JP4493615B2 - Information recording / reproducing device - Google Patents

Description

  The present invention relates to an information reproducing apparatus for recording and / or reproducing information on a recording medium such as an optical disk.

  AACS (Advanced Access Content System) has been proposed as a management technology for digital content recorded on next-generation optical discs such as HD-DVDs and Blu-ray discs (Non-patent Document 1). In addition, standardization for realizing the AACS protocol is being promoted while using packet commands mainly for personal computers to control their peripheral devices (Non-patent Document 2).

  In AACS, for example, when data read from a disk by a next-generation optical disk device (drive) is reproduced on a personal computer (host) or the like, not only the host-side validity but also the drive-side validity is verified. Done. This verification is performed when an encrypted communication path is established between the host and the drive.

  In the process of establishing the encrypted communication path, first, the host issues an inquiry to the drive as to whether or not it is compatible with AACS. If the response to this query confirms that the drive supports AACS, the host then obtains an identification ID (Drive ID) from the drive, and this Drive ID is the DRL that defines the unauthorized drive. Judge whether it exists in (Drive Revocation List). If the Drive ID obtained from the drive does not exist in the DRL, it is determined that the drive is not an unauthorized drive, and the drive key and host key are exchanged between the host and drive, and encrypted communication is performed between the host and drive. A road is established.

On the other hand, when the Drive ID acquired from the drive is present in the DRL, the host determines that the drive is an unauthorized drive and stops the subsequent encryption communication path establishment process.
Advanced Access Content System (AACS) Introduction and Common Cryptographic Elements (Pages 16-19, 30-34) Mt. Fuji Commands for Multimedia Devices Version 6 (INF8090 v6) (Page 407-410, 452, 639-643, 681,684-686)

  If it is determined that the drive is an unauthorized drive by the above process, there is a possibility that the host side performs a process of canceling communication with the drive at all.

  However, in addition to encrypted content, non-encrypted content may be recorded on the disc. In this case, if any communication is refused on the host side as described above, playback is originally allowed. Inconvenience arises that it is impossible to reproduce the unencrypted content that should be played. In addition, content protection functions other than AACS, such as the CPPM (Content Protection for Prerecorded Media) function, may be deployed in the drive. In this case, if any communication is denied as described above, Although communication using this function is possible, there may be a disadvantage that communication using this function is rejected.

  In this case, unless the user recognizes that the drive is an unauthorized drive, the user cannot know the cause of these inconveniences. In this regard, in the above processing, since the host side determines the unauthorized drive, it is possible to notify the user of the presence of the unauthorized drive by making the host explicitly indicate that it is an unauthorized drive. However, in the above description, the unauthorized drive is determined in the process of establishing the encrypted communication path. Therefore, unless this process is followed, the unauthorized drive is not determined. On the other hand, the process of establishing an encrypted communication path is not arbitrarily performed according to an instruction from the user. Done independently. For this reason, it is generally difficult for the host to arbitrarily check the unauthorized drive according to an instruction from the user.

Therefore, an object of the present invention is to provide an information recording / reproducing apparatus that can effectively execute functions that are not restricted by AACS even when an unauthorized drive is designated by AACS. It is another object of the present invention to provide an information recording / reproducing apparatus that allows a user to easily recognize that an unauthorized drive has been made by AACS.

  In view of the above problems, the present invention has the following features.

According to the first aspect of the present invention, there is provided an information recording / reproducing apparatus for recording and / or reproducing information with respect to a recording medium, a communication processing unit for transmitting / receiving information to / from a communication destination apparatus, and a first information management technique. An information processing unit that performs information processing according to the information processing unit; a determination processing unit that determines its own validity based on the first information management technique; and when the determination processing unit determines that the user is illegal that there is no information processing capability of the first information management technology have a notification processing unit for notifying the communication destination device, the notification processing unit, the response to the command for inquiring the own information processing capability from the communications apparatus , Including information indicating that it has an information processing capability according to a second information management technique different from the first information management technique .

  According to the present invention, information processing by the second information management technique (for example, CPPM) can be established between the communication destination apparatus (for example, host) and the information recording / reproducing apparatus. Therefore, it can be avoided that the second information management technique provided in the information recording / reproducing apparatus is wasted.

According to a second aspect of the invention, the information recording and reproducing apparatus according to claim 1, wherein the notification processing unit, or can be applied to each other between said first information management technology the information recording reproducing apparatus information processing according to In response to the command issued from the communication destination device, information indicating that the information processing capability according to the second information management technology different from the first information management technology is included It is characterized by.

  According to the present invention, the information processing capability according to the second information management technology is provided when checking whether the information processing according to the first information management technology is mutually applicable with the information recording / reproducing apparatus. Is notified to the communication destination device (for example, the host), so that the communication destination device is easily shifted to the information processing establishment process according to the second information management technique.

According to a third aspect of the present invention, in the information recording / reproducing apparatus according to the first or second aspect , the information recording / reproducing apparatus further includes an ID storage unit that stores identification information for identifying itself, and the determination processing unit includes the information recording / reproducing apparatus The identification information defining the information recording / reproducing apparatus that is illegal in the first information management technique is acquired from the recording medium mounted on the storage medium, and the identification information stored in the ID storage unit is included in the acquired identification information When the first identification information is included, the first information management technique determines that it is illegal.

  According to the present invention, it is possible to smoothly determine that the self is illegal in the first information management technique.

According to a fourth aspect of the present invention, in the information recording / reproducing apparatus according to the first or second aspect of the present invention, the information recording / reproducing apparatus further includes notification means for notifying that the determination processing unit determines that the information is illegal.

  According to the present invention, for example, since the information recording / reproducing apparatus directly informs the user that it is an unauthorized drive by an informing means such as an LED or a speaker, it is necessary to issue a command from the communication destination apparatus. And confirmation of unauthorized drives can be simplified.

  The “communication processing unit” in the above invention is embodied in the packet command processing unit 106 in the following embodiments. Further, the “information processing unit” in the above invention is embodied in the AACS protocol processing unit 105 in the following embodiments. The “determination processing unit” in the above-described invention is embodied in the DRL processing unit 104 and the revocation information storage unit 108 in the following embodiments. In addition, the “notification processing unit” in the above invention is embodied in the packet command processing unit 106 in the following embodiment. The “ID storage unit” in the above invention is embodied in the drive ID unit 107 in the following embodiments. Further, the “notification unit” in the above invention is embodied by a display unit such as an LED disposed in the drive in the following embodiments.

However, the following embodiments do not limit the technical scope of the present invention.

  As described above, according to the present invention, the user can easily recognize that the information recording / reproducing apparatus is illegal in the first information management technology while increasing the utility value of the information recording / reproducing apparatus. .

The features and significance of the present invention will become more apparent from the following description of embodiments. However, the following embodiments are merely examples, and the meanings of the terms of the present invention or each constituent element are not limited to those described in the following embodiments.

  Embodiments of the present invention will be described below. In the present embodiment, the present invention is applied to an information recording / reproducing apparatus for recording / reproducing information on / from a next generation optical disc.

  FIG. 1 is a diagram showing the overall composition of an information recording / reproducing apparatus (drive).

  As illustrated, the drive includes an input / output processing unit 101, a decoding processing unit 102, a code processing unit 103, a DRL processing unit 104, an ACCS protocol processing unit 105, a packet command processing unit 106, and a drive ID storage unit. 107, a revocation information storage unit 108, and a control unit 109.

  The input / output processing unit 101 accesses the disk 100 to record / reproduce information. The input / output processing unit 101 includes an optical pickup and its drive mechanism. In addition, a servo circuit is provided for performing access control of the optical pickup, light emission control of the laser light, and the like.

  The decoding processing unit 102 performs digital demodulation, error correction decoding, and the like on the signal read from the disk 100 via the input / output processing unit 101 to decode the content. The code processing unit 103 performs encoding processing such as digital demodulation and error correction encoding on the content to be recorded to generate a recording signal.

  The DRL processing unit 104 verifies the validity of the DRL read from the disk 100 and analyzes the DRL to extract the identification ID of the unauthorized drive. When the extracted identification ID includes its own Drive ID (stored in the drive ID storage unit 107), revocation information indicating that fact is generated and stored in the revocation information storage unit 108. . The generation of revocation information will be described later with reference to FIG.

  The AACS protocol processing unit 105 performs necessary processing on the drive side in the AACS protocol.

  The packet command processing unit 106 transmits and receives packet commands to and from the host and performs processing such as analysis of received packets.

  The drive ID storage unit 107 holds a Drive ID that is its own identification ID. Specifically, Drive Certification is stored in the drive ID storage unit 107, and Drive ID is described in the Drive Certification. In addition, Drive Certification describes an electronic signature for verifying its authenticity.

  The revocation information storage unit 108 stores the revocation information generated by the DRL processing unit 104. The control unit 109 controls processing of the entire drive.

  FIG. 2 is a diagram illustrating the structure of an HRL (Host Revocation List) and a DRL (Drive Revocation List). The HRL contains an identification ID of an unauthorized host that reveals information that should be kept secret (for example, a secret key). In addition, the DRL contains an identification ID of an unauthorized drive that reveals information that should be kept secret (for example, a secret key). Although information other than the above is also described in HRL and DRL, the description is omitted here because it is not directly related to the present invention. These HRL and DRL are recorded in a predetermined area of the disc 100 when the disc is manufactured.

  As shown in the figure, the HRL includes “Record Type”, “Record Length”, “Total Number of Entries”, “Number of Entries in this Block i”, “Host Revocation List Entries (j)”, “ It consists of "Signature for Block i".

  Among these, “Record Type” stores an HRL identification code. “Record Length” stores the data length of data stored after “Total Number of Entries”. “Total Number of Entries” is the total number of “Host Revocation List Entries (j)” stored in the HRL. “Number of Entries in this Block i” is the number of “Host Revocation List Entries (j)” included in the Block i. In “Host Revocation List Entries (j)”, an identification ID of an unauthorized host is stored. “Signature for Block i” describes an electronic signature for verifying the validity of “Host Revocation List Entries (j)” included in Block i.

  Similarly, DRL includes “Record Type”, “Record Length”, “Total Number of Entries”, “Number of Entries in this Block i”, “Drive Revocation List Entries (j)”, “Signature” for Block i ".

Among these, “Record Type” stores a DRL identification code. “Record Length” stores the data length of data stored after “Total Number of Entries”. “Total Number of Entries” is the total number of “Drive Revocation List Entries (j)” stored in the DRL. “Number of Entries in this Block i” is the number of “Drive Revocation List Entries (j)” included in the Block i. In “Drive Revocation List Entries (j)”, an identification ID of an unauthorized drive is stored. “Signature for Block i” describes an electronic signature for verifying the validity of “Drive Revocation List Entries (j)” included in Block i.

1. Encrypted communication path establishment process (normal process)
Next, with reference to FIG. 3, a description will be given of a normal encryption communication path establishment process in AACS. Note that the processing shown in FIG. 3 shows the flow of processing when the drive is not an unauthorized drive. In addition to the communication function corresponding to AACS, this drive has other communication functions such as CCPM. The protocol processing unit according to the other communication function is not shown in FIG.

  First, the host issues a packet command (GET CONFIGURATION) to the drive, and investigates what function the drive has such as whether the drive supports AACS (S1).

  When the drive receives GET CONFIGURATION, the AACS protocol processing unit 105 creates an AACS Feature Descriptor and transmits it to the Host together with another Feature Descriptor indicating its own function (S2). In this process, the drive determines whether it is an unauthorized drive, as will be described later. When it is determined that the drive is not an unauthorized drive, an AACS Feature Descriptor is created as described above and transmitted to the Host together with other Feature Descriptors indicating its own function (S2).

  The host confirms whether or not an AACS Feature Descriptor is included in this response, and determines that the drive is AACS compatible if the AACS Feature Descriptor is included. Further, DRL is read from the disk 100 on the drive side.

  Further, the host issues a packet command (REPORT KEY) to the drive and requests an Authentication Grand ID that is an identification ID of the AACS protocol session (S3).

  When the drive receives the REPORT KEY, the packet command processing unit 106 creates a REPORT KEY Data Format based on the Authentication Grand ID stored in the AACS protocol processing unit 105, and transmits this to the host ( S4).

  The host creates a SEND KEY Parameter List from Host Certification, etc., including the public key and the signature text of the licensor, and issues a packet command (SEND KEY) to the drive (S5).

  When the drive receives the SEND KEY, the AACS protocol processing unit 105 verifies the validity of the Host Certification. Further, the HRL is read from the disk 100, and it is confirmed that the host ID described in the verified Host Certification does not exist in the HRL (S6). The drive also verifies the validity of the HRL during this process. This verification is performed by performing a predetermined calculation using a verification public key distributed in advance from a licensor in order to verify the validity of the HRL.

  Next, the host issues a packet command (REPORT KEY), and requests the drive for Drive Certification including the public key and the signature sentence by the licensor (S7).

  Upon receiving the REPORT KEY, the drive creates a REPORT KEY Data Format from Drive Certification or the like stored in the drive ID storage unit 107, and transmits this to the host (S8).

  When the host receives REPORT KEY Data Format, it verifies the validity of Drive Certification. Also, it is confirmed that the Drive ID described in the verified Drive Certification does not exist in the DRL (S9). Note that the host also verifies the validity of the DRL during this processing. This verification is performed by performing a predetermined calculation using a verification public key distributed in advance from the licensor in order to verify the validity of the DRL.

  Further, the host issues a packet command (REPORT KEY) and requests a drive key, which is a session key for generating a common key, from the drive (S10).

  When the drive receives the REPORT KEY, the AACS protocol processing unit 105 generates the Drive Key and its signature. Further, the REPORT KEY Data Format is created from the Drive Key and the like by the packet command processing unit 106 and transmitted to the host (S11).

  The host verifies the validity of the Drive Key using the Drive Certification Drive public key. Then, by a predetermined calculation, a Host Key that is a session key for generating a common key and its signature text are generated (S12). Also, a Bus Key, which is a common key, is generated from the Host Key and Drive Key by a predetermined calculation (S13).

  Next, the host creates a SEND KEY Parameter List from the Host Key, etc., and issues a packet command (SEND KEY) to the drive (S14).

  When the drive receives the SEND KEY, the AACS protocol processing unit 105 generates a Bus Key, which is a common key, using a Host Key by a predetermined calculation (S15).

With the above procedure, the host and the drive share the Bus Key, which is a common key, while performing mutual authentication. As a result, an encrypted communication path is established between the host and the drive.

2. Content Recording / Reproduction Processing Once the encrypted communication path is established as described above, the host then reads secure information from the disc 100 via the encrypted communication path. Then, a predetermined calculation is performed on the read secure information to obtain a content encryption key.

  When reproducing content from the disc 100, the host issues a packet command (READ) to the drive. When the drive receives the READ, the drive reads the content data from the disc 100 via the input / output processing unit 101, and the decoding processing unit 102 decodes the content data. Then, the decrypted content data is transmitted to the host via the packet command processing unit 106.

  The host decrypts the content data received from the drive with the encryption key acquired from the secure information. Then, the decrypted content data is subjected to reproduction processing and output from output means such as a monitor or a speaker.

When recording content data on the disc 100, the host encrypts the content data with the encryption key and issues a packet command (WRITE) to the drive. Upon receiving WRITE, the drive receives content data via the packet command processing unit 106, and the encoding processing unit 103 performs encoding processing such as digital modulation and error correction encoding on the received content data. Apply. Then, the encoded content data is recorded on the disc 100 via the input / output control unit 101.

3. Revocation Information Generation Processing Next, revocation information generation processing will be described with reference to FIG.

  When the disk 100 is loaded in the drive, the DRL is read from the disk 100 via the input / output control unit 101 and the decryption processing unit 102 and sent to the DRL processing unit 104 (S101). The DRL processing unit 104 first verifies the validity of the received DRL using “Signature for Block i” shown in FIG. 2 (S102).

  The verification of the validity of the DRL is performed by the same calculation process as the verification of the validity of the HRL performed in S4 of FIG. That is, the drive can verify the DRL using the verification public key distributed in advance from the licensor to verify the validity of the HRL.

  If the DRL is not valid (S103: N), the revocation information generation process is stopped. If the DRL is valid (S103: Y), the DRL processing unit 104 analyzes the DRL and sequentially refers to the Drive Revocation List Entries described in the DRL (S104). Then, it is determined whether or not the own Drive ID stored in the drive ID storage unit 107 exists in the DRL (S105).

Here, if the own Drive ID does not exist in the DRL (S105: N), the revocation information generation process is stopped. On the other hand, if the own Drive ID is present in the DRL (S105: Y), the DRL processing unit 104 is configured from flag information for determining that fact, DRL version information (not shown in FIG. 2), and the like. The revocation information is generated and stored in the revocation information storage unit 108 (S106).

4). Processing when GET CONFIGURATION is Received from Host Next, processing performed by the drive when GET CONFIGURATION is received from the host will be described with reference to FIG.

  When a packet command (GET CONFIGURATION) is received from the host (S210: Y), the packet command processing unit 106 determines whether revocation information is stored in the revocation information storage unit 108 (S202). If revocation information is not stored (S202: N), an AACS Feature Descriptor is created (S203) as described in S2 of FIG. 3, and another Feature Descriptor indicating its own function is created. Are generated (S204) and transmitted to the host (S205).

  On the other hand, when the revocation information is stored in the revocation information storage unit 108, that is, when the self is an unauthorized drive (S202: Y), the AACS Feature Descriptor creation process (S203) is skipped, and the self Another Feature Descriptor indicating the function is generated (S204). Then, only other feature descriptors are transmitted to the host (S205).

  The process shown in FIG. 5 is performed when the drive receives a packet command (GET CONFIGURATION) from the host in S1 of the encryption communication path establishment process in FIG. This is also performed when a packet command (GET CONFIGURATION) is issued arbitrarily.

  Among these, when the drive receives a packet command (GET CONFIGURATION) from the host in the encryption communication path establishment process (S1 in FIG. 3), the following process is performed.

  That is, in S205, when the AACS Feature Descriptor and another Feature Descriptor are transmitted to the host side (when the drive is an unauthorized drive), the processing after S3 shown in FIG. 3 is performed.

  On the other hand, if only another Feature Descriptor is transmitted to the host side in S205 (when the drive is an unauthorized drive), the response from the drive does not include the AACS Feature Descriptor. The drive is determined not to be compatible with AACS, and the processing after S3 in FIG. 3 is stopped. In this case, the authenticity authentication process for the drive is not performed in the host. Therefore, the host does not recognize the drive as an unauthorized drive, and simply determines that the drive is not compatible with AACS.

  In this case, the host side does not take any processing to refuse any communication with the drive. Therefore, even when non-encrypted content is stored on the disc 100 or content that can be played back by a content protection function other than AACS is stored, the host reads these content from the disc 100. Can be processed.

  Further, since the packet command (GET CONFIGURATION) is a command that can be issued arbitrarily from the host to the drive in addition to the process of establishing the encrypted communication path, the user issues this command to the drive as appropriate. By confirming the content of the response, it is possible to know whether the communication destination drive is an unauthorized drive. That is, even if the communication destination drive is an AACS compatible drive, if the AACS Feature Descriptor is not included in the response of GET CONFIGURATION, the drive can be recognized as an unauthorized drive.

  As described above, according to the present embodiment, the user can easily recognize that the communication destination drive is an unauthorized drive while increasing the use value of the unauthorized drive. Also in this embodiment, the content protected by AACS is not read from the disc by an unauthorized drive, and the content protection function by AACS is maintained high.

  As mentioned above, although embodiment of this invention was described, this invention is not limited to the said embodiment.

  For example, in the above embodiment, the user can recognize that the communication destination drive is an unauthorized drive from the response content to the packet command (GET CONFIGURATION). Thus, it is possible to directly notify the user that the drive is an unauthorized drive.

  The embodiments of the present invention can be appropriately modified in various ways within the scope of the technical idea shown in the claims.

The figure which shows the structure of the information recording / reproducing apparatus (drive) which concerns on embodiment The figure which shows the data structure of HRL and DRL which concern on embodiment The figure explaining the flow at the time of the encryption communication path establishment which concerns on embodiment Processing flowchart when generating revocation information according to the embodiment Processing flowchart when receiving packet command (GET CONFIGURATION) according to the embodiment

Explanation of symbols

104 DRL processing unit 105 AACS protocol processing unit 106 packet command processing unit 107 drive ID storage unit 108 revocation information storage unit 109 control unit

Claims (4)

In an information recording / reproducing apparatus for recording and / or reproducing information on a recording medium,
A communication processing unit that transmits and receives information to and from a communication destination device;
An information processing unit that performs information processing according to the first information management technology;
A determination processing unit that determines the legitimacy of itself based on the first information management technique;
Have a notification processing unit for notifying that there is no information processing capability according to the first information management techniques when self is determined to be invalid in the determining processing unit to the communication destination device,
The notification processing unit has an information processing capability according to a second information management technology different from the first information management technology in response to a command inquiring about the information processing capability of the communication destination device. Include information to indicate,
An information recording / reproducing apparatus. In claim 1 ,
The notification processing unit responds to the command issued from the communication destination device in order to check whether information processing according to the first information management technique is mutually applicable with the information recording / reproducing device, Including information indicating that the information processing capability conforms to the second information management technology different from the first information management technology;
An information recording / reproducing apparatus. In claim 1 or 2 ,
An ID storage unit that stores identification information for identifying itself;
The determination processing unit acquires identification information that defines an information recording / reproducing apparatus that is illegal in the first information management technique from a recording medium attached to the information recording / reproducing apparatus, and includes the identification information in the acquired identification information When the identification information stored in the ID storage unit is included, the first information management technique determines that the user is illegal.
An information recording / reproducing apparatus. In claim 1 or 2 ,
An information recording / reproducing apparatus, further comprising an informing means for informing that the judgment processing unit judges that the information is illegal.

Images