JP4524829B2 - Data processing system, recording device, data processing method, and program providing medium - Google Patents

Data processing system, recording device, data processing method, and program providing medium Download PDF

Info

Publication number
JP4524829B2
JP4524829B2 JP2000016128A JP2000016128A JP4524829B2 JP 4524829 B2 JP4524829 B2 JP 4524829B2 JP 2000016128 A JP2000016128 A JP 2000016128A JP 2000016128 A JP2000016128 A JP 2000016128A JP 4524829 B2 JP4524829 B2 JP 4524829B2
Authority
JP
Japan
Prior art keywords
recording
data
key
content
device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2000016128A
Other languages
Japanese (ja)
Other versions
JP2001209305A (en
Inventor
智之 浅野
太三 白井
義人 石橋
徹 秋下
Original Assignee
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニー株式会社 filed Critical ソニー株式会社
Priority to JP2000016128A priority Critical patent/JP4524829B2/en
Publication of JP2001209305A publication Critical patent/JP2001209305A/en
Application granted granted Critical
Publication of JP4524829B2 publication Critical patent/JP4524829B2/en
Application status is Expired - Fee Related legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a data processing system, a recording device, a data processing method, and a program providing medium. More specifically, the present invention relates to the encryption strength of encryption processing related to content data transferred between two apparatuses that execute data transfer. Specifically, data that realizes a configuration that selectively executes a single-time common key encryption process, for example, a single DES process, and a multiple-time common key encryption process, for example, a triple DES. The present invention relates to a processing system, a recording device, and a data processing method.
[0002]
The present invention possesses various contents such as audio, images, games, programs and the like that can be obtained by a route such as storage media such as DVD and CD, or wired and wireless communication means such as CATV, the Internet, and satellite communication. Are recorded in a dedicated recording device such as a memory card, a hard disk, a CD-R, etc., and when using the content stored in the recording device, use restrictions desired by the content distribution side are attached. The present invention relates to a configuration and a method for realizing the configuration and ensuring security so that the distributed content is not illegally used by a third party other than a regular user.
[0003]
[Prior art]
Recently, various software data such as game programs, audio data, image data, document creation programs, etc. (hereinafter referred to as “Contents”) are distributed via networks such as the Internet or DVDs, CDs, etc. It is distributed through possible storage media. These distribution contents can be stored in recording devices attached to recording / playback devices such as PCs (Personal Computers) and game devices owned by users, such as memory cards and hard disks. It can be used by playback from the storage medium.
[0004]
Main components of a memory card device used in information devices such as conventional video game devices and PCs are connected to control means for operation control and slots provided in the information device main body connected to the control means. And a non-volatile memory for storing data connected to the control means. The nonvolatile memory provided in the memory card is configured by an EEPROM, a flash memory, or the like.
[0005]
Various contents such as data or programs stored in such a memory card are stored in a game device used as a playback device, a user instruction from an information device main body such as a PC, or a user via a connected input means. Is called from the non-volatile memory and is reproduced through the information device main body, a connected display, a speaker, or the like.
[0006]
Many software contents such as game programs, music data, and image data generally have distribution rights and the like for their creators and sellers. Therefore, when distributing these contents, certain usage restrictions, that is, license the use of software only to authorized users and prevent unauthorized copying, etc. It is common to take this configuration.
[0007]
One technique for realizing usage restrictions on users is encryption processing of distributed content. That is, for example, various contents such as encrypted audio data, image data, and game programs are distributed via the Internet, etc., and the encrypted contents distributed only to those who are confirmed to be authorized users. The decryption means, that is, a decryption key is assigned.
[0008]
The encrypted data can be returned to the decrypted data (plain text) that can be used by the decryption process according to a predetermined procedure. Data encryption and decryption methods that use an encryption key for such information encryption processing and a decryption key for decryption processing are well known.
[0009]
There are various types of data encryption / decryption methods using an encryption key and a decryption key. One example is a so-called common key encryption method. In the common key encryption method, the encryption key used for the data encryption process and the decryption key used for the data decryption are made common, and the common key used for the encryption process and the decryption is given to an authorized user. Thus, data access by an unauthorized user who does not have a key is eliminated. A typical method of this method is DES (Data Encryption Standard).
[0010]
The encryption key and decryption key used for the above-described encryption processing and decryption can be obtained by applying a one-way function such as a hash function based on a certain password, for example. A one-way function is a function that makes it very difficult to obtain an input from its output. For example, a one-way function is applied using a password determined by the user as an input, and an encryption key and a decryption key are generated based on the output. From the encryption key and the decryption key obtained in this way, it is virtually impossible to obtain the password that is the original data.
[0011]
In addition, a method in which processing using an encryption key used for encryption and processing of a decryption key used for decryption are different algorithms is a so-called public key encryption method. The public key encryption method uses a public key that can be used by an unspecified user, and encrypts an encrypted document for a specific individual using the public key issued by the specific individual. A document encrypted with a public key can be decrypted only with a secret key corresponding to the public key used for the encryption process. Since the private key is owned only by the individual who issued the public key, a document encrypted with the public key can be decrypted only by the individual who has the private key. A typical public key encryption method is RSA (Rivest-Shamir-Adleman) encryption.
[0012]
By using such an encryption method, a system that enables decryption of encrypted content only for authorized users is possible. A conventional content distribution configuration employing these encryption methods will be briefly described with reference to FIG.
[0013]
FIG. 1 shows a reproduction means 10 such as a PC (personal computer) or a game machine that reproduces a program, audio data, video data, etc. (Content) acquired from a data providing means such as a DVD, a CD 30 or the Internet 40. In addition, a configuration example is shown in which data acquired from a DVD, a CD 30, the Internet 40, or the like can be stored in the storage means 20 such as a floppy disk, a memory card, or a hard disk.
[0014]
Content such as a program, audio data, and video data is encrypted and provided to a user having the playback means 10. The authorized user obtains the key data which is the encryption / decryption key along with the encrypted data.
[0015]
The reproduction means 10 has a CPU 12 and executes reproduction processing of input data by the reproduction processing unit 14. The reproduction processing unit 14 performs a decryption process on the encrypted data, and reproduces the provided program, and reproduces content such as audio data and image data.
[0016]
The authorized user saves content such as a program / data in the storage means 20 in order to use the provided program again. The reproduction means 10 has a storage processing unit 13 for executing this content storage processing. In order to prevent unauthorized use of data stored in the storage unit 20, the storage processing unit 13 performs storage processing by performing encryption processing on the data.
[0017]
When encrypting content, a content encryption key is used. The storage processing unit 13 encrypts the content using the content encryption key and stores it in the storage unit 21 of the storage unit 20 such as an FD (floppy disk), a memory card, or a hard disk.
[0018]
When the user retrieves the stored content from the storage means 20 and reproduces it, the user retrieves the encrypted data from the storage means 20 and uses the reproduction processing unit 14 of the reproduction means 10 to decrypt the content, ie, the decryption key. Is used to execute decryption processing to obtain the decrypted data from the encrypted data and reproduce it.
[0019]
According to the conventional configuration example shown in FIG. 1, since the stored content is encrypted in the storage means 20 such as a floppy disk or a memory card, unauthorized reading from the outside can be prevented. However, if this floppy disk is played back and used by the playback means of information equipment such as another PC or game machine, playback with the same content key, that is, the same decryption key for decrypting the encrypted content If it is not a means, it cannot be regenerated. Therefore, in order to realize a form that can be used in a plurality of information devices, it is necessary to share the encryption key provided to the user.
[0020]
However, sharing the content encryption key increases the possibility of random distribution of encryption processing keys to users who do not have a regular license, and content fraud by users who do not have a regular license. There is a drawback that it is impossible to prevent use, and it becomes difficult to eliminate unauthorized use in PCs, game machines, etc. that do not have a regular license.
[0021]
Furthermore, in an environment where keys are shared as described above, encrypted content created on a certain PC and stored in a storage means such as a memory card or a floppy disk can be easily transferred to another floppy disk. It can be duplicated, and it can be used using a duplicate floppy disk instead of the original content data. Many content data that can be used on information devices such as game machines and PCs are duplicated or altered. There was a possibility.
[0022]
[Problems to be solved by the invention]
As described above, content encryption is generally performed to prevent unauthorized use of content. However, there are various contents encryption modes. For example, there are cases where the processing speed is prioritized and single DES encryption processing is performed, and content is prioritized by the triple DES scheme encryption configuration. Therefore, it is desirable that the configuration of the encryption processing unit of various data processing apparatuses such as a recording / reproducing device or a recording device that uses content is compatible with both the triple DES method and the single DES method.
[0023]
However, in order to make it possible to execute both the single DES method and the triple DES method for the encryption processing unit configuration of the recording / reproducing device and the recording device, it is necessary to configure separate circuits and logics that match the respective methods. This leads to complication of the processing unit included in the apparatus.
[0024]
The present invention solves such problems. In the configuration of the present invention, the encryption processing unit on the recording device side has a single DES configuration, and processing corresponding to triple DES encryption processing can be executed. The present invention provides a data processing system, a recording device, and a data processing method capable of storing encrypted data (key, content, etc.) by a triple DES method in a memory of the recording device.
[0025]
[Means for Solving the Problems]
  The first aspect of the present invention is:
  In a data processing system composed of a first device and a second device that mutually transfer encrypted data,
  The second device has a cryptographic processing unit that performs cryptographic processing related to transfer data with the first device,
  The cryptographic processing unit
  A single-time common key encryption processing unit that performs encryption processing by applying one common key encryption processing to the transfer data with the first device;
  A control unit that repeatedly executes the encryption process in the single-time common key encryption processing unit a plurality of times, and executes a multiple-time common key encryption process;
  Has a configuration to selectively execute single-time common key encryption processing and multiple-time common key encryption processingAnd
The multiple-number common key encryption process is:
A configuration in which a plurality of key data for a multiple-number common key encryption process is sequentially received from the first device, and a single-time common key encryption process is repeatedly executed based on the received key data.It is in the data processing system characterized by this.
[0026]
Furthermore, in an embodiment of the data processing system of the present invention, the multiple-number common key encryption process in the encryption processing unit is transferred from the first device to the second device, and is stored in the second device. A command sequence including encryption key exchange processing for encrypted data stored in the storage means, or stored in the storage means in the second device and transferred from the second device to the first device A command sequence including an encryption key exchange process for encrypted data to be executed, and at least one of the command sequences described above is executed.
[0028]
Further, in an embodiment of the data processing system of the present invention, the control unit of the encryption processing unit receives a command identifier transferred from the first device according to a predetermined setting sequence, and receives the received command identifier. The command sequence stored in the register is a single-time common key encryption processing sequence, and when executing the multiple-time common key encryption processing, the single-time common key is a command sequence stored in the register. The present invention is characterized in that the control is performed to repeatedly execute the cryptographic processing sequence a plurality of times.
[0029]
Furthermore, in one embodiment of the data processing system of the present invention, the encryption processing unit has a configuration in which the single-time common key encryption processing unit executes encryption processing to which the CBC mode is applied using encryption processing target data as a message. The cryptographic processing unit is configured to repeatedly execute the cryptographic processing in the single-time common key cryptographic processing unit a plurality of times only in a part of the message string to be cryptographically processed, and execute the cryptographic processing using the multiple-time common key It is characterized by being.
[0030]
Furthermore, in one embodiment of the data processing system of the present invention, the encryption processing unit uses a single-time common key method or a multiple-time common key based on header information of data content to be encrypted. It is characterized by executing a process for determining whether to use a method.
[0031]
Furthermore, in one embodiment of the data processing system of the present invention, the second device is a storage device having a data storage unit for storing encrypted data, and the first device is configured to store data for the storage device. A recording / reproducing device that retrieves, reproduces, and executes data stored in the storage device, and the storage device that is the second device performs a plurality of encryption processing in the single-time common key encryption processing unit; It is characterized in that it has a configuration in which cryptographic data obtained by repeatedly executing the common key cryptographic process a plurality of times is stored in the data storage unit.
[0032]
Furthermore, in an embodiment of the data processing system of the present invention, the common key encryption process is a DES encryption process.
[0033]
  Furthermore, the second aspect of the present invention provides
  A recording device having a data storage unit that stores content data that can be transferred to and from an external device,
  The recording device includes an encryption processing unit that performs encryption processing on the content data,
  The encryption processing unit
  A single-time common key encryption processing unit for performing encryption processing by applying one-time common key encryption processing to the content data;
  A control unit that repeatedly executes the encryption process in the single-time common key encryption processing unit a plurality of times, and executes a multiple-time common key encryption process;
  Has a configuration to selectively execute single-time common key encryption processing and multiple-time common key encryption processingAnd
The multiple-number common key encryption process is:
This is a configuration in which a plurality of key data for multiple-number common key encryption processing is sequentially received from an external device, and sequential single-number common key encryption processing is repeatedly executed based on the received key data.The recording device is characterized by the above.
[0034]
Furthermore, in an embodiment of the recording device of the present invention, the multiple-number common key encryption process in the encryption processing unit is transferred from an external device to the recording device and stored in a storage unit in the recording device. Command sequence including encryption key exchange processing for encrypted data, or command sequence including encryption key exchange processing for encrypted data stored in storage means in the recording device and transferred from the recording device to an external device, It is a configuration that is executed in at least one of the above command sequences.
[0036]
Furthermore, in one embodiment of the recording device of the present invention, the control unit of the encryption processing unit receives a command identifier transferred from an external device according to a predetermined setting sequence, and a command corresponding to the received command identifier The command sequence stored in the register is a single-time common key encryption processing sequence, and when executing the multiple-time common key encryption processing, the single-time common key encryption processing sequence is executed. The present invention is characterized in that the control is repeatedly executed a plurality of times.
[0037]
Furthermore, in one embodiment of the recording device of the present invention, the encryption processing unit has a configuration in which the single-time common key encryption processing unit executes encryption processing to which the CBC mode is applied using encryption processing target data as a message, The cryptographic processing unit is configured to execute cryptographic processing using a multiple-time common key by repeatedly performing cryptographic processing in the single-time common key cryptographic processing unit a plurality of times only in a part of a message string to be encrypted. It is characterized by being.
[0038]
Furthermore, in an embodiment of the recording device of the present invention, the encryption processing unit uses a single-time common key method or a multiple-time common key method based on header information of data content to be encrypted. It is characterized by executing a process for determining whether or not.
[0039]
Furthermore, in an embodiment of the recording device of the present invention, the recording device is a cipher obtained by executing a multiple-time common key encryption process by repeatedly executing the encryption process in the single-time common key encryption processing unit a plurality of times. The processing data is stored in the data storage unit.
[0040]
Furthermore, in an embodiment of the recording device of the present invention, the common key encryption process is a DES encryption process.
[0041]
  Furthermore, the third aspect of the present invention provides
  A data processing method in a data processing system comprising a first device and a second device that mutually execute content data transfer,
  The second device is:
  Using a single common key encryption processing unit capable of executing a single common key encryption process, a single common key encryption process is repeated multiple times on the content data, thereby performing a multiple common key encryption process. ExecutionAnd
The multiple-number common key encryption process is:
A process of sequentially receiving a plurality of key data for a multiple-number common key encryption process from the first device, and repeatedly executing the single-number common key encryption process sequentially based on the received key data.The data processing method is characterized by the above.
[0042]
Furthermore, in an embodiment of the data processing method of the present invention, the multiple-number common key encryption process is transferred from the first device to the second device and stored in a storage means in the second device. Command sequence including encryption key exchange process for stored encrypted data, or encryption stored in storage means in the second device and transferred from the second device to the first device It is executed in a command sequence including encryption key exchange processing for data, at least in any one of the above command sequences.
[0044]
Furthermore, in one embodiment of the data processing method of the present invention, the data processing method further receives a command identifier transferred from the first device according to a predetermined setting sequence, and receives the command identifier as the received command identifier. Including a step of fetching a corresponding command from the register and executing the command, wherein the command sequence stored in the register is a single-time common key encryption processing sequence. The processing sequence is repeatedly executed a plurality of times.
[0045]
Furthermore, in one embodiment of the data processing method of the present invention, the data processing method further executes encryption processing using the CBC mode with the encryption processing target data as a message, and a part of the message string to be encrypted processing target. The cryptographic process in the single-time common key encryption processing unit is repeatedly executed a plurality of times, and the cryptographic process using the multiple-time common key is executed.
[0046]
Furthermore, in an embodiment of the data processing method of the present invention, the data processing method further includes setting the encryption processing method to a single common key method based on header information of data content to be encrypted, A process for determining whether to use a common key system is performed.
[0047]
Furthermore, in an embodiment of the data processing method of the present invention, the data processing method further executes the multiple-time common key encryption process by repeatedly performing the encryption process in the single-time common key encryption processing unit a plurality of times. And storing the cryptographic processing data obtained in this manner in a data storage unit.
[0048]
Furthermore, in an embodiment of the data processing method of the present invention, the common key encryption process is a DES encryption process.
[0049]
  Furthermore, the fourth aspect of the present invention provides
  A program providing medium for providing a computer program that allows a computer system to execute data processing in a data processing system including a first device and a second device that mutually perform content data transfer,
  Using a single common key encryption processing unit capable of executing a single common key encryption process, a single common key encryption process is repeated multiple times on the content data, thereby performing a multiple common key encryption process. The steps to perform
Have
The multiple-number common key encryption process is:
A process of sequentially receiving a plurality of key data for a multiple-number common key encryption process from the first device, and repeatedly executing the single-number common key encryption process sequentially based on the received key data.The program providing medium is characterized by the above.
[0050]
The program providing medium according to the present invention is a medium that provides a computer program in a computer-readable format to, for example, a general-purpose computer system that can execute various program codes. The form of the medium is not particularly limited, such as a storage medium such as a CD, FD, or MO, or a transmission medium such as a network.
[0051]
Such a program providing medium defines a structural or functional cooperative relationship between a computer program and a providing medium for realizing a function of a predetermined computer program on a computer system. . In other words, by installing a computer program in the computer system via the provided medium, a cooperative action is exhibited on the computer system, and the same effects as the other aspects of the present invention are obtained. Can do it.
[0052]
Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings.
[0053]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below. The explanation procedure is performed according to the following items.
(1) Data processor configuration
(2) Content data format
(3) Overview of cryptographic processing applicable to data processing devices
(4) Storage data structure of recording / reproducing device
(5) Storage device storage data configuration
(6) Mutual authentication processing between recording / reproducing device and recording device
(6-1) Overview of mutual authentication processing
(6-2) Key block switching during mutual authentication
(7) Download process from recording / playback device to recording device
(8) Reproduction processing of recording device storage information by recording / reproducing device
(9) Key exchange process after mutual authentication
(10) Multiple content data formats and download and playback processing corresponding to each format
(11) Check value (ICV) generation process in content provider
(12) Cryptographic key generation configuration based on master key
(13) Control of cryptographic strength in cryptographic processing
(14) Program activation processing based on the activation priority in the handling policy for content data
(15) Content composition and playback (decompression) processing
(16) Generation of save data, storage in a recording device, and reproduction processing
(17) Unauthorized device exclusion (revocation) configuration
(18) Secure chip configuration and manufacturing method
[0054]
(1) Data processor configuration
FIG. 2 is a block diagram showing the overall configuration of an embodiment of the data processing apparatus of the present invention. The data processing apparatus of the present invention includes a recording / reproducing device 300 and a recording device 400 as main components.
[0055]
The recording / reproducing device 300 is configured by, for example, a personal computer (PC) or a game machine. As shown in FIG. 2, the recording / reproducing device 300 includes a control unit 301 that performs overall control including communication control with the recording device 400 at the time of encryption processing in the recording / reproducing device 300, and a recording / reproducing device encryption that controls overall encryption processing. A processing unit 302, a recording device controller 303 that performs authentication processing with a recording device 400 connected to a recording / reproducing device, reads and writes data, a reading unit 304 that reads at least data from a medium 500 such as a DVD, and external and data A communication unit 305 that performs transmission and reception is included.
[0056]
The recording / reproducing device 300 downloads content data to the recording device 400 and reproduces content data from the recording device 400 under the control of the control unit 301. The recording device 400 is a storage medium that is preferably detachable from the recording / reproducing device 300, such as a memory card. Have.
[0057]
The recording / reproducing device 300 receives content data distributed from a network such as the reading unit 304 as an interface capable of inputting content data stored in the storage medium, DVD, CD, FD, and HDD shown at the left end of FIG. It has a communication unit 305 as an inputable interface, and inputs content from the outside.
[0058]
The recording / reproducing device 300 includes an encryption processing unit 302 and downloads content data input from the outside via the reading unit 304 or the communication unit 305 to the recording device 400, or reproduces content data from the recording device 400. , An authentication process, an encryption process, a decryption process, and a data verification process are executed. The cryptographic processing unit 302 includes a control unit 306 that controls the entire cryptographic processing unit 302, an internal memory 307 that holds information such as a cryptographic processing key, and has been processed so that data cannot be easily read from the outside. The encryption / decryption unit 308 performs encryption processing, decryption processing, generation / verification of authentication data, generation of random numbers, and the like.
[0059]
For example, when the recording device 400 is attached to the recording / reproducing device 300, the control unit 301 transmits an initialization command to the recording device 400 via the recording device controller 303, or the control unit 301 of the recording / reproducing device encryption processing unit 302 It performs mediation processing in various processes such as mutual authentication processing, check value matching processing, encryption and decryption processing performed between the encryption / decryption unit 308 and the encryption / decryption unit 406 of the recording device encryption processing unit 401. Each of these processes will be described in detail later.
[0060]
The encryption processing unit 302 is a processing unit that executes authentication processing, encryption processing, decryption processing, and data verification processing, as described above, and includes an encryption processing control unit 306, an internal memory 307, an encryption / decryption unit. 308.
[0061]
The encryption processing control unit 306 is a control unit that performs control related to the entire encryption processing such as authentication processing and encryption / decryption processing executed in the recording / reproducing device 300. For example, the recording / reproducing device 300, the recording device 400, and the like. Setting of an authentication completion flag at the time of completion of authentication processing executed between the various processes executed in the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302, for example, check value generation relating to download or reproduction content data It performs control related to encryption processing in general, such as processing execution instructions and execution instructions for generating various key data.
[0062]
The internal memory 307, which will be described in detail later, is key data or identification data required for various processes such as mutual authentication processing, check value verification processing, encryption, decryption processing, etc. executed in the recording / reproducing device 300. Etc. are stored.
[0063]
The encryption / decryption unit 308 downloads content data input from the outside to the recording device 400 using the key data stored in the internal memory 307 or the content data stored in the recording device 400 Is executed from the recording device 400, and processing such as authentication processing, encryption processing, and decryption processing, and generation / verification of predetermined check values and electronic signatures, data verification, and random number generation are executed.
[0064]
Here, since the internal memory 307 of the recording / reproducing device encryption processing unit 302 holds important information such as an encryption key, it is necessary to have a structure that prevents unauthorized reading from the outside. Accordingly, the cryptographic processing unit 302 is configured by a semiconductor chip having a structure that is difficult to access from the outside, and has a multilayer structure, and the internal memory is sandwiched between dummy layers such as an aluminum layer or configured at the lowest layer. In addition, it is configured as a tamper-resistant memory having characteristics that make it difficult to read data illegally from the outside, such as a narrow operating voltage and / or frequency range. This configuration will be described in detail later.
[0065]
In addition to these cryptographic processing functions, the recording / reproducing device 300 includes a central processing unit (Main CPU) 106, a RAM (Random Access Memory) 107, a ROM (Read Only Memory) 108, an AV processing unit 109, An input interface 110, a PIO (parallel I / O interface) 111, and an SIO (serial I / O interface) 112 are provided.
[0066]
A central processing unit (Main CPU) 106, a RAM (Random Access Memory) 107, and a ROM (Read Only Memory) 108 are components that function as a control system of the main body of the recording / reproducing device 300. It functions as a reproduction processing unit that performs reproduction of the data decrypted by the device encryption processing unit 302. For example, the central processing unit (main CPU: Central Processing Unit) 106 reproduces content by outputting content data read from the recording device and decoded to the AV processing unit 109 under the control of the control unit 301. Executes control related to execution.
[0067]
The RAM 107 is used as a main storage memory for various processes in the CPU 106 and is used as a work area for processing by the main CPU 106. The ROM 108 stores a basic program or the like for starting up an OS or the like activated by the main CPU 106.
[0068]
Specifically, the AV processing unit 109 has a data compression / decompression processing mechanism such as an MPEG2 decoder, an ATRAC decoder, and an MP3 decoder, and outputs data such as a display or a speaker (not shown) attached to or connected to the recording / reproducing unit. Execute processing for data output to the device.
[0069]
The input interface 110 outputs input data from various input means such as a connected controller, keyboard, and mouse to the main CPU 106. The main CPU 106 executes processing in accordance with an instruction from the controller from the user based on, for example, a game program being executed.
[0070]
A PIO (parallel I / O interface) 111 and a SIO (serial I / O interface) 112 are used as a connection interface with a memory card, a storage device such as a game cartridge, a portable electronic device, or the like.
[0071]
The main CPU 106 also performs control when storing setting data or the like related to the game being executed in the recording device 400 as saved data. In this processing, the stored data is transferred to the control unit 301, and the control unit 301 causes the encryption processing unit 302 to execute encryption processing on the save data as necessary, and stores the encrypted data in the recording device 400. These encryption processes will be described in detail later.
[0072]
As described above, the recording device 400 is preferably a storage medium that can be attached to and detached from the recording / reproducing device 300, and includes, for example, a memory card. The recording device 400 includes an encryption processing unit 401 and an external memory 402.
[0073]
The recording device encryption processing unit 401 performs mutual authentication between the recording / reproducing device 300 and the recording device 400 at the time of downloading content data from the recording / reproducing device 300 or reproducing content data from the recording device 400 to the recording / reproducing device 300. The processing unit executes processing, encryption processing, decryption processing, and data verification processing, and includes a control unit, an internal memory, an encryption / decryption unit, and the like, similar to the encryption processing unit of the recording / reproducing device 300. These details are shown in FIG. As described above, the external memory 402 is configured by a nonvolatile memory such as a flash memory such as an EEPROM, a hard disk, a battery-equipped RAM, and stores encrypted content data and the like.
[0074]
FIG. 3 shows an outline of the data structure inputted from the medium 500, which is a content providing means to which the data processing apparatus of the present invention supplies data, and the communication means 600, and the contents are inputted from these content providing means 500, 600. FIG. 4 is a diagram showing configurations of a recording / reproducing device 300 and a recording device 400 with a focus on configurations related to encryption processing.
[0075]
The medium 500 is, for example, an optical disk medium, a magnetic disk medium, a magnetic tape medium, a semiconductor medium, or the like. The communication means 600 is a means capable of data communication such as Internet communication, cable communication, satellite communication and the like.
[0076]
In FIG. 3, the recording / reproducing device 300 verifies the data input from the medium 500 as the content providing means and the communication means 600, that is, the content according to a predetermined format as shown in FIG. 3, and records the content after the verification. Save to device 400.
[0077]
As shown in the media 500 and communication means 600 in FIG. 3, the content data has the following components.
Identification information: identification information as an identifier of content data.
Handling policy: Content data configuration information such as header size, content size, format version of content data, content type indicating whether the content is a program or data, etc. Furthermore, it can be used only by the device on which the content was downloaded. Handling policy including usage restriction information such as whether it can be used with other devices.
Block information: Block information composed of the number of content blocks, the block size, an encryption flag indicating the presence / absence of encryption, and the like.
Key data: Key data composed of an encryption key for encrypting the above block information, a content key for encrypting a content block, or the like.
Content block: A content block made up of program data, music, image data, and the like to be actually reproduced.
Have Details of the content data will be described in detail later with reference to FIG.
[0078]
The content data is encrypted with a content key (herein referred to as a content key (hereinafter referred to as Kcon)) and provided to the recording / reproducing device 300 from the medium 500 and the communication unit 600. The content can be stored in the external memory of the recording device 400 via the recording / reproducing device 300.
[0079]
For example, the recording device 400 uses a key unique to the recording device (herein referred to as a storage key (hereinafter referred to as “Kstr”)) stored in the internal memory 405 in the recording device to The content included in the data, the block information included as header information of the content data, and various key information such as the content key Kcon are encrypted and stored in the external memory 402. In the download processing of the content data from the recording / reproducing device 300 to the recording device 400 or the reproduction processing of the content data stored in the recording device 400 by the recording / reproducing device 300, mutual authentication processing between devices, encryption of content data A predetermined procedure such as a decryption process is required. These processes will be described in detail later.
[0080]
As shown in FIG. 3, the recording device 400 includes an encryption processing unit 401 and an external memory 402. The encryption processing unit 401 includes a control unit 403, a communication unit 404, an internal memory 405, an encryption / decryption unit 406, and an external memory. A control unit 407 is included.
[0081]
The recording device 400 is responsible for overall encryption processing, controls the external memory 402, interprets commands from the recording / reproducing device 300, and executes processing, and an external memory 402 that holds content and the like. Consists of.
[0082]
The recording device encryption processing unit 401 stores information such as a control unit 403 that controls the entire recording device encryption processing unit 401, a communication unit 404 that transmits / receives data to / from the recording / reproducing device 300, and key data for encryption processing. Internal memory 405 that has been processed so as not to be easily read from, encryption / decryption processing, authentication data generation / verification, random number generation, etc., and external memory 402 An external memory control unit 407 for reading and writing data.
[0083]
The control unit 403 is a control unit that performs control related to the entire encryption processing such as authentication processing and encryption / decryption processing executed in the recording device 400. For example, between the recording / reproducing device 300 and the recording device 400, Setting of an authentication completion flag at the time of completion of the authentication process executed in step S4, various processes executed in the encryption / decryption unit 406 of the encryption processing unit 401, for example, execution instructions for download or check value generation processing relating to playback content data, It performs control related to overall cryptographic processing, such as execution instructions for various key data generation processing.
[0084]
The internal memory 405, which will be described in detail later, is composed of a memory having a plurality of blocks, and includes various types of authentication such as mutual authentication processing, check value matching processing, encryption, decryption processing, and the like executed in the recording device 400. A plurality of sets of key data or identification data necessary for processing are stored.
[0085]
Similar to the internal memory 307 of the recording / reproducing device encryption processing unit 302 described above, the internal memory 405 of the recording device encryption processing unit 401 holds important information such as an encryption key, and thus is difficult to read out illegally from the outside. It needs to be structured. Accordingly, the encryption processing unit 401 of the recording device 400 is configured by a semiconductor chip having a structure that is difficult to access from the outside, and has a multilayer structure, and the internal memory is sandwiched between dummy layers such as an aluminum layer or the like. It is configured in the lower layer and has a characteristic that makes it difficult to read data illegally from the outside, such as a narrow operating voltage and / or frequency range. Note that the recording / reproducing device encryption processing unit 302 may be software configured such that secret information such as a key is not easily leaked to the outside.
[0086]
The encryption / decryption unit 406 performs processing for downloading content data from the recording / reproducing device 300, processing for reproducing content data stored in the external memory 402 of the recording device 400, or mutual processing between the recording / reproducing device 300 and the recording device 400. At the time of authentication processing, using key data stored in the internal memory 405, data verification processing, encryption processing, decryption processing, generation / verification of predetermined check values and electronic signatures, generation of random numbers, etc. Execute processing etc.
[0087]
The communication unit 404 is connected to the recording device controller 303 of the recording / reproducing device 300, and according to the control of the control unit 301 of the recording / reproducing device 300 or the control unit 403 of the recording device 403, content data download processing, reproduction processing, or The transfer data is communicated between the recording / reproducing device 300 and the recording device 400 during the mutual authentication process.
[0088]
(2) Content data format
Next, a data format of data stored in the medium 500 in the system of the present invention or distributed on the data communication unit 600 will be described with reference to FIGS.
[0089]
4 is a diagram illustrating the format of the entire content data, and the configuration illustrated in FIG. 5 is a diagram illustrating details of a “handling policy” that forms a part of the header portion of the content data. It is a figure which shows the detail of the "block information" in which a structure comprises a part of header part of content data.
[0090]
Here, a typical example of a data format applied in the system of the present invention will be described. However, in the system of the present invention, for example, a format corresponding to a game program, a format suitable for real-time processing of music data, etc. A plurality of different data formats can be used, and modes of these formats will be described in more detail in “(10) Multiple content data formats and download and playback processing corresponding to each format”.
[0091]
In the data format shown in FIG. 4, the portion shown in gray is encrypted data, the double frame portion is tampering check data, and the other white portion is plaintext data that is not encrypted. The encryption key of the encryption unit is a key shown on the left side of each frame. In the example shown in FIG. 4, encrypted blocks and unencrypted blocks are mixed in each block (content block data) of the content portion. These forms differ depending on the content data, and all the content block data included in the data may be encrypted.
[0092]
As shown in FIG. 4, the data format is divided into a header portion and a content portion. The header portion includes identification information (Content ID), a handling policy (Usage Policy), a check value A (Integrity Check Value A (hereinafter referred to as “Check Value A”). ICVa)), block information key (Block Information Table Key (hereinafter referred to as Kbit)), content key Kcon, block information (Block Information Table (hereinafter referred to as BIT)), check value B (ICVb), total The content part is composed of a plurality of content blocks (for example, encrypted content and unencrypted content).
[0093]
Here, the identification information indicates an individual identifier (Content ID) for identifying the content. As shown in detail in FIG. 5, the handling policy includes a header size indicating the size of the header portion (Header Length), a content size indicating the size of the content portion (Content Length), and a format version indicating the version information of the format (Format Version), a format type indicating the type of format (Format Type), a content type indicating the type of content such as whether the content stored in the content part is a program or data, and the content type is a program Startup priority information (Operation Priority) indicating the startup priority in case of use, and usage restriction information indicating whether the content downloaded according to this format can be used only by the downloaded device or other similar devices ( Localization Field) Copy restriction information (Copy Permission) indicating whether the content downloaded according to this format can be copied from the downloaded device to other similar devices, and the content downloaded according to this format from the downloaded device to other Move restriction information (Move Permission) indicating whether or not the device can be moved to the same device, encryption algorithm (Encryption Algorithm) indicating the algorithm used to encrypt the content block in the content part, and encrypting the content in the content part It consists of an encryption mode (Encryption Mode) indicating how to use the algorithm used in the above, and a verification method (Integrity Check Method) indicating how to generate a check value.
[0094]
Note that the data item recorded in the handling policy described above is one example, and various handling policy information can be recorded according to the mode of the corresponding content data. For example, as will be described in detail in “(17) Unauthorized Device Elimination (Revocation) Configuration” below, the identifier of the unauthorized recording / reproducing device is recorded as data, and content use by the unauthorized device is excluded by collation at the start of use. It is also possible to configure as described above.
[0095]
Check values A and ICVa are check values for verifying falsification of identification information and handling policy. It functions as a check value for partial data rather than the entire content data, that is, as a partial check value. The data block information key Kbit is used to encrypt the block information, and the content key Kcon is used to encrypt the content block. Note that the block information key Kbit and the content key Kcon are encrypted on the medium 500 and the communication means 600 with a distribution key (Distribution Key (hereinafter referred to as Kdis)) described later.
[0096]
Details of the block information are shown in FIG. Note that the block information in FIG. 6 is data that is all encrypted with the block information key Kbit as understood from FIG. As shown in FIG. 6, the block information is composed of a content block number (Block Number) indicating the number of content blocks and N pieces of content block information. The content block information includes a block size (Block Length), an encryption flag (Encryption Flag) indicating whether encryption is performed, a verification target flag (ICV Flag) indicating whether a check value needs to be calculated, It consists of a content check value (ICVi).
[0097]
The content check value is a check value used for verifying tampering of each content block. A specific example of the content check value generation method will be described later in the column “(10) Multiple data formats, download processing to a recording device corresponding to each format, and reproduction processing from the recording device”. The block information key Kbit for encrypting the block information is further encrypted with the delivery key Kdis.
[0098]
The description of the data format in FIG. 4 will be continued. The check values B and ICVb are check values for verifying falsification of the block information key Kbit, the content key Kcon, and the block information. It functions as a check value for partial data rather than the entire content data, that is, as a partial check value. The total check value ICVt is a check value for verifying falsification of ICVa, ICVb, the check value ICVi of each content block (if set), these partial check values, or all the data to be checked. .
[0099]
In FIG. 6, the block size, the encryption flag, and the verification target flag can be freely set, but a configuration in which rules are determined to some extent may be employed. For example, the block information BIT may be compressed by repeating the fixed-size ciphertext area and the plaintext area, or encrypting all content data. Further, in order to make the content key Kcon different for each content block, the content key Kcon may be included in the content block instead of the header portion. Examples of content data formats will be described in more detail in the section “(10) Multiple content data formats and download and playback processing corresponding to each format”.
[0100]
(3) Overview of cryptographic processing applicable to the data processing apparatus of the present invention
Next, aspects of various cryptographic processes that can be applied in the data processing apparatus of the present invention will be described. The description relating to the encryption processing shown in “(3) Overview of encryption processing applicable to the data processing device of the present invention” in this item is various processing in the data processing device of the present invention specifically described later, for example, a . Authentication processing between the recording / reproducing device and the recording device. b. Download processing to the content recording device. c. An outline of an aspect of encryption processing that is a basis of processing executed in processing such as playback processing of content stored in a recording device will be described. Specific processing in the recording / reproducing device 300 and the recording device 400 will be described in detail for each processing in the item (4) and thereafter in this specification.
[0101]
The following is an overview of cryptographic processing applicable in the data processing device.
(3-1) Message authentication by common key cryptography
(3-2) Electronic signature by public key cryptosystem
(3-3) Verification of electronic signature by public key cryptosystem
(3-4) Mutual authentication by common key cryptosystem
(3-5) Public key certificate
(3-6) Mutual authentication by public key cryptosystem
(3-7) Encryption processing using elliptic curve cryptography
(3-8) Decryption processing using elliptic curve cryptography
(3-9) Random number generation processing
Will be described in the order.
[0102]
(3-1) Message authentication by common key cryptography
First, falsification detection data generation processing using a common key cryptosystem will be described. The falsification detection data is data for checking falsification and author authentication by attaching to data to be falsified.
[0103]
For example, the check values A and B of the double frame portion in the data structure described in FIG. 4, the total check value, the content check value stored in each block in the block information shown in FIG. Generated as detection data.
[0104]
Here, an example using DES in the common key cryptosystem will be described as one example of a generation processing method of electronic signature data. In the present invention, in addition to DES, for example, FEAL (Fast Encipherment ALgorithm: NTT), AES (Advanced Encryption Standard: US Next Standard Cipher), etc. can be used as processing in the same common key cryptosystem. .
[0105]
A method of generating a digital signature using a general DES will be described with reference to FIG. First, prior to generating an electronic signature, a message to be subjected to the electronic signature is divided into units of 8 bytes (hereinafter, the divided messages are referred to as M1, M2,..., MN). Then, the initial value (Initial Value (hereinafter referred to as IV)) and M1 are exclusive ORed (the result is assumed to be I1). Next, I1 is put into the DES encryption unit and encrypted using a key (hereinafter referred to as K1) (the output is assumed to be E1). Subsequently, E1 and M2 are exclusively ORed, and the output I2 is input to the DES encryption unit and encrypted using the key K1 (output E2). Thereafter, this is repeated, and encryption processing is performed on all messages. The EN that comes out last becomes an electronic signature. This value is generally referred to as a message authentication code (MAC) and is used for checking message tampering. In addition, such a method of chaining ciphertexts is referred to as a CBC (Cipher Block Chaining) mode.
[0106]
The MAC values output in the generation example as shown in FIG. 7 are the check values A and B of the double frame portion in the data structure shown in FIG. 4, the total check values, and the block information shown in FIG. The content check values ICV1 to ICVN stored in each block can be used. At the time of verifying the MAC value, the verifier generates the MAC value by the same method as at the time of generation, and if the same value is obtained, the verification is successful.
[0107]
In the example shown in FIG. 7, the initial value IV is exclusively ORed with the first 8-byte message M1, but the initial value IV = 0 may be used so that the initial value is not exclusively ORed. .
[0108]
FIG. 8 is a processing configuration diagram showing a MAC value generation method in which security is further improved with respect to the MAC value generation method shown in FIG. FIG. 8 shows an example in which a MAC value is generated using a triple DES instead of the single DES of FIG.
[0109]
FIG. 9 shows a detailed configuration example of each Triple DES component shown in FIG. As shown in FIGS. 9A and 9B, there are two different modes in the configuration as a triple DES. FIG. 9A shows an example using two encryption keys. Processing is performed in the order of encryption processing using key 1, decryption processing using key 2, and encryption processing using key 1. Two types of keys are used in the order of K1, K2, and K1. FIG. 9B shows an example using three encryption keys. The encryption process using the key 1, the encryption process using the key 2, and the encryption process using the key 3 are performed in this order, and the encryption is performed three times. Process. Three types of keys are used in the order of K1, K2, and K3. By adopting a configuration in which a plurality of processes are continued in this manner, the security strength is improved as compared with single DES. However, this Triple DES configuration has the disadvantage that the processing time is approximately three times that of a single DES.
[0110]
FIG. 10 shows a MAC value generation configuration example obtained by improving the triple DES configuration described in FIGS. In FIG. 10, the encryption process for each message from the beginning to the middle of the message sequence to be signed is all performed by single DES, and only the encryption process for the last message is performed by the triple DES (shown in FIG. 9A). Triple DES) configuration.
[0111]
By adopting such a configuration as shown in FIG. 10, the MAC value generation processing time of the message is shortened to approximately the same time as the MAC value generation processing by the single DES, and the security is higher than the MAC value by the single DES. Can also be increased. Note that the triple DES configuration for the final message may be the configuration shown in FIG.
[0112]
(3-2) Electronic signature by public key cryptosystem
The above is a method of generating electronic signature data when the common key encryption method is applied as the encryption method. Next, FIG. 11 shows a method of generating an electronic signature using the public key encryption method as the encryption method. It explains using. The process shown in FIG. 11 is an electronic signature data generation process flow using EC-DSA ((Elliptic Curve Digital Signature Algorithm), IEEE P1363 / D3). Here, an example using elliptic curve cryptography (hereinafter referred to as ECC) as public key cryptography will be described. In the data processing apparatus of the present invention, in addition to elliptic curve cryptography, for example, RSA cryptography ((Rivest, Shamir, Adleman), etc. (ANSI X9.31)) in a similar public key cryptosystem can be used. It is.
[0113]
Each step in FIG. 11 will be described. In step S1, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y2= xThree+ Ax + b), G is the base point on the elliptic curve, r is the order of G, and Ks is the secret key (0 <Ks <r). In step S2, the hash value of the message M is calculated and set to f = Hash (M).
[0114]
Here, a method for obtaining a hash value using a hash function will be described. A hash function is a function that takes a message as input, compresses the message into data of a predetermined bit length, and outputs the data as a hash value. It is difficult for the hash function to predict the input from the hash value (output). When one bit of the data input to the hash function changes, many bits of the hash value change, and the same hash value is changed. It has a feature that it is difficult to find different input data. As the hash function, MD4, MD5, SHA-1, or the like may be used, or the same DES-CBC as described in FIG. 7 and others may be used. In this case, the MAC (check value: corresponding to ICV) that is the final output value is the hash value.
[0115]
Subsequently, in step S3, a random number u (0 <u <r) is generated, and in step S4, coordinates V (Xv, Yv) obtained by multiplying the base point by u are calculated. The addition and doubling on the elliptic curve are defined as follows.
[0116]
[Expression 1]
[0117]
Use these to calculate u times the point G (the speed is slow, but the easiest way to do this is as follows: calculate G, 2 × G, 4 × G,. 2 corresponding to where 1 is standingiXG (value obtained by doubling G times i times) is added (i is a bit position when counted from the LSB of u)).
[0118]
In step S5, c = Xvmod r is calculated. In step S6, it is determined whether or not this value is 0. If not 0, d = [(f + cKs) / u] mod r is calculated in step S7, and step S8. Whether d is 0 or not is determined. If d is not 0, c and d are output as electronic signature data in step S9. Assuming that r is 160 bits long, the electronic signature data is 320 bits long.
[0119]
If c is 0 in step S6, the process returns to step S3 to generate a new random number. Similarly, if d is 0 in step S8, the process returns to step S3 to generate a random number again.
[0120]
(3-3) Verification of electronic signature by public key cryptosystem
Next, an electronic signature verification method using a public key cryptosystem will be described with reference to FIG. In step S11, M is a message, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y2= xThree+ Ax + b), G is the base point on the elliptic curve, r is the order of G, and G and Ks × G are the public keys (0 <Ks <r). In step S12, it is verified whether the electronic signature data c and d satisfy 0 <c <r and 0 <d <r. If this is satisfied, the hash value of the message M is calculated in step S13, and f = Hash (M) is set. Next, h = 1 / d mod r is calculated in step S14, and h1 = fh mod r and h2 = ch mod r are calculated in step S15.
[0121]
In step S16, using the already calculated h1 and h2, the point P = (Xp, Yp) = h1 × G + h2 · Ks × G is calculated. Since the electronic signature verifier knows the public key G and Ks × G, it can calculate the scalar multiple of the points on the elliptic curve as in step S4 of FIG. In step S17, it is determined whether or not the point P is an infinite point. If not, the process proceeds to step S18 (actually, the infinite point can be determined in step S16. That is, P = (X , Y), Q = (X, −Y), it is known that λ cannot be calculated and P + Q is an infinite point). In step S18, Xp mod r is calculated and compared with the electronic signature data c. Finally, if the values match, the process proceeds to step S19, where it is determined that the electronic signature is correct.
[0122]
If it is determined that the electronic signature is correct, the data has not been tampered with, and it can be seen that the person holding the private key corresponding to the public key has generated the electronic signature.
[0123]
If the electronic signature data c or d does not satisfy 0 <c <r and 0 <d <r in step S12, the process proceeds to step S20. In step S17, the process proceeds to step S20 also when the point P is an infinite point. Furthermore, when the value of Xp mod r does not match the electronic signature data c in step S18, the process proceeds to step S20.
[0124]
If it is determined in step S20 that the electronic signature is not correct, it can be seen that the data has been tampered with or that the person holding the private key corresponding to the public key has not generated the electronic signature.
[0125]
(3-4) Mutual authentication by common key cryptosystem
Next, a mutual authentication method using a common key cryptosystem will be described with reference to FIG. In FIG. 13, DES is used as the common key encryption method, but any common key encryption method may be used as described above. In FIG. 13, first, B generates a 64-bit random number Rb, and transmits Rb and its own ID (b) to A. Upon receiving this, A newly generates a 64-bit random number Ra, encrypts the data using the key Kab in the CBC mode of DES in the order of Ra, Rb, and ID (b), and returns it to B. According to the DES CBC mode processing configuration shown in FIG. 7, Ra is equivalent to M1, Rb is equivalent to M2, ID (b) is equivalent to M3, and outputs E1, E2, and E3 when the initial value is IV = 0 are encrypted. Become a sentence.
[0126]
Upon receiving this, B decrypts the received data with the key Kab. As a method for decrypting received data, first, the ciphertext E1 is decrypted with the key Kab to obtain the random number Ra. Next, the ciphertext E2 is decrypted with the key Kab, and the result is exclusive-ORed with E1 to obtain Rb. Finally, the ciphertext E3 is decrypted with the key Kab, and the result and E2 are exclusive ORed to obtain ID (b). It is verified whether Rb and ID (b) of Ra, Rb, and ID (b) obtained in this way match those transmitted by B. If this verification is passed, B authenticates A as valid.
[0127]
Next, B generates a session key (Session Key (hereinafter referred to as Kses)) to be used after authentication (the generation method uses a random number). Then, encryption is performed using the key Kab in the DES CBC mode in the order of Rb, Ra, and Kses, and returned to A.
[0128]
Upon receiving this, A decrypts the received data with the key Kab. The method for decoding the received data is the same as the decoding process for B, so the details are omitted here. Of Rb, Ra, and Kses obtained in this way, it is verified whether Rb and Ra match those transmitted by A. If this verification is passed, A authenticates B as valid. After authenticating each other, the session key Kses is used as a common key for secret communication after authentication.
[0129]
In addition, when an illegality or a mismatch is found during the verification of the received data, the processing is interrupted on the assumption that mutual authentication has failed.
[0130]
(3-5) Public key certificate
Next, the public key certificate will be described with reference to FIG. A public key certificate is a certificate issued by a CA (Certificate Authority) in public key cryptography. When a user submits his / her ID, public key, etc. to the certificate authority, the certificate authority side The certificate is created by adding information such as the ID and expiration date of the certificate, and further adding a signature by a certificate authority.
[0131]
The public key certificate shown in FIG. 14 includes the certificate version number, the certificate serial number assigned to the certificate user by the certificate authority, the algorithm and parameters used for the electronic signature, the certificate authority name, and the certificate expiration date. , Including the certificate user's name (user ID), the certificate user's public key, and an electronic signature.
[0132]
The electronic signature consists of the certificate version number, the certificate serial number assigned to the certificate user by the certificate authority, the algorithm and parameters used for the electronic signature, the name of the certificate authority, the certificate expiration date, the certificate user This is data generated by applying a hash function to the name and the entire public key of the certificate user to generate a hash value and using the secret key of the certificate authority for the hash value. For example, the processing flow described with reference to FIG. 11 is applied to the generation of the electronic signature.
[0133]
The certificate authority issues the public key certificate shown in FIG. 14, updates the public key certificate that has expired, and creates, manages, and manages an unauthorized person list for rejecting the unauthorized user. Distribution (this is called revocation). In addition, a public key / private key is generated as necessary.
[0134]
On the other hand, when using this public key certificate, the user verifies the electronic signature of the public key certificate using the public key of the certificate authority that he / she holds, and publishes it after successfully verifying the electronic signature. The public key is extracted from the key certificate and the public key is used. Therefore, all users who use the public key certificate need to hold a common certificate authority public key. Since the electronic signature verification method has been described with reference to FIG.
[0135]
(3-6) Mutual authentication by public key cryptosystem
Next, a mutual authentication method using 160-bit elliptic curve cryptography, which is a public key cryptosystem, will be described with reference to FIG. In FIG. 15, ECC is used as the public key cryptosystem, but any public key cryptosystem may be used as described above. Also, the key size need not be 160 bits. In FIG. 15, first, B generates a 64-bit random number Rb and transmits it to A. Upon receiving this, A newly generates a 64-bit random number Ra and a random number Ak smaller than the characteristic p. Then, a point Av = Ak × G obtained by multiplying the base point G by Ak is obtained, and an electronic signature A.R. Sig is generated and returned to B along with A's public key certificate. Here, Ra and Rb are 64 bits each, and the X coordinate and Y coordinate of Av are 160 bits each, so that an electronic signature for a total of 448 bits is generated. The method for generating the electronic signature has been described with reference to FIG. Also, since the public key certificate has been described with reference to FIG. 14, its details are omitted.
[0136]
A's public key certificate, Ra, Rb, Av, electronic signature B that receives Sig verifies whether Rb transmitted by A matches that generated by B. As a result, if they match, the electronic signature in A's public key certificate is verified with the public key of the certificate authority, and A's public key is extracted. Since the verification of the public key certificate has been described with reference to FIG. 14, its details are omitted. Then, the electronic signature A.A. Verify Sig. Since the method for verifying the electronic signature has been described with reference to FIG. After successfully verifying the electronic signature, B authenticates A as legitimate.
[0137]
Next, B generates a random number Bk smaller than the characteristic p. Then, a point Bv = Bk × G obtained by multiplying the base point G by Bk is obtained, and an electronic signature B.Rb, Ra, Bv (X coordinate and Y coordinate) is obtained. Sig is generated and returned to A along with B's public key certificate.
[0138]
B's public key certificate, Rb, Ra, Av, digital signature A who receives Sig verifies whether Ra transmitted by B matches the one generated by A. As a result, if they match, the electronic signature in B's public key certificate is verified with the public key of the certificate authority, and B's public key is extracted. Then, using the B public key extracted, the electronic signature B.B. Verify Sig. After successfully verifying the electronic signature, A authenticates B as legitimate.
[0139]
If both are successfully authenticated, B is calculated as Bk × Av (Bk is a random number, but Av is a point on the elliptic curve, so a scalar multiplication of the points on the elliptic curve is required) and A is Ak × Bv is calculated, and the lower 64 bits of the X coordinate of these points are used as a session key for subsequent communications (when the common key encryption is a 64-bit key length common key encryption). Of course, the session key may be generated from the Y coordinate, or may not be the lower 64 bits. In secret communication after mutual authentication, transmission data is not only encrypted with a session key, but an electronic signature may be attached.
[0140]
If an illegality or a mismatch is found during the verification of the electronic signature or the received data, the processing is interrupted assuming that the mutual authentication has failed.
[0141]
(3-7) Encryption processing using elliptic curve cryptography
Next, encryption using elliptic curve encryption will be described with reference to FIG. In step S21, Mx and My are messages, p is a characteristic, a and b are elliptic curve coefficients (elliptic curve: y2= xThree+ Ax + b), G is the base point on the elliptic curve, r is the order of G, and G and Ks × G are the public keys (0 <Ks <r). In step S22, a random number u is generated so that 0 <u <r, and in step S23, a coordinate V obtained by multiplying the public key Ks × G by u is calculated. Since the scalar multiplication on the elliptic curve has been described in step S4 of FIG. In step S24, the X coordinate of V is multiplied by Mx and a remainder is obtained by p, and X0 is obtained. In step S25, the Y coordinate of V is multiplied by My and the remainder is obtained by p and Y0 is obtained. When the message length is less than the number of bits of p, My uses a random number, and the decoding unit discards My. In step S26, u × G is calculated, and ciphertext u × G, (X0, Y0) is obtained in step S27.
[0142]
(3-8) Decryption processing using elliptic curve cryptography
Next, decryption using elliptic curve encryption will be described with reference to FIG. In step S31, u × G, (X0, Y0) is ciphertext data, p is a characteristic, a, b are elliptic curve coefficients (elliptic curve: y2= xThree+ Ax + b), G is the base point on the elliptic curve, r is the order of G, and Ks is the secret key (0 <Ks <r). In step s32, the encrypted data u × G is multiplied by the secret key Ks to obtain the coordinates V (Xv, Yv). In step S33, the X coordinate of (X0, Y0) is extracted from the encrypted data and X1 = X0 / Xv mod p is calculated. In step S34, the Y coordinate is extracted and Y1 = Y0 / Yv mod p is calculated. To do. In step S35, X1 is set to Mx and Y1 is set to My to extract a message. At this time, if My is not a message, Y1 is discarded.
[0143]
Thus, by setting the secret key as Ks and the public key as G and Ks × G, the key used for encryption and the key used for decryption can be different.
[0144]
As another example of public key encryption, RSA encryption is known, but detailed description is omitted (details are described in PKCS # 1 Version 2).
[0145]
(3-9) Random number generation processing
Next, a method for generating random numbers will be described. As a random number generation method, there are known a true random number generation method in which thermal noise is amplified and generated from its A / D output, a pseudo random number generation method in which a plurality of linear circuits such as M series are combined, and the like. Also, a method of generating using a common key encryption such as DES is known. In this example, a pseudo random number generation method using DES will be described (based on ANSI X9.17).
[0146]
First, the value of 64 bits obtained from data such as time (in the case of the number of bits less than this, the upper bit is 0) is D, the key information used for Triple-DES is Kr, and the seed for generating random numbers ( Let Seed be S. At this time, the random number R is calculated as follows.
[0147]
[Expression 2]
[0148]
Here, Triple-DES () is a function for encrypting the value of the second argument with Triple-DES using the first argument as encryption key information, and the operation ^ is an exclusive OR in 64-bit units. It is assumed that the value S that has been updated is updated as a new seed.
[0149]
Hereinafter, when generating random numbers continuously, the equations (2-2) and (2-3) are repeated.
[0150]
Heretofore, various processing modes related to encryption processing that can be applied to the data processing apparatus of the present invention have been described. Next, specific processing executed in the data processing apparatus of the present invention will be described in detail.
[0151]
(4) Storage data structure of recording / reproducing device
FIG. 18 is a diagram for explaining the data holding contents of the internal memory 307 configured in the recording / reproducing device encryption processing unit 302 in the recording / reproducing device 300 shown in FIG.
[0152]
As shown in FIG. 18, the internal memory 307 stores the following keys and data.
MKake: recording for generating an authentication key (Authentication and Key Exchange Key (hereinafter referred to as “Kake”)) necessary for mutual authentication processing executed between the recording / reproducing device 300 and the recording device 400 (see FIG. 3). Master key for device authentication key.
IVake: Initial value for recording device authentication key.
MKdis: a delivery key master key for generating a delivery key Kdis.
IVdis: Initial value for generating a delivery key.
Kicva: Check value A generation key that is a key for generating the check value ICVa.
Kicvb: Check value B generation key that is a key for generating the check value ICVb.
Kicvc: a content check value generation key that is a key for generating the check value ICVi (i = 1 to N) of each content block.
Kicvt: Total check value generation key that is a key for generating the total check value ICVt.
Ksys: System signature key used to attach a common signature or ICV to the distribution system.
Kdev: A recording / reproducing device signature key that is different for each recording / reproducing device and is used by the recording / reproducing device to attach a signature or ICV.
IVmem: Initial value and initial value used for encryption processing in mutual authentication processing. Common with recording device.
These keys and data are stored in an internal memory 307 configured in the recording / reproducing device encryption processing unit 302.
[0153]
(5) Storage device storage data configuration
FIG. 19 is a diagram illustrating a data holding state on the recording device. In FIG. 19, the internal memory 405 is divided into a plurality of blocks (N blocks in this example), and the following keys and data are stored in each block.
IDmem: recording device identification information, identification information unique to the recording device.
Kake: an authentication key, an authentication key used for mutual authentication with the recording / reproducing device 300.
IVmem: Initial value and initial value used for encryption processing in mutual authentication processing.
Kstr: Encryption key for content data such as storage key, block information key, and the like.
Kr: random number generation key,
S: Species
These data are held in individual blocks. The external memory 402 holds a plurality (M in this example) of content data, and holds the data described in FIG. 4 as shown in FIG. 26 or FIG. 27, for example. Differences between the configurations of FIGS. 26 and 27 will be described later.
[0154]
(6) Mutual authentication processing between recording / reproducing device and recording device
(6-1) Overview of mutual authentication processing
FIG. 20 is a flowchart showing an authentication procedure between the recording / reproducing device 300 and the recording device 400. In step S <b> 41, the user inserts the recording device 400 into the recording / reproducing device 300. However, it is not necessary to insert a recording device that can communicate without contact.
[0155]
When the recording device 400 is set in the recording / reproducing device 300, a recording device detecting means (not shown) in the recording / reproducing device 300 shown in FIG. 3 notifies the control unit 301 of the mounting of the recording device 400. Next, in step S <b> 42, the control unit 301 of the recording / reproducing device 300 transmits an initialization command to the recording device 400 via the recording device controller 303. Upon receiving this, the recording device 400 receives the command via the communication unit 404 in the control unit 403 of the recording device encryption processing unit 401, and clears the authentication completion flag if it is set. In other words, the unauthenticated state is set.
[0156]
Next, in step S43, the control unit 301 of the recording / reproducing device 300 transmits an initialization command to the recording / reproducing device encryption processing unit 302. At this time, the recording device insertion slot number is also transmitted. By transmitting the recording device insertion slot number, even when a plurality of recording devices are connected to the recording / reproducing device 300, authentication processing and data transmission / reception with the plurality of recording devices 400 can be performed simultaneously.
[0157]
The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 that has received the initialization command, if the authentication completion flag corresponding to the recording device insertion port number is set in the control unit 306 of the recording / reproducing device encryption processing unit 302. clear. In other words, the unauthenticated state is set.
[0158]
Next, in step S44, the control unit 301 of the recording / reproducing device 300 designates the key block number used by the recording device encryption processing unit 401 of the recording device 400. Details of the key block number will be described later. In step S <b> 45, the control unit 301 of the recording / reproducing device 300 reads the recording device identification information IDmem stored in the designated key block of the internal memory 405 of the recording device 400. In step S46, the control unit 301 of the recording / reproducing device 300 transmits the recording device identification information IDmem to the recording / reproducing device encryption processing unit 302 to generate an authentication key Kake based on the recording device identification information IDmem. For example, the authentication key Kake is generated as follows.
[0159]
[Equation 3]
[0160]
Here, MKake is a master key for recording device authentication key for generating an authentication key Kake necessary for mutual authentication processing executed between the recording / reproducing device 300 and the recording device 400 (see FIG. 3). This is a key stored in the internal memory 307 of the recording / reproducing device 300 as described above. ID mem is recording device identification information unique to the recording device 400. Further, IVake is an initial value for the recording device authentication key. In the above equation, DES () is a function for encrypting the value of the second argument with DES using the first argument as an encryption key, and the operation ^ indicates an exclusive OR in 64-bit units.
[0161]
For example, when the DES configuration shown in FIGS. 7 and 8 is applied, the message M shown in FIGS. 7 and 8 is the recording device identification information: IDmem, the key K1 is the device authentication key master key: MKake, and the initial value The output obtained with IV as IVake is the authentication key Kake.
[0162]
In step S47, mutual authentication and session key Kses generation processing is performed. The mutual authentication is performed between the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 and the encryption / decryption unit 406 of the recording device encryption processing unit 401, and the control unit 301 of the recording / reproduction device 300 acts as an intermediary. Is going.
[0163]
The mutual authentication process can be executed according to the process described with reference to FIG. In the configuration shown in FIG. 13, A and B correspond to the recording / reproducing device 300 and the recording device 400, respectively. First, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 generates a random number Rb, and transmits the random number Rb and the recording / reproducing device identification information IDdev that is its own ID to the recording device encryption processing unit 401 of the recording device 400. Note that the recording / reproducing device identification information IDdev is an identifier unique to the reproducing device stored in a storage unit configured in the recording / reproducing device 300. The recording / reproducing device identification information IDdev may be recorded in the internal memory of the recording / reproducing device encryption processing unit 302.
[0164]
The recording device encryption processing unit 401 of the recording device 400 that has received the random number Rb and the recording / reproducing device identification information IDdev newly generates a 64-bit random number Ra, and in the order of Ra, Rb, and the recording / reproducing device identification information IDdev, In the CBC mode, the data is encrypted using the authentication key Kake and returned to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. For example, according to the CBC mode processing configuration of DES shown in FIG. 7, Ra is equivalent to M1, Rb is equivalent to M2, IDdev is equivalent to M3, and outputs E1, E2, and E3 when the initial value is IV = IVmem are ciphertext. It becomes.
[0165]
The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 that has received the ciphertexts E1, E2, E3 decrypts the received data with the authentication key Kake. As a method of decrypting received data, first, the ciphertext E1 is decrypted with the authentication key Kake, and the result and IVmem are exclusive ORed to obtain a random number Ra. Next, the ciphertext E2 is decrypted with the authentication key Kake, and the result is exclusive-ORed with E1 to obtain Rb. Finally, the ciphertext E3 is decrypted with the authentication key Kake, and the result and E2 are exclusive ORed to obtain the recording / reproducing device identification information IDdev. Of Ra and Rb and recording / reproducing device identification information IDdev obtained in this way, it is verified whether Rb and recording / reproducing device identification information IDdev match those transmitted by the recording / reproducing device 300. If this verification is passed, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 authenticates the recording device 400 as valid.
[0166]
Next, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 generates a session key (Session Key (hereinafter referred to as Kses)) to be used after authentication (the generation method uses a random number). Then, the data is encrypted in the order of Rb, Ra, and Kses using the key Kake and the initial value IVmem in the DES CBC mode, and returned to the recording device encryption processing unit 401 of the recording device 400.
[0167]
Receiving this, the recording device encryption processing unit 401 of the recording device 400 decrypts the received data with the key Kake. Since the decryption method of the received data is the same as the decryption process in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, the details are omitted here. Of Rb, Ra, and Kses obtained in this way, it is verified whether Rb and Ra match those transmitted by the recording device 400. If the verification is passed, the recording device encryption processing unit 401 of the recording device 400 authenticates the recording / reproducing device 300 as valid. After authenticating each other, the session key Kses is used as a common key for secret communication after authentication.
[0168]
In addition, when an illegality or a mismatch is found during the verification of the received data, the processing is interrupted on the assumption that mutual authentication has failed.
[0169]
If the mutual authentication is successful, the process proceeds from step S48 to step S49, where the session key Kses is held by the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and an authentication completion flag indicating that the mutual authentication has been completed. set. If the mutual authentication fails, the process proceeds to step S50 where the session key Kses generated in the authentication process is discarded and the authentication completion flag is cleared. It should be noted that the clearing process is not necessarily required if it has already been cleared.
[0170]
When the recording device 400 is removed from the recording device insertion slot, the recording device detection means in the recording / reproducing device 300 notifies the control unit 301 of the recording / reproducing device 300 that the recording device 400 has been removed. In response to this, the control unit 301 of the recording / reproducing device 300 instructs the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to clear the authentication completion flag corresponding to the recording device insertion slot number. The recording / reproducing device encryption processing unit 302 of the received recording / reproducing device 300 clears the authentication completion flag corresponding to the recording device insertion slot number.
[0171]
Here, the example in which the mutual authentication process is executed according to the procedure shown in FIG. 13 has been described. However, the present invention is not limited to the above-described authentication process example. For example, the process according to the previously described mutual authentication procedure in FIG. May be. In the procedure shown in FIG. 13, A in FIG. 13 is the recording / reproducing device 300, B is the recording device 400, and B: the ID that the recording device 400 first sends to the A: recording / reproducing device 300 in the recording device. Mutual authentication processing may be performed as recording device identification information in the key block. Various processing can be applied to the authentication processing procedure executed in the present invention, and the authentication processing procedure is not limited to the above-described authentication processing.
[0172]
(6-2) Key block switching during mutual authentication
One feature of the mutual authentication processing in the data processing apparatus of the present invention is that a plurality of key blocks (ex.N key blocks) are configured on the recording device 400 side, and the recording / reproducing device 300 designates one key block. (Step S44 in the processing flow of FIG. 20) and the authentication processing is executed. As described above with reference to FIG. 19, a plurality of key blocks are formed in the internal memory 405 configured in the encryption processing unit 401 of the recording device 400, and each stores various data such as different key data and ID information. is doing. The mutual authentication process executed between the recording / reproducing device 300 and the recording device 400 described with reference to FIG. 20 is executed for one key block of the plurality of key blocks of the recording device 400 of FIG.
[0173]
Conventionally, in a configuration in which mutual authentication processing is executed between a storage medium and its playback device, a common key used for mutual authentication: a common authentication key has been used. Therefore, for example, when changing the authentication key for each product destination (by country) or for each product, the key data required for authentication processing on the recording / reproducing device side and the recording device side must be changed on both devices. Is required. Therefore, for example, the key data required for the authentication process stored in the newly released recording / reproducing device does not correspond to the key data required for the authentication process stored in the previously sold recording device. The recording / reproducing device may be unable to access an old version of the recording device. Conversely, the same situation occurs in the relationship between the new version recording device and the old version recording / reproducing device.
[0174]
In the data processing apparatus of the present invention, as shown in FIG. 19, a plurality of key blocks as different key sets are stored in the recording device 400 in advance. In the recording / reproducing device, for example, a key block to be applied to the authentication process, that is, a designated key block is set for each product destination (by country), or for each product, model, version, and application. This setting information is stored in the memory unit of the recording / reproducing device, for example, the internal memory 307 in FIG. 3 or other storage element of the recording / reproducing device 300, and is accessed by the control unit 301 in FIG. 3 during the authentication process. The key block is specified according to the setting information.
[0175]
The master key MKake for the recording device authentication key in the internal memory 307 of the recording / reproducing device 300 is an authentication key master key set according to the setting of each designated key block, and can only deal with the designated key block. Mutual authentication with key blocks other than the designated key block is not established.
[0176]
As understood from FIG. 19, N key blocks 1 to N are set in the internal memory 405 of the recording device 400, and the recording device identification information, the authentication key, the initial value, the storage key, A random number generation key and seed are stored, and at least key data for authentication is stored as different data for each block.
[0177]
Thus, the key data configuration of the key block of the recording device 400 is different for each block. Therefore, for example, a key block that a certain recording / reproducing apparatus A can perform an authentication process using the recording device authentication key master key MKake stored in the internal memory is a key block No. 1 and the key block that can be authenticated by the recording / reproducing device B of another specification is another key block such as a key block No. 2 can be set.
[0178]
As will be described in more detail later, when content is stored in the external memory 402 of the recording device 400, encryption processing is performed using the storage key Kstr stored in each key block and stored. More specifically, the content key for encrypting the content block is encrypted with the storage key.
[0179]
As shown in FIG. 19, the storage key is configured as a different key for each block. Accordingly, it is possible to prevent the content stored in the memory of a certain recording device from being used in common between two recording / reproducing devices set to specify different key blocks. That is, the recording / reproducing device having different settings can use only the content stored in the recording device that matches the respective settings.
[0180]
Note that data that can be shared for each key block can be shared. For example, only the key data for authentication and the stored key data may be different.
[0181]
As a specific example of configuring a key block composed of a plurality of different key data in such a recording device, for example, the key block number to be specified differs depending on the type of the recording / reproducing device 300 (stationary type, portable type, etc.). There are examples of setting or setting different designated key blocks for each application. Further, for example, for a recording / reproducing device sold in Japan, the designated key block is No. No. 1 is used for recording / reproducing devices sold in the United States. It is also possible to adopt a configuration in which different key block settings are made for each region, such as 2. With this configuration, content that is used in different sales regions and stored on the recording device with a different storage key can be transferred from the US to Japan, or from Japan to the US, even if the recording device is a memory card. However, since it cannot be used with a recording / reproducing device with a different key setting, it is possible to prevent unauthorized and random distribution of content stored in the memory. Specifically, it is possible to eliminate a state in which the content key Kcon encrypted with a different storage key Kstr can be mutually used between the two countries.
[0182]
Furthermore, at least one key block from key blocks 1 to N of the internal memory 405 of the recording device 400 shown in FIG. The N key blocks may be configured as key blocks that can be commonly used in any recording / reproducing device 300.
[0183]
For example, the key block No. By storing the master key MKake for the recording device authentication key that can be authenticated with N, it can be handled as a content that can be distributed regardless of the type of the recording / reproducing device 300, each application, each destination country, and the like. For example, the key block No. The encrypted content stored in the memory card with the storage key stored in N becomes content that can be used in all devices. For example, music data or the like is encrypted with a storage key of a key block that can be used in common and stored in a memory card, and this memory card is also stored with, for example, a common recording device authentication key master key MKake. By setting it in a playback device or the like, it is possible to perform decoding and playback processing of data from the memory card.
[0184]
An example of use of a recording device having a plurality of key blocks in the data processing apparatus of the present invention is shown in FIG. The recording / reproducing device 2101 is a recording / reproducing device for products in Japan, and the key block No. of the recording device. 1 and 4 have a master key for authentication processing. The recording / reproducing device 2102 is a recording / reproducing device for a product for the US. 2 and 4 have a master key for authentication processing. The recording / reproducing device 2103 is a recording / reproducing device for EU products. It has a master key that enables the authentication process between 3 and 4.
[0185]
For example, the recording / reproducing device 2101 authenticates with the key block 1 or the key block 4 of the recording devices A and 2104, and the content subjected to the encryption processing via the storage key stored in each key block is externally stored. Stored in memory. The recording / reproducing device 2102 authenticates with the key block 2 or the key block 4 of the recording devices B and 2105, and the content subjected to the encryption processing via the storage key stored in each key block is stored in the external memory. Stored in The recording / reproducing device 2103 is authenticated with the key block 3 or the key block 4 of the recording devices C and 2106, and the content subjected to the encryption processing via the storage key stored in each key block is stored in the external memory. Stored in Here, when the recording devices A and 2104 are attached to the recording / reproducing device 2102 or the recording / reproducing device 2103, the content encrypted with the storage key of the key block 1 is recorded in the recording / reproducing device 2102, the recording / reproducing device 2103 Since authentication with the block 1 is not established, it cannot be used. On the other hand, the content encrypted with the storage key of the key block 4 can be used because authentication is established between the recording / reproducing device 2102, the recording / reproducing device 2103, and the key block 4.
[0186]
As described above, in the data processing apparatus of the present invention, a key block comprising a plurality of different key sets is configured on the recording device, while a master key that can be authenticated for a specific key block is stored in the recording / reproducing device. Since it is set as the structure which carries out, it becomes possible to set the utilization restrictions of the content according to various utilization aspects.
[0187]
A plurality of key blocks that can be specified in one recording / reproducing device, for example, 1 to k, and a plurality of key blocks that can be specified in another recording / reproducing device, such as p to q, can be used. Alternatively, a plurality of commonly available key blocks may be provided.
[0188]
(7) Download process from recording / playback device to recording device
Next, processing for downloading content from the recording / reproducing device 300 to the external memory of the recording device 400 in the data processing apparatus of the present invention will be described.
[0189]
FIG. 22 is a flowchart illustrating a procedure for downloading content from the recording / reproducing device 300 to the recording device 400. In FIG. 22, it is assumed that the mutual authentication process described above has already been completed between the recording / reproducing device 300 and the recording device 400.
[0190]
In step S51, the control unit 301 of the recording / reproducing device 300 reads data according to a predetermined format from the medium 500 storing the content using the reading unit 304, or from the communication unit 600 using the communication unit 305. Receive data according to the format. Then, the control unit 301 of the recording / reproducing device 300 transmits a header portion (see FIG. 4) of the data to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.
[0191]
Next, in step S52, the control unit 306 of the recording / reproducing device encryption processing unit 302 that has received the header in step S51 calculates the check value A to the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302. Let As shown in FIG. 23, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the identification information (Content ID), and the handling policy (Usage Policy). ) As a message according to the ICV calculation method described in FIG. Even if the initial value is IV = 0, the initial value IVa for generating the check value A may be stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 and used. Finally, the check value A and the check value: ICVa stored in the header (Header) are compared, and if they match, the process proceeds to step S53.
[0192]
As described above with reference to FIG. 4, the check values A and ICVa are check values for verifying falsification of the identification information and the handling policy. The ICV calculation method described in FIG. 7 using the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption unit 302 as a key and the identification information (Content ID) and the handling policy (Usage Policy) as messages. If the check value A calculated according to the above matches the check value ICVa stored in the header (Header), it is determined that the identification information and the handling policy are not falsified.
[0193]
Next, in step S53, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to generate the delivery key Kdis. For example, the delivery key Kdis is generated as follows.
[0194]
[Expression 4]
[0195]
Here, MKdis is a delivery key master key for generating a delivery key Kdis, which is a key stored in the internal memory of the recording / reproducing device 300 as described above. The Content ID is identification information of the header portion of the content data, and IVdis is an initial value for the delivery key. In the above equation, DES () is a function that encrypts the value of the second argument using the first argument as an encryption key, and the operation ^ indicates an exclusive OR in 64-bit units.
[0196]
In step S54, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 and the reading unit 304 using the delivery key Kdis generated in step S53. The block information key Kbit and the content key Kcon (see FIG. 4) stored in the header portion of the media 500 received via the communication unit 600 or the data received from the communication unit 600 via the communication unit 305 are decrypted. As shown in FIG. 4, the block information key Kbit and the content key Kcon are previously encrypted with a delivery key Kdis on a medium such as a DVD or CD, or on a communication path such as the Internet.
[0197]
In step S55, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to block information with the block information key Kbit decrypted in step S54. (BIT) is decrypted. As shown in FIG. 4, the block information (BIT) is pre-encrypted with a block information key Kbit on media such as DVD and CD, or on a communication path such as the Internet.
[0198]
In step S56, the control unit 306 of the recording / reproducing device encryption processing unit 302 divides the block information key Kbit, the content key Kcon, and the block information (BIT) into units of 8 bytes, and performs exclusive OR operation on all of them. Any operation such as addition and subtraction may be used). Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the check value B (ICVb). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the exclusive OR value calculated earlier is encrypted by DES. To generate. Finally, the check value B is compared with the ICVb in the header. If they match, the process proceeds to step S57.
[0199]
As described above with reference to FIG. 4, the check values B and ICVb are check values for verifying falsification of the block information key Kbit, the content key Kcon, and the block information (BIT). Using the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the block information key Kbit, the content key Kcon, and the block information (BIT) are divided into units of 8 bytes, and the exclusive logic If the check value B generated by encrypting the sum obtained with DES matches the check value ICVb stored in the header (Header), the block information key Kbit, the content key Kcon, and the block information It is judged that there is no tampering.
[0200]
In step S57, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate an intermediate check value. As shown in FIG. 25, the intermediate check value is a check value A in a verified header (Header) using the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. The check value B and all stored content check values are calculated as messages according to the ICV calculation method described in FIG. Even if the initial value IV = 0, the total value generation initial value IVt may be stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 and used. The generated intermediate check value is held in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 as necessary.
[0201]
This intermediate check value is generated as a message with check value A, check value B, and all content check values, and the verification of the data that is the object of verification of each of these check values is the intermediate check value. You may carry out by a collation process. However, in this embodiment, the non-tampering verification process as shared data of the entire system and the verification process for identifying as exclusive data occupied only by each recording / playback device 300 after the download process can be executed separately. Therefore, a plurality of different check values, that is, the total check value ICVt and the recording / reproducing device specific check value ICVdev can be generated separately from the intermediate check value based on the intermediate check value. These check values will be described later.
[0202]
The control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the total check value ICVt. As shown in FIG. 25, the total check value ICVt is generated by encrypting the intermediate check value with DES using the system signature key Ksys stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Finally, the generated total check value ICVt is compared with the ICVt in the header stored in step S51. If they match, the process proceeds to step S58. The system signature key Ksys is a signature key that is common to a plurality of recording / reproducing devices, that is, the entire system set that performs recording / reproducing processing of certain data.
[0203]
As described above with reference to FIG. 4, the total check value ICVt is a check value for verifying falsification of all the check values of ICVa, ICVb, and each content block. Therefore, if the total check value generated by the above processing matches the check value: ICVt stored in the header (Header), it is determined that there is no falsification of all check values of ICVa, ICVb, and each content block. Is done.
[0204]
Next, in step S58, the control unit 301 of the recording / reproducing device 300 extracts the content block information in the block information (BIT) and checks whether the content block is a verification target. When the content block is a verification target, the content check value is stored in the block information in the header.
[0205]
If the content block is to be verified, the corresponding content block is read from the medium 500 using the reading unit 304 of the recording / reproducing device 300 or the communication unit 600 using the communication unit 305 of the recording / reproducing device 300. Are transmitted to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the content intermediate value.
[0206]
The content intermediate value is the content key Kcon decrypted in step S54, the input content block is decrypted in the DES CBC mode, and the result is divided every 8 bytes, and exclusive OR (addition, subtraction, etc.) Any calculation may be performed).
[0207]
Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the content check value. The content check value is generated by encrypting the content intermediate value with DES using the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Then, the control unit 306 of the recording / reproducing device encryption processing unit 302 compares the content check value with the ICV in the content block received from the control unit 301 of the recording / reproducing device 300 in step S51, and compares the result with the recording / reproducing device. It is passed to the control unit 301 of 300. The control unit 301 of the recording / reproducing device 300 that has received the information retrieves the next verification target content block and causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to verify the content block when all the contents are verified. The same verification process is repeated until the block is verified. If combined with the header generation side, even if IV = 0, the content check value generation initial value IVc may be stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 and used. . All the checked content check values are held in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Furthermore, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 monitors the verification order of the content blocks to be verified, and when the order is incorrect or when the same content block is verified twice or more. Is assumed to have failed authentication. If all verifications are successful, the process proceeds to step S59.
[0208]
Next, in step S59, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 uses the block information key Kbit and the content key Kcon decrypted in step S54 to encrypt / decrypt the recording / reproducing device encryption processing unit 302. The encryption unit 308 is encrypted with the session key Kses shared at the time of mutual authentication. The control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the content key Kcon encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and these data are recorded on the recording / reproducing device 300. To the recording device 400 via the recording device controller 303.
[0209]
Next, in step S60, the recording device 400 that has received the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401. Then, the data is decrypted with the session key Kses shared at the time of mutual authentication, and re-encrypted with the storage device-specific storage key Kstr stored in the internal memory 405 of the recording device encryption processing unit 401. Finally, the control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the content key Kcon re-encrypted with the storage key Kstr from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300. These keys are replaced with a block information key Kbit and a content key Kcon encrypted with the delivery key Kdis.
[0210]
In step S61, the control unit 301 of the recording / reproducing device 300 extracts the usage restriction information from the usage policy in the header portion of the data, and the downloaded content can be used only by the recording / reproducing device 300 (in this case, the usage) Whether the restriction information is set to 1) or another similar recording / reproducing device 300 can be used (in this case, the use restriction information is set to 0). As a result of the determination, if the usage restriction information is 1, the process proceeds to step S62.
[0211]
In step S62, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to calculate a check value unique to the recording / reproducing device. As shown in FIG. 25, the check value unique to the recording / reproducing device uses the recording / reproducing device signing key Kdev stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and is stored in step S58. The check value is generated by encrypting with DES. The calculated check value ICVdev specific to the recording / reproducing device is overwritten instead of the total check value ICVt.
[0212]
As described above, the system signature key Ksys is a system signature key used for attaching a common signature or ICV to the distribution system, and the recording / reproducing device signature key Kdev is different for each recording / reproducing device, This is a recording / reproducing device signature key used by the recording / reproducing device to attach a signature or ICV. That is, the data signed by the system signature key Ksys is successfully checked by a system (recording / reproducing device) having the same system signature key, that is, the total check value ICVt matches, so that it can be used in common. When the recording / reproducing device signature key Kdev is used for signing, since the recording / reproducing device signature key is a key unique to the recording / reproducing device, the data signed using the recording / reproducing device signature key Kdev, that is, After the signature, the data stored in the recording device is reproduced because when the recording device is attached to another recording / reproducing device and the recording device is to be reproduced, the check value ICVdev specific to the recording / reproducing device becomes inconsistent and an error occurs. It will not be possible.
[0213]
Therefore, in the data processing apparatus of the present invention, it is possible to freely set contents that can be used in common in the system and contents that can be used uniquely in the recording / reproducing device by setting use restriction information.
[0214]
In step S <b> 63, the control unit 301 of the recording / reproducing device 300 stores the content in the external memory 402 of the recording device 400.
[0215]
FIG. 26 is a diagram showing a content state in the recording device when the usage restriction information is 0. FIG. 27 is a diagram showing the content status in the recording device when the usage restriction information is 1. 26 differs from FIG. 4 only in whether the content block information key Kbit and the content key Kcon are encrypted with the delivery key Kdis or the storage key Kstr. Also, FIG. 27 differs from FIG. 26 in that the check value calculated from the intermediate check value is encrypted with the system signature key Ksys in FIG. 26, whereas in FIG. It is encrypted with the device signature key Kdev.
[0216]
In the processing flow of FIG. 22, if verification of the check value A fails in step S52, if verification of the check value B fails in step S56, if verification of the total check value ICVt fails in step S57, If the verification of the content check value of each content block fails in S58, the process proceeds to step S64 and a predetermined error display is performed.
[0217]
If the usage restriction information is 0 in step S61, step S62 is skipped and the process proceeds to step S63.
[0218]
(8) Reproduction processing of recording device storage information by recording / reproducing device
Next, the reproduction process of the content information stored in the external memory 402 of the recording device 400 in the recording / reproducing device 300 will be described.
[0219]
FIG. 28 is a flowchart illustrating a procedure in which the recording / reproducing device 300 reads content from the recording device 400 and uses the content. In FIG. 28, it is assumed that the mutual authentication has already been completed between the recording / reproducing device 300 and the recording device 400.
[0220]
In step S <b> 71, the control unit 301 of the recording / reproducing device 300 reads content from the external memory 402 of the recording device 400 using the recording device controller 303. Then, the control unit 301 of the recording / reproducing device 300 transmits the header portion of the data to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Step S72 is the same processing as step S52 described in “(7) Download process from recording / reproducing device to recording device”, and the control unit 306 of the recording / reproducing device encryption processing unit 302 that has received the header (Header). In this process, the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 calculates the check value A. As shown in FIG. 23 described above, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and identification information (Content ID) and handling policy. (Usage Policy) as a message is calculated according to the same ICV calculation method as described in FIG.
[0221]
As described above, the check values A and ICVa are check values for verifying falsification of identification information and handling policy. The ICV calculation method described in FIG. 7 using the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption unit 302 as a key and the identification information (Content ID) and the handling policy (Usage Policy) as messages. When the check value A calculated according to the above matches the check value ICVa stored in the header, it is determined that the identification information stored in the recording device 400 and the handling policy are not falsified.
[0222]
Next, in step S73, the control unit 301 of the recording / reproducing device 300 extracts the block information key Kbit and the content key Kcon from the read header portion, and the recording device via the recording device controller 303 of the recording / reproducing device 300. 400. The recording device 400 that has received the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401 and the recording device encryption processing unit 401. Are decrypted with the storage key Kstr unique to the recording device stored in the internal memory 405, and re-encrypted with the session key Kses shared at the time of mutual authentication. Then, the control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the content key Kcon re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.
[0223]
Next, in step S74, the control unit 301 of the recording / reproducing device 300 sends the block information key Kbit and the content key Kcon re-encrypted with the received session key Kses to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Send.
[0224]
The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 that has received the block information key Kbit and the content key Kcon re-encrypted with the session key Kses sends the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to The block information key Kbit and the content key Kcon encrypted with the session key Kses are decrypted with the session key Kses shared at the time of mutual authentication. Then, the block information received in step S71 is decrypted with the decrypted block information key Kbit.
[0225]
The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 receives the decrypted block information key Kbit, content key Kcon, and block information BIT in step S71, the block information key Kbit, content key Kcon, and It replaces and holds the block information BIT. The control unit 301 of the recording / reproducing device 300 reads the decrypted block information BIT from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.
[0226]
Step S75 is the same processing as step S56 described in “(7) Downloading process from recording / reproducing device to recording device”. The control unit 306 of the recording / reproducing device encryption processing unit 302 divides the block information key Kbit, the content key Kcon, and the block information (BIT) read from the recording device 400 into units of 8 bytes, and performs exclusive OR operation on all of them. Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the check value B (ICVb). As shown in FIG. 24 described above, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, and the exclusive OR value calculated above. Is generated by encrypting with DES. Finally, the check value B is compared with the ICVb in the header. If they match, the process proceeds to step S76.
[0227]
As described above, the check values B and ICVb are check values for verifying falsification of the block information key Kbit, the content key Kcon, and the block information. Using the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the block information key Kbit, content key Kcon, and block information (BIT) read from the recording device 400 are in units of 8 bytes. The check value B generated by encrypting the value obtained by the exclusive OR operation with the DES is matched with the check value: ICVb stored in the header in the data read from the recording device 400 In this case, it is determined that the block information key Kbit, the content key Kcon, and the block information of the data stored in the recording device 400 are not falsified.
[0228]
In step S76, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate an intermediate check value. The intermediate check value is a check in a verified header (Header) using the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key as shown in FIG. The value A, the check value B, and all stored content check values are calculated as messages according to the ICV calculation method described in FIG. Note that even if the initial value is IV = 0, IVt may be stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as the initial value for generating the total check value and used. The generated intermediate check value is held in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 as necessary.
[0229]
Next, in step S77, the control unit 301 of the recording / reproducing device 300 extracts the usage restriction information from the usage policy included in the header portion of the data read from the external memory 402 of the recording device 400, and the downloaded content. Can be used only by the recording / reproducing device 300 (use restriction information is 1), or can be used by another similar recording / reproducing device 300 (use restriction information is 0). As a result of the determination, when the usage restriction information is 1, that is, when the usage restriction that the downloaded content can be used only by the recording / reproducing device 300 is set, the process proceeds to step S80, and the usage restriction information is 0, that is, another similar situation. If the setting is also available for the recording / reproducing device 300, the process proceeds to step S78. Note that the encryption processing unit 302 may perform the processing in step S77.
[0230]
In step S78, the same total check value ICVt is calculated as in step S58 described in (7) Download processing from recording / reproducing device to recording device. That is, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the total check value ICVt. The total check value ICVt is generated by encrypting the intermediate check value with DES using the system signature key Ksys stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key as shown in FIG. To do.
[0231]
Next, the process proceeds to step S79. The total check value ICVt generated in step S78 is compared with the ICVt in the header (Header) saved in step S71. If they match, the process proceeds to step S82.
[0232]
As described above, the total check value ICVt is a check value for verifying falsification of all the check values of ICVa, ICVb, and each content block. Therefore, when the total check value generated by the above process matches the check value ICVt stored in the header (Header), in the data stored in the recording device 400, ICVa, ICVb, each content block It is determined that there is no falsification of all the check values.
[0233]
If it is determined in step S77 that the downloaded content is a setting that can be used only by the recording / reproducing device 300, that is, if the setting information is 1, the process proceeds to step S80.
[0234]
In step S80, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate a check value ICVdev unique to the recording / reproducing device. The check value ICVdev unique to the recording / reproducing device uses the recording / reproducing device signature key Kdev unique to the recording / reproducing device stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as shown in FIG. The intermediate check value is generated by encrypting with DES. In step S81, the recording / reproducing device specific check value ICVdev calculated in step S80 is compared with the ICVdev stored in the header stored in step S71. If they match, the process proceeds to step S82.
[0235]
As described above, the data signed by the system signature key Ksys is successfully used by the system (recording / reproducing device) having the same system signature key, that is, the total check value ICVt is matched, so that the data can be commonly used. When the recording / reproducing device signature key Kdev is used for signing, since the recording / reproducing device signature key is unique to the recording / reproducing device, the data signed using the recording / reproducing device signature key Kdev, that is, After signing, the data stored in the recording device cannot be reproduced because the check value ICVdev unique to the recording / reproducing device becomes inconsistent and an error occurs when the recording device is attached to another recording / reproducing device for reproduction. It will be. Therefore, it is possible to freely set contents that can be used in common in the system and contents that can be used unique to the recording / reproducing device by setting the use restriction information.
[0236]
In step S82, the control unit 301 of the recording / reproducing device 300 takes out the content block information in the block information BIT read in step S74 and checks whether the content block is an encryption target. When it is an encryption target, the corresponding content block is read from the external memory 402 of the recording device 400 via the recording device controller 303 of the recording / reproducing device 300, and the recording / reproducing device encryption processing unit of the recording / reproducing device 300 is read out. To 302. Upon receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to decrypt the content, and when the content block is a verification target. Causes the content check value to be verified in the next step S83.
[0237]
Step S83 is the same processing as step S58 described in “(7) Downloading process from recording / reproducing device to recording device”. The control unit 301 of the recording / reproducing device 300 extracts content block information in the block information (BIT), determines whether or not the content block is a verification target, and determines whether the content block is a verification target. If it is, the corresponding content block is received from the external memory 402 of the recording device 400 and transmitted to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the content intermediate value.
[0238]
The content intermediate value is generated by decrypting the input content block in the DES CBC mode with the content key Kcon decrypted in step S74, and dividing the result into 8 bytes and performing an exclusive OR operation.
[0239]
Next, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the content check value. The content check value is generated by encrypting the content intermediate value with DES using the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Then, the control unit 306 of the recording / reproducing device encryption processing unit 302 compares the content check value with the ICV in the content block received from the control unit 301 of the recording / reproducing device 300 in step S71, and compares the result with the recording / reproducing device. It is passed to the control unit 301 of 300. The control unit 301 of the recording / reproducing device 300 that has received the information retrieves the next verification target content block and causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to verify the content block when all the contents are verified. The same verification process is repeated until the block is verified. Even if the initial value is IV = 0, the content check value generation initial value IVc may be stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 and used. All the checked content check values are held in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Furthermore, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 monitors the verification order of the content blocks to be verified, and when the order is wrong or when the same content block is verified twice or more. Is assumed to have failed authentication.
[0240]
The control unit 301 of the recording / reproducing device 300 receives the comparison result of the content check value (if it is not the verification target, the comparison result is all successful), and if the verification is successful, the recording / reproduction is performed. The decrypted content is extracted from the recording / reproducing device encryption processing unit 302 of the device 300. Then, the next decryption target content block is taken out and decrypted by the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and the process is repeated until all the content blocks are decrypted.
[0241]
In step S83, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, when there is a mismatch in the verification processing of the content check value, cancels the processing as the verification failure and decrypts the remaining content. No conversion is performed. The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 monitors the decryption order of the content blocks to be decrypted, and the order is incorrect or the same content block is decrypted twice or more. In this case, it is assumed that decryption has failed.
[0242]
If the verification of the check value A fails in step S72, the verification of the check value B fails in step S75, the verification of the total check value ICVt fails in step S79, the recording / reproducing device specific in step S81. If verification of the check value ICVdev fails, if verification of the content check value of each content block fails in step S83, the process proceeds to step S84, and a predetermined error display is performed.
[0243]
As described above, when downloading or using content, important data and content can be encrypted and concealed, falsified and verified, and block information BIT can be decrypted. The block information key Kbit and the content key Kcon for decrypting the content are stored with the storage key Kstr specific to the recording device, so even if the data on the recording medium is simply copied to another recording medium, the content Cannot be correctly decrypted. More specifically, for example, in step S74 of FIG. 28, data encrypted with a different storage key Kstr for each recording device is decrypted, so that another recording device cannot decrypt the data correctly. is there.
[0244]
(9) Key exchange process after mutual authentication
One of the features of the data processing apparatus of the present invention is that the recording device can be used only after the mutual authentication processing executed between the recording / reproducing device 300 and the recording device 400 described above, and the use thereof. There is a point which limited the mode.
[0245]
For example, in order to exclude a recording device such as a memory card storing content by illegal duplication, etc. and setting it in a recording / reproducing device, the recording / reproducing device 300 and the recording device 400 are used. The content (encrypted) can be transferred between the recording / reproducing device 300 and the recording device 400 on the condition that the mutual authentication process is executed and the authentication is OK.
[0246]
In order to realize the above restrictive processing, in the data processing apparatus of the present invention, all processing in the encryption processing unit 401 of the recording device 400 is executed based on a preset command sequence. ing. That is, the recording device has a command processing configuration in which commands based on command numbers are sequentially extracted from the register and executed. FIG. 29 illustrates a command processing configuration in this recording device.
[0247]
As shown in FIG. 29, recording is performed between the recording / reproducing device 300 having the recording / reproducing device encryption processing unit 302 and the recording device 400 having the recording device encryption processing unit 401 under the control of the control unit 301 of the recording / reproducing device 300. A command number (No.) is output from the device controller 303 to the communication unit (including the reception register) 404 of the recording device 400.
[0248]
The recording device 400 includes a command number management unit 2201 in the control unit 403 in the encryption processing unit 401. The command number management unit 2901 holds a command register 2902 and stores a command string corresponding to the command number output from the recording / reproducing device 300. In the command string, as shown on the right side of FIG. 29, execution numbers are sequentially associated with command numbers from command numbers 0 to y. The command number management unit 2901 monitors the command number output from the recording / reproducing device 300, retrieves the corresponding command from the command register 2902, and executes it.
[0249]
As shown on the right side of FIG. 29, the command sequence stored in the command register 2902 is associated with command numbers 0 to k preceded by a command sequence related to the authentication processing sequence. Further, decryption, key exchange, and encryption processing command sequence 1 correspond to command numbers p to s after the command sequence related to the authentication processing sequence, and decryption, key exchange, and encryption processing command sequence 2 correspond to subsequent command numbers u to y. It is attached.
[0250]
As described above with reference to the authentication processing flow of FIG. 20, when the recording device 400 is attached to the recording / reproducing device 300, the control unit 301 of the recording / reproducing device 300 initializes the recording device 400 via the recording device controller 303. Send a commutation command. Receiving this, the recording device 400 receives the command via the communication unit 404 in the control unit 403 of the recording device encryption processing unit 401 and clears the authentication flag 2903. In other words, the unauthenticated state is set. Alternatively, when power is supplied from the recording / reproducing device 300 to the recording device 400, a method may be used in which the setting is performed in an unapproved state when the power is turned on.
[0251]
Next, the control unit 301 of the recording / reproducing device 300 transmits an initialization command to the recording / reproducing device encryption processing unit 302. At this time, the recording device insertion slot number is also transmitted. By transmitting the recording device insertion slot number, even when a plurality of recording devices are connected to the recording / reproducing device 300, authentication processing and data transmission / reception with the plurality of recording devices 400 can be performed simultaneously.
[0252]
The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 that has received the initialization command clears the authentication flag 2904 corresponding to the recording device insertion port number in the control unit of the recording / reproducing device encryption processing unit 302. In other words, the unauthenticated state is set.
[0253]
When these initialization processes are completed, the control unit 301 of the recording / reproducing device 300 sequentially outputs command numbers from the command number 0 in ascending order via the recording device controller 303. The command number management unit 2901 of the recording device 400 monitors the command numbers input from the recording / reproducing device 300, confirms that they are sequentially input from 0, extracts the corresponding commands from the command register 2902, and performs authentication processing or the like. Perform various processes. If the input command number is not in the prescribed order, an error is assumed and the command number acceptance value is reset to the initial state, that is, the executable command number = 0.
[0254]
As shown in FIG. 29, the command sequence stored in the command register 2902 is given a command number so that the authentication process is processed in advance, and the subsequent processing sequence includes decryption, key exchange, and encryption processing. Is stored.
[0255]
Specific examples of processing sequences of decryption, key exchange, and encryption processing will be described with reference to FIGS.
[0256]
FIG. 30 constitutes a part of the processing executed in the content download processing from the recording / reproducing device 300 to the recording device 400 described above with reference to FIG. Specifically, it is executed between steps S59 to S60 in FIG.
[0257]
In FIG. 30, step S3001 is a process in which the recording device receives data (ex. Block information key Kbit, content key Kcon) encrypted with the session key Kses from the recording / reproducing device, and thereafter, in FIG. The indicated command sequence p to s is started. The command sequence p to s is started after the authentication processing commands 0 to k are completed and the authenticated flag is set in the authentication flags 2903 and 2904 shown in FIG. This is guaranteed by the command number management unit 2901 accepting command numbers only in ascending order from 0.
[0258]
Step S3002 is processing for storing in the register data (ex. Block information key Kbit, content key Kcon) encrypted by the recording device with the session key Kses received from the recording / reproducing device.
[0259]
Step S3003 is a step of executing processing for taking out the data encrypted with the session key Kses (ex. Block information key Kbit, content key Kcon) from the register and decrypting it with the session key Kses.
[0260]
Step S3004 is a step of executing processing for encrypting the data (ex. Block information key Kbit, content key Kcon) decrypted with the session key Kses with the storage key Kstr.
[0261]
The processing steps 3002 to 3004 are processes included in the command numbers p to s in the command register described with reference to FIG. These processes are sequentially executed by the recording device encryption processing unit 401 in accordance with the command numbers p to s received from the recording / reproducing device 300 in the command number management unit 2901 of the recording device 400.
[0262]
The next step S3005 is a step of storing data (ex. Block information key Kbit, content key Kcon) encrypted with the storage key Kstr in the external memory of the recording device. In this step, the data encrypted by the recording / reproducing device 300 with the storage key Kstr may be read from the recording device encryption processing unit 401 and then stored in the external memory 402 of the recording device 400.
[0263]
The above-described steps S3002 to S3004 are continuously executed non-interruptible execution sequences. For example, even when there is a data read command from the recording / reproducing device 300 at the end of the decoding process in step S3003, Since the read command is different from the ascending command numbers set in the command numbers p to s of the command register 2902, the command number management unit 2901 does not accept the execution of reading. Accordingly, it becomes impossible to read out the decrypted data generated at the time of key exchange in the recording device 400 from the outside, for example, the recording / reproducing device 300, and it is possible to prevent unauthorized reading of the key data and contents.
[0264]
FIG. 31 constitutes a part of the process executed in the content reproduction process in which the content is read from the recording device 400 described above with reference to FIG. Specifically, this is the process executed in step S73 in FIG.
[0265]
In FIG. 31, step S3101 is a step of reading data (ex. Block information key Kbit, content key Kcon) encrypted with the storage key Kstr from the external memory 402 of the recording device 400.
[0266]
Step S3102 is a step of storing in the register data (ex. Block information key Kbit, content key Kcon) encrypted with the storage key Kstr read from the memory of the recording device. In this step, the data encrypted by the recording / reproducing device 300 with the storage key Kstr may be read from the external memory 402 of the recording device 400 and then stored in the register of the recording device 400.
[0267]
In step S3103, the data (ex. Block information key Kbit, content key Kcon) encrypted with the storage key Kstr is extracted from the register and decrypted with the storage key Kstr.
[0268]
Step S3104 is a step in which the data (ex. Block information key Kbit, content key Kcon) decrypted with the storage key Kstr is encrypted with the session key Kses.
[0269]
The processing steps 3102 to 3104 are processes included in the command numbers u to y in the command register described with reference to FIG. These processes are sequentially executed by the recording device encryption processing unit 406 in accordance with the command numbers u to y received from the recording / reproducing device 300 in the command number management unit 2901 of the recording device.
[0270]
The next step S3105 is processing for transmitting data (ex. Block information key Kbit, content key Kcon) encrypted with the session key Kses from the recording device to the recording / reproducing device.
[0271]
The above-described steps S3102 to S3104 are continuously executed non-interruptible execution sequences. For example, even if there is a data read command from the recording / reproducing device 300 at the end of the decoding process in step S3103, Since the read command is different from the command numbers in ascending order set in the command numbers u to y of the command register 2902, the command number management unit 2901 does not accept execution of reading. Accordingly, it becomes impossible to read out the decrypted data generated at the time of key exchange in the recording device 400 from the outside, for example, the recording / reproducing device 300, and it is possible to prevent unauthorized reading of the key data or contents.
[0272]
In the processing shown in FIGS. 30 and 31, an example is shown in which the object to be decrypted and encrypted by key exchange is the block information key Kbit and the content key Kcon. However, in the command register 2902 shown in FIG. The stored command sequence may include decryption and encryption processing with key exchange of the content itself, and the object to be decrypted and encrypted by key exchange is not limited to the above example.
[0273]
The key exchange process after mutual authentication in the data processing apparatus of the present invention has been described above. As described above, the key exchange process in the data processing apparatus of the present invention can be executed only after the authentication process between the recording / reproducing device and the recording device is completed, and the decryption data in the key exchange process is accessed from the outside. Therefore, a high level of security of content and key data is ensured.
[0274]
(10) Multiple content data formats and download and playback processing corresponding to each format
In the above-described embodiment, for example, the case where the data format in the medium 500 or the communication unit 600 shown in FIG. 3 is one type shown in FIG. 4 has been described. However, the data format in the medium 500 or the communication unit 600 is not limited to the format shown in FIG. 4 described above, and depending on the content, such as when the content is music, image data, or a program such as a game. It is desirable to adopt a different data format. Hereinafter, a plurality of different data data formats, download processing to a recording device corresponding to each format, and reproduction processing from the recording device will be described.
[0275]
32-35 show four different data formats. The left side of each figure shows the data format on the medium 500 or communication means 600 shown in FIG. 3, and the right side of each figure shows the data format when stored in the external memory 402 of the recording device 400. . First, the outline of the data format shown in FIGS. 32 to 35 will be described, and then the contents of each data in each format and the data difference in each format will be described.
[0276]
FIG. 32 shows format type 0, which is common to the types shown as examples in the above description. The feature of format type 0 is that the entire data is divided into N data blocks of an arbitrary size, that is, blocks 1 to N, and each block is arbitrarily encrypted, and an encrypted block and an unencrypted block, that is, The point is that data can be configured by mixing plaintext blocks. The encryption of the block is executed by the content key Kcon. The content key Kcon is encrypted on the medium by the delivery key Kdis, and at the time of saving in the recording device, the content key Kcon is stored by the storage key Kstr stored in the internal memory of the recording device. Encrypted. The block information key Kbit is also encrypted on the medium by the delivery key Kdis, and when stored in the recording device, it is encrypted by the storage key Kstr stored in the internal memory of the recording device. These key exchanges are executed according to the process described in the above-mentioned “(9) Key exchange process after mutual authentication”.
[0277]
FIG. 33 shows format type 1. As with format type 0, format type 1 divides the entire data into N data blocks, that is, block 1 to block N. It differs from the aforementioned format type 0 in that the size is the same. The block encryption processing mode using the content key Kcon is the same as the format type 0 described above. In addition, the content type Kcon and the block information key Kbit configuration encrypted with the delivery key Kdis on the medium and encrypted with the storage key Kstr stored in the internal memory of the recording device when stored in the recording device are also the format type 0 described above. It is the same. Unlike format type 0, format type 1 has a fixed block configuration, which simplifies configuration data such as the data length of each block. Therefore, the memory size of block information is smaller than that of format type 0. It becomes possible to reduce.
[0278]
In the configuration example of FIG. 33, each block is configured by one set of an encrypted part and a non-encrypted (plaintext) part. In this way, if the block length and configuration are regular, there is no need to confirm each block length and block configuration at the time of decryption processing or the like, and efficient decryption and encryption processing becomes possible. In format 1, the parts constituting each block, that is, the encrypted part and the unencrypted (plaintext) part can be defined as a check target for each part, and the block including the check part is required. If it is, the content check value ICVi is defined for the block.
[0279]
FIG. 34 shows format type 2. The feature of format type 2 is divided into N data blocks of the same size, that is, block 1 to block N, and each block is encrypted with an individual block key Kblc. It is that. The encryption of each block key Kblc is executed by the content key Kcon, and the content key Kcon is encrypted by the delivery key Kdis on the medium, and when stored in the recording device, the storage is stored in the internal memory of the recording device. Encrypted with the key Kstr. The block information key Kbit is also encrypted on the medium by the delivery key Kdis, and when stored in the recording device, it is encrypted by the storage key Kstr stored in the internal memory of the recording device.
[0280]
FIG. 35 shows format type 3, and the features of format type 3 are divided into N data blocks of the same size, that is, block 1 to block N, as in format type 2. Encrypted with the individual block key Kblc, and without using the content key, the encryption of each block key Kblc is encrypted on the media with the delivery key Kdis, and on the recording device with the storage key Kstr It is a point that is. The content key Kcon does not exist on the media or device. The block information key Kbit is encrypted on the medium by the delivery key Kdis, and when stored in the recording device, it is encrypted by the storage key Kstr stored in the internal memory of the recording device.
[0281]
Next, data contents of the format types 0 to 3 will be described. As described above, the data is roughly classified into two parts, a header part and a content part. The header part includes a content identifier, a handling policy, check values A and B, a total check value, a block information key, a content key, and a block. Contains information.
[0282]
The handling policy includes content data length, header length, format type (formats 0 to 3 described below), for example, content type such as program or data, download of the content to the recording device, As described in the replay section, a localization flag that is a flag for determining whether or not content can be used uniquely for a recording / playback device, a permission flag for content copying and moving processing, a content encryption algorithm, Stores various usage restriction information and processing information related to content such as mode.
[0283]
The check value A: ICVa is a check value for the identification information and the handling policy, and is generated, for example, by the method described with reference to FIG.
[0284]
The block information key Kbit is a key for encrypting the block information. As described above, the block information key Kbit is encrypted with the delivery key Kdis on the medium, and stored in the internal memory of the recording device when stored in the recording device. It is encrypted with the stored key Kstr.
[0285]
The content key Kcon is a key used for content encryption. In the format types 0 and 1, the content key Kcon is encrypted on the medium by the delivery key Kdis like the block information key Kbit. It is encrypted with the storage key Kstr stored in the memory. In format type 2, the content key Kcon is also used to encrypt the block key Kblc configured for each block of content. In format type 3, there is no content key Kcon.
[0286]
The block information is a table describing information of each block. The block size and the flag indicating whether or not the block is encrypted, that is, whether or not each block is a check target (ICV). Information to be stored is stored. When a block is a check target, the block check value ICVi (block i check value) is defined and stored in the table. This block information is encrypted by the block information encryption key Kbit.
[0287]
The block check value, that is, the content check value ICVi, is stored in the internal memory 307 of the recording / reproducing device 300 as a value obtained by exclusive ORing the entire plaintext (decrypted text) in units of 8 bytes when the block is encrypted. It is generated as a value encrypted with the content check value generation key Kicvc. If the block is not encrypted, the entire block data (plain text) is expressed in 8-byte units using the falsification check value generation function (DES-CBC-MAC, content check value generation key Kicvc) shown in FIG. ) Is generated as a value obtained by inputting to. FIG. 36 shows a configuration example for generating the check value ICVi of the content block. Each message M constitutes 8 bytes of decrypted text data or plain text data.
[0288]
In the format type 1, when at least one of the parts in the block is the target data of the check value ICVi, that is, the check required part, the content check value ICVi is defined for the block. The check value P-ICVij of the part j in the block i is obtained by encrypting a value obtained by exclusive ORing the entire plaintext (decrypted text) in units of 8 bytes when the part j is encrypted. Generated as a value. If the part j is not encrypted, the tamper check value generation function (DES-CBC-MAC, content check value generation key Kicvc) shown in FIG. As a key).
[0289]
Furthermore, if there is only one part [ICV flag = subject of ICV] indicating that it is a check target in one block i, that is, only one check part is required, the check value P− generated by the above method is used. ICVij is used as the block check value ICVi as it is, and when there are a plurality of parts with [ICV flag = subject of ICV] indicating that the block is to be checked, a plurality of part check values P− A value obtained by inputting the data obtained by concatenating ICVij in the order of part numbers into the falsification check value generation function (DES-CBC-MAC, using the content check value generation key Kicvc as a key) shown in FIG. Is generated as FIG. 37 shows a configuration example for generating the content check value ICVi of the content block.
[0290]
In format types 2 and 3, the block check value ICVi is not defined.
[0291]
The check value B: ICVb is a check value for the block information key, the content key, and the entire block information, and is generated by the method described with reference to FIG.
[0292]
The total check value ICVt is a check value for the above-described check value A: ICVa, check value B: ICVb, and the entire check value ICVi included in each block to be checked for content, and will be described with reference to FIG. As described above, the check value A is generated by executing the encryption process by applying the system signature key Ksys to the intermediate check value generated from each check value such as ICVa.
[0293]
In the format types 2 and 3, the total check value ICVt is the above-described check value A: ICVa and check value B: ICVb, which concatenates the entire content data from the block key of block 1 to the final block. It is generated by applying the system signature key Ksys to the intermediate check value generated from the processed data and executing the encryption process. FIG. 38 shows a configuration example for generating the total check value ICVt in the format types 2 and 3.
[0294]
The unique check value ICVdev is a check value that is replaced with the total check value ICVt when the above-described localization flag is set to 1, that is, when the content indicates that the recording / playback device is uniquely usable. Yes, in the case of format types 0 and 1, the check value A: ICVa, the check value B: ICVb, and the check value ICVi included in each block to be checked for content are generated as check values. The Specifically, as described above with reference to FIG. 25 or FIG. 38, the encryption process is performed by applying the recording / reproducing device signature key Kdev to the intermediate check value generated from each check value such as the check value A: ICVa. Generated by executing.
[0295]
Next, content download processing from the recording / reproducing device 300 to the recording device 400 in each of the format types 0 to 3 and reproduction processing from the recording device 400 in the recording / reproducing device 300 will be described with reference to the flowcharts of FIGS.
[0296]
First, content download processing in format types 0 and 1 will be described with reference to FIG.
[0297]
The process shown in FIG. 39 is started by attaching the recording device 400 to the recording / reproducing device 300 shown in FIG. 3, for example. Step S101 is an authentication processing step between the recording / reproducing device and the recording device, and is executed according to the authentication processing flow of FIG. 20 described above.
[0298]
When the authentication process in step S101 is completed and the authentication flag is set, the recording / reproducing device 300, in step S102, reads data according to a predetermined format from the medium 500 storing content data, for example, via the reading unit 304. Or the communication unit 305 is used to receive data from the communication unit 600 according to a predetermined format, and the control unit 301 of the recording / reproducing device 300 records and reproduces the header portion of the data in the recording / reproducing device 300. Is transmitted to the device encryption processing unit 302.
[0299]
Next, in step S103, the control unit 306 of the encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the check value A. As shown in FIG. 23, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the identification information (Content ID), and the handling policy (Usage Policy). ) As a message according to the ICV calculation method described with reference to FIG. Next, in step S104, the check value A and the check value: ICVa stored in the header (Header) are compared. If they match, the process proceeds to step S105.
[0300]
As described above, the check values A and ICVa are check values for verifying falsification of identification information and handling policy. The check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption unit 302 is used as a key, and the identification information (Content ID) and the handling policy (Usage Policy) are used as messages, for example, according to the ICV calculation method When the check value A matches the check value: ICVa stored in the header (Header), it is determined that the identification information and the handling policy are not falsified.
[0301]
Next, in step S105, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to extract or generate the delivery key Kdis. The method of generating the delivery key Kdis is performed using the delivery key master key MKdis, for example, as in step S53 of FIG. 22 described above.
[0302]
In step S106, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to use the generated distribution key Kdis to change the reading unit 304. The block information key Kbit and the content key Kcon stored in the header portion of the data received from the communication unit 600 via the media 500 or the communication unit 305 are decrypted.
[0303]
In step S107, the control unit 306 of the recording / reproducing device encryption processing unit 302 decrypts the block information with the decrypted block information key Kbit in the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302.
[0304]
Further, in step S108, the control unit 306 of the recording / reproducing device encryption processing unit 302 generates a check value B (ICVb ') from the block information key Kbit, the content key Kcon, and the block information (BIT). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the block information key Kbit, the content key Kcon, and the block information ( BIT) is generated by encrypting an exclusive OR value with DES. Next, in step S109, the check value B is compared with the ICVb in the header (Header), and if they match, the process proceeds to step S110.
[0305]
As described above, the check values B and ICVb are check values for verifying falsification of the block information key Kbit, the content key Kcon, and the block information. Using the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the block information key Kbit, the content key Kcon, and the block information (BIT) are divided into units of 8 bytes, and the exclusive logic If the check value B generated by encrypting the sum obtained with DES matches the check value ICVb stored in the header (Header), the block information key Kbit, the content key Kcon, and the block information It is judged that there is no tampering.
[0306]
In step S110, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate an intermediate check value. As shown in FIG. 25, the intermediate check values are the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302, and the check value A and check value B in the verified header. Then, all the stored content check values are calculated as messages according to the ICV calculation method described in FIG. The generated intermediate check value is stored in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 as necessary.
[0307]
Next, in step S111, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the total check value ICVt '. As shown in FIG. 25, the total check value ICVt ′ is generated by encrypting the intermediate check value with DES using the system signature key Ksys stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Next, in step S112, the generated total check value ICVt 'is compared with the ICVt in the header (Header), and if they match, the process proceeds to step S113.
[0308]
As described above with reference to FIG. 4, the total check value ICVt is a check value for verifying falsification of all the check values of ICVa, ICVb, and each content block. Therefore, if the total check value generated by the above processing matches the check value: ICVt stored in the header (Header), it is determined that there is no falsification of all check values of ICVa, ICVb, and each content block. Is done.
[0309]
Next, in step S113, the control unit 301 of the recording / reproducing device 300 takes out the content block information in the block information (BIT) and checks whether the content block is a verification target. When the content block is a verification target, the content check value is stored in the block information in the header.
[0310]
If the content block is to be verified, in step S114, the corresponding content block is read from the medium 500 using the reading unit 304 of the recording / reproducing device 300, or the communication unit 305 of the recording / reproducing device 300 is used. The data is received from the communication unit 600 and transmitted to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. Receiving this, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the content check value ICVi ′.
[0311]
The content check value ICVi ′, when the block is encrypted as described above, decrypts the input content block in the DES CBC mode with the content key Kcon, and excludes the result in units of 8 bytes. The content intermediate value generated by performing logical OR is encrypted with the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device 300 and generated. If the block is not encrypted, the entire data (plain text) is converted into a falsification check value generation function (DES-CBC-MAC, using the content check value generation key Kicvc as a key) shown in FIG. 36 in units of 8 bytes. It is generated as a value obtained by input.
[0312]
In step S115, the control unit 306 of the recording / reproducing device encryption processing unit 302 compares the content check value with the ICV in the content block received from the control unit 301 of the recording / reproducing device 300 in step S102. Is transferred to the control unit 301 of the recording / reproducing device 300. The control unit 301 of the recording / reproducing device 300 that has received the information retrieves the next verification target content block and causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to verify the content block when all the contents are verified. The same verification process is repeated until the block is verified (step S116).
[0313]
Note that if any of the check values does not match in any of step S104, step S109, step S112, and step S115, the download process ends as an error.
[0314]
Next, in step S117, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 uses the block information key Kbit and the content key Kcon decrypted in step S106 as the encryption / decryption unit of the recording / reproducing device encryption processing unit 302. In 308, encryption is performed using the session key Kses shared during mutual authentication. The control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the content key Kcon encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and these data are recorded on the recording / reproducing device 300. To the recording device 400 via the recording device controller 303.
[0315]
In step S118, the recording device 400 that has received the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401. Decrypted with the session key Kses shared at the time of mutual authentication, re-encrypted with the storage key Kstr specific to the recording device stored in the internal memory 405 of the recording device encryption processing unit 401, and recorded / reproduced The control unit 301 of 300 reads out the block information key Kbit and the content key Kcon re-encrypted with the storage key Kstr from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300. That is, the block information key Kbit encrypted with the delivery key Kdis and the content key Kcon are exchanged.
[0316]
Next, in step S119, the control unit 301 of the recording / reproducing device 300 extracts usage restriction information from the handling policy (Usage Policy) of the header portion of the data, and whether or not the downloaded content can be used only by the recording / reproducing device 300. Judgment is made. In this determination, when the localization flag (usage restriction information) = 1 is set, the downloaded content can be used only by the recording / reproducing device 300, and the localization flag (usage restriction information) = 0 is set. Indicates that the downloaded content can be used by another similar recording / reproducing device 300. As a result of the determination, if the localization flag (usage restriction information) = 1, the process proceeds to step S120.
[0317]
In step S120, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to calculate a check value specific to the recording / reproducing device. As shown in FIG. 25, the check value unique to the recording / reproducing device uses the recording / reproducing device signature key Kdev unique to the recording / reproducing device stored in the internal memory 307 of the recording / reproducing device encryption unit 302 as a key. The generated intermediate check value is encrypted with DES. The calculated check value ICVdev specific to the recording / reproducing device is overwritten instead of the total check value ICVt.
[0318]
As described above, the system signature key Ksys is a system signature key used for attaching a common signature or ICV to the distribution system, and the recording / reproducing device signature key Kdev is different for each recording / reproducing device, This is a recording / reproducing device signature key used by the recording / reproducing device to attach a signature or ICV. That is, the data signed by the system signature key Ksys is successfully checked by a system (recording / reproducing device) having the same system signature key, that is, the total check value ICVt matches, so that it can be used in common. When the recording / reproducing device signature key Kdev is used for signing, since the recording / reproducing device signature key is a key unique to the recording / reproducing device, the data signed using the recording / reproducing device signature key Kdev, that is, After the signature, the data stored in the recording device is reproduced because the check value ICVdev specific to the recording / reproducing device becomes inconsistent and an error occurs when attempting to reproduce the recording device on another recording / reproducing device. It will not be possible. In the data processing apparatus of the present invention, the contents that can be used in common in the system and the contents that can be used uniquely for the recording / reproducing device can be freely set by setting the use restriction information.
[0319]
Next, in step S121, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 302 to form a storage data format. As described above, the format type has each type from 0 to 3, and is set in the handling policy (see FIG. 5) in the header. According to this setting type, the right side of FIGS. 32 to 35 described above. The data is formed in accordance with the storage format. Since the flow shown in FIG. 39 is in one of formats 0 and 1, it is formed in one of the formats in FIGS.
[0320]
When the formation of the storage data format is completed in step S121, the control unit 301 of the recording / reproducing device 300 stores the content in the external memory 402 of the recording device 400 in step 122.
[0321]
The above is the aspect of the content data download process in the format types 0 and 1.
[0322]
Next, content data download processing in format type 2 will be described with reference to FIG. The description will focus on the differences from the download processing of the format types 0 and 1 described above.
[0323]
Steps S101 to S109 are the same as the download processing of the format types 0 and 1 described above, and thus description thereof is omitted.
[0324]
As described above, since the content check value ICVi is not defined for the format type 2, the block information does not have the content check value ICVi. As shown in FIG. 38, the intermediate check value in format type 2 is data obtained by concatenating check value A, check value B, and the entire content data from the first data of the first block (block key of block 1) to the last block. It is generated by applying the system signature key Ksys to the intermediate check value generated based on the encryption process.
[0325]
Accordingly, in the format type 2 download process, the content data is read out in step S151, and in step S152, the intermediate check value is generated based on the check value A and the check value B and the read content data. Even when the content data is encrypted, the decryption process is not performed.
[0326]
Format type 2 does not perform block data decoding or content check value inquiry processing unlike the processing in format types 0 and 1 described above, so that rapid processing is possible.
[0327]
Since the processing after step S111 is the same as the processing in the format types 0 and 1, description thereof will be omitted.
[0328]
The above is the aspect of the content data download process in format type 2. As described above, the format type 2 download process does not perform block data decryption and content check value inquiry processing unlike the format type 0 and 1 processes. This format is suitable for data processing that requires processing.
[0329]
Next, content data download processing in format type 3 will be described with reference to FIG. The description will focus on the differences from the download processing of format types 0, 1, and 2 described above.
[0330]
Steps S101 to S105 are the same as the download processing of the format types 0, 1, and 2 described above, and thus description thereof is omitted.
[0331]
Format type 3 basically has many parts in common with processing in format type 2, but format type 3 does not have a content key, and block key Kblc is encrypted with storage key Kstr in the recording device. Is different from format type 2.
[0332]
Description will be made centering on differences from the format type 2 in the format type 3 download process. In format type 3, the block information key is decrypted in step S161, which is the next step of step S105. The control unit 306 of the recording / reproducing device encryption processing unit 302 uses the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to receive the distribution key Kdis generated in step S105 via the reading unit 304. The block information key Kbit stored in the header portion of the data received from the communication unit 600 via the communication medium 500 or the communication unit 305 is decrypted. In format type 3, since the content key Kcon does not exist in the data, the decryption process of the content key Kcon is not executed.
[0333]
In the next step S107, the block information is decrypted using the block information key Kbit decrypted in step S161. Further, in step S162, the control unit 306 of the recording / reproducing device encryption processing unit 302 performs the block information key Kbit, The check value B (ICVb ′) is generated from the block information (BIT). The check value B is an exclusive OR value composed of the block information key Kbit and the block information (BIT) using the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Generated by encrypting with DES. Next, in step S109, the check value B is compared with ICVb in the header (Header), and if they match, the process proceeds to step S151.
[0334]
In format type 3, the check values B and ICVb function as a block information key Kbit and a check value for verifying falsification of the block information. If the generated check value B matches the check value: ICVb stored in the header (Header), it is determined that the block information key Kbit and the block information are not falsified.
[0335]
Steps S151 to S112 are the same as the processing of the format type 2, and will not be described.
[0336]
In step S163, the block key Kblc included in the content data read in step S151 is decrypted with the delivery key Kdis generated in step S105.
[0337]
In step S164, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 uses the block information key Kbit decrypted in step S161 and the block key Kblc decrypted in step S163 to The encryption / decryption unit 308 is encrypted with the session key Kses shared at the time of mutual authentication. The control unit 301 of the recording / reproducing device 300 reads the block information key Kbit and the block key Kblc encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and these data are recorded on the recording / reproducing device 300. To the recording device 400 via the recording device controller 303.
[0338]
Next, in step S165, the recording device 400 that has received the block information key Kbit and the block key Kblc transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401. , Decrypted with the session key Kses shared at the time of mutual authentication, re-encrypted with the storage key Kstr unique to the recording device stored in the internal memory 405 of the recording device encryption processing unit 401, and recorded / reproduced The control unit 301 of 300 reads out the block information key Kbit and the block key Kblc re-encrypted with the storage key Kstr from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300. That is, the block information key Kbit and the block key Kblc encrypted with the delivery key Kdis are replaced with the block information key Kbit and the block key Kblc re-encrypted with the storage key Kstr.
[0339]
The following steps S119 to S122 are the same as the format types 0, 1, and 2 described above, and thus description thereof is omitted.
[0340]
The above is the aspect of the content data download process in the format type 3. As described above, the format type 3 download process, like the format type 2, does not perform block data decoding or content check value inquiry processing, thus enabling rapid processing and requiring real-time processing such as music data. It is a format suitable for data processing. Further, since the range for protecting the encrypted content with the block key Kblc is localized, the security is higher than that of the format type 2.
[0341]
Next, reproduction processing from the recording device 400 in the recording / reproducing device 300 in each of the format types 0 to 3 will be described with reference to the flows in FIGS.
[0342]
First, content reproduction processing in format type 0 will be described with reference to FIG.
[0343]
Step S201 is an authentication processing step between the recording / reproducing device and the recording device, and is executed according to the authentication processing flow of FIG. 20 described above.
[0344]
When the authentication process in step S201 is completed and the authentication flag is set, the recording / reproducing device 300 reads out the header of the data according to a predetermined format from the recording device 400 in step S202, and the recording / reproducing device 300 performs recording / reproduction. Is transmitted to the device encryption processing unit 302.
[0345]
Next, in step S203, the control unit 306 of the encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 to calculate the check value A. As shown in FIG. 23 described above, the check value A uses the check value A generation key Kicva stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key and is handled as identification information (Content ID). The policy is calculated as a message. Next, in step S204, the calculated check value A is compared with the check value: ICVa stored in the header (Header). If they match, the process proceeds to step S205.
[0346]
Check values A and ICVa are check values for verifying falsification of identification information and handling policy. When the calculated check value A matches the check value ICVa stored in the header, it is determined that the identification information stored in the recording device 400 and the handling policy are not falsified.
[0347]
Next, in step S205, the control unit 301 of the recording / reproducing device 300 extracts the block information key Kbit and the content key Kcon encrypted with the storage key Kstr specific to the recording device from the read header, and the recording / reproducing device 300 records it. The data is transmitted to the recording device 400 via the device controller 303.
[0348]
The recording device 400 that has received the block information key Kbit and the content key Kcon transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401 and the recording device encryption processing unit 401. Is decrypted with the storage key Kstr unique to the recording device stored in the internal memory 405, and encrypted again with the session key Kses shared during mutual authentication. This process is as described in detail in the section of (9) Key exchange process after mutual authentication described above.
[0349]
In step S206, the control unit 301 of the recording / reproducing device 300 receives the block information key Kbit and the content key Kcon re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300. .
[0350]
Next, in step S207, the control unit 301 of the recording / reproducing device 300 sends the block information key Kbit and content key Kcon re-encrypted with the received session key Kses to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300. The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 that has transmitted and received the block information key Kbit and the content key Kcon re-encrypted with the session key Kses is an encryption / decryption unit of the recording / reproducing device encryption processing unit 302. In 308, the block information key Kbit and the content key Kcon encrypted with the session key Kses are decrypted with the session key Kses shared at the time of mutual authentication.
[0351]
Further, in step S208, the block information read in step S202 is decrypted with the decrypted block information key Kbit. The recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 receives the decrypted block information key Kbit, content key Kcon, and block information BIT in the block information key Kbit and content key Kcon included in the header read in step S202. The block information BIT is replaced and held. The control unit 301 of the recording / reproducing device 300 reads the decrypted block information BIT from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.
[0352]
In step S209, the control unit 306 of the recording / reproducing device encryption processing unit 302 generates a check value B (ICVb ′) from the block information key Kbit, the content key Kcon, and the block information (BIT). As shown in FIG. 24, the check value B uses the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, the block information key Kbit, the content key Kcon, and the block information ( BIT) is generated by encrypting an exclusive OR value with DES. Next, in step S210, the check value B is compared with ICVb in the header (Header), and if they match, the process proceeds to step S211.
[0353]
The check values B and ICVb are check values for verifying falsification of the block information key Kbit, the content key Kcon, and the block information, and the generated check value B is a check value stored in the header (Header): ICVb If it matches, it is determined that the block information key Kbit, the content key Kcon, and the block information in the data stored in the recording device 400 are not falsified.
[0354]
In step S211, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate an intermediate check value. As shown in FIG. 25, the intermediate check values are the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302, and the check value A and check value B in the verified header. Then, all content check values in the block information are calculated as messages according to the ICV calculation method described in FIG. The generated intermediate check value is stored in the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 as necessary.
[0355]
Next, in step S212, the control unit 301 of the recording / reproducing device 300 extracts the usage restriction information from the usage policy included in the header portion of the data read from the external memory 402 of the recording device 400, and plans to reproduce it. It is determined whether the content can be used only by the recording / reproducing device 300 (usage restriction information is 1) or can be used by another similar recording / reproducing device 300 (usage restriction information is 0). As a result of the determination, if the usage restriction information is 1, that is, the usage restriction that the playback content can be used only by the recording / reproducing device 300 is set, the process proceeds to step S213, and the usage restriction information is 0, that is, another similar one. If the setting is also available for the recording / reproducing device 300, the process proceeds to step S215. Note that the encryption processing unit 302 may perform the processing in step S212.
[0356]
In step S213, the control unit 301 of the recording / reproducing device 300 causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to calculate a check value ICVdev ′ unique to the recording / reproducing device. The check value ICVdev ′ unique to the recording / reproducing device is held in step S211 using the recording / reproducing device signature key Kdev stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key, as shown in FIG. The generated intermediate check value is encrypted with DES.
[0357]
Next, in step S214, the recording / reproducing device specific check value ICVdev 'calculated in step S213 is compared with the ICVdev in the header read in step S202. If they match, the process proceeds to step S217.
[0358]
On the other hand, in step S215, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the total check value ICVt. As shown in FIG. 25, the total check value ICVt ′ is generated by encrypting the intermediate check value with DES using the system signature key Ksys stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Next, in step S216, the generated total check value ICVt 'is compared with the ICVt in the header (Header), and if they match, the process proceeds to step S217.
[0359]
The total check value ICVt and the check value ICVdev peculiar to the recording / reproducing device are check values for verifying falsification of all the check values of ICVa, ICVb, and each content block. Therefore, when the check value generated by the above processing matches the check value: ICVt or ICVdev stored in the header (Header), the ICVa and ICVb stored in the recording device 400 and the check of each content block are checked. It is determined that all values have not been tampered with.
[0360]
Next, in step S217, the control unit 301 of the recording / reproducing device 300 reads block data from the recording device 400. Further, in step S218, it is determined whether or not the data is encrypted. If the data is encrypted, the encryption processing unit 302 of the recording / reproducing device 300 decrypts the block data. If not encrypted, the process skips step S219 and proceeds to step S220.
[0361]
Next, in step S220, the control unit 301 of the recording / reproducing device 300 checks whether the content block is a verification target based on the content block information in the block information (BIT). When the content block is a verification target, the content check value is stored in the block information in the header. If the content block is to be verified, the content check value ICVi 'of the corresponding content block is calculated in step S221. If the content block is not a verification target, steps S221 and S222 are skipped and the process proceeds to step S223.
[0362]
When the block is encrypted as described above with reference to FIG. 36, the content check value ICVi ′ is decrypted with the content key Kcon in the DES CBC mode, and the result is all 8 bytes. The content intermediate value generated by exclusive ORing in units is encrypted by the content check value generation key Kicvc stored in the internal memory 307 of the recording / reproducing device 300 and generated. If the block is not encrypted, the entire data (plain text) is converted into a falsification check value generation function (DES-CBC-MAC, using the content check value generation key Kicvc as a key) shown in FIG. 36 in units of 8 bytes. It is generated as a value obtained by input.
[0363]
In step S222, the control unit 306 of the recording / reproducing device encryption processing unit 302 compares the generated content check value ICVi ′ with the content check value ICVi stored in the header unit received from the recording device 400 in step S202. The result is passed to the control unit 301 of the recording / reproducing device 300. The control unit 301 of the recording / reproducing device 300 that has received the information stores the execution (reproduction) content plaintext data in the recording / reproducing device system RAM in step S223 if the verification is successful. The control unit 301 of the recording / reproducing device 300 further extracts the next verification target content block, causes the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 to verify, and performs the same verification process until all content blocks are verified. The storage process is repeated (step S224).
[0364]
Note that if any of the check values does not match in any of step S204, step S210, step S214, step S216, and step S222, the reproduction process ends as an error.
[0365]
If it is determined in step S224 that all blocks are to be read, the process proceeds to step S225, where execution (playback) of content (program, data) is started.
[0366]
The above is the aspect of the content data reproduction process in the format type 0.
[0367]
Next, content data playback processing in format type 1 will be described with reference to FIG. The description will focus on the differences from the format type 0 playback process described above.
[0368]
Since the processing from step S201 to step S217 is the same as the above-described format type 0 reproduction processing, description thereof will be omitted.
[0369]
In format type 1, in step S231, decryption of the encrypted part is executed, and a part ICV is generated. Further, in step S232, a block ICVi 'is generated. As described above, in format type 1, when at least one of the parts in the block is the target data of the check value ICVi, the content check value ICVi is defined for the block. The check value P-ICVij of the part j in the block i is obtained by encrypting a value obtained by exclusive ORing the entire plaintext (decrypted text) in units of 8 bytes when the part j is encrypted. Generated as a value. If the part j is not encrypted, the falsification check value generation function (DES-CBC-MAC, content check value generation key Kicvc as a key) shown in FIG. It is generated as a value obtained by inputting to.
[0370]
Furthermore, when there is only one part [ICV flag = subject of ICV] indicating that it is a check target in one block i, the check value P-ICVij generated by the above-described method is directly used for the block. When there are a plurality of parts having the check value ICVi and [ICV flag = subject of ICV] indicating that the check is to be performed in one block i, the plurality of parts check values P-ICVi, j are set to the parts. For the data concatenated in numerical order, the entire data (plain text) is input to the falsification check value generation function (DES-CBC-MAC, content check value generation key Kicvc as a key) shown in FIG. 36 in units of 8 bytes. It is generated as the obtained value. This is as described above with reference to FIG.
[0371]
In the format type 1, the comparison process of the content check value generated by the above procedure is executed in step S222. Since the processing after the step S223 is the same as that of the format type 0, the description is omitted.
[0372]
Next, content data playback processing in format type 2 will be described with reference to FIG. The description will focus on the differences from the above-described playback processing of format types 0 and 1.
[0373]
Steps S201 to S210 are the same as the reproduction processing of the format types 0 and 1 described above, and a description thereof will be omitted.
[0374]
In format type 2, the processes of steps S211 to S216 executed in format types 0 and 1 are not executed. Further, since the format type 2 has no content check value, the verification of the content check value in step S222 executed in the format types 0 and 1 is not executed.
[0375]
In the format type 2 data reproduction process, after the check value B verification step in step S210, the process proceeds to step S217, and block data is read out under the control of the control unit 301 of the recording / reproducing device 300. Further, in step S241, the encryption processing unit 306 of the recording / reproducing device 300 performs a decryption process of the block key Kblc included in the block data. The block key Kblc stored in the recording device 400 is encrypted with the content key Kcon as shown in FIG. 34, and the block key Kblc is decrypted using the content key Kcon decrypted in the previous step S207.
[0376]
Next, in step S242, block data decryption processing is executed using the block key Kblc decrypted in step S241. Further, in step S243, content (program, data) execution and playback processing are executed. The processing from step S217 to step S243 is repeatedly executed for all blocks. If it is determined in step S244 that all blocks are read, the reproduction process ends.
[0377]
As described above, the format type 2 process omits the check value verification process such as the total check value, and is suitable for executing a high-speed decoding process, and is a data process that requires real-time processing such as music data. It is a format suitable for.
[0378]
Next, content data playback processing in format type 3 will be described with reference to FIG. The description will focus on the differences from the above-described playback processing of format types 0, 1, and 2.
[0379]
Format type 3 basically has many parts in common with processing in format type 2, but format type 3 does not have a content key as described in FIG. 35, and block key Kblc is not used in the recording device. It differs from the format type 2 in that it is encrypted and stored with the storage key Kstr.
[0380]
In steps S201 to S210, the processes in steps S251, S252, S253, and S254 are configured as processes that do not include a content key, unlike the corresponding processes in the format types 0, 1, and 2 described above.
[0381]
In step S251, the control unit 301 of the recording / reproducing device 300 extracts the block information key Kbit encrypted with the storage key Kstr specific to the recording device from the read header, and records it via the recording device controller 303 of the recording / reproducing device 300. To device 400.
[0382]
The recording device 400 that has received the block information key Kbit transmitted from the recording / reproducing device 300 sends the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401 and the internal memory 405 of the recording device encryption processing unit 401. Is decrypted with the storage key Kstr unique to the recording device stored in the server and re-encrypted with the session key Kses shared during mutual authentication. This process is as described in detail in the section of (9) Key exchange process after mutual authentication described above.
[0383]
In step S252, the control unit 301 of the recording / reproducing device 300 receives the block information key Kbit re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.
[0384]
Next, in step S253, the control unit 301 of the recording / reproducing device 300 transmits the block information key Kbit re-encrypted with the received session key Kses to the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and the session Upon receiving the block information key Kbit re-encrypted with the key Kses, the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 encrypts the encryption / decryption unit 308 of the recording / reproducing device encryption processing unit 302 with the session key Kses. The encrypted block information key Kbit is decrypted with the session key Kses shared at the time of mutual authentication.
[0385]
Further, in step S208, the block information read in step S202 is decrypted with the decrypted block information key Kbit. Note that the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300 replaces the decrypted block information key Kbit and block information BIT with the block information key Kbit and block information BIT included in the header read out in step S202 and holds them. Keep it. The control unit 301 of the recording / reproducing device 300 reads the decrypted block information BIT from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300.
[0386]
Further, in step S254, the control unit 306 of the recording / reproducing device encryption processing unit 302 generates a check value B (ICVb ′) from the block information key Kbit and the block information (BIT). As shown in FIG. 24, the check value B is composed of a block value key Kbit and block information (BIT) using the check value B generation key Kicvb stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. The exclusive OR value is generated by encrypting with DES. Next, in step S210, the check value B is compared with ICVb in the header (Header), and if they match, the process proceeds to step S211.
[0387]
In format type 3, since the block key is encrypted with the storage key when stored in the recording device, decryption processing with the storage key in the recording device 400, encryption processing with the session key, and recording / reproducing device Decryption processing with the session key at 300 is required. These series of processes are the process steps shown in steps S255 and S256.
[0388]
In step S255, the control unit 301 of the recording / reproducing device 300 extracts the block key Kblc encrypted with the storage key Kstr specific to the recording device from the block read in step S217, and passes through the recording device controller 303 of the recording / reproducing device 300. To the recording device 400.
[0389]
The recording device 400 that has received the block key Kblc transmitted from the recording / reproducing device 300 transmits the received data to the encryption / decryption unit 406 of the recording device encryption processing unit 401 and to the internal memory 405 of the recording device encryption processing unit 401. Decryption is performed with the stored storage key Kstr unique to the recording device, and re-encryption is performed with the session key Kses shared at the time of mutual authentication. This processing is as described in detail in the section of “(9) Key exchange processing after mutual authentication” described above.
[0390]
In step S256, the control unit 301 of the recording / reproducing device 300 receives the block key Kblc re-encrypted with the session key Kses from the recording device 400 via the recording device controller 303 of the recording / reproducing device 300.
[0390]
Next, in step S257, decryption processing using the session key Kses of the block key Kblc by the encryption processing unit 306 of the recording / reproducing device 300 is executed.
[0392]
Next, in step S242, block data decryption processing is executed using the block key Kblc decrypted in step S257. Further, in step S243, content (program, data) execution and playback processing are executed. The processing from step S217 to step S243 is repeatedly executed for all blocks. If it is determined in step S244 that all blocks are read, the reproduction process ends.
[0393]
The above processing is content reproduction processing in format type 3. Similar to the format type 2 in that the verification process of the total check value is omitted, but the processing configuration has a higher security level than the format type 2 in that the key exchange process of the block key is included. .
[0394]
(11) Check value (ICV) generation process in content provider
In the above-described embodiments, it has been described that the verification processing for various check values ICV is executed at the stage of content download or playback processing. Here, modes of each check value (ICV) generation process and verification process will be described.
[0395]
First, the check values ICV used in the data processing apparatus of the present invention are as follows.
[0396]
Check value A, ICVa: Check value for verifying falsification of identification information and handling policy in content data.
Check value B, ICVb: Check value for verifying block information key Kbit, content key Kcon, and block information tampering.
Content check value ICVi: a check value for verifying tampering of each content block of the content.
Total check value ICVt: Check value ICVa, check value ICVb, and a check value for verifying tampering of all check values of each content block.
Player-specific check value ICVdev: This is a check value that is replaced with the total check value ICVt when the localization flag is set to 1, that is, when the content indicates that it is available for recording and playback devices. The check value A: ICVa, the check value B: ICVb, and the check value ICVi included in each block to be checked for content are generated as check values.
Depending on the format, what is to be checked by ICVt and ICVdev may be the content itself, not the check value of each content block.
[0397]
Each of the above check values is used in the data processing apparatus of the present invention. Among the above check values, the check value A, the check value B, the total check value, and the content check value are, for example, a content provider that provides content data or content management as shown in FIGS. 32 to 35 and FIG. An ICV value is generated by each person based on the data to be verified, stored in the data together with the content, and provided to the user of the recording / reproducing device 300. When the user of the recording / reproducing device, that is, the content user downloads or reproduces the content to the recording device, the ICV for verification is generated based on the data to be verified, and the stored ICV Compare. Further, the player-specific check value ICVdev is stored in the recording device in place of the total check value ICVt when the content indicates that the content can be used unique to the recorder / player.
[0398]
In the above-described embodiment, the check value generation processing has been mainly described with reference to the generation processing configuration by DES-CBC. However, the ICV generation processing mode is not limited to the above-described method, but includes various generation processing modes and various verification processing modes. In particular, in the relationship between a content provider or administrator and a content user, various ICV generation and verification processing configurations described below are possible.
[0399]
46 to 48 are diagrams illustrating the generation process of the check value ICV by the creator and the verification process by the verifier.
[0400]
In FIG. 46, the ICV generation processing by DES-CBC described in the above-described embodiment is performed by, for example, an ICV generator that is a content provider or an administrator, and the generated ICV is recorded together with the content, that is, a recording / reproducing user. This configuration is provided to the verifier. In this case, the key required for the verification process by the recording / reproducing device user, that is, the verifier is, for example, each check value generation key stored in the internal memory 307 shown in FIG. A verifier (recording / reproducing device user) who is a content user uses the check value generation key stored in the internal memory 307 to generate a check value by applying DES-CBC to the verification target data. Executes the stored check value and comparison processing. In this case, each check value generation key is configured as a key shared secretly between the ICV generator and the verifier.
[0401]
In FIG. 47, an ICV generator, which is a content provider or an administrator, generates an ICV with a digital signature of a public key cryptosystem, and provides the generated ICV together with the content to a content user, that is, a verifier. The content user, that is, the verifier saves the ICV creator's public key, and executes the ICV verification processing using this public key. In this case, the public key of the ICV generator owned by the content user (recording / reproducing device user), that is, the verifier need not be kept secret, and management becomes easy. This is a mode suitable for the case where ICV generation and management are performed at a high security management level, such as when ICV generation and management are executed in one entity.
[0402]
48, an ICV generator, which is a content provider or administrator, generates an ICV using a digital signature of a public key cryptosystem, and provides the generated ICV together with the content to a content user, that is, a verifier. The public key used for verification by the verifier is stored in a public key certificate (see, for example, FIG. 14) and provided to the recording / reproducing device user, that is, the verifier together with the content data. When there are a plurality of ICV generators, each generator has the key management center create data (public key certificate) that proves the validity of the public key.
[0403]
The content user who is the verifier of the ICV has the public key of the key management center, and the verifier executes the verification of the public key certificate with the public key of the key management center. The ICV creator's public key stored in the certificate is extracted. Furthermore, the ICV verification is executed using the public key of the ICV creator taken out.
[0404]
This method is effective when there are a plurality of ICV creators and a management execution system is established by the center that executes the management.
[0405]
(12) Cryptographic key generation configuration based on master key
Next, the generation configuration of various cryptographic processing keys based on the master key, which is one of the characteristic configurations in the data processing system of the present invention, will be described.
[0406]
As described above with reference to FIG. 18, various master keys are stored in the internal memory of the recording / reproducing device 300 in the data processing apparatus of the present invention. For example, an authentication key Kake is used by using these master keys. Is generated (see Equation 3), or the distribution key Kdis is generated (see Equation 4).
[0407]
Conventionally, encryption communication, mutual authentication, MAC generation, between one-to-one entities, that is, between content providers and content users, or between the recording / reproducing device 300 and the recording medium 400 in the data processing apparatus of the present invention described above, When performing verification or the like, secret information common to each entity, for example, key information, is held. In a one-to-many relationship, for example, a large number of content users for a single content provider, or a large number of recording media for a single recording / playback device, all entities, that is, a large number of content users, or a large number of content users. The secret information shared in the recording media, for example, the key information is stored and held, or one content provider individually manages the secret information (ex. Key) of each of the many content users. Was used according to each content user.
[0408]
However, when there is a one-to-many usage relationship as described above, in the configuration in which all the secret information (ex. Key) is shared, the same secret information (ex. Key) is generated when one secret leak occurs. The disadvantage is that it affects all who use the. In addition, if one administrator, for example, a content provider, individually manages the secret information (ex. Key) of each of many content users and uses it separately according to each content user, all users are There is a disadvantage that a list that identifies and associates unique identification information (ex. Key) with the identification data is necessary, and the burden of list maintenance management increases with the increase of users.
[0409]
In the data processing apparatus of the present invention, such a conventional problem in sharing secret information between entities is solved by holding a master key and generating various individual keys from the master key. Hereinafter, this configuration will be described.
[0410]
In the data processing apparatus of the present invention, when different individual keys are required in various encryption processing, authentication processing, etc. between the recording device and the medium storing the content, or between the recording / reproducing devices, It is generated using individual information such as identifier data (ID) inherent to the device or medium and an individual key generation method determined in advance in the recording / reproducing device 300. Even if the generated individual key is specified by this configuration, damage to the entire system can be prevented by preventing the leakage of the master key. Further, the management of the association list becomes unnecessary due to the configuration in which the key is generated by the master key.
[0411]
A specific configuration example will be described with reference to the drawings. First, FIG. 49 is a diagram illustrating a configuration in which various keys are generated using various master keys included in the recording / reproducing device 300. Content is input from the medium 500 and the communication unit 600 in FIG. 49 as in the embodiment described above. The content is encrypted with the content key Kcon, and the content key Kcon is encrypted with the delivery key Kdis.
[0412]
For example, when the recording / reproducing device 300 takes out the content from the medium 500 and the communication unit 600 and tries to download it to the recording device 400, as described in FIG. 22 and FIGS. It is necessary to acquire the delivery key Kdis that encrypts the content key. The Kdis can be acquired directly from the medium 500 and the communication means 600, or can be acquired in advance by the recording / reproducing device 300 and stored in the memory in the recording / reproducing device 300. As described above, there is a possibility that the distribution configuration for these users may affect the entire system.
[0413]
In the data processing system of the present invention, as shown in the lower part of FIG. 49, the delivery key Kdis is processed based on the delivery key master key MKdis stored in the memory of the recording / reproducing device 300 and the content ID, that is, Kdis = DES. The distribution key Kdis is generated by applying (MKdis, content ID). According to this configuration, even if there are many content providers in the content distribution configuration between the content provider that supplies content from the media 500 and the communication means 600 and the recording / playback device 300 that is the content user, The distribution key Kdis is not required to be distributed via media, communication media, etc., and is not required to be stored in each recording / reproducing device 300, so that security can be maintained at a high level.
[0414]
Next, generation of the authentication key Kake will be described. The recording / reproducing device 300 executes the download processing from the recording / reproducing device 300 in FIGS. 22 and 39 to 41 described above to the recording medium 400 or the content stored in the recording medium 400 described in FIGS. 28 and 42 to 45. When reproducing, mutual authentication processing (see FIG. 20) between the recording / reproducing device 300 and the recording medium 400 is required.
[0415]
As described with reference to FIG. 20, in this authentication process, the recording / reproducing device 300 requires the authentication key Kake. The recording / reproducing device 300 can acquire the authentication key directly from the recording medium 400, for example, or can be acquired in advance by the recording / reproducing device 300 and stored in the memory in the recording / reproducing device 300. Similar to the distribution key configuration, the distribution configuration of such a key to a large number of users can be a leak that affects the entire system.
[0416]
In the data processing system of the present invention, the authentication key Kake is processed based on the authentication key master key MKake stored in the memory of the recording / reproducing device 300 and the recording device identification ID: IDmem, as shown in the lower part of FIG. That is, the authentication key Kake is obtained by Kake = DES (MKake, IDmem).
[0417]
Further, the recording / playback device 300 executes the download processing from the recording / playback device 300 of FIGS. 22 and 39 to 41 to the recording medium 400 or the content stored in the recording media 400 described in FIGS. In this case, the recording / reproducing device signature key Kdev required for the process of generating the recording / reproducing device specific check value ICVdev in the case of content that can be used uniquely for the recording / reproducing device has the same configuration as the above distribution key and authentication key. can do. In the above embodiment, the recording / reproducing device signature key Kdev is stored in the internal memory. However, the recording / reproducing device signing key master key MKdev is stored in the memory, and the recording / reproducing device signing key Kdev is stored in the internal memory. If necessary, as shown in the lower part of FIG. 49, based on the recording / reproducing device identifier: IDdev and the recording / reproducing device signature key master key MKdev, the recording / reproducing device signing key Kdev by Kdev = DES (MKdev, IDdev). In this configuration, there is an advantage that it is not necessary to provide the recording / reproducing device signature key Kdev individually for each device.
[0418]
As described above, in the data processing apparatus of the present invention, information such as a key necessary for a procedure related to cryptographic information processing between two entities such as a provider and a recording / reproducing device or between a recording / reproducing device and a recording device is stored as a master key. Since the ID is generated sequentially from each ID, even if key information is leaked from each entity, the scope of damage due to individual keys is more limited, and the key list for each individual entity as described above is also included. Management is also unnecessary.
[0419]
A plurality of processing examples related to this configuration will be described with reference to a flow. FIG. 50 shows an example of content encryption processing using a master key in content production or an administrator, and decryption processing of encrypted data using a master key in a user device, for example, the recording / reproducing device 300 in the above-described embodiment. is there.
[0420]
Step S501 in the content production or manager is a step of assigning an identifier (content ID) for the content. Step S502 is a step of generating a key for encrypting the content or the like based on the master key and the content ID held by the content production or administrator. For example, if the delivery key Kdis is generated, the delivery key Kdis is generated by the aforementioned Kdis = DES (MKdis, content ID). Next, step S503 is a step of encrypting a part or all of the content with a key (for example, a delivery key Kdis). The content producer distributes the content that has been encrypted through these steps via a medium such as a DVD, communication means, or the like.
[0421]
On the other hand, for example, on the user device side such as the recording / reproducing device 300, in step S504, the content ID is read out from the content data received via the media, the communication means, and the like. Next, in step S505, a key to be applied to decryption of the encrypted content is generated based on the read content ID and the owned master key. If this generation process is to obtain the delivery key Kdis, for example, the delivery key Kdis = DES (MKdis, content ID). In step S506, the content is decrypted using this key, and in step S507, the decrypted content is used, that is, reproduced or programmed.
[0422]
In this example, as shown in the lower part of FIG. 50, both the content production or management and the user device have a master key (for example, a delivery key generation master key MKdis), which is necessary for content encryption and decryption. A delivery key is sequentially generated based on each master key and each ID (content ID).
[0423]
In this system, if the delivery key is leaked to a third party, the content can be decrypted by the third party. However, since it is possible to prevent decryption of other content having a different content ID, 1 There is an effect that the influence of leakage of one content key on the entire system can be minimized. Also, there is an effect that it is not necessary to maintain a key association list for each content on the user device side, that is, the recording / reproducing device.
[0424]
Next, with reference to FIG. 51, an example will be described in which a content producer or administrator owns a plurality of master keys and executes processing according to content distribution targets.
[0425]
Step S511 in the content production or management is a step of assigning an identifier (content ID) to the content. Step S512 is a step of selecting one master key from a plurality of master keys (for example, a plurality of delivery key generation master keys MKdis) possessed by the content production or administrator. This selection process will be further described with reference to FIG. 52. A master key to be applied in advance is set in association with each country, model, or model version of the content user, and executed according to the setting. To do.
[0426]
In step S513, an encryption key is generated based on the master key selected in step S512 and the content ID determined in step S511. For example, if the delivery key Kdisi is generated, it is generated by Kdis = DES (MKdisi, content ID). Next, step S514 is a step of encrypting part or all of the content with a key (for example, a delivery key Kdisi). In step S515, the content producer distributes the content ID, the master key identification information used, and the content encrypted using the encrypted content as one distribution unit via a medium such as a DVD or a communication means. To do.
[0427]
On the other hand, for example, on the user device side such as the recording / reproducing device 300, in step S516, the user device owns the master key corresponding to the master key identification information in the content data distributed via media such as a DVD or communication means. It is determined whether or not. If the master key corresponding to the master key identification information in the content data is not possessed, the distributed content cannot be used in the user device, and the process ends.
[0428]
When the master key corresponding to the master key identification information in the distributed content data is owned by itself, in step S517, the content ID is read out from the content data received via the media, communication means, and the like. Next, in step S518, a key to be applied to the decryption of the encrypted content is generated based on the read content ID and the owned master key. When this generation process is to obtain the delivery key Kdisi, for example, the delivery key Kdisi = DES (MKdisi, content ID). In step S519, the content is decrypted using this key, and in step S520, the decrypted content is used, that is, reproduced or programmed.
[0429]
In this example, as shown in the lower part of FIG. 51, the content creator or administrator has a master key set including a plurality of master keys, for example, a plurality of delivery key generation master keys MKdis1 to MKdis1. On the other hand, only when the user device has one master key, for example, one delivery key generation master key KKdisi, and the content creator or the administrator encrypts the content using MKdisi, the user device only stores the content. It can be decrypted and used.
[0430]
FIG. 52 shows an example in which a different master key is applied for each country as a specific example of the mode shown in the flow of FIG. The content provider has master keys MK1 to MKn, and MK1 is used to generate a key for executing encryption processing of content distributed to a user device for Japan. For example, an encryption key K1 is generated from the content ID and MK1, and the content is encrypted with K1. Further, MK2 is used for key generation for executing encryption processing of content distributed to the user device for US, and MK3 is used for key generation for executing encryption processing of content distributed to the user device for EU (Europe). It is set as follows.
[0431]
On the other hand, a master device MK1 is stored in an internal memory of a user device for Japan, specifically, a recording / playback device such as a PC or a game machine sold in Japan, and a master key MK2 is stored in a user device for US. The master key MK3 is stored in the internal memory of the EU user device.
[0432]
In such a configuration, the content provider executes encryption processing of content to be distributed to the user device by selectively using the master key from the master keys MK1 to n according to the user device that can use the content. . For example, in order to make the content available only to user devices for Japan, the content is encrypted with the key K1 generated using the master key MK1. This encrypted content can be decrypted using the master key MK1 stored in the user device for Japan, that is, the decryption key can be generated, but the master key MK2 stored in the user device for other US or EU , MK3 cannot obtain the key K1, so that the encrypted content cannot be decrypted.
[0433]
In this way, the content provider can use various master keys selectively to set various content usage restrictions. In FIG. 52, an example in which the master key is distinguished for each country of the user device is shown. However, as described above, various usage forms such as switching the master key according to the model of the user device or according to the version are possible. It is.
[0434]
Next, FIG. 53 shows a processing example in which an identifier unique to media, that is, a media ID and a master key is combined. here. The medium is a medium storing content such as a DVD and a CD. The media ID may be unique for each medium, may be unique for each title of content such as a movie, or may be unique for each production lot of media. As described above, various methods can be used as the media ID assignment method.
[0435]
Step S521 in the media production or manager is a step of determining an identifier (media ID) for the media. Step S522 is a step of generating a key for encrypting the content stored in the media based on the master key and media ID possessed by the media production or administrator. For example, if the delivery key Kdis is generated, the delivery key Kdis is generated by the aforementioned Kdis = DES (MKdis, media ID). Next, step S523 is a step of encrypting part or all of the media storage content with a key (for example, a delivery key Kdis). The media producer supplies the content storage medium that has been encrypted through these steps.
[0436]
On the other hand, on the user device side such as the recording / reproducing device 300, for example, in step S524, the media ID is read from the supplied media. Next, in step S525, a key to be applied to decryption of the encrypted content is generated based on the read media ID and the owned master key. If this generation process is to obtain the delivery key Kdis, for example, the delivery key Kdis = DES (MKdis, media ID). In step S526, the content is decrypted using this key, and in step S527, the decrypted content is used, that is, reproduced or programmed.
[0437]
In this example, as shown in the lower part of FIG. 53, both the media production or administrator and the user device have a master key (for example, a delivery key generation master key MKdis), which is necessary for content encryption and decryption. A delivery key is sequentially generated based on each master key and each ID (media ID).
[0438]
In this system, in the unlikely event that the media key is leaked to a third party, the content in that media can be decrypted by the third party, but the content stored in other media with a different media ID is prevented from being decrypted. Therefore, there is an effect that the influence of leakage of one media key on the entire system can be minimized. Also, there is an effect that it is not necessary to maintain a key association list for each medium on the user device side, that is, the recording / reproducing device. Also, the size of content encrypted with one media key is limited to the capacity that can be stored in the media, so there is little possibility of reaching the amount of information necessary for ciphertext attacks, and decryption is possible Can be reduced.
[0439]
Next, FIG. 54 shows a processing example in which an identifier unique to a recording / reproducing device, that is, a recording / reproducing device ID and a master key are combined.
[0440]
Step S531 in the user of the recording / reproducing device is a step of generating a key for encrypting the content based on the master key and the recording / reproducing device ID stored in the internal memory of the recording / reproducing device. For example, if the content key Kcon is generated, the content key Kcon is generated by Kcon = DES (MKcon, recording / reproducing device ID). Next, step S532 is a step of encrypting a part or all of the content to be stored with a key (for example, a delivery key Kcon). In step S533, the encrypted content is stored in a recording device such as a hard disk.
[0441]
On the other hand, when the system administrator who manages the recording / reproducing device is requested to restore the stored data by the recording / reproducing device user who stores the content, the recording / reproducing device ID is read from the recording / reproducing device in step S534. Next, in step S535, a key to be applied to decryption of the encrypted content is generated based on the read recording / reproducing device ID and the master key owned. When this generation process is to obtain the content key Kcon, for example, the content key Kcon = DES (MKcon, recording / reproducing device ID). In step S536, the content is decrypted using this key.
[0442]
In this example, as shown in the lower part of FIG. 54, both the recording / reproducing device user and the system administrator have a master key (for example, a master key MKcon for content key generation), which is necessary for content encryption and decryption. New delivery keys are sequentially generated based on the respective master keys and IDs (recording / reproducing device IDs).
[0443]
In this system, in the unlikely event that the content key is leaked to a third party, the third party can decrypt the content, but the decryption of the content encrypted for another recording / reproducing device with a different recording / reproducing device ID is possible. Since it can be prevented, the effect of leakage of one content key on the entire system can be minimized. In addition, there is an effect that it is not necessary to maintain a key association list for each content on both the system management side and the user device side.
[0444]
FIG. 55 shows a configuration in which an authentication key used for mutual authentication processing between a recording device such as a memory device such as a memory device and a host device such as a recording / reproducing device is generated based on the master key. In the above-described authentication process (see FIG. 20), the authentication key is stored in advance in the internal memory of the slave device. As shown in FIG. 55, this is generated based on the master key during the authentication process. can do.
[0445]
For example, the slave device that is the recording device is used for the mutual authentication process based on the master key and the slave device ID stored in the internal memory of the slave device that is the recording device in step S541 as an initialization process before the start of the authentication process. An authentication key Kake is generated. This is generated by, for example, Kake = DES (MKake, slave device ID). Next, in step S542, the generated authentication key is stored in the memory.
[0446]
On the other hand, for example, on the host device side such as a recording / reproducing device, in step S543, the slave device ID is read from the attached recording device, that is, the slave device, via the communication means. Next, in step S544, an authentication key to be applied to the mutual authentication process is generated based on the read slave device ID and the owned authentication key generation master key. This generation processing is, for example, authentication key Kake = DES (MKake, slave device ID). In step S545, an authentication process is executed using this authentication key.
[0447]
In this example, as shown in the lower part of FIG. 55, both the slave device and the master device have a master key, that is, an authentication key generation master key MKake. Generated based on the owned master key and slave device ID.
[0448]
In this system, in the unlikely event that the authentication key is leaked to a third party, the authentication key is valid only for that slave device, so authentication is not established in relation to other slave devices. This has the effect of minimizing the influence caused by the leakage of the image.
[0449]
As described above, in the data processing apparatus of the present invention, information such as a key necessary for a procedure related to cryptographic information processing between two entities such as a content provider and a recording / reproducing device or between a recording / reproducing device and a recording device is mastered. It was set as the structure which produces | generates sequentially from a key and each ID. Therefore, even if key information is leaked from each entity, the range of damage caused by individual keys is further limited, and management of the key list for each individual entity as described above becomes unnecessary.
[0450]
(13) Control of cryptographic strength in cryptographic processing
In the above-described embodiment, the encryption process between the recording / reproducing device 300 and the recording device 400 is an example in which the encryption process using the single DES configuration described above with reference to FIG. 7 is mainly used for easy understanding of the description. Have explained. However, the encryption processing method applied in the data processing apparatus of the present invention is not limited to the single DES method described above, and an encryption method according to a required security state can be adopted.
[0451]
For example, a triple DES method such as the configuration of FIGS. 8 to 10 described above may be applied. For example, the encryption processing unit 302 of the recording / reproducing device 300 shown in FIG. 3 and the encryption processing unit 401 of the recording device 400 are configured to execute the triple DES method, and the triple DES method described with reference to FIGS. A configuration for executing processing corresponding to encryption processing is possible.
[0452]
However, the content provider may give the content key Kcon a 64-bit key configuration based on the single DES method by giving priority to the processing speed according to the content, and the content key Kcon is given the triple DES method by giving priority to security. In some cases, a 128-bit or 192-bit key configuration is used. Therefore, it is not preferable to configure the encryption processing unit 302 of the recording / reproducing device 300 and the encryption processing unit 401 of the recording device 400 to be compatible with only one of the triple DES method and the single DES method. Therefore, it is desirable that the encryption processing unit 302 of the recording / reproducing device 300 and the encryption processing unit 401 of the recording device 400 be compatible with both single DES and triple DES systems.
[0453]
However, in order to make the cryptographic processing configurations of the cryptographic processing unit 302 of the recording / reproducing device 300 and the cryptographic processing unit 401 of the recording device 400 execute both the single DES method and the triple DES method, The circuit and logic must be configured. For example, in order to execute processing corresponding to triple DES in the recording device 400, it is necessary to newly store a triple DES instruction set in the command register shown in FIG. This leads to complication of the processing unit configured in the recording device 400.
[0454]
Therefore, the data processing apparatus of the present invention can execute the processing corresponding to the triple DES encryption processing with the logic of the encryption processing unit 401 on the recording device 400 side having a single DES configuration, and the encrypted data by the triple DES method. A configuration is proposed in which (key, content, etc.) can be stored in the external memory 402 of the recording device.
[0455]
For example, in the example of the data format type 0 shown in FIG. 32, when the content data is downloaded from the recording / reproducing device 300 to the recording device 400, the step of FIG. In S101, an authentication process is executed, and a session key Kses is generated here. Further, in step S117, the encryption processing unit 302 on the recording / reproducing device 300 side performs the encryption process of the content key Kcon using the session key Kses, and the encryption key is transferred to the recording device 400 via the communication unit. In S118, the encryption processing unit 403 of the recording device 400 that has received the encryption key executes the decryption process of the content key Kcon using the session key Kses, and further executes the encryption process of the content key Kcon using the storage key Kstr. This is transmitted to the encryption processing unit 302 of the recording / reproducing device 300, and then the recording / reproducing device 300 forms a data format (step S121) and transmits the formatted data to the recording device 400. The received data is stored in the external memory 402 It has carried out the process of pay.
[0456]
If the encryption processing in the encryption processing unit 401 of the recording device 400 executed between steps S117 and S118 in the above processing is configured to selectively execute either the single DES or triple DES method, the content provider Both can provide content data using the content key Kcon according to triple DES, and can provide content data using the content key Kcon according to single DES.
[0457]
FIG. 56 illustrates a configuration for executing an encryption processing method according to the triple DES method using both the encryption processing unit 302 of the recording / reproducing device 300 and the encryption processing unit 401 of the recording device 400 in the data processing apparatus of the present invention. The flow to do is shown. FIG. 56 shows an example of encryption processing of the content key Kcon using the storage key Kstr executed when downloading the content data from the recording / reproducing device 300 to the recording device 400, and the content key Kcon is based on the triple DES method. An example in the case of a key is shown. Here, the processing example is shown on behalf of the content key Kcon, but the same processing can be performed for other data such as other keys or content.
[0458]
In the triple DES method, as described in FIGS. 8 to 10 above, a single DES has a 64-bit key, and in the triple DES method, a 128-bit or 192-bit key configuration includes two or three keys. The process used. These three content keys are denoted as Kcon1, Kcon2, (Kcon3), respectively. Since Kcon3 may not be used, it is shown in parentheses.
[0459]
The processing of FIG. 56 will be described. Step S301 is a mutual authentication processing step between the recording / reproducing device 300 and the recording device 400. This mutual authentication processing step is executed by the processing of FIG. 20 described above. Note that a session key Kses is generated during this authentication process.
[0460]
When the authentication process in step S301 ends, in step S302, each check value, check value A, check value B, content check value, total check value, and each ICV collation process are executed.
[0461]
When these check value (ICV) verification processes are completed and it is determined that there is no data falsification, the process proceeds to step S303, and the control unit 306 of the recording / reproducing device encryption processing unit 302 in the recording / reproducing device 300 Using the encryption / decryption unit 308 of the encryption processing unit 302, the received media 500 or the data received from the communication unit 600 via the communication unit 305 using the delivery key Kdis previously extracted or generated. The content key Kcon stored in the header part is decrypted. The content key in this case is a key based on the triple DES method, and is the content key Kcon1, Kcon2, (Kcon3).
[0462]
Next, in step S304, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the content keys Kcon1, Kcon2, (Kcon3) decrypted in step S303 by the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302. Only the content key Kcon1 is encrypted with the session key Kses shared at the time of mutual authentication.
[0463]
The control unit 301 of the recording / reproducing device 300 reads data including the content key Kcon1 encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and records these data in the recording / reproducing device 300. The data is transmitted to the recording device 400 via the device controller 303.
[0464]
Next, in step S 305, the recording device 400 that has received the content key Kcon 1 transmitted from the recording / reproducing device 300 sends the received content key Kcon 1 to the encryption / decryption unit 406 of the recording device encryption processing unit 401 for mutual authentication. Decrypt with the session key Kses shared at the time. In step S 306, the data is re-encrypted with the storage device-specific storage key Kstr stored in the internal memory 405 of the recording device encryption processing unit 401 and transmitted to the recording / reproducing device 300 via the communication unit 404.
[0465]
Next, in step S307, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the content keys Kcon1, Kcon2, (Kcon3) decrypted in step S303 by the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302. Only the content key Kcon2 is encrypted with the session key Kses shared at the time of mutual authentication.
[0466]
The control unit 301 of the recording / reproducing device 300 reads data including the content key Kcon2 encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and records these data in the recording / reproducing device 300. The data is transmitted to the recording device 400 via the device controller 303.
[0467]
Next, in step S 308, the recording device 400 that has received the content key Kcon 2 transmitted from the recording / reproducing device 300 sends the received content key Kcon 2 to the encryption / decryption unit 406 of the recording device encryption processing unit 401 for mutual authentication. Decrypt with the session key Kses shared at the time. Further, in step S 309, the data is re-encrypted with the storage device-specific storage key Kstr stored in the internal memory 405 of the recording device encryption processing unit 401, and transmitted to the recording / reproducing device 300 via the communication unit 404.
[0468]
Next, in step S310, the control unit 306 of the recording / reproducing device encryption processing unit 302 uses the content keys Kcon1, Kcon2, (Kcon3) decrypted in step S303 by the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302. ) Is encrypted with the session key Kses shared at the time of mutual authentication.
[0469]
The control unit 301 of the recording / reproducing device 300 reads data including the content key Kcon3 encrypted with the session key Kses from the recording / reproducing device encryption processing unit 302 of the recording / reproducing device 300, and records these data in the recording / reproducing device 300. The data is transmitted to the recording device 400 via the device controller 303.
[0470]
Next, in step S311, the recording device 400 that has received the content key Kcon3 transmitted from the recording / reproducing device 300 transmits the received content key Kcon3 to the encryption / decryption unit 406 of the recording device encryption processing unit 401 for mutual authentication. Decrypt with the session key Kses shared at the time. In step S 312, the data is re-encrypted with the storage device-specific storage key Kstr stored in the internal memory 405 of the recording device encryption processing unit 401, and transmitted to the recording / reproducing device 300 via the communication unit 404.
[0471]
In step S313, the encryption processing unit of the recording / reproducing device forms various data formats described with reference to FIGS.
[0472]
Finally, in step S <b> 314, the recording device 400 stores the received data whose format has been completed in the external memory 402. The format data includes content keys Kcon1, Kcon2, (Kcon3) encrypted with the storage key Kstr.
[0473]
By executing such processing, it is possible to store the content key stored in the recording device 400 as a key based on the triple DES encryption method. If the content key is two keys Kcon1 and Kcon2, the processes in steps S310 to S312 are omitted.
[0474]
In this way, the recording device 400 stores the key to which the triple DES is applied in the memory by repeatedly executing the processing of the same mode, that is, the processing steps of Steps S305 and S306 a plurality of times only by changing the target. It becomes possible. If the content key Kcon is a single DES application key, steps S305 and S306 may be executed, and the formatting process of step S313 may be executed and stored in the memory. In such a configuration, the command for executing the processing of steps S305 and S306 is stored in the command register of FIG. 29 described above, and this processing is performed depending on the content key mode, that is, the triple DES method or the single DES method. What is necessary is just to set it as the structure performed 1-3 times suitably. Therefore, both the triple DES method and the single DES method can be performed without including the triple DES processing method in the processing logic of the recording device 400. The encryption method can be determined by recording it in the handling policy in the header part of the content data and referring to it.
[0475]
(14) Program activation processing based on the activation priority in the handling policy for content data
As can be understood from the content data configurations shown in FIGS. 4 to 6 described above, the handling policy stored in the header portion of the content data used in the data processing apparatus of the present invention includes the content type and the activation priority information. Is included. The recording / reproducing device 300 in the data processing apparatus of the present invention includes a recording device 400 or a plurality of accessible content data recorded on various recording media such as a DVD, a CD, a hard disk, and a game cartridge. The content activation order is determined according to the activation priority information.
[0476]
The recording / reproducing device 300 executes the authentication process with each recording device such as a DVD device, a CD drive device, and a hard disk drive device, and then executes the program in the content data with the highest priority according to the priority information in the content data. Execute with priority. Hereinafter, the “program activation process based on the activation priority in the handling policy in the content data” will be described.
[0477]
In the description of the embodiment of the data processing apparatus of the present invention described above, the description has been made focusing on the processing when the recording / reproducing device 300 reproduces and executes content data from one recording device 400. However, in general, the recording / reproducing device 300 includes a recording device 400, a DVD, a CD, a hard disk via a reading unit 304, and a memory card and game cartridge connected via a PIO 111 and SIO 112 as shown in FIG. Etc., and can access various recording media. In FIG. 2, only one reading unit 304 is shown in order to avoid complication of the drawing, but the recording / reproducing device 300 can mount different storage media such as DVD, CD, floppy disk, and hard disk in parallel. It is.
[0478]
The recording / reproducing device 300 can access a plurality of storage media, and each storage medium stores content data. For example, content data supplied by an external content provider such as a CD is stored in a medium with the data structure shown in FIG. 4 described above, and when downloaded via these media or communication means, the contents shown in FIGS. The data structure is stored in each storage medium such as a memory card. More specifically, the data is stored in different formats on the medium and on the recording device as shown in FIGS. 32 to 35 in accordance with the format type of the content data. However, in any case, the handling policy in the header of the content data includes the content type and activation priority information.
[0479]
The content activation processing of the recording / reproducing device when access to a plurality of content data is possible will be described according to the flow.
[0480]
FIG. 57 is a processing flow showing a processing example (1) when there are a plurality of startable contents. Step S611 is a step of executing authentication processing of a recording device accessible by the recording / reproducing device 300. The accessible recording device includes a memory card, a DVD device, a CD drive, a hard disk device, and a game cartridge connected via, for example, the PIO 111 and the SIO 112. The authentication process is executed for each recording device under the control of the control unit 301 shown in FIG. 2, for example, according to the procedure described above with reference to FIG.
[0481]
Next, in step S612, a startable program is detected from the content data stored in the memory in the recording device that has been successfully authenticated. Specifically, this is executed as a process of extracting the content type included in the content data handling policy is a program.
[0482]
Next, in step S613, the boot priority in the bootable program extracted in step S612 is determined. Specifically, this is a process of selecting the highest priority by comparing the priority information included in the handling information in the headers of the plurality of startable content data selected in step S612.
[0483]
Next, the program selected in step S614 is activated. When the priority order set in a plurality of startable programs is the same, a default priority order is set between the recording devices, and the content program stored in the highest priority device is executed.
[0484]
FIG. 58 shows a processing mode in which identifiers are set for a plurality of recording devices, and authentication processing and content program search are sequentially executed for the recording devices to which the identifiers are attached, that is, a processing example when there are a plurality of startable contents ( 2).
[0485]
In step S621, the authentication process (see FIG. 20) of the recording device (i) attached to the recording / reproducing device 300 is executed. The identifiers 1 to n are sequentially assigned to a plurality (n) of recording devices.
[0486]
In step S622, it is determined whether or not the authentication in step S621 is successful. If the authentication is successful, the process proceeds to step S623 to search for a startable program in the recording medium of the recording device (i). If the authentication is not successful, the process proceeds to step S627, where it is determined whether there is a recording device capable of searching for a new content. If there is no recording device, the process ends. If there is a recording device, the process proceeds to step S628. i is updated, and the authentication processing steps after step S621 are repeated.
[0487]
The process in step S623 is a process for detecting a startable program from the content data stored in the recording device (i). Specifically, this is executed as a process of extracting the content type included in the content data handling policy is a program.
[0488]
In step S624, it is determined whether or not the content type is a program. If it is extracted, the highest priority among the extracted programs is selected in step S625, and the selected program is selected in step S626. Execute.
[0489]
If it is determined in step S624 that the content type is a program, the process proceeds to step S627 to determine the presence or absence of a recording device that is a new content search. If YES in step S628, the flow advances to step S628 to update the recording device identifier i, and repeat the authentication processing steps in and after step S621.
[0490]
FIG. 59 is a process flow showing a process example (3) when there are a plurality of startable contents. Step S651 is a step of executing authentication processing of a recording device accessible by the recording / reproducing device 300. An authentication process for an accessible DVD device, CD drive, hard disk device, memory card, game cartridge, etc. is executed. The authentication process is executed for each recording device under the control of the control unit 301 shown in FIG. 2, for example, according to the procedure described above with reference to FIG.
[0491]
Next, in step S652, a startable program is detected from the content data stored in the memory in the recording device that has been successfully authenticated. Specifically, this is executed as a process of extracting the content type included in the content data handling policy is a program.
[0492]
Next, in step S653, information such as the name of the startable program extracted in step S652 is displayed on the display means. Although the display means is not shown in FIG. 2, the data output as AV output data is output to the display means (not shown). The user-provided information such as the program name of each content data is stored in the identification information of the content data, and each content that has been authenticated via the control unit 301 under the control of the main CPU 106 shown in FIG. Program information such as the program name of the data is output to the output means.
[0493]
In step S654, the main CPU 106 receives a program selection input by the user from the input means such as the input interface, controller, mouse, and keyboard shown in FIG. 2 via the input interface 110, and in accordance with the selection input, in step S655. Execute the user selection program.
[0494]
As described above, in the data processing apparatus of the present invention, the program activation priority information is stored in the handling information in the header of the content data, and the recording / reproducing device 300 activates the program according to this priority, or the activation program is displayed on the display means. Since the configuration is such that the information is displayed and selected by the user, the user does not need to search for the program, and the time required for activation and the user's labor can be saved. In addition, since all startable programs are displayed after the authentication process of the recording device or are displayed as being startable programs, the complexity of processing such as checking the validity after selecting the program is reduced. It will be resolved.
[0495]
(15) Content composition and playback (decompression) processing
In the data processing apparatus of the present invention, as described above, the recording / reproducing device 300 downloads content from the medium 500 or the communication means 600 or performs reproduction processing from the recording device 400. The above description has been centered on the processing of encrypted data associated with content download or playback processing.
[0496]
The control unit 301 in the recording / reproducing device 300 in FIG. 3 includes a device 500 such as a DVD that provides content data, a communication unit 600, a process for downloading content data from the recording device, or an authentication process, an encryption process, and a decryption process. Controls overall processing.
[0497]
The reproducible content obtained as a result of these processes is, for example, audio data, image data, or the like. The decoded data is placed from the control unit 301 under the control of the main CPU shown in FIG. 2, and is output to the AV output unit in accordance with audio data, image data, and the like. However, if the content is, for example, audio data and MP3 compression is performed, the audio data is decoded and output by the MP3 decoder of the AV output unit shown in FIG. If the content data is image data and is an MPEG2 compressed image, the expansion processing is executed by the MPEG2 decoder of the AV processing unit and output. As described above, the data included in the content data may be subjected to compression (encoding) processing, or may be data that has not been subjected to compression processing, and is output after being subjected to processing according to the content.
[0498]
However, there are various types of compression processing and decompression processing programs, and if compressed data is provided from a content provider and there is no corresponding decompression processing execution program, it cannot be reproduced. .
[0499]
Therefore, the data processing apparatus of the present invention stores the compressed data and the decoding (decompression) processing program in the data content together, or the link information between the compressed data and the decoding (decompression) processing program in the content data. The structure stored as header information is disclosed.
[0500]
FIG. 60 is a diagram summarizing elements related to this configuration and related elements from the overall data processing diagram shown in FIG. The recording / reproducing device 300 receives various contents from a device 500 such as a DVD or CD, a communication unit 600, or a recording device 400 such as a memory card storing the contents. These contents are audio data, still images, moving image data, program data, etc., and those that have been subjected to encryption processing, those that have not been subjected to processing, and those that have been subjected to compression processing. Various data are included, such as those that do not exist.
[0501]
When the received content is encrypted, the decryption process is executed by the control of the control unit 301 and the encryption process of the encryption processing unit 302 by the method already described in the above items. Under the control of the main CPU 106, the decrypted data is transferred to the AV processing unit 109 and stored in the memory 3090 of the AV processing unit 109, and then the content analysis unit 3091 performs content structure analysis. For example, if a data decompression program is stored in the content, the program is stored in the program storage unit 3093. If data such as audio data and image data is included, these are stored in the data storage unit 3092. The decompression processing unit 3094 executes decompression processing of the compressed data stored in the data storage unit 3092 using an decompression processing program such as MP3 stored in the program storage unit, and outputs the decompressed data to the speaker 3001 and the monitor 3002. .
[0502]
Next, some examples of the configuration and processing of data received by the AV processing unit 109 via the control unit 301 will be described. Here, audio data is shown as an example of content, and MP3 is applied as an example of a compression program. However, this configuration can be applied not only to audio data but also to image data. In addition, not only MP3 but also various programs such as MPEG2 and 4 can be applied to the compression / decompression processing program.
[0503]
FIG. 61 shows a content configuration example. FIG. 61 shows an example in which music data 6102 compressed by MP3 and an MP3 decoding (decompression) processing program 6101 are combined into one content. These contents are stored as one content in the medium 500 or the recording device 400, or distributed from the communication means 600. If these contents are encrypted as described above, the recording / reproducing device 300 performs decryption processing by the encryption processing unit 303 and then transfers the decrypted processing to the AV processing unit 109.
[0504]
The content analysis unit 3091 of the AV processing unit 109 analyzes the received content and extracts the audio data expansion program (MP3 decoder) unit from the content including the audio data expansion program (MP3 decoder) unit and the compressed audio data unit. The program is stored in the program storage unit 3093, and the compressed audio data is stored in the data storage unit 3092. The content analysis unit 3091 receives information such as content name and content configuration information received separately from the content, or data indicating identification data such as a data name included in the content, data length, data configuration, etc. Content analysis may be performed based on the above. Next, the compression / decompression processing unit 3094 executes the decompression process of the MP3 compressed audio data stored in the data storage unit 3092 according to the audio data decompression program (MP3 decoder) stored in the program storage unit 3093, and the AV processing unit 109 outputs the decompressed audio data to the speaker 3001.
[0505]
FIG. 62 shows a flow showing an example of data reproduction processing having the content configuration shown in FIG. In step S671, the data name stored in the memory 3090 of the AV processing unit 109, for example, if the content is music data, the information such as the song name is extracted from the received information or the data in the content, and is stored in the monitor 3002. indicate. In step S672, the user's selection is received from various input means such as a switch and a keyboard via the input interface 110, and a reproduction processing command based on the user input data is output to the AV processing unit 109 under the control of the CPU. In step S673, the AV processing unit 109 performs data extraction / decompression processing according to user selection.
[0506]
Next, FIG. 63 shows a configuration example in which one content includes either compressed audio data or an expansion processing program, and further includes content information indicating the content as content header information.
[0507]
As shown in FIG. 63, if the content is a program 6202, the header information 6201 includes content identification information indicating that the program is a program and that the program type is an MP3 decompression program. On the other hand, when the audio data 6204 is included as content, the content information of the header 6203 includes information indicating that the data is MP3 compressed data. This header information is added to the content to be transferred to the AV processing unit 109 by selecting only the information necessary for reproduction from the data included in the handling policy (see FIG. 5) of the content data structure shown in FIG. Can be configured. Specifically, an identification value between the handling policy data required in the encryption processing unit 302 and the data required in the reproduction processing in the AV processing unit 109 is added to each component data in the “handling policy” shown in FIG. Then, only those indicating that these identification values are necessary in the AV processing unit 109 can be extracted and used as header information.
[0508]
The content analysis unit 3091 of the AV processing unit 109 that has received each content shown in FIG. 63 stores the program content in the program storage unit 3093 in the case of a program and the data content in the case of data in accordance with the header information. Store in the storage unit 3092. Thereafter, the compression / decompression processing unit 3094 retrieves data from the data storage unit, executes decompression processing according to the MP3 program stored in the program storage unit 3093, and outputs it. When the same program is already stored in the program storage unit 3093, the program storage process may be omitted.
[0509]
FIG. 64 shows a flow showing an example of data reproduction processing having the content configuration shown in FIG. In step S675, the data name stored in the memory 3090 of the AV processing unit 109, for example, if the content is music data, the information such as the song name is extracted from the received information separately from the content or the header in the content, and is sent to the monitor 3002. indicate. In step S676, the user's selection is received from various input means such as a switch and a keyboard via the input interface 110.
[0510]
In step S677, a data reproduction program (for example, MP3) corresponding to the user selection is searched. The program search target preferably has a maximum search range accessible by the recording / reproducing device 300. For example, each medium 500, communication unit 600, recording device 400, and the like shown in FIG.
[0511]
The content passed to the AV processing unit 109 is only the data portion, and the program content may be stored in another recording medium in the recording / reproducing device 300, and is provided from a content provider via media such as DVD and CD. Sometimes it is done. Therefore, the search range is the range where the access to the recording / reproducing apparatus 300 is stored. When a reproduction program is found as a result of the search, a reproduction processing command based on user input data is output to the AV processing unit 109 under the control of the CPU 106. In step S679, the AV processing unit 109 performs data extraction / decompression processing according to user selection. As another example, the program search may be performed before step S675, and in step S675, only the data in which the program is detected may be displayed.
[0512]
Next, FIG. 65 shows a configuration example in which one piece of content includes compressed audio data 6303 and an expansion processing program 6302, and further includes content reproduction priority information as content header information 6301. This is an example in which playback priority information is added as header information to the content structure of FIG. This is the same as the above-mentioned “(14) Program start processing based on start priority in the handling policy in content data”, and the playback order is set based on the playback priority set between the contents received by the AV processing unit 109. To decide.
[0513]
FIG. 66 shows a flow showing an example of a reproduction process of data having the content configuration of FIG. In step S681, the data stored in the memory 3090 of the AV processing unit 109, that is, the data information of the reproduction target data is set in the search list. The search list is set using a partial area of the memory in the AV processing unit 109. Next, in step S682, the content analysis unit 3091 of the AV processing unit 109 selects high priority data from the search list, and in step S683, the selected data is reproduced.
[0514]
Next, in FIG. 67, reproduction priority information is added only to the header 6403 of the data content in an example in which one content is a combination of header information and program data 6402 or header information 6403 and compressed data 6404. An example configuration is shown.
[0515]
FIG. 68 shows a flow showing an example of data reproduction processing having the content configuration shown in FIG. In step S691, the data stored in the memory 3090 of the AV processing unit 109, that is, the data information of the reproduction target data is set in the search list. The search list is set using a partial area of the memory in the AV processing unit 109. In step S692, the content analysis unit 3091 of the AV processing unit 109 selects data with high priority from the search list.
[0516]
In step S693, a data reproduction program (for example, MP3) corresponding to the selected data is searched. As for the program search target, it is preferable that the access storage range of the recording / playback apparatus 300 is the maximum search range, as in the processing in the flow of FIG. The device 400 and the like are also included in the search range.
[0517]
If a reproduction program is found as a result of the search (Yes in step S694), in step S695, the decompressed reproduction process is executed using the program obtained as a result of the search for the selected data.
[0518]
On the other hand, if a program is not detected as a search result (Yes in step S694), the process proceeds to step S696, and reproduction processing using the same program is performed for other data included in the search list set in step S691. Delete what you need. This is because it is clear that even if a reproduction program search is newly performed on the data, it is not detected. In step S697, it is determined whether the search list is empty. If not, the process returns to step S692, and the next higher priority data is extracted and the program search process is executed.
[0519]
As described above, according to this configuration, the compressed content is configured with the decryption (decompression) program, or when the content is only compressed data or only the decompression processing program, Since the content of the header has header information indicating what kind of compressed data the content is or what kind of processing is to be performed, the processing unit (for example, AV processing unit) that has received the content The decompression / reproduction processing is executed using the decompression processing program attached to the file, or the decompression processing program is searched based on the header information of the compressed data, and the decompression / reproduction processing is executed according to the program obtained as a result of the search. This eliminates the need for the user to select and retrieve data decompression programs, reducing the burden on the user. Efficient data playback is possible. Furthermore, according to the configuration having the playback priority information in the header, it is possible to automatically set the playback order, and the operation of setting the playback order by the user can be omitted.
[0520]
In the above-described embodiments, the compressed audio data content and MP3 as the compressed audio data decompression processing program have been described as examples. However, the content includes compressed data and the compressed image data decompression processing program. The present configuration is also applicable in the same manner and has the same effect.
[0521]
(16) Generation of save data, storage in a recording device, and reproduction processing
The data processing apparatus of the present invention interrupts the game program when it is desired to resume the game program after a predetermined time, for example, when the content executed in the recording / reproducing device 300 is a game program or the like. The game state and the like at the time are saved, that is, stored in a recording device, read out at the time of resumption, and the game can be continued.
[0522]
The save data storage configuration in the conventional recording / playback device such as a game machine or personal computer stores the save data in a storage medium such as a memory card, a floppy disk, a game cartridge, or a hard disk that can be built in or attached to the recording / playback device. However, in particular, it does not have a security ensuring configuration for the saved data, and for example, is configured to perform data saving processing with specifications common to the game application program.
[0523]
Therefore, for example, a situation occurs in which save data saved by using one recording / reproducing device A is used or rewritten by another game program, and conventionally, the security of the save data has been hardly considered. This is the actual situation.
[0524]
The data processing apparatus of the present invention provides a configuration that can realize security of such saved data. For example, save data of a certain game program is encrypted and stored in a recording device based on information that can be used only by that game program. Alternatively, it is encrypted based on information unique to the recording / reproducing device and stored in the recording device. By these methods, the use of the save data can be restricted to only a specific device and a specific program, and the security of the save data is ensured. Hereinafter, “save data generation and storage / reproduction processing in a recording device” in the data processing apparatus of the present invention will be described.
[0525]
FIG. 69 is a block diagram for explaining the save data storage process in the data processing apparatus of the present invention. Content is provided to the recording / reproducing device 300 from a medium 500 such as a DVD or CD, or from the communication means 600. The provided content is encrypted with the content key Kcon which is a content-specific key as described above, and the recording / reproducing device 300 performs the above-described download processing from the recording / reproducing device to the recording device. The content key is acquired according to the processing described in the column “see FIG. 22”, the encrypted content is decrypted, and then stored in the recording device 400. Here, the recording / reproducing device 300 decodes the content program from the media and communication means, reproduces and executes it, and after the execution, save data obtained is externally attached, or various recording devices such as a built-in memory card and hard disk A process of storing and reproducing in 400A, 400B, 400C, or downloading content to the recording device 400A, then reproducing and executing the content from the recording device 400A, externally attaching the save data, or built-in memory Processing stored in any one of various recording devices 400A, 400B, 400C such as a card and a hard disk The processing stored in the recording device 400 and played back will be described.
[0526]
As described above, the recording / reproducing device 300 includes a recording / reproducing device identifier IDdev, a system signature key Ksys that is a signature key common to the system, and a recording / reproducing device signature key Kdev that is a signature key unique to each recording / reproducing device. And a master key for generating various individual keys. The master key is a key for generating, for example, a delivery key Kdis or an authentication key Kake, as described in detail in “(12) Cryptographic key generation configuration based on master key”. Here, the master key of the recording / reproducing device 300 is represented as MKx as a representative of the master key in general without limiting the type of the master key. The lower part of FIG. 69 shows an example of the save data encryption key Ksav. The save data encryption key Ksav is an encryption key used for encryption processing when saving data is stored in the various recording devices 400A to 400C, and decryption processing when reproducing from the various recording devices 400A to 400C. An example of save data storage processing and playback processing will be described with reference to FIG.
[0527]
FIG. 70 is a flowchart of processing for storing save data in any of the recording devices 400A to 400C using either the content-unique key or the system common key. The process in each flow is a process executed by the recording / reproducing device 300, and the recording device for storing the save data in each flow may be any of the built-in and external recording devices 400A to 400C, and is limited to any one. It's not trivial.
[0528]
Step S701 is processing in which the recording / reproducing device 300 reads a content identifier, for example, a game ID. This is data included in the identification information in the content data shown in FIGS. 4, 26, 27 and 32-35 described above, and a save data storage processing command is received via the input interface 110 shown in FIG. The main CPU 106 instructs the control unit 301 to read the content identifier.
[0529]
When the execution program is a content that is executed via the reading unit 304 such as a DVD or CD-ROM, the control unit 301 extracts the identification information included in the header of the content data via the reading unit 304 and executes it. If the program is content stored in the recording device 400, identification information is extracted via the recording device controller 303. If the recording / reproducing device 300 is executing the content program and the content identifier has already been stored in the RAM or other accessible recording medium in the recording / reproducing device, the new reading process is not executed. The identification information included in the read data may be used.
[0530]
Next, step S702 is a step in which the process is changed depending on whether or not to restrict the use of the program. The program usage restriction is restriction information that sets whether or not to attach the restriction that the saved data to be saved can be used only for that program. “Use restriction” is used, and save data that is not restricted by the program is called “no program use restriction”. This may be arbitrarily set by the user, or may be set by the content creator and stored in the content program. The set restriction information is recorded in the record shown in FIG. It is stored in the devices 400A-C as a data management file.
[0531]
An example of the data management file is shown in FIG. The data management file is generated as a table including items including a data number, a content identifier, a recording / reproducing device identifier, and a program usage restriction. The content identifier is identification data of a content program for which save data is stored. The recording / reproducing device identifier is an identifier of the recording / reproducing device storing the save data, for example, [IDdev] shown in FIG. As described above, the program usage restriction is set to “Yes” when the save data to be saved can be used only for the program as described above, and set to “No” when the usage is not limited to the corresponding program. Become. The program use restriction may be arbitrarily set by a user who uses the content program, or may be set by a content producer and this information may be stored in the content program.
[0532]
Returning to FIG. 70, the description of the flow will be continued. If “Yes” is set for the program use restriction in step S702, the process proceeds to step S703. In step S703, a content-specific key, for example, the content key Kcon described above is read from the content data and the content-specific key is used as the save data encryption key Ksav, or a save data encryption key Ksav is generated based on the content-specific key. To do.
[0533]
On the other hand, if “NO” is set for the program use restriction in step S702, the process proceeds to step S707. In step S707, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is used as the save data encryption key Ksav. A save data encryption key Ksav is generated based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0534]
Next, in step S704, save data encryption processing is executed using the save data encryption key Ksav selected or generated in step S703 or step S707. This encryption processing is executed by the encryption processing unit 302 in FIG. 2 using, for example, the DES algorithm described above.
[0535]
The save data encrypted in step S704 is stored in the recording device in step S705. When there are a plurality of recording devices capable of storing save data as shown in FIG. 69, the user selects one of the recording devices 400A to 400C as a save data storage destination in advance. Furthermore, in step S706, the program use restriction information previously set in step S702 is written to the data management file described with reference to FIG. 71, that is, the program use restriction “Yes” or “No” is written.
[0536]
This completes the save data storage process. In step S702, “Yes”, that is, “Restrict program use” is selected, and the save data encrypted by the save data encryption key Ksav generated based on the content unique key in step S703 includes the content unique key information. Decryption processing by a content program that does not have becomes impossible, and save data can be used only by content programs having the same content key information. However, here, since the save data encryption key Ksav is not generated based on information unique to the recording / reproducing device, the save data stored in a removable recording device such as a memory card is different from the recording / reproducing device. Can be reproduced as long as it is used together with the corresponding content program.
[0537]
In step S702, No, that is, “no program use restriction” is selected. In step S707, the save data encrypted by the save data encryption key Ksav based on the system common key uses a program with a different content identifier. Even if the recording / reproducing device is different, it can be reproduced and used.
[0538]
FIG. 72 is a flowchart showing a process of reproducing the save data stored by the save data storage process of FIG.
[0539]
Step S711 is a process in which the recording / reproducing device 300 reads a content identifier, for example, a game ID. This is the same process as step S701 of the save data storage process of FIG. 70 described above, and is a process of reading data included in the identification information in the content data.
[0540]
Next, in step S712, the data management file described with reference to FIG. 71 is read from the recording devices 400A to C shown in FIG. 69, the content identifier read in step S711, and the use program restriction information set correspondingly. To extract. If the program use restriction set in the data management file is “Yes”, the process proceeds to step S714. If it is “No”, the process proceeds to step S717.
[0541]
In step S714, the content-specific key, for example, the content key Kcon described above is read from the content data and the content-specific key is used as the save data decryption key Ksav, or the save-data decryption key Ksav is based on the content-specific key. Is generated. In this decryption key generation process, a processing algorithm corresponding to the encryption key generation process is applied, and data encrypted based on a certain content unique key is generated by a decryption key generated based on the same content unique key. A decryption key generation algorithm that can be decrypted is applied.
[0542]
On the other hand, if the setting of the data management file is “No” for the program use restriction in step S712, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is obtained in step S717. The data is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is used as the save data decryption key Ksav, or the save data decryption key Ksav is generated based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0543]
Next, in step S715, the save data decryption process is executed using the save data decryption key Ksav selected or generated in step S714 or step S717. In step S716, the decrypted save data is recorded and reproduced. Playback and execution in the device 300.
[0544]
This completes the save data playback process. As described above, when “Restrict program use” is set in the data management file, a save data decryption key is generated based on the content unique key, and when “Restrict program use” is set. A save data decryption key is generated based on the system common key. When “Restrict program use” is set, the decryption key that enables decryption of save data cannot be obtained unless the content identifier of the content being used is the same. Can be increased.
[0545]
73 and 74 are a save data storage processing flow (FIG. 73) and a save data playback processing flow (FIG. 74) for generating an encryption key and a decryption key of the save data using the content identifier.
[0546]
In FIG. 73, steps S721 to S722 are the same as steps S701 to S702 of FIG.
[0547]
In the save data storage processing flow of FIG. 73, when “Restrict program use” is set in step S722, the content identifier, that is, the content ID is read from the content data in step S723, and the content ID is saved as the save data encryption key Ksav. Or a save data encryption key Ksav is generated based on the content ID. For example, the encryption processing unit 307 of the recording / reproducing device 300 applies the master key MKx stored in the internal memory of the recording / reproducing device 300 to the content ID read from the content data, and saves it by, for example, DES (MKx, content ID). The data encryption key Ksav can be obtained. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0548]
On the other hand, if “No” is set for the program use restriction in step S722, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is stored in the internal memory of the recording / reproducing device 300 in step S727. Read from 307 and use the system signature key Ksys as the save data encryption key Ksav, or generate the save data encryption key Ksav based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0549]
The processing after step S724 is the same as the processing after step S704 in the processing flow of FIG.
[0550]
74 is a process flow for reproducing and executing the save data stored in the recording device in the save data storage process flow of FIG. 73. Steps S731 to S733 are the same as the corresponding process of FIG. Only step S734 is different. In step S734, the content identifier, that is, the content ID is read from the content data, and the content ID is used as the save data decryption key Ksav, or the save data decryption key Ksav is generated based on the content ID. In this decryption key generation process, a processing algorithm corresponding to the encryption key generation process is applied, and data encrypted based on a certain content identifier can be decrypted with a decryption key generated based on the same content identifier A decryption key generation algorithm is applied.
[0551]
The following processes, steps S735, S736, and S737 are the same as the corresponding processes in FIG. According to the save data storage and playback process of FIGS. 73 and 74, when the setting to restrict the use of the program is made, the save data encryption key and the decryption key are generated using the content ID. As in the case of save data storage and playback processing using the previous content unique key, save data cannot be used unless the corresponding content program matches, and save with enhanced save data security is possible. .
[0552]
75 and 77 are a save data storage processing flow (FIG. 75) and a save data playback processing flow (FIG. 77) for generating an encryption key and a decryption key of save data using the recording / playback device unique key.
[0553]
75, step S741 is the same processing as step S701 in FIG. 70, and a description thereof will be omitted. Step S742 is a step for setting whether or not to limit the recording / reproducing device. Recording / playback device restriction is set to “Yes” when recording / playback devices that can use save data are restricted, that is, when the save data is generated and stored only for the recording / playback device. The case where the device can be used is set to “No”. If “Restrict recording / reproducing device” is set in step S742, the process proceeds to step S743. If “No” is set, the process proceeds to step S747.
[0554]
An example of the data management file is shown in FIG. The data management file is generated as a table including data numbers, content identifiers, recording / reproducing device identifiers, and recording / reproducing device restrictions as items. The content identifier is identification data of a content program for which save data is stored. The recording / reproducing device identifier is an identifier of the recording / reproducing device storing the save data, for example, [IDdev] shown in FIG. Recording / playback device restriction is set to “Yes” when recording / playback devices that can use save data are restricted, that is, when the save data is generated and stored only for the recording / playback device. The case where the device can be used is set to “No”. The recording / reproducing device restriction information may be arbitrarily set by the user using the content program, or may be set by the content producer and stored in the content program.
[0555]
In the save data storage processing flow of FIG. 75, when “Restrict recording / reproducing device” is set in step S742, the recording / reproducing device unique key, for example, the recording / reproducing device signature key Kdev is obtained from the recording / reproducing device 300 in step S743. It reads out from the internal memory 307 of the recording / reproducing device 300 and uses the recording / reproducing device signature key Kdev as the save data encryption key Ksav, or generates the save data encryption key Ksav based on the recording / reproducing device signature key Kdev. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0556]
On the other hand, if the recording / reproducing device restriction is set to “No” in step S742, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is stored in the recording / reproducing device 300 in step S747. Read from the memory 307 and use the system signature key Ksys as the save data encryption key Ksav or generate the save data encryption key Ksav based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0557]
The processing in steps S744 and S745 is the same as the corresponding processing in the processing flow of FIG. 70 described above, and description thereof is omitted.
[0558]
In step S746, the content identifier, the recording / reproducing device identifier, and the recording / reproducing device restriction information set by the user in step 742 are written in the data management file (see FIG. 76).
[0559]
Further, FIG. 77 is a processing flow for reproducing and executing the save data stored in the recording device in the save data storage processing flow of FIG. 75. Step S751 reads the content identifier as in the corresponding processing of FIG. 72 described above. . Next, in step S752, the recording / reproducing device identifier (IDdev) stored in the memory in the recording / reproducing device 300 is read.
[0560]
In step S753, the content identifier, the recording / reproducing device identifier, and the set recording / reproducing device restriction information “Yes / No” are read from the data management file (see FIG. 76). When the recording / reproducing device restriction information is set to “Yes” in the entry having the same content identifier in the data management file, the recording / reproducing device identifier of the table entry is different from the recording / reproducing device identifier read in step S752. Ends the process.
[0561]
Next, when the setting of the data management file is “Restrict recording / playback device” in Step S754, the process proceeds to Step S755, and when it is “No”, the process proceeds to Step S758.
[0562]
In step S755, the recording / reproducing device unique key, for example, the recording / reproducing device signature key Kdev is read from the recording / reproducing device 300 from the internal memory 307 of the recording / reproducing device 300, and the recording / reproducing device signature key Kdev is used as the save data decryption key Ksav. Alternatively, the save data decryption key Ksav is generated based on the recording / reproducing device signature key Kdev. In this decryption key generation process, a processing algorithm corresponding to the encryption key generation process is applied, and data encrypted based on a certain recording / reproducing device unique key is generated based on the same recording / reproducing device unique key. A decryption key generation algorithm that can be decrypted by the decryption key is applied. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0563]
On the other hand, in step S758, the system common key stored in the recording / reproducing device 300, for example, the system signature key Ksys is read from the internal memory 307 of the recording / reproducing device 300, and the system signature key Ksys is used as the save data decryption key Ksav. Alternatively, the save data decryption key Ksav is generated based on the system signature key. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav. The following steps S756 and S757 are the same as the corresponding steps in the save data reproduction processing flow described above.
[0564]
According to the save data storage / reproduction process flow shown in FIGS. 75 and 77, the save data for which “Restrict recording / reproducing device” is selected is encrypted and decrypted by the recording / reproducing device unique key. Therefore, it can be decrypted and used only by the recording / reproducing device having the same recording / reproducing device unique key, that is, the same recording / reproducing device.
[0565]
Next, FIGS. 78 and 79 show processing flows for generating, storing, and reproducing the encryption / decryption key of the save data using the recording / reproducing device identifier.
[0566]
In FIG. 78, the save data is encrypted using the recording / reproducing device identifier and stored in the recording device. Steps S761 to S763 are the same processing as in FIG. In step S764, a save data encryption key Ksav is generated using the recording / reproducing device identifier (IDdev) read from the recording / reproducing device. Apply IDdev as the save data encryption key Ksav, or apply the master key MKx stored in the internal memory of the recording / reproducing device 300 to obtain the save data encryption key Ksav by DES (MKx, IDdev), etc. A save data encryption key ksav is generated based on IDdev. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0567]
The following processing steps S765 to S768 are the same as the corresponding processing in FIG. 75 described above, and a description thereof will be omitted.
[0568]
FIG. 79 is a processing flow for reproducing and executing the save data stored in the recording device by the processing of FIG. Steps S771 to S774 are the same as the corresponding processing in FIG. 77 described above.
[0569]
In step S775, the save data decryption key Ksav is generated using the recording / reproducing device identifier (IDdev) read from the recording / reproducing device. Apply IDdev as the save data decryption key Ksav, or apply the master key MKx stored in the internal memory of the recording / reproducing device 300 to obtain the save data decryption key Ksav by DES (MKx, IDdev), etc. A save data decryption key Ksav is generated based on IDdev. In this decryption key generation processing, a processing algorithm corresponding to the encryption key generation processing is applied, and data encrypted based on a certain recording / reproducing device identifier is decrypted based on the same recording / reproducing device identifier. A decryption key generation algorithm that can be decrypted by a key is applied. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0570]
The following processing steps S776 to S778 are the same as the corresponding steps in FIG.
[0571]
According to the save data storage and reproduction processing flow shown in FIGS. 78 and 79, the save data for which “Restrict recording / reproducing device” has been selected is encrypted and decrypted by the recording / reproducing device identifier. Therefore, the recording / reproducing device having the same recording / reproducing device identifier, that is, only the same recording / reproducing device can be used by decoding.
[0572]
Next, with reference to FIGS. 80 to 82, a description will be given of save data storage and reproduction processing that is executed together with the above-described program usage restriction and recording / reproducing device usage restriction.
[0573]
FIG. 80 is a save data storage processing flow. In step S781, the content identifier is read from the content data. In step S782, a program use restriction determination is performed, and in step S783, a recording / reproducing apparatus restriction determination is performed.
[0574]
In the case of “program usage restricted” and “recording / reproducing device restricted”, in step S785, save data encryption is performed based on both the content unique key (ex. Kcon) and the recording / reproducing device unique key (Kdev). A key Ksav is generated. This can be obtained by, for example, Ksav = (Kcon XOR Kdev) or Ksav = DES (MKx, Kcon XOR Kdev) by applying the master key MKx stored in the internal memory of the recording / reproducing device 300. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0575]
In the case of “with program use restriction” and “without recording / playback device restriction”, in step S786, the content unique key (ex.Kcon) is used as the save data encryption key Ksav or the content unique key (ex.Kcon). ) To generate a save data encryption key Ksav.
[0576]
In the case of “no program use restriction” and “recording / reproducing apparatus restriction”, in step S787, the recording / reproducing apparatus unique key (Kdev) is used as the save data encryption key Ksav, or the recording / reproducing apparatus unique key (Kdev). ) To generate a save data encryption key Ksav. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0577]
Further, if “no program use restriction” and “no recording / reproducing apparatus restriction”, in step S787, the system common key, for example, the system signature key Ksys is used as the save data encryption key Ksav or the system signature key Ksys. A save data encryption key Ksav is generated based on the above. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0578]
In step S789, the save data is encrypted by the save data encryption key Ksav generated in any of steps S785 to S788 and stored in the recording device.
[0579]
In step S790, the restriction information set in steps S782 and S783 is stored in the data management file. The data management file has the configuration shown in FIG. 81, for example, and includes data number, content identifier, recording / reproducing device identifier, program usage restriction, and recording / reproducing device restriction as items.
[0580]
FIG. 82 is a processing flow for reproducing and executing the save data stored in the recording device by the processing of FIG. In step S791, the content identifier and recording / reproducing device identifier of the execution program are read. In step S792, the content identifier, recording / reproducing device identifier, program usage restriction, and recording / reproducing device restriction information are read from the data management file shown in FIG. In this case, if the program usage restriction is “Yes” and the content identifiers do not match, or if the recording / reproducing device restriction information is “Yes” and the recording / reproducing device identifiers do not match, the processing ends.
[0581]
Next, in steps S793, S794, and S795, the decryption key generation process is set to one of the four modes of steps S796 to S799 according to the recording data of the data management file.
[0582]
In the case of “program use restricted” and “recording / reproducing device restricted”, in step S796, the save data decryption is performed based on both the content unique key (ex.Kcon) and the recording / reproducing device unique key (Kdev). A key Ksav is generated. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav. In the case of “with program use restriction” and “without recording / playback device restriction”, in step S797, the content unique key (ex.Kcon) is used as the save data decryption key Ksav or the content unique key (ex.Kcon). ) To generate a save data decryption key Ksav. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0583]
In the case of “no program use restriction” and “recording / reproducing apparatus restriction”, in step S798, the recording / reproducing apparatus unique key (Kdev) is used as the save data decryption key Ksav or the recording / reproducing apparatus unique key (Kdev). ) To generate a save data decryption key Ksav. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav. Further, if “no program use restriction” and “no recording / reproducing apparatus restriction”, in step S799, the system common key, for example, the system signature key Ksys is used as the save data decryption key Ksav or the system signature key Ksys. The save data decryption key Ksav is generated based on the above. Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0584]
In these decryption key generation processes, a processing algorithm corresponding to the encryption key generation process is applied, and data encrypted based on the same content specific key and recording / playback device specific key is the same content specific key, A decryption key generation algorithm that can be decrypted by the decryption key generated based on the recording / reproducing device unique key is applied.
[0585]
In step S800, the decryption process is executed using the save data decryption key generated in any of steps S796 to S799 described above, and the decrypted save data is reproduced and executed in the recording / reproducing device 300.
[0586]
According to the save data storage and playback processing flow shown in FIGS. 80 and 82, the save data for which “Restrict program use” is selected is encrypted and decrypted by the content unique key, and therefore the same. It is possible to decrypt and use only content data having the content unique key. In addition, the save data for which “Restrict recording / reproducing device” is selected is encrypted and decrypted by the recording / reproducing device identifier, so that the recording / reproducing device having the same recording / reproducing device identifier, that is, the same It is possible to decode and use only by the recording / reproducing device. Accordingly, usage restrictions can be set by both the content and the recording / reproducing device, and the security of the save data can be further increased.
[0587]
In FIGS. 80 and 82, the content unique key, the save data encryption key using the recording / reproducing device unique key, and the decryption key generation configuration are shown, but the content identifier, A recording / reproducing device identifier may be used instead of the recording / reproducing device unique key, and a save data encryption key and a decryption key may be generated based on these identifiers.
[0588]
Next, the configuration for generating the save data encryption key and decryption key based on the password input by the user will be described with reference to FIGS.
[0589]
FIG. 83 is a processing flow for generating the save data encryption key based on the password input by the user and storing it in the recording device.
[0590]
Step S821 is a process of reading the content identifier from the content data, and is the same as each process described above. Step S822 is a step of determining whether or not to set a program use restriction by the user. The data management file set in this configuration has, for example, the configuration shown in FIG.
[0591]
As shown in FIG. 84, the data includes a data number, a content identifier, a recording / playback device identifier, and program usage restriction information by the user. “Program usage restriction information by user” is an item for setting whether to restrict users who use the program.
[0592]
If the use restriction is set in step S822 in the processing flow in FIG. 83, a user password is input in step S823. This input is input from input means such as a keyboard shown in FIG.
[0593]
The input password is output to the encryption processing unit 302 under the control of the main CPU 106 and the control unit 301, and the save data encryption key Ksav based on the process in step S824, that is, the input user password is generated. As the save data encryption key Ksav generation process, for example, the password itself may be used as the encryption key Ksav, or the save data encryption key Ksav = DES (MKx, password) using the master key MKx of the recording / reproducing device. It may be generated. Alternatively, a one-way function may be applied using a password as an input, and an encryption key may be generated based on the output.
[0594]
If the user restriction in step S822 is No, a save data encryption key is generated based on the system common key of the recording / reproducing device 300 in step S828.
[0595]
Further, in step S825, the save data is encrypted using the save data encryption key Ksav generated in step S824 or step S828, and the save data subjected to the encryption process is stored in the recording device in step S826. .
[0596]
Further, in step S827, the program usage restriction information set by the user set in step S822 is written in the data management file of FIG. 84 in association with the content identifier and the recording / playback device identifier.
[0597]
FIG. 85 is a diagram showing a flow of reproducing saved data stored by the process of FIG. In step S831, the content identifier is read from the content data, and in step S832, the content identifier and the program usage restriction information by the user are read from the data management file shown in FIG.
[0598]
In step S833, a determination based on the data in the data management file is executed, and when “Restrict program use by user” is set, a password input is requested in step S834, and based on the input password in step S835. Generate a decryption key. In this decryption key generation process, a processing algorithm corresponding to the encryption key generation process is applied, and data encrypted based on a certain password can be decrypted with a decryption key generated based on the same password Is set to the decryption key generation algorithm.
[0599]
If the determination in step S833 is that there is no program use restriction by the user, a save data decryption key Ksav is generated in step S837 using the system common key stored in the internal memory of the recording / reproducing device 300, for example, the system signature key Ksys. . Alternatively, an encryption key separately stored in the internal memory 307 of the recording / reproducing device 300 and different from other keys may be used as the save data encryption key Ksav.
[0600]
In step S836, the save data stored in the recording device is decrypted using the decryption key Ksav generated in either step S835 or step S837. In step S836, the save data is reproduced and executed in the recording / reproducing device. Is made.
[0601]
According to the save data storage and playback processing flow shown in FIGS. 83 and 85, the save data for which “restrict use of program by user” is selected is encrypted and decrypted by the key based on the user input password. Therefore, only when the same password is input can be decrypted and used, and the security of the save data can be increased.
[0602]
As described above, several save data storage processing and playback processing modes have been described. However, the save data is obtained by combining the above-described processing, for example, a password, a recording / playback device identifier, a content identifier, and the like in any combination. An aspect in which an encryption key and a decryption key are generated is also possible.
[0603]
(17) Unauthorized device exclusion (revocation) configuration
As described above, in the data processing apparatus of the present invention, various contents data provided from the medium 500 (see FIG. 3) and the communication means 600 are subjected to authentication, encryption processing, etc. in the recording / reproducing device 300. In addition, the security of the provided content is enhanced by the configuration stored in the recording device, and the configuration is such that only authorized users can use it.
[0604]
As can be understood from the above description, the input content includes various signature keys, master keys, and check value generation keys (see FIG. 18) stored in the internal memory 307 configured in the encryption processing unit 302 of the recording / reproducing device 300. ) Is used for authentication processing, encryption processing, and decryption processing. As described above, the internal memory 307 for storing the key information is basically composed of a semiconductor chip having a structure that is difficult to access from the outside, and has a multilayer structure. The internal memory is an aluminum layer or the like. It is desirable to have a configuration that makes it difficult to read data illegally from the outside, such as being sandwiched between the dummy layers or being configured at the lowest layer, and having a narrow operating voltage or / and frequency range, In the unlikely event that unauthorized reading of the internal memory is performed and these key data, etc. are leaked and copied to a recording / playback device that is not licensed properly, unauthorized use of the content may be made with the copied key information There is sex.
[0605]
Here, a configuration for preventing unauthorized use of content due to duplication of keys by unauthorized copying will be described.
[0606]
FIG. 86 is a block diagram for explaining this configuration “(17) Unauthorized device elimination configuration”. The recording / reproducing device 300 is the same as the recording / reproducing device shown in FIGS. 2 and 3 described above, has an internal memory, has various key data described above (FIG. 18), and further has a recording / reproducing device identifier. ing. Here, the recording / reproducing device identifier, key data, etc. copied by a third party are not necessarily stored in the internal memory 307 shown in FIG. 3, but the key data, etc. of the recording / reproducing device 300 shown in FIG. Are configured to be stored in a memory unit that is accessible by the cryptographic processing unit 302 (see FIGS. 2 and 3) or distributed.
[0607]
In order to realize an illegal device exclusion configuration, an illegal recording / reproducing device identifier list in the header portion of the content data is stored. As shown in FIG. 86, the content data has a revocation list as an unauthorized recording / reproducing device identifier (IDdev) list. Further, a list check value ICVrev for tampering check of the revocation list is provided. The unauthorized recording / reproducing device identifier (IDdev) list is a list of unauthorized recording / reproducing device identifiers IDdev found by the content provider or administrator from the distribution status of unauthorized copying, for example. This revocation list may be encrypted and stored with the delivery key Kdis, for example. The decoding process by the recording / reproducing device is the same as that of the content download process of FIG. 22, for example.
[0608]
Here, in order to facilitate understanding, the revocation list is shown as single data in the content data in FIG. 86. For example, the handling policy (components of the header portion of the content data described above) For example, the revocation list may be included in FIGS. In this case, the handling policy data including the revocation list is tampered with the check value ICVa described above. When the revocation list is included in the handling policy, it is necessary to store the check value generation key Kicv-rev by using the check value A: ICVa check instead of the check value A: the check value A generation key Kicva in the recording / reproducing device is used. There is no.
[0609]
When the revocation list is included in the content data as single data, the revocation list is checked by the list check value ICVrev for tampering check of the revocation list, and the list check value ICVrev and other contents in the content data are also checked. The intermediate check value is generated from the partial check value of the intermediate check value and the intermediate check value is verified.
[0610]
The revocation list check method using the list check value ICVrev for revocation check of the revocation list can be executed by the same method as the check value generation processing of ICVa, ICVb, etc. described with reference to FIGS. . That is, the ICV calculation described with reference to FIGS. 23, 24, etc., using the check value generation key Kicv-rev stored in the internal memory 307 of the recording / reproducing device encryption unit 302 as a key and the revocation list included in the content data as a message. Calculated according to the method. The calculated check value ICV-rev 'is compared with the check value ICV-rev stored in the header (Header). If they match, it is determined that there is no falsification.
[0611]
The intermediate check value including the list check value ICVrev is, for example, as shown in FIG. 25, with the total check value generation key Kicvt stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. The check value A, the check value B, the list check value ICVrev, and the message string to which the content check value is added according to the format are generated by applying the ICV calculation method described in FIG.
[0612]
These revocation lists and list check values are provided to the recording / reproducing device 300 via the media 500 such as DVD and CD, the communication means 600, or the recording device 400 such as a memory card. Here, the recording / reproducing device 300 may be a recording / reproducing device that holds valid key data, or may have an identifier ID that has been illegally copied.
[0613]
FIG. 87 and FIG. 88 show the processing flow of the illegal recording / reproducing device elimination processing in such a configuration. FIG. 87 is an unauthorized recording / reproducing device revocation process flow when content is provided from a medium 500 such as a DVD or CD, or communication means 600, and FIG. 88 is a flowchart from a recording device 400 such as a memory card. It is an unauthorized recording / reproducing device exclusion (revocation) processing flow when content is provided.
[0614]
First, the processing flow of FIG. 87 will be described. Step 901 is a step in which a medium is loaded and content is provided, that is, a reproduction process or a download request is made. The process shown in FIG. 87 is executed as a step before executing a download process or the like by mounting a medium such as a DVD on a recording / reproducing device, for example. The download process is as described above with reference to FIG. 22. The process of FIG. 87 is performed as a step before the execution of the process flow of FIG. 22 or as a process inserted in the process flow of FIG. Is executed.
[0615]
When the recording / reproducing device 300 receives content provision via a communication means such as a network, the communication session with the content distribution service side is established in step S911, and then the process proceeds to step S902.
[0616]
In step S902, a revocation list (see FIG. 86) is acquired from the header portion of the content data. In the list acquisition process, when the content is in the medium, the control unit 301 shown in FIG. 3 reads from the media via the reading unit 304, and when the content is from the communication unit, the control unit 301 shown in FIG. Is received from the content distribution side via the communication unit 305.
[0617]
In step S903, the control unit 301 passes the revocation list acquired from the medium 500 or the communication unit 600 to the encryption processing unit 302 and causes the encryption processing unit 302 to execute check value generation processing. The recording / reproducing device 300 has a revocation check value generation key Kicv-rev inside, and applies the revocation check value generation key Kicv-rev with the received revocation list as a message, for example, FIG. 23, FIG. The check value ICV-rev ′ is calculated according to the ICV calculation method described in the above item, and the check result: ICV-rev stored in the header of the content data (Header) is compared. Is determined to be absent (Yes in step S904). If they do not match, it is determined that they have been tampered with, and the process advances to step S909 to end the process as a processing error.
[0618]
Next, in step S905, the control unit 306 of the recording / reproducing device encryption processing unit 302 causes the encryption / decryption unit 308 of the recording / reproduction device encryption processing unit 302 to calculate the total check value ICVt '. As shown in FIG. 25, the total check value ICVt ′ is generated by encrypting the intermediate check value with DES using the system signature key Ksys stored in the internal memory 307 of the recording / reproducing device encryption processing unit 302 as a key. Note that verification processing of each partial check value, for example, ICVa, ICVb, etc. is omitted in the processing flow shown in FIG. 87, but each data format is the same as the processing flow of FIGS. 39 to 45 described above. Verification of the partial check value according to is performed.
[0619]
Next, in step S906, the generated total check value ICVt 'is compared with the ICVt in the header (Header). If they match (Yes in step S906), the process proceeds to step S907. If they do not match, it is determined that they have been tampered with, and the process advances to step S909 to end the process as a processing error.
[0620]
As described above, the total check value ICVt is for checking the entire partial check value included in the content data, such as ICVa, ICVb, and the check value of each content block according to the data format. Then, in addition to these partial check values, a list check value ICVrev for checking the alteration of the revocation list is added as a partial check value to verify all of these falsifications. If the total check value generated by the above-described processing matches the check value stored in the header (ICVt): ICVt, all of ICVa, ICVb, the check value of each content block, and the list check value ICVrev are falsified. Not determined.
[0621]
In step S907, the revocation list determined not to be falsified is compared with the recording / reproducing device identifier (IDdev) stored in its own recording / reproducing device 300.
[0622]
If the list of the unauthorized recording / reproducing device identifier IDdev read from the content data includes the recording / reproducing device identifier IDdev, the recording / reproducing device 300 has the illegally copied key data. In step S909, the subsequent procedure is stopped. For example, it is impossible to execute the content download processing procedure of FIG.
[0623]
If it is determined in step S907 that the list of the illegal recording / reproducing device identifier IDdev does not include the recording / reproducing device identifier IDdev, the recording / reproducing device 300 has valid key data. The process proceeds to step S908, and the subsequent procedure, for example, the program execution process or the content download process shown in FIG.
[0624]
FIG. 88 shows a process for reproducing content data stored in a recording device 400 such as a memory card. As described above, the recording device 400 such as a memory card and the recording / reproducing device 300 execute the mutual authentication process (step S921) described in FIG. In step S922, only when mutual authentication is OK, the process proceeds to step S923 and subsequent steps. If mutual authentication fails, an error occurs in step S930, and the subsequent processing is not executed.
[0625]
In step S923, a revocation list (see FIG. 86) is acquired from the header portion of the content data. The subsequent processing in steps S924 to S930 is the same processing as the corresponding processing in FIG. That is, the verification of the list based on the list check value (S924, S925), the verification based on the total check value (S926, S927), the comparison between the list entry and the own recording / playback device identifier IDdev (S928) is executed, When the list of the read / unauthorized recording / reproducing device identifier IDdev contains the identifier IDdev of its own recording / reproducing device, the recording / reproducing device 300 has the illegally copied key data. The process proceeds to step S930, and the subsequent procedure is stopped. For example, it is assumed that the content reproduction process shown in FIG. 28 cannot be executed. On the other hand, when it is determined that the recording / reproducing device identifier IDdev does not include the recording / reproducing device identifier IDdev, the recording / reproducing device 300 has valid key data. The process proceeds to step S929, and the subsequent procedure can be executed.
[0626]
As described above, in the data processing apparatus of the present invention, the data for identifying an unauthorized recording / reproducing device in combination with the content provided by the content provider or administrator, that is, the rebodies in which the unauthorized recording / reproducing device identifier IDdev is listed. The application list is included as configuration data of the header portion of the content data and provided to the recording / reproducing device user. The recording / reproducing device user stores the content list in the memory of his / her recording / reproducing device before using the content by the recording / reproducing device. When the stored recording / reproducing device identifier IDdev and the identifier of the list are collated and there is a matching data, the subsequent processing is not executed, so the key data is copied and stored in the memory. It is possible to eliminate the use of content by an unauthorized recording / reproducing device.
[0627]
(18) Secure chip configuration and manufacturing method
As described above, since the internal memory 307 of the recording / reproducing device encryption processing unit 302 or the internal memory 405 of the recording device 400 holds important information such as an encryption key, it is difficult to read out illegally from the outside. It is necessary to keep it. Accordingly, the recording / reproducing device encryption processing unit 302 and the recording device encryption processing unit 401 are composed of, for example, a semiconductor chip having a structure that is difficult to access from the outside, and have a multilayer structure, and the internal memory thereof is a dummy such as an aluminum layer. It is configured as a tamper-resistant memory having a characteristic that it is difficult to read data illegally from the outside, such as being sandwiched between layers or configured in the lowermost layer, and having a narrow operating voltage and / or frequency range.
[0628]
However, as will be understood from the above description, for example, it is necessary to write different data for each recording / reproducing device such as the recording / reproducing device signature key Kdev in the internal memory 307 of the recording / reproducing device encryption processing unit 302. Also, after writing individual information for each chip, such as identification information (ID) and encryption key information, in a nonvolatile storage area in the chip, such as flash memory, FeRAM, etc., for example, rewriting and reading data after product shipment It is necessary to make it difficult.
[0629]
As a conventional technique for making it difficult to read and rewrite write data, for example, a data write command protocol is kept secret. Alternatively, a signal line that accepts a data write command on the chip and a communication signal line that is used after commercialization are separated, and the data write command is valid unless a signal is sent directly to the chip on the board. There is a technique to prevent it from happening.
[0630]
However, even if such a conventional method is adopted, for those who have expertise in storage elements, if there is equipment and technology to drive the circuit, it is possible to output signals to the data writing area of the chip, Even if the command protocol for writing data is secret, there is always a parseability of the protocol.
[0631]
Distributing such storage elements for encrypted data that retains the possibility of altering secret data results in a threat to the entire encryption system. In addition, in order to prevent data reading, it is possible to adopt a configuration in which the data read command itself is not implemented, but in that case, even when regular data writing is executed, data writing to the memory is actually performed. It is impossible to check whether or not the written data is correctly written and whether or not the written data is written correctly, and there is a possibility that a chip on which defective data has been written is supplied. To do.
[0632]
In view of these conventional techniques, here, a secure chip configuration and a secure chip manufacturing method are provided that enable accurate data writing to a nonvolatile memory such as flash memory and FeRAM, and make data reading difficult. .
[0633]
FIG. 89 shows a security chip configuration applicable to, for example, the recording / reproducing device encryption processing unit 302 or the encryption processing unit 401 of the recording device 400 described above. 89A shows a security chip configuration in a chip manufacturing process, that is, a data writing process, and FIG. 89B shows a configuration example of a product including a security chip into which data is written, for example, a recording / reproducing device 300, An example of a recording device 400 is shown.
[0634]
In the security chip in the manufacturing process, a mode designation signal line 8003 and various command signal lines 8004 are connected to the processing unit 8001, and the processing unit 8001 is configured to use a mode set by the mode designation signal line 8003, for example, a data write mode. Alternatively, data write processing to the storage unit 8002 which is a nonvolatile memory or data read processing from the storage unit 8002 is executed according to the data read mode.
[0635]
On the other hand, in the product equipped with the security chip in FIG. 89B, the security chip and the external connection interface, peripheral devices, other elements, and the like are connected by general-purpose signal lines, but the mode signal line 8003 is in a non-connected state. Is done. Specific processing includes, for example, connecting the mode signal line 8003 to the ground, raising it to Vcc, cutting the signal line, or sealing with an insulating resin. By such processing, it becomes difficult to access the mode signal line of the security chip after the product is shipped, and the difficulty of reading and writing the chip data from the outside can be increased.
[0636]
Further, the security chip 8000 having this configuration has a configuration that makes it difficult to write data to the storage unit 8002 and to read data written to the storage unit 8002, even if a third party accesses the mode signal line 8003. Even if successful, illegal data writing and reading can be prevented. FIG. 90 shows a data write or read process flow in the security chip having this configuration.
[0637]
Step S951 is a step of setting the mode signal line 8003 to the data write mode or the data read mode.
[0638]
Step S952 is a step of extracting authentication information from the chip. In the security chip of this configuration, information necessary for authentication processing, such as a password and key information for authentication processing in encryption technology, is stored in advance by, for example, a wire or mask ROM configuration. In step S952, the authentication information is read and an authentication process is executed. For example, when an authentication process is executed by connecting a regular data writing jig or data reading device to a general-purpose signal line, an authentication OK result (Yes in step S953) is obtained. When the authentication process is executed by connecting the data reading device to the general-purpose signal line, the authentication fails (No in step S953), and the process is stopped at that time. The authentication process can be executed, for example, according to the mutual authentication process procedure of FIG. 13 described above. A processing unit 8001 shown in FIG. 89 has a configuration capable of executing these authentication processes. This can be realized, for example, by the same configuration as the command register incorporated in the control unit 403 of the encryption processing unit 401 of the recording device 400 shown in FIG. For example, the processing unit of the chip in FIG. 89 has the same configuration as the command register incorporated in the control unit 403 of the encryption processing unit 401 of the recording device 400 shown in FIG. 29, and is connected to various command signal lines 8004. When a predetermined command No is input, it is possible to execute a corresponding process and execute an authentication process sequence.
[0639]
The processing unit 8001 accepts a data write command or a data read command only when authentication is performed in the authentication process, and executes a data write process (step S955) or a data read process (step S956).
[0640]
As described above, the security chip of this configuration is configured to execute the authentication process at the time of data writing or reading, so that data read from or stored in the security chip storage unit by a third party who does not have a legitimate right. Data writing to the part can be prevented.
[0641]
Next, FIG. 91 shows an embodiment in which an element configuration with higher security is provided. In this example, the security chip storage unit 8200 is separated into two areas, one is a read / write combined area (RW: ReadWrite area) 8201 in which data can be read and written, and the other is a write in which only data can be written. A dedicated area (WO: Write Only area) 8202.
[0642]
In this configuration, a write-only area (WO: Write Only area) 8202 is written with high security request data such as encryption key data and identifier data, while the security level is not so high, for example, check data is read and written. Data is written in a combined area (RW: ReadWrite area) 8201.
[0643]
The processing unit 8001 executes the data reading process with the authentication process described above with reference to FIG. 90 as the data reading process from the read / write combined area (RW: ReadWrite area) 8201. However, the data writing process is executed according to the flow of FIG.
[0644]
Step S961 in FIG. 92 is a step for setting the mode signal line 8003 to the write mode. In step 962, the same authentication process as described in FIG. 90 is executed. When authentication is performed in the authentication process, the process proceeds to step S963, where information such as high-security key data is written to the write-only (WO) area 8202 via the command signal line 8004, and a read / write combined use area (RW: ReadWrite area). ) 8201, for example, a command for writing check data is output to the processing unit 8001 which is not so high in security level.
[0645]
In step S964, the processing unit 8001 that has received the command executes data write processing corresponding to the command for the write-only (WO) area 8202 and the read / write combined area (RW: ReadWrite area) 8201, respectively.
[0646]
FIG. 93 shows a verification processing flow of data written in the write-only (WO) area 8202.
[0647]
Step S971 in FIG. 93 causes the processing unit 8001 to execute encryption processing based on the data written in the write-only (WO) area 8202. These execution configurations are realized by a configuration that sequentially executes the cryptographic processing sequence stored in the command register, as in the previous authentication processing execution configuration. Further, the cryptographic processing algorithm executed in the processing unit 8001 is not particularly limited, and for example, a configuration in which the DES algorithm described above is executed can be adopted.
[0648]
In step S972, the verification device connected to the security chip receives the cryptographic processing result from the processing unit 8001. In step S973, the result obtained by applying the same encryption process as the algorithm executed in the processing unit 8001 to the regular write data that has been previously written in the storage unit, and the processing unit 8001 Compare the encryption result from
[0649]
If the comparison results are the same, it is verified that the data written in the write-only (WO) area 8202 is correct.
[0650]
In this configuration, even if the authentication process is broken and the read command can be executed, the data readable area is limited to the read / write combined area (RW: ReadWrite area) 8201 and the write only (WO) area 8202 is used. It is impossible to read out the data written in the, and the configuration becomes higher in security. Further, unlike a chip in which reading is impossible at all, a read / write combined area (RW: ReadWrite area) 8201 is configured, so that it is possible to check whether the memory access is correct or not.
[0651]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In the above-described embodiment, the recording / reproducing device capable of recording and reproducing contents has been described as an example. However, the configuration of the present invention can be applied to an apparatus capable of only data recording and data reproduction. The present invention can be implemented in personal computers, game machines, and other various data processing devices in general. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0652]
【The invention's effect】
As described above, in the data processing system, the recording device, and the data processing method of the present invention, the recording device is configured to execute a single-time common key encryption process, for example, an encryption process to which a single DES process is applied. By repeatedly executing the processing sequence a plurality of times, it is possible to execute the same processing as the encryption processing to which triple DES, which is a multiple-time common key encryption processing, is applied, and it is possible to perform encryption processing with the encryption strength changed according to the content. Become.
[0653]
Furthermore, according to the data processing system, recording device, and data processing method of the present invention, the recording device only includes a single DES processing unit as a single-time common key encryption processing unit. Is prevented from becoming complicated.
[Brief description of the drawings]
FIG. 1 is a diagram showing a configuration of a conventional data processing system.
FIG. 2 is a diagram showing a configuration of a data processing apparatus to which the present invention is applied.
FIG. 3 is a diagram showing a configuration of a data processing apparatus to which the present invention is applied.
FIG. 4 is a diagram showing a data format of content data on a medium and a communication path.
FIG. 5 is a diagram showing a handling policy included in a header in content data.
FIG. 6 is a diagram illustrating block information included in a header in content data.
FIG. 7 is a diagram illustrating an electronic signature generation method using DES.
FIG. 8 is a diagram illustrating an electronic signature generation method using triple DES.
FIG. 9 is a diagram illustrating an aspect of triple DES.
FIG. 10 is a diagram illustrating an electronic signature generation method using triple DES in part.
FIG. 11 is a diagram showing a processing flow in electronic signature generation.
FIG. 12 is a diagram showing a processing flow in electronic signature verification.
FIG. 13 is a diagram illustrating a processing sequence of mutual authentication processing using symmetric key encryption technology.
FIG. 14 is a diagram illustrating a public key certificate.
FIG. 15 is a diagram illustrating a processing sequence of mutual authentication processing using asymmetric key encryption technology.
FIG. 16 is a diagram showing a processing flow of encryption processing using elliptic curve cryptography.
FIG. 17 is a diagram showing a processing flow of decryption processing using elliptic curve cryptography.
FIG. 18 is a diagram showing a data holding state on the recording / reproducing device.
FIG. 19 is a diagram illustrating a data holding status on a recording device.
FIG. 20 is a diagram showing a mutual authentication processing flow between a recording / reproducing device and a recording device.
FIG. 21 is a diagram illustrating a relationship between a master key of a recording / reproducing device and a corresponding key block of a recording device.
FIG. 22 is a diagram showing a processing flow in content download processing;
FIG. 23 is a diagram for explaining a method of generating a check value A: ICVa.
FIG. 24 is a diagram illustrating a method for generating a check value B: ICVb.
FIG. 25 is a diagram for explaining a method for generating a total check value and a recording / reproducing device specific check value;
FIG. 26 is a diagram illustrating a format of content data (usage restriction information = 0) stored in a recording device.
FIG. 27 is a diagram illustrating a format of content data stored in a recording device (usage restriction information = 1).
FIG. 28 is a diagram illustrating a processing flow in content reproduction processing;
FIG. 29 is a diagram illustrating a command execution method in a recording device.
FIG. 30 is a diagram illustrating a command execution method in content storage processing in a recording device.
FIG. 31 is a diagram illustrating a command execution method in content reproduction processing in a recording device.
Fig. 32 is a diagram for describing a configuration of format type 0 of a content data format.
FIG. 33 is a diagram for describing a configuration of format type 1 of a content data format.
[Fig. 34] Fig. 34 is a diagram for describing the configuration of format type 2 of a content data format.
[Fig. 35] Fig. 35 is a diagram describing a configuration of format type 3 of a content data format.
FIG. 36 is a diagram illustrating a content check value ICVi generation processing method in format type 0.
FIG. 37 is a diagram illustrating a content check value ICVi generation processing method in format type 1.
FIG. 38 is a diagram for explaining a generation processing method of total check values and recording / reproducing device specific check values in format types 2 and 3;
FIG. 39 is a diagram showing a processing flow of content download processing in format types 0 and 1;
FIG. 40 is a diagram showing a processing flow of content download processing in format type 2;
FIG. 41 is a diagram showing a processing flow of content download processing in format type 3;
FIG. 42 is a diagram showing a processing flow of content reproduction processing in format type 0.
FIG. 43 is a diagram showing a processing flow of content reproduction processing in format type 1;
44 is a diagram showing a processing flow of content reproduction processing in format type 2. FIG.
45 is a diagram showing a processing flow of content reproduction processing in format type 3. FIG.
FIG. 46 is a diagram (part 1) illustrating a content creator and a check value generation and verification method performed by the content verifier;
FIG. 47 is a diagram (part 2) illustrating a content creator and a check value generation and verification method performed by the content verifier;
FIG. 48 is a diagram (No. 3) for explaining a content creator and a method for generating and verifying a check value by the content verifier.
FIG. 49 is a diagram for describing a method for individually generating various keys using a master key.
FIG. 50 is a diagram (example 1) illustrating a processing example in a content provider and a user regarding a method for individually generating various keys using a master key.
FIG. 51 is a diagram (example 2) illustrating a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.
FIG. 52 is a diagram for describing a configuration for executing usage restriction by using different master keys.
FIG. 53 is a diagram (example 3) illustrating a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.
FIG. 54 is a diagram (example 4) illustrating a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.
FIG. 55 is a diagram (example 5) illustrating a processing example in a content provider and a user regarding a method of individually generating various keys using a master key.
FIG. 56 is a diagram showing a processing flow for storing an encryption key to which triple DES is applied using a single DES algorithm;
FIG. 57 is a diagram showing a content reproduction processing flow (example 1) based on the priority order;
FIG. 58 is a diagram illustrating a content reproduction processing flow (example 2) based on priority.
FIG. 59 is a diagram showing a content reproduction processing flow (example 3) based on the priority order;
[Fig. 60] Fig. 60 is a diagram for describing a configuration for executing a compression (decompression) process of compressed data in a content reproduction process.
[Fig. 61] Fig. 61 is a diagram illustrating a configuration example (example 1) of content.
[Fig. 62] Fig. 62 is a diagram illustrating the playback processing flow in Content Configuration Example 1.
[Fig. 63] Fig. 63 is a diagram illustrating a configuration example (example 2) of content.
[Fig. 64] Fig. 64 is a diagram illustrating a playback processing flow in Content Configuration Example 2.
[Fig. 65] Fig. 65 is a diagram illustrating a configuration example (example 3) of content.
FIG. 66 is a diagram showing a playback processing flow in Content Configuration Example 3;
[Fig. 67] Fig. 67 is a diagram illustrating a configuration example (example 4) of content.
[Fig. 68] Fig. 68 is a diagram showing a playback processing flow in Content Configuration Example 4.
FIG. 69 is a diagram for describing save data generation and storage processing;
FIG. 70 is a diagram showing a processing flow relating to a save data storage processing example (Example 1);
FIG. 71 is a diagram showing a data management file configuration (example 1) used in save data storage and playback processing;
FIG. 72 is a diagram showing a process flow relating to a save data reproduction process example (example 1);
FIG. 73 is a diagram showing a processing flow relating to a save data storage processing example (example 2);
74 is a diagram showing a process flow relating to a save data reproduction process example (example 2); FIG.
FIG. 75 is a diagram showing a process flow relating to a save data storage process example (Example 3);
FIG. 76 is a diagram showing a data management file configuration (example 2) used in save data storage and playback processing;
FIG. 77 is a diagram showing a process flow relating to a save data reproduction process example (example 3);
FIG. 78 is a diagram showing a process flow relating to a save data storage process example (example 4);
FIG. 79 is a diagram showing a process flow relating to a save data reproduction process example (example 4);
FIG. 80 is a diagram showing a process flow relating to a save data storage process example (Example 5);
FIG. 81 is a diagram showing a data management file configuration (example 3) used in save data storage and playback processing;
FIG. 82 is a diagram illustrating a process flow relating to a save data reproduction process example (example 5);
FIG. 83 is a diagram showing a process flow relating to a save data storage process example (Example 6);
84 is a diagram showing a data management file configuration (example 4) used in save data storage and playback processing; FIG.
FIG. 85 is a diagram showing a process flow relating to a save data reproduction process example (Example 6);
[Fig. 86] Fig. 86 is a diagram for explaining an unauthorized content user exclusion (revocation) configuration.
FIG. 87 is a diagram showing a processing flow (example 1) of content unauthorized user exclusion (revocation);
FIG. 88 is a diagram illustrating a processing flow (example 2) of content unauthorized user exclusion (revocation);
FIG. 89 is a diagram illustrating a configuration (example 1) of a security chip.
FIG. 90 is a diagram showing a process flow in a security chip manufacturing method.
FIG. 91 is a diagram illustrating a configuration (example 2) of a security chip.
FIG. 92 is a diagram showing a processing flow in data writing processing in a security chip (example 2).
FIG. 93 is a diagram showing a process flow of a write data check process in a security chip (example 2).
[Explanation of symbols]
106 Main CPU
107 RAM
108 ROM
109 AV processing section
110 Input processor
111 PIO
112 SIO
300 recording / reproducing device
301 Control unit
302 Cryptographic processing unit
303 Recording device controller
304 Reading unit
305 communication unit
306 Control unit
307 internal memory
308 Encryption / decryption unit
400 recording device
401 Cryptographic processing unit
402 External memory
403 control unit
404 Communication Department
405 Internal memory
406 Encryption / Decryption Unit
407 External memory control unit
500 media
600 Communication means
2101, 2102, 2103 Recording / reproducing device
2104, 2105, 2106 Recording device
2901 Command Number Manager
2902 Command register
2903, 2904 Authentication flag
3001 Speaker
3002 Monitor
3090 memory
3091 Content Analysis Department
3092 Data storage unit
3093 Program storage unit
3094 Compression / decompression processor
7701 Content data
7702 Revocation List
7703 List check value
8000 Security chip
8001 Processing unit
8002 Storage unit
8003 Mode signal line
8004 Command signal line
8201 Read / write combined area
8202 Write-only area

Claims (22)

  1. In a data processing system composed of a first device and a second device that mutually transfer encrypted data,
    The second device has a cryptographic processing unit that performs cryptographic processing related to transfer data with the first device,
    The cryptographic processing unit
    A single-time common key encryption processing unit that performs encryption processing by applying one common key encryption processing to the transfer data with the first device;
    A control unit that repeatedly executes the encryption process in the single-time common key encryption processing unit a plurality of times, and executes a multiple-time common key encryption process;
    Have a configuration to perform single-number common key encryption processing and double the number of common key encryption process selectively,
    The multiple-number common key encryption process is:
    A plurality of key data for multiple-number common key encryption processing is sequentially received from the first device, and the single-number common key encryption processing is sequentially executed based on the received key data. Data processing system.
  2. The multiple common key encryption process in the encryption processing unit is:
    A command sequence including encryption key exchange processing for encrypted data transferred from the first device to the second device and stored in storage means in the second device, or
    A command sequence including an encryption key exchange process for encrypted data stored in the storage means in the second device and transferred from the second device to the first device;
    The data processing system according to claim 1, wherein the data processing system is configured to be executed at least in any one of the command sequences.
  3. The control unit of the cryptographic processing unit is
    A command sequence stored in the register is configured to receive a command identifier transferred from the first device in accordance with a predetermined setting sequence, extract a command corresponding to the received command identifier from the register, and execute the command. The single-number common key encryption processing sequence is configured to perform control to repeatedly execute the single-time common key encryption processing sequence a plurality of times when executing the multiple-number common key encryption processing. The data processing system according to 1.
  4. The cryptographic processing unit
    The single-time common key encryption processing unit executes encryption processing to which the CBC mode is applied using encryption processing target data as a message,
    The cryptographic processing unit
    The configuration is such that only a part of the message sequence to be encrypted is executed by repeatedly performing the encryption process in the single-time common key encryption processing unit a plurality of times and applying the multiple-time common key. The data processing system according to claim 1.
  5.   The encryption processing unit executes a determination process for determining whether an encryption processing method is a single-time common key method or a multiple-time common key method based on header information of data content to be encrypted. The data processing system according to claim 1.
  6. The second device is a storage device having a data storage unit for storing encrypted data;
    The first device is a recording / reproducing device that performs data storage processing on the storage device, and retrieves and reproduces data stored in the storage device,
    The storage device as the second device is configured to execute encryption processing data in the single-time common key encryption processing unit a plurality of times to execute encryption processing data obtained by executing multiple-time common key encryption processing in the data storage unit. The data processing system according to claim 1, wherein the data processing system is stored in
  7.   The data processing system according to claim 1, wherein the common key encryption process is a DES encryption process.
  8. A recording device having a data storage unit that stores content data that can be transferred to and from an external device,
    The recording device includes an encryption processing unit that performs encryption processing on the content data,
    The encryption processing unit
    A single-time common key encryption processing unit for performing encryption processing by applying one-time common key encryption processing to the content data;
    A control unit that repeatedly executes the encryption process in the single-time common key encryption processing unit a plurality of times, and executes a multiple-time common key encryption process;
    Have a configuration to perform single-number common key encryption processing and double the number of common key encryption process selectively,
    The multiple-number common key encryption process is:
    A recording device having a configuration in which a plurality of key data for multiple-number common key encryption processing is sequentially received from an external device, and sequential single-number common key encryption processing is repeatedly executed based on the received key data .
  9. The multiple common key encryption process in the encryption processing unit is:
    A command sequence including an encryption key exchange process for encrypted data transferred from an external device to the recording device and stored in storage means in the recording device, or
    A command sequence including encryption key exchange processing for encrypted data stored in the storage means in the recording device and transferred from the recording device to an external device;
    The recording device according to claim 8 , wherein the recording device is configured to be executed at least in any one of the command sequences.
  10. The control unit of the cryptographic processing unit is
    The command identifier transferred from the external device is received according to a predetermined setting sequence, and the command corresponding to the received command identifier is extracted from the register and executed. The command sequence stored in the register is a single time common key an encryption processing sequence, when the double number common key encryption process execution, according to claim 8, wherein a configuration of a single number common key encryption processing sequence is repeated a plurality of times performing control to execute Recording device.
  11. The cryptographic processing unit
    The single-time common key encryption processing unit executes encryption processing to which the CBC mode is applied using encryption processing target data as a message,
    The cryptographic processing unit
    The configuration is such that only a part of the message sequence to be encrypted is executed by repeatedly performing the encryption process in the single-time common key encryption processing unit a plurality of times and applying the multiple-time common key. The recording device according to claim 8 .
  12. The encryption processing unit executes a determination process for determining whether the encryption processing method is a single-time common key method or a multiple-time common key method based on header information of data content to be encrypted. The recording device according to claim 8 .
  13. The recording device has a configuration in which encryption processing data obtained by repeatedly executing encryption processing in the single-time common key encryption processing unit a plurality of times and executing multiple-time common key encryption processing is stored in the data storage unit. The recording device according to claim 8 .
  14. The recording device according to claim 8 , wherein the common key encryption process is a DES encryption process.
  15. A data processing method in a data processing system comprising a first device and a second device that mutually execute content data transfer,
    The second device is:
    Using a single common key encryption processing unit capable of executing a single common key encryption process, a single common key encryption process is repeated multiple times on the content data, thereby performing a multiple common key encryption process. Run ,
    The multiple-number common key encryption process is:
    A process of sequentially receiving a plurality of key data for a multiple-number common key encryption process from the first device, and repeatedly executing the single-number common key encryption process sequentially based on the received key data. Data processing method.
  16. The multiple-number common key encryption process is:
    A command sequence including encryption key exchange processing for encrypted data transferred from the first device to the second device and stored in storage means in the second device, or
    A command sequence including an encryption key exchange process for encrypted data stored in the storage means in the second device and transferred from the second device to the first device;
    The data processing method according to claim 15 , wherein the data processing method is executed in at least one of the command sequences.
  17. The data processing method further includes:
    Receiving a command identifier transferred from the first device according to a predetermined setting sequence;
    Retrieving and executing a command corresponding to the received command identifier from a register;
    The command sequence stored in the register is a single-time common key encryption processing sequence, and when the multiple-time common key encryption processing is executed, the single-time common key encryption processing sequence is repeatedly executed a plurality of times. The data processing method according to claim 15 .
  18. The data processing method further includes:
    Cryptographic processing applying the CBC mode with the data to be cryptographically processed as a message is executed,
    16. The encryption process using the multiple-time common key is performed by repeatedly executing the encryption process in the single-time common key encryption processing unit a plurality of times only for a part of the message sequence to be encrypted. The data processing method described in 1.
  19. The data processing method further includes:
    16. The process of determining whether to use a single-time common key system or a multiple-time common key system, based on header information of data content to be encrypted, is performed. Data processing method.
  20. The data processing method further includes:
    The method includes the step of storing the cryptographic processing data obtained by executing the multiple times common key encryption processing by repeatedly performing the encryption processing in the single time common key encryption processing unit a plurality of times in the data storage unit. Item 16. The data processing method according to Item 15 .
  21. The data processing method according to claim 15 , wherein the common key encryption process is a DES encryption process.
  22. A program providing medium for providing a computer program that allows a computer system to execute data processing in a data processing system including a first device and a second device that mutually perform content data transfer,
    Using a single common key encryption processing unit capable of executing a single common key encryption process, a single common key encryption process is repeated multiple times on the content data, thereby performing a multiple common key encryption process. The steps to perform
    Have
    The multiple-number common key encryption process is:
    A process of sequentially receiving a plurality of key data for a multiple-number common key encryption process from the first device, and repeatedly executing the single-number common key encryption process sequentially based on the received key data. Program providing media.
JP2000016128A 2000-01-25 2000-01-25 Data processing system, recording device, data processing method, and program providing medium Expired - Fee Related JP4524829B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2000016128A JP4524829B2 (en) 2000-01-25 2000-01-25 Data processing system, recording device, data processing method, and program providing medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2000016128A JP4524829B2 (en) 2000-01-25 2000-01-25 Data processing system, recording device, data processing method, and program providing medium

Publications (2)

Publication Number Publication Date
JP2001209305A JP2001209305A (en) 2001-08-03
JP4524829B2 true JP4524829B2 (en) 2010-08-18

Family

ID=18543325

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2000016128A Expired - Fee Related JP4524829B2 (en) 2000-01-25 2000-01-25 Data processing system, recording device, data processing method, and program providing medium

Country Status (1)

Country Link
JP (1) JP4524829B2 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6201871B1 (en) * 1998-08-19 2001-03-13 Qualcomm Incorporated Secure processing for authentication of a wireless communications device
US7366302B2 (en) * 2003-08-25 2008-04-29 Sony Corporation Apparatus and method for an iterative cryptographic block
JP2012084071A (en) 2010-10-14 2012-04-26 Toshiba Corp Digital content protection method, decryption method, reproducing device, memory medium and cryptographic device
JP5214782B2 (en) * 2011-08-31 2013-06-19 株式会社東芝 Memory device, storage medium, host device, and system
US8661527B2 (en) 2011-08-31 2014-02-25 Kabushiki Kaisha Toshiba Authenticator, authenticatee and authentication method
JP5275432B2 (en) 2011-11-11 2013-08-28 株式会社東芝 Storage medium, host device, memory device, and system
JP5204291B1 (en) 2011-12-02 2013-06-05 株式会社東芝 Host device, device, system
JP5204290B1 (en) 2011-12-02 2013-06-05 株式会社東芝 Host device, system, and device
JP5100884B1 (en) 2011-12-02 2012-12-19 株式会社東芝 Memory device
JP5112555B1 (en) 2011-12-02 2013-01-09 株式会社東芝 Memory card, storage media, and controller
JP5275482B2 (en) 2012-01-16 2013-08-28 株式会社東芝 Storage medium, host device, memory device, and system
US9201811B2 (en) 2013-02-14 2015-12-01 Kabushiki Kaisha Toshiba Device and authentication method therefor
US8984294B2 (en) 2013-02-15 2015-03-17 Kabushiki Kaisha Toshiba System of authenticating an individual memory device via reading data including prohibited data and readable data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH113284A (en) * 1997-06-10 1999-01-06 Mitsubishi Electric Corp Information storage medium and its security method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6230267B1 (en) * 1997-05-15 2001-05-08 Mondex International Limited IC card transportation key set

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH113284A (en) * 1997-06-10 1999-01-06 Mitsubishi Electric Corp Information storage medium and its security method

Also Published As

Publication number Publication date
JP2001209305A (en) 2001-08-03

Similar Documents

Publication Publication Date Title
JP4084827B2 (en) Unauthorized content detection system
CN1668002B (en) Encryption and data-protection for content on portable medium
CN1759559B (en) Protection system of digital works, recording apparatus, reproducing apparatus and a recording medium
CN102623030B (en) Recording device, and content-data playback system
EP1507261B1 (en) Copyright protection system, recording device, decryption device, and recording medium
RU2295202C2 (en) Device, configured for data exchange and authentication method
US7765604B2 (en) Information processing method, information processing apparatus and recording medium
US7346170B2 (en) Information processing system and method
CN103348623B (en) The terminal apparatus, authentication means, the key distribution device, and a method of reproducing content key distribution method
US7395429B2 (en) Mutual authentication method, program, recording medium, signal processing system, reproduction device, and information processing device
US7167564B2 (en) Information processing system and method
KR100434634B1 (en) Production protection system dealing with contents that are digital production
EP1623420B1 (en) Playback apparatus, playback method, and program for reproducing an encrypted virtual package
USRE42171E1 (en) Digital data file encryption apparatus and method and recording medium for recording digital data file encryption program thereon
US7639810B2 (en) Digital content encrypting apparatus and operating method thereof
US6782190B1 (en) Copy protection apparatus and method
JP4555046B2 (en) Data transfer system and data transfer method
US6911974B2 (en) Information processing system and method
CN1270246C (en) Apparatus and method for information processing, and program
CN100492962C (en) Apparatus and method for recording and reproducing information
US7421742B2 (en) Signal processing system, recording method, program, recording medium, reproduction device and information processing device
US20030051151A1 (en) Information processing apparatus, information processing method and program
KR101219618B1 (en) Information processing device, information recording medium, contents management system, data processing method, and computer readable recording medium recording a program
EP1229536A2 (en) Copy protection using multiple security levels on a programmable CD-ROM
KR100236697B1 (en) Software copying system

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20061016

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20100223

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20100413

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20100511

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20100524

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130611

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130611

Year of fee payment: 3

LAPS Cancellation because of no payment of annual fees