root key KR.
The decrypted content data A3D can be obtained by using the decrypted content key CK.

The DNK and the decryption procedure in the case of the recording / reproducing apparatus 20A will be specifically described with reference to FIGS.
Assume that a key tree structure as shown in FIG. 10A is assumed, and for example, leaf ID = SET0 and leaf key = K000 are set in the recording / reproducing apparatus 20A.
In this case, the DNK stored in the recording / reproducing apparatus 20A has information as shown in FIG.
First, “SET0” is stored as a leaf ID.
“K000” is stored as a leaf key.
Information that can be traced from the leaf key “K000” to the root key KR in the structure of FIG. 10A is stored. That is, the node keys K00 and K0 and the root key KR are stored. However, the node keys K00 and K0 and the root key KR are stored in an encrypted state with the leaf key K000. That is, as illustrated,
E (K000, K00)
E (K000, K0)
E (K000, KR)
Will be memorized.

Since such DNK is stored, the recording / reproducing apparatus 20A can decrypt the transferred content data E (CK, A3D) using the transferred E (KR, CK).
That is, in this case, the recording / reproducing apparatus 20A can obtain the root key KR by decrypting D {K000, E (K000, KR)} using the leaf key K000.
The content key CK can be obtained by decrypting D {KR, E (KR, CK)} using the decrypted root key KR.
Further, decrypted content data A3D can be obtained by decrypting D {CK, E (CK, A3D)} using the decrypted content key CK.

However, as described above, the root key KR and the node key are not always unchanged and are changed due to various circumstances. In the case of a system in which the content key CK is encrypted and transferred with the root key KR as in this example, the root key KR may be changed for each content data.
For example, some music distributors change the root key KR for each piece of content data, thereby strengthening copyright protection. For this purpose, the EKB is simultaneously transmitted as described above so that the changed root key KR can be confirmed with respect to the authorized device.

Now, as shown in FIG. 11, it is assumed that content key E (KR ′, CK) and EKB encrypted with the changed root key KR ′ are transmitted for some content data E (CK, A3D). . In this case, it is assumed that the EKB includes information on E (K0, KR ′) as an updated route key KR ′ encrypted with the node key K0.
Note that the encryption of the updated root key KR ′ with the node key K0 is an example performed when, for example, the new root key KR ′ is notified only to the devices (SET0) to (SET3) in FIG. . Of course, if only the devices (SET0) (SET1) are to be notified, an EKB including information on E (K00, KR ′) obtained by encrypting the update root key KR ′ with the node key K00 may be issued.

On the other hand, as described with reference to FIG. 10B, the DNK of the recording / reproducing apparatus 20A includes a leaf key K000, E (K000, K00), E (K000, K0), a node key encrypted with the leaf key, and a root key. E (K000, KR) is stored.
In this state, the procedure until the content data A3D is decrypted is shown as 1 to 4 in FIG.

1 In response to the transmission of E (K0, KR ′) information as EKB, K0 is first obtained from DNK. That is, the node key K0 is obtained by decrypting D {K000, E (K000, K0)} using the leaf key K000.
2 Next, E (K0, KR ') by EKB is decrypted using the node key K0. That is, the update root key KR ′ is obtained by decrypting D {K0, E (K0, KR ′)}.
3 Using the decrypted update root key KR ′, decrypt the transmitted content key E (KR ′, CK). That is, the content key CK is obtained by decrypting D {KR ′, E (KR, CK)}.
4 The decrypted content data A3D is obtained by decrypting D {CK, E (CK, A3D)} using the decrypted content key CK.

With the above procedure, the recording / reproducing apparatus 20A can decrypt the transferred content data and record it on the mini disc 100.
In the case of the recording / reproducing apparatus 20B, when reproducing the content data recorded on the secondary recording medium in an encrypted state, the encryption can be canceled by the above procedure, and music or the like can be reproduced.

8). Content transfer process

Subsequently, processing when one or a plurality of content data stored in the HDD 5 of the personal computer 1 is transferred to the recording / reproducing apparatus 20A and recorded on the mini disc 100 will be described with reference to FIGS.
12 and 13, the control process executed by the CPU 2 of the personal computer 1 is shown as steps F101 to F111, and the control process of the CPU 21 of the recording / reproducing apparatus 20A is shown as steps F201 to F213.

As described above, for each content data distributed from the external server 91 and stored in the HDD 5, the root key KR that encrypts the content key CK may be different. Of course, a common root key KR may be used for a plurality of content data. On the other hand, content data ripped from a medium such as a CD and stored in the HDD 5 is often obtained by encrypting the content key CK using a common root key.
In other words, as the content data transferred to the recording / reproducing apparatus 20A, the root key KR for unlocking the content key CK is the root key KR ′ set separately from the one using the common root key KR. For this reason, basically, at the time of transfer, as described with reference to FIG. 15, the confirmation process of the root key KR is required for each content data (FIG. 15). Procedures d3, d8, d12). Further, the authentication process is also performed for each content accordingly (procedures d1, d6, d11 in FIG. 15). Furthermore, since the transfer / recording process is performed in units of content data, the recording / reproducing apparatus 20A updates the U-TOC as management information on the minidisc 100 every time recording of content data on the minidisc 100 is completed. (Procedures d5, d10, d15 in FIG. 15). For these reasons, the process of transferring / recording a plurality of content data has taken a long time. In this example, this process is made more efficient.

When transferring certain content data stored in the HDD 5, the CPU 2 makes an authentication start request to the recording / reproducing apparatus 20A as step F101 in FIG.
On the other hand, the recording / reproducing apparatus 20A notifies the personal computer 1 of permission to start authentication in step F201.
Then, the personal computer 1 requests a leaf ID in step F102, and in response to this, the recording / reproducing apparatus 20A transmits the leaf ID stored in step F202.

  The personal computer 1 authenticates the connected recording / reproducing apparatus 20A by checking the leaf ID and confirming whether or not it is a device having a currently valid leaf ID. In the case of the recording / reproducing apparatus 20A that copes with, that is, decrypts and records the content data on the secondary recording medium, the authentication processing described in FIG. 8 is also performed (not shown in FIG. 12).

When the authentication is completed, the personal computer 1 subsequently transmits EKB for the content data to be transferred to the recording / reproducing apparatus 20A in step F103.
When the EKB is transmitted, the recording / reproducing apparatus 20A first stores the EKB version number in step F203 (see FIG. 3). Further, in step F204, using the received EKB and the stored DNK, the route key KR of the content data relating to the current transfer is searched as in the procedure 12 described in FIG. The key KR is stored.
In step F205, the completion of the search for the root key KR is notified to the personal computer 1 side.

Next, in step F104, the personal computer 1 transmits the encrypted content key E (KR, CK) related to the content data to be transferred this time.
In response to this, the recording / reproducing apparatus 20A decrypts the encrypted content key E (KR, CK) and decrypts the content key CK using the stored root key KR as in step 3 of FIG. 11 in step F206. To do. In step F207, the personal computer 1 is notified of the completion of decryption of the content key CK.

Since the personal computer 1 can recognize that the preparation for decrypting the content data is completed on the recording / reproducing apparatus 20A side by the notification of the decryption completion of the content key CK, next, transfer of the content data is executed as Step F105. That is, the content data E (CK, A3D) encrypted with the content key CK is transmitted.
On the recording / reproducing apparatus 20A side, in step F208, the received content data E (CK, A3D) is received, the decryption processing using the content key CK is performed as in step 4 in FIG. 11, and the decrypted content data A3D. The recording process to the mini-disc 100 is performed.

When transfer from the personal computer 1 and recording to the mini disc 100 are completed for one piece of content data (for example, one piece of music), it is necessary to update the U-TOC on the mini disc 100 at that time. In the mini disc 100, for example, the start address / end address of a track as a unit of a song is managed in the U-TOC recorded on the inner periphery of the disc. This is because the address of the address is grasped.
However, in this example, when the recording of one content data on the mini disc 100 is completed, as shown in step F209, only the U-TOC is updated on the memory, and the U-TOC on the mini disc 100 is updated. The TOC is not updated. For example, the CPU 21 holds the U-TOC data read from the mini disk 100 in the internal memory, but in this step F209, the update of the U-TOC content accompanying the writing of the current content data is performed only in the internal memory. Assumed to be performed.
When the U-TOC update is completed on the memory, in step F210, the personal computer 1 is notified of the completion of the TOC update notification, that is, the processing related to the writing of one content data.

  In response to this, the personal computer 1 updates the handling rule (Usage Rule) for the transferred content data in step F106. For example, the number of checkouts is incremented as described above.

Subsequently, the processing on the personal computer 1 side proceeds to step F107 in FIG. 13 as indicated as “P1”, and the processing on the recording / reproducing apparatus 20A side proceeds to step F211 in FIG. 13 as indicated as “R1”.
In step F107 of FIG. 13, the personal computer 1 determines whether or not the transfer has been completed for all of the one or more content data to be transferred this time.

If the transfer has been completed for all the content data, an end notification is sent to the recording / reproducing apparatus 20A in step F108, and the series of processing ends.
On the other hand, if the next content data is to be transferred subsequently, a device status is requested to the recording / reproducing apparatus 20A in step F109.

In the recording / reproducing apparatus 20A, the process branches in step F211 depending on whether the transmitted information is an end notification or a device status request.
If there is a device status request, the content data will continue to be transferred. For this purpose, the recording / reproducing apparatus 20A proceeds to step F213 and reports the currently stored EKB version to the personal computer 1. . That is, the version number stored in step F203.

When receiving the notification of the EKB version number, the personal computer 1 confirms the EKB version number of the content data to be transferred next in step F110, and the version number is the same as the notified version number. Check if it exists.
Here, the same version number means that the root key that encrypts the content key CK is the same.
The personal computer 1 branches the process depending on whether the version numbers are the same.

First, if the EKB version number of the content data to be transferred is different from the EKB version number stored in the recording / reproducing apparatus 20A, the EKB for obtaining the content key CK for the content data is recorded. Since the playback apparatus 20A does not hold it, the process returns to step F103 in FIG. 12 to transmit the EKB of the content data to be transferred as shown as “P2”.
In this case, the processing on the recording / reproducing apparatus 20A side is performed from step F203 in FIG. 12 as indicated by “R2”.
As in the case described above, the storage of the EKB version, the search for the root key KR, and the search completion notification are performed as steps F203, F204, and F205. Then, the content key CK is confirmed in step F104 of the personal computer and steps F206 and F207 of the recording / reproducing apparatus 20A, and the content data is transferred / recorded in steps F105 and F208.

On the other hand, if the version number of the EKB of the content data to be transferred next is the same as the version number of the EKB stored in the recording / reproducing apparatus 20A in step F111 in FIG. The root key KR for obtaining the content key CK has already been confirmed on the recording / reproducing apparatus 20A side. Therefore, the processing of the personal computer 1 returns to step F104 in FIG. 12 as shown as “P3” and transfers the encrypted content key. That is, in this case, EKB transmission is not performed.
In this case, the processing on the recording / reproducing apparatus 20A side is performed from Step F206 of FIG. 12 as indicated by “R3”.
Then, confirmation of the content key CK is performed in steps F206 and F207, and transfer / recording of the content data is performed in steps F105 and F208.

When the transfer / recording of all the content data to be transferred is completed, the processing of the personal computer 1 proceeds from step F107 to F108 in FIG. 13 and issues an end notification, but the recording / reproducing apparatus 20A has an end notification. Accordingly, the process proceeds from step F211 to step F212. At this point, the U-TOC data stored in the internal memory of the CPU 21 is transferred to the recording / playback unit 25, and the U-TOC data is written to the mini disk 100. Make it.
That is, every time one piece of content data is recorded on the mini disc 100, the U-TOC data is updated in the internal memory of the CPU 21 in step F209. Therefore, all the content data to be transferred is recorded on the mini disc 100. At this point, the U-TOC data in the internal memory of the CPU 21 reflects all the written content data. By recording this latest U-TOC data on the mini disc 100, the written content data is made valid (reproducible) on the mini disc 100.
When the U-TOC writing is completed, the series of processing is finished.

  As described above, in this example, when a plurality of pieces of content data are continuously transferred, if the EKB version is the same, the EKB transmission and the search process for the root key KR associated therewith are omitted. The authentication process is only performed at the beginning of a series of processes. Further, the U-TOC update process on the mini disc 100 is performed at the last time point when the writing of a series of content data is completed. As a result, the transfer / recording process of a plurality of content data is made more efficient, and the time required for transfer / recording can be greatly reduced.

FIG. 14 shows a processing procedure at the time of transfer in this example in a form that can be compared with FIG. 15B described above.
FIG. 14A shows a case where the three content data are transferred / recorded and the EKB versions of the three content data are the same. In this case, first, authentication processing on the secondary recording medium side is performed as procedure A1, and then the root key KR is confirmed by EKB transmission as procedure A2. In step A3, the content key CK is confirmed. In step A4, content data is transferred / recorded. Here, the U-TOC update on the mini-disc is not performed, but the confirmation process of the content key CK for the second content data is performed as the next procedure A5, and the transfer / recording of the second content data is performed at the procedure A6. Is done. Further, the confirmation process of the content key CK for the third content data is performed as the procedure A7, and the third content data is transferred / recorded at the procedure A8. Finally, as procedure A9, U-TOC update processing on the mini-disc 100 is performed.
As can be seen by comparing FIG. 14 (a) with FIG. 15 (b), the transfer / recording process is greatly improved.

FIG. 14B shows a case where the EKB versions of the three content data are different when transferring / recording the three content data.
In this case, the authentication process on the secondary recording medium side is first performed as procedure B1, and then the root key KR is confirmed by EKB transmission as procedure B2. In step B3, the content key CK is confirmed, and in step B4, content data is transferred / recorded. Here, the U-TOC update is not performed on the mini-disc, and the root key KR is confirmed by EKB transmission for the second content data as the next procedure B5. In step B6, the content key CK is checked for the second content data. In step B7, the second content data is transferred / recorded. Further, in step B8, the root key KR is confirmed by EKB transmission for the third content data. In step B9, the content key CK is confirmed for the third content data. In step B10, the third content data is confirmed. Data transfer / recording is performed. Finally, U-TOC update processing on the mini disk 100 is performed as procedure B11.
Even in the case of FIG. 14B, it can be seen that the transfer / recording process is more efficient than in FIG. 15B.

The example as the embodiment has been described above, but the present invention is not limited to the above example.
As a specific modification of the processing, for example, the recording / reproducing apparatus 20A stores the EKB version and EKB (or the searched root key KR) stored in step F203 in FIG. 12 as long as possible. It is possible.
That is, the EKB once transmitted is stored and held, so that when the same EKB version content data is subsequently transferred, the EKB transfer and the route key KR confirmation process can be omitted.
For example, even when transferring a plurality of content data having different EKB versions, if the recording / reproducing apparatus 20A stores an EKB of the same version as the EKB of a certain content data, the root key KR for the content data is stored. Confirmation process can be omitted.
Of course, in this case, even when one piece of content data is transferred instead of a plurality of pieces, if there is something corresponding to the stored past EKB (or root key KR), a new EKB is transferred and the root key KR is transferred. The process of searching for can be omitted.
Further, although the example in which the content key CK is encrypted with the root key KR has been described, the content key CK may be encrypted and transferred by a lower-layer node key.

In addition, the present invention is not limited to SDMI content, and can be widely applied to various content data, for example, as a target of data transfer processing from the primary recording medium to the secondary recording medium described above.
Various primary recording media other than the HDD are conceivable.
Of course, the secondary recording medium and the secondary recording medium side device 20A are not limited to mini-discs and mini-disc recording devices, and various examples are conceivable. The secondary recording medium 100 may be a CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, or various memory cards. Accordingly, the secondary recording medium side device 20A may be a recording device corresponding to these media.
Although the SDMI-compatible recording / reproducing apparatus 20B has been mentioned, the present invention can also be applied to content data transfer processing to the recording / reproducing apparatus 20B.

It is explanatory drawing of the tree structure of the encryption system utilized by embodiment of this invention. It is explanatory drawing of EKB of the encryption system utilized in embodiment. It is explanatory drawing of the structure of EKB of the encryption system utilized in embodiment. It is a block diagram of a system configuration of an embodiment. It is explanatory drawing of the data path example of the SDMI content of embodiment. It is a block diagram of the primary recording medium side device of the embodiment. It is a block diagram of the secondary recording medium side device of the embodiment. It is a flowchart of the authentication process of embodiment. It is explanatory drawing of the content data and encryption state of delivery / transfer of embodiment. It is explanatory drawing of the example of an encryption system of embodiment, and DNK. It is explanatory drawing of the descrambling procedure of the content data of embodiment. It is a flowchart of the process at the time of content data transfer / recording of an embodiment. It is a flowchart of the process at the time of content data transfer / recording of an embodiment. It is explanatory drawing of the process sequence at the time of the content data transfer / recording of embodiment. It is explanatory drawing of the process sequence at the time of the conventional content data transfer / recording.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Primary recording medium side apparatus (personal computer), 2 CPU, 5 HDD (primary recording medium), 8 Communication part, 9 Disk drive, 11 Connection part, 20A Secondary recording medium side apparatus (recording / reproducing apparatus), 21 MD control Part (CPU), 25 recording / reproducing part, 26 interface part, 29 decoding part, 100 secondary recording medium (mini disk)

Claims (2)

The content data encrypted with the first key, the first key encrypted with the second key, and the activation information of the second key are stored in the primary recording medium as content unit information. As a data recording device that performs data transfer from the data transfer device
A communication means for performing data communication with the data transfer device;
Secondary recording medium drive means for recording data on the secondary recording medium;
When one or more series of encrypted content data is transmitted from the data transfer device, the second key is stored using the stored decryption management information and the transmitted validation information. , Decrypt the first key from the decrypted second key, and decrypt one or more series of encrypted content data transmitted from the decrypted first key into an unencrypted state In addition, if the validation information is not transmitted corresponding to a certain content data, the first key is set by the second key based on the validation information related to the other content data that has already been received. Decoding means for decoding;
The content data decrypted by the decryption means is recorded on the secondary recording medium by the secondary recording medium drive means, and the series of content data for one or a plurality of content data related to transmission from the data transfer device Recording control means for executing management information update on the secondary recording medium by the secondary recording medium drive means according to data recording;
A data recording apparatus comprising: The recording control means includes
When one or more series of content data related to transmission from the data transfer apparatus has been recorded on the next recording medium, the secondary recording medium drive means responds to the series of content data recording. The data recording apparatus according to claim 1, wherein the management information is updated on the secondary recording medium.

Images