JP4602702B2 - Content reproduction apparatus, content reproduction method, and program - Google Patents

Description

The present invention relates to a playback apparatus that plays back a plurality of related contents, and more particularly to a technique for protecting the copyright of the contents.

In recent years, distribution forms of digital contents have been diversified, and one of them is distribution using a virtual package.
Each of the virtual packages is composed of a plurality of media on which digital contents related to each other are recorded, and the digital contents recorded on the plurality of media are converted into one package by a playback device of the digital contents. Are treated as recorded.

  For example, a content creator distributes in advance a large-capacity content (main content) indicating a movie whose dialogue is spoken in English to the owner of the content playback device using a BD-ROM. When a content (sub-content) indicating Japanese subtitles of a small-capacity movie is distributed using an SD card after English is translated into Japanese, the playback device distributes the sub-content. After being released, the movie indicated by the main content and the Japanese subtitle indicated by the sub-content can be viewed as if they were one content recorded in one package.

For digital content, copyright protection is important not only for distribution in virtual packages because it is easy to copy and there is no deterioration of information, so digital content must be recorded on a recording medium after encryption. In addition, as disclosed in Japanese Patent Application Laid-Open No. H10-228867, in the case where the key included in the playback device is exposed, the content cannot be decrypted by the exposed key with respect to the recording medium provided after the exposure. The copyright is protected by writing the information for the purpose (see Patent Document 1).
JP 2002-281913 A

However, the above-mentioned copyright protection is configured such that decryption of encrypted digital content is completed using only information in the package in which the digital content is recorded, and the elements constituting the virtual package are not complete. Even if the virtual package is not formed, there is a problem that a part of the content can be reproduced.
For example, even if the BD-ROM that is a component of the virtual package is not available, if only the SD card is at hand, only the sub-contents in the SD card can be played, and the virtual package is configured. It is against the intention of the copyright holder.

The present invention has been made in view of the above problems, and reproduces content recorded in a virtual package while protecting the copyright in the form of a virtual package in accordance with the intention of the creator. It is an object to provide a content reproduction apparatus.
.

In order to achieve the above object, the content reproduction apparatus of the present invention acquires content encrypted based on a first key, and the first key is predetermined based on a second key with respect to key generation information. And the second key is recorded on a recording medium so as to be taken out according to a predetermined procedure, and the encrypted content decrypting and reproducing content is obtained, wherein the recording medium A key acquisition unit for extracting the second key according to the predetermined procedure, an information acquisition unit for acquiring the encrypted content and the key generation information from an information source other than the recording medium; Key generation means for generating a third key by performing the predetermined operation based on the second key on the key generation information; and a third key generated by the key generation means for the encrypted content Based on And a decoding means for decoding Te.

By providing the above-described configuration, the content reproduction apparatus of the present invention limits the decryption of the encrypted content to a case where the second key can be obtained using information recorded on the recording medium. The reproduction of the content can be restricted only to form a virtual package according to the creator's intention, and the copyright can be protected.
In the content reproduction device, the second key encrypted based on the fourth key is recorded as key management information on the recording medium, and the key acquisition means is allocated in advance to the content reproduction device. Further, a key holding means for holding the fourth key, an information reading means for reading out the key management information from the recording medium, and the second key by decrypting the key management information based on the fourth key. And key acquisition means for obtaining the key.

According to this configuration, it is possible to limit the reproduction of the content to only the content reproduction device that holds the fourth key.
In the content reproduction apparatus, key management information that is a list of second keys encrypted with each of a plurality of keys equivalent to a fourth key is recorded on the recording medium, and the key acquisition unit includes: A key holding means for holding the fourth key allocated in advance to the content reproduction device;
Information acquisition means for reading out the key management information from the recording medium, and decrypting the second key encrypted with the fourth key out of the key management information based on the fourth key And key acquisition means for obtaining the second key.

According to this configuration, if the second key encrypted with the fourth key is not included in the list, the content cannot be played back. Therefore, the content playback device in which the previously held key is exposed Can prevent the reproduction of the content and can protect the copyright.
In the content reproduction apparatus, key management information, which is a list of second keys encrypted based on each valid key, is recorded on the recording medium, and the key acquisition unit stores a plurality of keys. When any one of the plurality of keys included in the key holding unit held in advance, the information acquisition unit that acquires the key management information from the recording medium, and the key holding unit matches one of the valid keys The second key encrypted based on the key that matches the valid key in the key management information is decrypted based on the key that matches the valid key, whereby the second key is And obtaining key acquisition means.

According to this configuration, the content cannot be played back when the second key encrypted with each of the plurality of keys held by the content playback device is not included in the list. By doing so, it is possible to control whether or not the content playback apparatus can play back the content, so that the copyright can be protected.
In addition, the content reproduction device may include a fifth key list encrypted based on each of a plurality of keys, and a second key encrypted based on the fifth key, on the recording medium. Key management information is recorded, and the key acquisition means includes a key holding means for holding a fourth key allocated in advance to the content reproduction device, and an information acquisition means for acquiring the key management information from the recording medium. A first key acquisition unit that decrypts each of the fifth keys encrypted based on each of a plurality of keys in the key management information using the fourth key; and a first key acquisition unit If the decryption by the key is successful, the second key encrypted based on the fifth key in the key management information is decrypted based on the fifth key which is the result of the decryption. Second key obtaining means for obtaining a second key may be included.

According to this configuration, the decryption of the encrypted content is limited to the case where the fifth key and the second key can be acquired using the fourth key, thereby reproducing the content. It can be restricted only to form a virtual package in line with the creator's intention, and copyright can be protected.
In the content reproduction apparatus, the key generation information is a first key encrypted with a second key, and the key generation unit decrypts the acquired key generation information with the second key. By doing so, the third key may be obtained.

According to this configuration, the decryption of the encrypted content is limited to a case where the key generation information is decrypted with the second key and a third key having the same value as the first key can be generated. It is possible to limit the reproduction of the content only in the form of a virtual package that conforms to the creator's intention, and to protect the copyright. Further, the content reproduction device, the key generation information is: One-way function processing based on a predetermined encryption method based on the second key for the key generation information, which is arbitrary data associated with the content and having a predetermined length. The key generation means may regard the result of one-way function processing based on a predetermined encryption method based on the second key for the key generation information as the third key.

According to this configuration, the decryption of the encrypted content using a one-way function process based on a predetermined encryption method can generate a third key having the same value as the first key using the key generation information. By limiting to the case, the reproduction of the content can be limited only to the form of a virtual package according to the intention of the creator, and the copyright can be protected. The first key is an exclusive OR of the key generation information and the key generation information encrypted using the second key based on the predetermined encryption method, The key generation means includes an encryption means for encrypting the key generation information using the second key based on the predetermined encryption method, the key generation information, and the encrypted key generation information. Is considered as the third key And an arithmetic means.

According to this configuration, a third key having the same value as the first key can be obtained by using the key generation information for decrypting the encrypted content using a one-way function process based on a predetermined encryption method. By limiting to the case, the reproduction of the content can be limited only to the form of a virtual package according to the intention of the creator, and the copyright can be protected. The predetermined encryption method may be an AES encryption method, and the encryption unit may encrypt the key generation information based on the second key based on the AES encryption method.

According to this configuration, a third key having the same value as the first key can be obtained by using the key generation information for decrypting the encrypted content using a one-way function process based on a predetermined encryption method. By limiting to the case, the reproduction of the content can be limited only to the form of a virtual package according to the intention of the creator, and the copyright can be protected. The information acquisition unit may acquire the encrypted content and the key generation information via a network.

  According to this configuration, the decryption of the encrypted content is limited to the case where the second key can be obtained using the information recorded on the recording medium, thereby reproducing the content. In accordance with the above-mentioned recording medium and a virtual package made up of content providing destinations connected via a network, and the copyright can be protected.

Further, in the content reproduction apparatus, the information acquisition unit may acquire the encrypted content and the key generation information from a subordinate recording medium that is a recording medium different from the recording medium.
According to this configuration, the decryption of the encrypted content is limited to a case where a third key having the same value as the first key can be obtained using the key generation information, thereby reproducing the content. It is possible to limit to a form of a virtual package composed of the recording medium and a recording medium different from the recording medium in accordance with the intention of the person, and the copyright can be protected.

  The content playback apparatus may further include a key management information including a fifth key list encrypted with each of a plurality of keys and the key generation information encrypted with the fifth key in the recording medium. Is recorded, and the information acquisition unit reads out the encrypted content and the key management information from the subordinate recording medium, a key holding unit that holds a fourth key allocated in advance to the content reproduction device. Information reading means; first key obtaining means for decrypting each of the fifth keys encrypted based on each of the plurality of keys of the key management information based on the fourth key; and first key And second key acquisition means for decrypting the encrypted key generation information using the fifth key as a result of the decryption when the acquisition means succeeds in decryption.

According to this configuration, the decryption of the encrypted content is limited to the case where the fifth key and the second key can be acquired using the fourth key, thereby reproducing the content. It can be restricted only to form a virtual package in line with the creator's intention, and copyright can be protected.
Further, in the content reproduction apparatus, the information acquisition unit may acquire the encrypted content and the key generation information from a memory card different from the recording medium.

  According to this configuration, the decryption of the encrypted content is limited to a case where a third key having the same value as the first key can be obtained using the key generation information, thereby reproducing the content. It is possible to limit the recording medium to a form of a virtual package composed of a memory card different from the recording medium in accordance with the intention of the person, and copyright can be protected.

In the content reproduction apparatus, the information acquisition unit may acquire the encrypted content and the key generation information from a disc different from the recording medium.
According to this configuration, the decryption of the encrypted content is limited to a case where a third key having the same value as the first key can be obtained using the key generation information, thereby reproducing the content. According to the intention of the person, the recording medium and the recording medium can be limited only to form a virtual package composed of a disc different from the recording medium, and the copyright can be protected.

Further, the content reproduction apparatus is configured to encrypt the content using a block encryption method based on the first key, and the decrypting unit is configured to decrypt the encrypted content based on the first key. Alternatively, decryption may be performed using a block encryption method.
According to this configuration, the decryption of the encrypted content based on the block encryption method is limited to the case where a third key having the same value as the first key can be generated, thereby reproducing the content. It can be limited to the form of a virtual package in line with the intention of the person, and the copyright can be protected.

Further, the content playback device encrypts the content using the C2 encryption method based on the first key, and the decrypting means stores the encrypted content based on the first key. The decryption may be performed using the C2 encryption method.
According to this configuration, the reproduction of the content is produced by limiting the decryption of the encrypted content based on the C2 encryption method to a case where a third key having the same value as the first key can be generated. It can be limited to the form of a virtual package in line with the intention of the person, and the copyright can be protected.

Further, the content reproduction device is configured to encrypt the content using a DES encryption method based on the first key, and the decrypting unit stores the encrypted content based on the first key. The DES encryption method may be used for decryption.
According to this configuration, the reproduction of the content is produced by limiting the decryption of the encrypted content based on the DES encryption method to the case where a third key having the same value as the first key can be generated. It can be limited to the form of a virtual package in line with the intention of the person, and the copyright can be protected.

Further, the content reproduction apparatus is configured to encrypt the content using an AES encryption method based on the first key, and the decrypting unit stores the encrypted content based on the first key. Alternatively, decryption may be performed using the AES encryption method.
According to this configuration, reproduction of the content is produced by limiting the decryption of the encrypted content based on the AES encryption method to a case where a third key having the same value as the first key can be generated. It can be limited to the form of a virtual package in line with the intention of the person, and the copyright can be protected.

  The content reproduction method of the present invention includes a key acquisition unit, an information acquisition unit, a key generation unit, and a decryption unit, acquires content encrypted based on the first key, and the first key is The encrypted content generated by performing a predetermined calculation on the key generation information based on the second key, the second key being recorded on the recording medium so as to be taken out by a predetermined procedure, and acquired. A content reproduction method by a content reproduction apparatus for decrypting and reproducing, wherein the key acquisition unit extracts the second key from the recording medium according to the predetermined procedure, and the information acquisition unit An information acquisition step of acquiring the encrypted content and the key generation information from an information source other than the recording medium; and the key generation information obtained by the key generation unit with respect to the key generation information. A key generation step for generating the third key by performing the predetermined operation based on the key of the key; and the encrypted content by the decryption means based on the third key generated by the key generation means A decoding step of decoding.

According to this configuration, the decryption of the encrypted content is limited to the case where the second key can be obtained using the information recorded on the recording medium, thereby reproducing the content. Can be restricted only to form the body of a virtual package along the line, and copyright can be protected.
The program of the present invention includes a key acquisition unit, an information acquisition unit, a key generation unit, and a decryption unit, acquires content encrypted based on the first key, and the first key generates a key. Generated by performing a predetermined operation on information based on a second key, and the second key is recorded on a recording medium so as to be taken out by a predetermined procedure, and the obtained encrypted content decryption, A program applied to a content playback apparatus to be played back, wherein the key acquisition unit extracts the second key from the recording medium according to the predetermined procedure, and the information acquisition unit performs the encryption. An information acquisition step of acquiring the generated content and the key generation information from an information source other than the recording medium, and the key generation information obtained by the key generation unit based on the second key. A key generation step of generating a third key by performing the predetermined operation; and a decryption step of decrypting the encrypted content based on the third key generated by the key generation unit by the decryption unit And let the computer execute each step.

According to this configuration, the decryption of the encrypted content is limited to the case where the second key can be obtained using the information recorded on the recording medium, thereby reproducing the content. Can be restricted only to form the body of a virtual package along the line, and copyright can be protected.

<First Embodiment>
Hereinafter, a content reproduction system according to a first embodiment of the present invention will be described with reference to the drawings.
First, an outline of the content reproduction system will be described.
The content reproduction system uses a sub-content for a virtual package including a package medium for recording main content such as video and audio data and a package medium for recording sub-content that is subtitle data related to the main content. Is a system that restricts the decryption and reproduction of the contents when there is a package medium of the main content, that is, when there is a right of reproduction of the sub-contents, to protect the copyright.

  Specifically, the main content is a data stream related to video and audio of a movie, and the sub-content is a data stream indicating Japanese subtitles or Korean subtitles not included in the main content, and the sub-contents It is assumed that the content is produced by the copyright holder with the intention of being viewed only by the purchaser of the packaged medium on which the main content is recorded, and the distribution of the subcontent is not limited to the distribution by the packaged medium. It may be distributed through a communication line, broadcast, or the like.

FIG. 1 is a diagram showing an outline of the content reproduction system.
The content playback system includes playback devices 10a, 10b, 10c, 10d, 10e,... That play back the main content and the sub-content, and a BD-ROM 30 on which the main content and related information are recorded. The SD card 40 in which the sub-contents and related information are recorded, and a device key and the like that are uniquely assigned and distributed to each playback device are managed. Key management device 70 for writing the key information, and a recording device 50 for recording information including contents on the BD-ROM 30 and the SD card 40.

Hereinafter, it is assumed that the content is played back by the playback device 10 that is one of the playback devices 10a, 10b, 10c, 10d, 10e,.
The key management device 70 writes key management information for invalidating a predetermined device key among the device keys distributed to each playback device and other information in the lead-in area of the BD-ROM 30, and then the BD-ROM 30. Is transferred to the recording device 50.

The recording device 50 is a content recording device such as a personal computer having a content editing function and the like and connected with an operation keyboard 51, a monitor 52, and the like. The main content is written in the BD-ROM 30, and sub-contents related to the main content are recorded. Is written to the SD card 40.
The BD-ROM 30 and the SD card 40 into which information has been written by the recording device 50 are transferred to the user of the playback device 10 through the store. The user of the playback device 10 inserts the acquired BD-ROM 30 and SD card 40 into a corresponding location such as an insertion slot provided in the playback device 10.

  The playback device 10 is a drive device that reads the contents of the BD-ROM 30, a card reader / writer that reads / writes data from / to the SD card 40, a BD player that includes a light receiving unit that receives instructions from the remote controller 20, and the like. The content recorded on the BD-ROM 30 and the SD card 40 is reproduced and output to the monitor 21 in accordance with an instruction performed using the remote controller 20, and the reproduced content is displayed on the output destination monitor 21.

Next, the key management device 70 will be described.
FIG. 2 is a block diagram showing the configuration of the key management device 70.
As shown in the figure, the key management device 70 includes a device key holding unit 71, a media key holding unit 72, an RKB generation unit 73, a disk key holding unit 74, an encrypted disk key generation unit 75, and a disk insertion unit. Specifically, a computer system including a CPU, a ROM, a RAM, a hard disk, a disk drive, or a disk processing device for processing a disk, etc., and the ROM stores a computer program. The CPU realizes its function by operating according to the computer program.

The device key holding unit 71 holds a valid device key in advance among the device keys distributed to each of the playback devices described above.
The device key is data of a fixed length (for example, 256 bytes) that is uniquely assigned to each playback apparatus.
The media key holding unit 72 holds in advance a media key assigned to a recording medium every predetermined number (for example, every shipment lot).

The media key is notified in advance from the manufacturer of the recording medium, and the media key of the BD-ROM 30 is Km.
An RKB (Renewal Key Block) generation unit 73 is a list of encrypted media keys that are the results of encrypting Km with each device key held by the device key holding unit 71.

FIG. 3 is a diagram schematically showing information written in the BD-ROM 30.
As shown in FIG. 3, in the RKB recording area 31, a device number uniquely assigned to a playback device and an encrypted media key are recorded in association with each other as an RKB.
Kdev_1 indicates a device key assigned to the playback device whose device number is “1”, and E1 (Kdev_1, km) indicates Km encrypted by Kdev_1 in the encryption scheme E1.

The device number “2” is recorded in association with E1 (Kdev_2, 0), but the result of decrypting E1 (Kdev_2, 0) using the device key Kdev_2 is the media key. Instead, it is “0”, which indicates that the device with the device number “2” is invalidated.
In addition, as the encryption method E1, an AES encryption method that may use a widely used encryption method such as AES, the NIST (National Institute of Standards and Technology) website (http://csrc.nist.gov/ Detailed information is posted in CryptoToolkit / aes /), so the explanation here is omitted.

The RKB generation unit 73 records the RKB described above in the RKB recording area of the BD-ROM 30 via the disk input / output unit 76.
The disk key holding unit 74 holds the same number of disk keys as the number of BD-ROMs, which is a unique key for each BD-ROM.
The disk key corresponding to the BD-ROM 30 is assumed to be Kd.

The encrypted disk key generation unit 75 acquires Km from the media key holding unit 72, acquires Kd from the disk key holding unit 74, and encrypts Kd with Km by the AES encryption method.
Hereinafter, Kd encrypted using Km by the AES encryption method is referred to as Em (Kd).
The encrypted disk key generation unit 75 records the generated Em (Kd) in the encrypted disk key recording area 32 of the BD-ROM 30 via the disk input / output unit 76 as shown in FIG.

The disk key transmission unit 77 notifies the recording device 50 of the disk key used in the encrypted disk key 75 via the network.
Next, the recording apparatus 50 will be described.
FIG. 4 is a block diagram illustrating a configuration of the recording apparatus 50.
As shown in FIG. 4, the recording device 50 includes a disc key acquisition unit 51, a sub content holding unit 52, a content key generation unit 53, a sub content encryption unit 54, a card input / output unit 56, a main content holding unit 57, a disc writing A computer system comprising a disk processing device for processing a CPU, ROM, RAM, hard disk, memory card reader / writer, disk drive or disk, and the like. A computer program is stored, and the CPU realizes its function by operating according to the computer program.

The disk key acquisition unit 51 acquires a disk key from the key management device 70 via the network, and outputs the acquired disk key to the content key generation unit 53.
Here, the disk transferred from the key management device 70 is the BD-ROM 30, and the disk key acquired by the disk key acquisition unit 51 is Kd.
The sub-content holding unit 52 holds the content number for identifying the sub-content, the unit value that is different for each sub-content of a predetermined length (for example, 128 bits), and the sub-content in association with each other.

FIG. 5 shows an example of data held by the sub-content holding unit 52. For example, the sub-content 1 is stored in association with a unit value whose content number is “1” and whose value is “Vu_1”. Has been.
The sub-content holding unit 52 outputs a unit value corresponding to the sub-content to be encrypted to the content key generating unit 53 and the card input / output unit 56, and also outputs the sub-content corresponding to the output unit value to the sub-content. The data is output to the encryption unit 54.

The content key generation unit 53 performs one-way function processing on the unit value acquired from the sub-content holding unit 52 with the disk key acquired from the disk key acquisition unit 51 using the AES encryption method, and the result of the one-way function processing; The exclusive OR with the unit value is output to the sub-content encryption unit 54 as the content key Ku.
The content encryption unit 54 acquires the sub content from the sub content holding unit 52, and encrypts the acquired sub content using the content key Ku.

As the encryption method, a widely used encryption method such as AES (Advanced Encryption Standard) may be used.
The card input / output unit 56 writes the received unit value in the unit value holding unit 41 of the SD card 40, and records the encrypted sub-content in the encrypted sub-content holding unit 42 of the SD card 40.

FIG. 6 is a diagram schematically showing data recorded in the unit value holding unit 41 and the encrypted sub-content holding unit 42 of the SD card 40, and the recorded contents of the unit value holding unit 41 in the same order, The recorded contents of the encrypted sub-content holding unit 42 are associated with each other.
For example, Vu_1 and E2 (Ku_1, sub-content 1) are associated with each other, and Vu_m and E2 (Ku_m, sub-content m) are associated with each other.

The main content holding unit 57 holds the main content and outputs it to the disc writing unit 58. The disc writing unit 58 writes the main content in the main content recording area 33 of the BD-ROM 30 as shown in FIG.
Next, the playback device 10 will be described.
Here, it is assumed that the playback device 10 is a playback device whose device number in FIG. 3 is “1”.

FIG. 7 is a block diagram showing the configuration of the playback apparatus 10.
As shown in FIG. 7, the playback apparatus 10 includes an instruction acquisition unit 11, a control unit 12, a disk input / output unit 13, a device key holding unit 14, an RKB processing unit 15, a disk key generation unit 16, The card input / output unit 17, the content key generation unit 18, the sub-content decryption unit 19, and the playback unit 20, specifically, a CPU, ROM, RAM, MPEG (Moving Picture Experts Group) decoder, video A BD (Blu-ray Disc) player or the like including an audio signal processing unit, an encryption processing unit, a disk drive, a card reader / writer, etc., a computer program is stored in the ROM, and the CPU operates according to the computer program By doing so, the function is realized.

The instruction acquisition unit 11 acquires a user instruction corresponding to a user operation from the remote controller 20 operated by the user, and transmits the user instruction to the control unit 12.
The user instruction includes a content reproduction instruction including a content ID for identifying content that the user desires to reproduce.
Specifically, the control unit 12 is the CPU, the computer program, and the like, and controls the overall operation of the playback device 10.

When receiving the content reproduction instruction, the control unit 12 instructs the disc input / output unit 13 to read out the RKB from the BD-ROM 30, instructs the RKB processing unit 15 to perform the RKB process, and The input / output unit 17 is instructed to read out the unit value and the encrypted sub-content, and the reproducing unit 20 is instructed to reproduce the sub-content.
The disk input / output unit 13 is a disk drive that reads information from the BD-ROM, its control unit, and the like. In accordance with an instruction from the control unit 12, the disk input / output unit 13 reads RKB from the BD-ROM 30 and outputs it to the RKB processing unit 15. (Kd) is read and output to the disc key generation unit 16, and the main content is read and output to the playback unit 20.

The device key holding unit 14 is a nonvolatile memory, and holds a device key Kdev_1 that is a unique key for each playback device in advance.
The RKB processing unit 15 reads the device key Kdev_1 from the device key holding unit 14 according to an instruction from the control unit 12, and reads the RKB from the RKB recording area 31 of the BD-ROM 30 via the disk input / output unit 13. After that, the encrypted media key E1 (Kdev_1, Km) corresponding to the device number “1” in the RKB shown in FIG. 3 is decrypted with the device key Kdev_1 based on the AES encryption method to obtain Km. The generated Km is output to the disk key generation unit 16.

Here, if the playback device 10 is a device whose device number that has been revoked is “2”, the RKB processing unit 15 obtains the value “0” by the decryption processing, and the media key Km generation fails, and sub-content decoding fails.
The disk key generation unit 16 is an encryption processing unit that decrypts information by the AES encryption method, acquires Km from the RKB processing unit 15, acquires Em (Kd) via the disk input / output unit 13, and AES Based on the encryption method, the disk key Kd is obtained by decrypting Em (Kd) using Km.

The card input / output unit 17 is a card reader / writer that inputs / outputs information to / from the SD card 40, and outputs the unit value read from the unit value holding unit 41 of the SD card 40 to the content key generation unit 18. In addition, the encrypted sub-content read from the encrypted sub-content holding unit 42 is output to the sub-content decrypting unit 19.
The content key generation unit 18 is an encryption processing unit that performs one-way function processing by the AES encryption method, acquires a unit value from the unit value holding unit 41 of the SD card 40 via the card input / output unit 17, and uses a disk key Kd is obtained from the generation unit 16, the unit value is subjected to a one-way function process using the AES encryption method with Kd, and the exclusive OR of the result of the one-way function process and the unit value is sub-subscribed as a content key Ku It outputs to the content decoding part 19.

The sub-content decrypting unit 19 acquires the encrypted sub-content from the encrypted sub-content holding unit 42 via the card input / output unit 17, and based on a predetermined encryption method (for example, AES encryption method), The content is decrypted using the content key Ku.
The playback unit 20 includes an MPEG decoder, a video / audio signal processing unit, and the like. The playback unit 20 generates a video / audio signal from the main content and the sub-content, and outputs the video / audio signal to the monitor 21.

Next, an operation until the playback apparatus 10 decodes and plays back the sub-content will be described.
It is assumed that the playback apparatus 10 is instructed by the user to play back “sub-content 1” having a device number “1” and a content number “1”.
FIG. 8 is a flowchart showing an operation when the playback apparatus 10 plays back content.

A user of the playback apparatus 10 inserts the BD-ROM 30 into a disk drive included in the playback apparatus 10 and inserts the SD card 40 into a card reader / writer included in the playback apparatus 10.
The user uses the remote controller 20 to instruct the playback device 10 to play back the sub-content 1 whose content number is “1” (step S1).

The instruction acquisition unit 11 acquires a user instruction for instructing reproduction of the sub-content 1 from the remote controller 20 and transmits the user instruction to the control unit 12.
The control unit 12 acquires the user instruction, holds the value “1” as the content number to be reproduced, and instructs the RKB processing unit 15 to read out the RKB.
The RKB processing unit 15 reads the RKB from the RKB recording area 31 of the BD-ROM 30 via the disk input / output unit 13 (step S2).

The RKB processing unit 15 acquires the device key Kdev_1 from the device key holding unit 14, extracts E1 (Kdev_1, Km) corresponding to the device number “1” from the read RKB, and E1 (Kdev_1, Km) as Kdev_1. Decode (step S3).
If acquisition of Km fails due to the decoding in step S3 (step S4 = NO), the process is terminated.

If Km is successfully acquired by the decryption in step S3 (step S4 = YES), the disk key generation unit 16 sends the Em from the encrypted disk key recording area 32 of the BD-ROM 30 via the disk input / output unit 13. (Kd) is read (step S5).
The disc key generation unit 16 decrypts Em (Kd) using Km, obtains Kd, and outputs it to the content key generation unit 18 (step S6).

The content key generation unit 18 reads Vu_1 that is a unit value corresponding to the content number “1” held by the control unit 12 from the unit value holding unit 41 of the SD card 40 via the card input / output unit 17 (step S1). S7).
The content key generation unit 18 performs one-way function processing on Vu_1 with Kd using the AES encryption method, and uses the result of the one-way function processing and Vu_1 as a content key Ku_1 for the sub-content decryption unit 19 Output (step S8).

The sub-content decryption unit 19 acquires Ku_1, and “encrypted sub-content 1” corresponding to the content number “1” held by the control unit 12 from the encrypted sub-content holding unit 42 via the card input / output unit 17. Is read (step S9).
The sub-content decrypting unit 19 decrypts the encrypted sub-content 1 using the content key Ku_1 and outputs it to the reproducing unit 20 (step S10).

The playback unit 20 reads the main content from the main content recording area 33 via the disc input / output unit 13, acquires the sub content from the sub content decoding unit 19, and receives video and audio signals from the main content and the sub content. Generate and output to the monitor 21 (step S11).
As described above, according to the content playback system of the present invention, the playback of the sub-content by the playback device can be obtained by inserting the package media for recording the main content into the disc drive of the playback device and acquiring the disc key Kd. Can be limited to cases.

In addition, since the unit value may be distributed together with the encrypted sub-content, it is not necessary to generate the unit value in advance when creating the main content.
Also, it becomes easy to encrypt sub-contents using a different content key for each sub-content, and even if the unit value is exposed, the effects of exposure can be localized only to the sub-content corresponding to the exposed unit value. .
<Modification of First Embodiment>
(1) In this embodiment, AES is used for encryption and decryption, but other encryption methods such as a DES (Data Encryption Standard) encryption method and a C2 encryption method may be used.
(2) In the present embodiment, the encrypted disk key and the RKB are stored in the recording medium, but the present invention is not limited to this. For example, the disk key may be stored directly on the recording medium. However, in this case, since the disc player may read the disc key, it is necessary to record the disc key by a special method. For example, as the special method, there is a method of carving information with a special laser in a BCA (Burst Cutting Area) area of a disc.
(3) In the present embodiment, only the unit value and the encrypted content are stored in the recording medium for storing the sub-content. However, the present invention is not limited to this, and an encrypted disk key or RKB may be stored. . In this case, the unit value corresponding to the sub-content is encrypted and stored with the disc key obtained from the RKB and the encrypted disc key. The playback device acquires the unit value from the recording medium storing the sub-content, and further acquires the disk key from the RKB and the encrypted disk key stored in the recording medium of the main content, and decrypts the content therefrom. Generate a key.
<Second Embodiment>
Hereinafter, a second embodiment of the present invention will be described with reference to the drawings.
<Overview>
FIG. 9 is a schematic diagram of a content reproduction system 100 according to the second embodiment of the present invention.

A BD (Blu-ray Disc) player 122 is a content playback device that plays back content held by a BD-ROM or SD card, and has a function of performing wireless communication with a wireless tag.
The package 101 includes a BD-ROM 102 that is a medium in which content is recorded, an outer box 103 for storing the medium, and a wireless tag 104 that is an authentication device attached to the outer box 103.

The wireless tag 104 performs wireless communication with the BD player 122.
The content recorded in the BD-ROM 102 is stream information that is a data stream relating to video and audio of a movie whose title is “Galaxy Battle Chapter 1”.
The package 111 includes a BD-ROM 112, an outer box 113 for storing the BD-ROM 112, and a wireless tag 114 attached to the outer box 113.

The wireless tag 114 performs wireless communication with the BD player 122.
The BD-ROM 112 holds stream information that is a data stream related to video and audio of a movie titled “Galaxy Battle Chapter 2”, which is a sequel to “Galaxy Battle Chapter 1” recorded in the BD-ROM 102. ing.
It is assumed that the user of the BD player 122 has the package 101 and the package 111 in advance.

When the user causes the BD player 122 to reproduce the content held in the BD-ROM 102 or the BD-ROM 112, the user uses the BD-ROM holding the content desired to be reproduced as a predetermined BD-ROM of the BD player 122. Insert into the ROM slot.
The BD player 122 reads the content desired to be reproduced from the inserted BD-ROM and reproduces it.

The user transmits a user instruction to the BD player 122 by pressing operation keys such as a fast-forward key, a rewind key, and a reproduction stop key provided in the remote controller 123.
When the BD player 122 receives the user instruction, the BD player 122 performs control related to content reproduction such as fast forward, rewind, and reproduction stop according to the user instruction.

The SD card 121 is a recording medium for recording content, and is distributed to the user separately from the package 101 or the package 111.
The SD card 121 is electrically connected to the BD player 122 by being inserted into a predetermined SD card slot of the BD player 122.
The SD card 121 stores stream information, which is a video and audio data stream related to the main part of the movie held in the BD-ROM and related to the main part of the movie and advertisement video unrelated to the main part, as content. Yes.

Here, the behind-the-scenes video is a video that captures the shooting method of the movie main part, the behind-the-scenes at the time of shooting, the action taken by the performers of the main part of the movie during the waiting time for shooting, and the advertising video is the movie This is a video for advertising products that are unrelated to the main part.
FIG. 10 is a diagram showing information related to the content held by the SD card 121.
FIG. 10A is a diagram showing content held by the SD card 121.

The SD card 121 holds four contents 151, 152, 153, and 154.
The content 151 is the stream information related to the advertisement video that is unrelated to the movie.
The content 152 is information obtained by encrypting the data stream information related to the backstage video of the movie “Galaxy Battle Chapter 1” using the first content key, and can be decrypted using the first content key.

The content 153 is information obtained by encrypting the data stream information related to the backstage video of the movie “Galaxy Battle Chapter 2” using the second content key, and can be decrypted using the second content key.
Content 154 is an omnibus video that includes the behind-the-scenes video of the movie “Galaxy Battle Chapter 1” and “Galaxy Battle Chapter 2” as well as the unreleased movie “Galaxy Battle Chapter 3”. Data stream information related to the information is encrypted using the third content key, and can be decrypted using the third content key.

The third content key is a key generated from the first content key and the second content key.
In addition, the first content key is held in advance in a storage area included in the wireless tag 104, and the second content key is held in a storage area included in the wireless tag 114.
FIG. 10B is a diagram simply showing the structure of the content 151.

The content 151 is divided into three parts: a chapter 161, a chapter 162, and a chapter 163.
The chapter 161 is an advertisement video for encouraging the package purchase of “Galaxy Battle Chapter 1”, and the content creator of the content 151 hopes that a user who has not purchased the package 101 wants to watch it. Yes.

The chapter 162 is an advertisement video for encouraging the purchase of a package of “Galaxy Battle Chapter 2”, and the content creator desires the user who has not purchased the package 111 to watch it.
The chapter 163 is an advertising video for advertising an article unrelated to the “Galaxy Battle Chapter 1” and “Galaxy Battle Chapter 2”. I want users to see it.

Each of the chapters 161, 162, and 163 is played by the BD player 122 according to playback path information indicating whether playback is possible and the playback order.
The reproduction path information will be described later.
<Configuration>
FIG. 11 is a block diagram showing a functional configuration of the content reproduction system 100.
<Wireless tags 104 and 114>
Specifically, the wireless tags 104 and 114 are modules including an IC having a wireless communication function, an antenna, and a small-capacity storage area.

The wireless tag 104 functionally includes a communication unit 201, an authentication unit 202, and an information holding unit 203 as shown in FIG.
The communication unit 201 performs wireless communication with the BD player 122.
The authentication unit 202 performs an authentication process with the BD player 122 via the communication unit 201.

The authentication process is challenge and response authentication.
Here, the challenge and response authentication will be described.
The BD player 122 and the authentication unit 202 hold a parent password in advance.
The BD player 122 generates a random number and transmits it to the authentication unit 202.
The authentication unit 202 calculates a child password that is a hash value of information obtained by adding the parent password and the random number, and transmits the child password to the BD player 122.

The BD player 122 calculates a hash value of information obtained by adding the parent password and the random number, and if the calculated hash value matches the child password received from the authentication unit 202, the authentication result is valid. Is determined.
The authentication unit 202 receives the authentication result from the BD player 122.
The information holding unit 203 holds the first content key.

The information holding unit 203 transmits the first content key to the BD player 122 via the communication unit 201 when the result of the authentication process performed by the authentication unit 202 is valid.
The wireless tag 114 has the same configuration as the wireless tag 104, and includes a communication unit 211, an authentication unit 212, and an information holding unit 213.
The wireless tag 114 holds the second content key in the information holding unit 213.
<SD card 121>
As a specific configuration, the SD card 121 is a memory card including an IC and a large-capacity storage area.

The SD card 121 is functionally composed of a content holding unit 221 as shown in FIG.
The content holding unit 221 holds the contents 151 to 154 as described above.
<BD player 122>
The communication units 231 and 233 perform wireless communication with the wireless tags 104 and 114.

The authentication unit 232 performs the challenge and response authentication process with the wireless tag 104 via the communication unit 231.
The authentication unit 232 outputs the first authentication result, which is the result of the authentication process, to the control unit 236 and transmits it to the wireless tag 104 via the communication unit 231.
The communication unit 231 receives the first content key held by the information holding unit 203 via the communication unit 201 and outputs it to the control unit 236.

The authentication unit 234 performs the challenge and response authentication process with the wireless tag 114 via the communication unit 233.
The authentication unit 234 outputs the second authentication result, which is the result of the authentication process, to the control unit 236 and transmits it to the wireless tag 114 via the communication unit 233.
The communication unit 233 receives the second content key held by the information holding unit 213 via the communication unit 211 and outputs it to the control unit 236.

The control unit 236 acquires the first and second authentication results from the authentication units 232 and 234, and instructs the decryption unit 237 and the playback unit 238 according to the combination of the authentication results, thereby the SD card 121. The playback control of the content held in is performed.
The control unit 236 holds a reproduction path selection table related to the reproduction path information in advance.
FIG. 12 shows information regarding reproduction control held by the control unit 236.

FIG. 12A shows the reproduction path selection table held by the control unit 236.
The reproduction path selection table indicates a correspondence between a combination of whether each of the first and second authentication results indicates validity or invalidity and the reproduction path information.
Here, the reproduction path information indicates the reproduction order of chapters to be reproduced.
For example, the reproduction path 261 indicates that each chapter is reproduced in the order of the chapter 163, the chapter 161, and the chapter 162.

The control unit 236 selects the reproduction path 261 based on the reproduction path selection table when both of the acquired first and second authentication results indicate invalidity.
FIG. 12B shows a playability determination table held by the control unit 236.
The playability determination table indicates a correspondence between a combination of whether each of the first and second authentication results indicates validity or improperness and content to be reproduced among the contents 152 to 154.

For example, when both the acquired first and second authentication results indicate validity, the control unit 236 performs control so that the content 154 is played according to the playability determination table.
In addition, the control unit 236 generates a third content key from the first and second content keys, with the first content key being a key corresponding to the content 152 and the second content key being a key corresponding to the content 153. It is assumed that the third content key and the key corresponding to the content 154 are stored and understood in the form of a correspondence table.

The control unit 236 receives the first content key held by the information holding unit 203 via the communication unit 231, and receives the second content key held by the information holding unit 213 via the communication unit 233.
The decryption unit 237 acquires the first content key and the second content key from the control unit 236.

The decryption unit 237 generates the third content key from the first content key and the second content key.
Also, the decryption unit 237 uses the content key corresponding to any one of the first to third content keys when the content of the content determined to be reproduced by the control unit 236 is encrypted. The content is decrypted.

The reproduction unit 238 reproduces the content instructed by the control unit 236.
The reproduction instruction acquisition unit 239 acquires the user instruction from the remote controller 123 and outputs it to the control unit 236.
The timer 240 includes a clock and a counter, and a timeout value in units of 1 second is set in the counter by the control unit 236.

The timer 240 counts down by “1” from the counter value every 1 second.
<Operation>
The operation of content reproduction processing in the content reproduction system 100 will be described with reference to FIG.

FIG. 13 is a flowchart showing content reproduction processing in the content reproduction system 100.
The user inserts the SD card 121 into the SD card slot of the BD player 122 (step S101).
The BD player 122 and the SD card 121 are electrically connected.

The user places the wireless tags 104 and 114 within a range where the BD player 122 and the wireless tags 104 and 114 can perform wireless communication.
The control unit 236 sets a value “5” indicating 5 seconds as a timeout value in the timer 240 (step S102).
The timer 240 counts down one by one from the set value every 1 second.

The control unit 236 determines whether or not the timer 240 has a value “0” representing a timeout (step S103).
If the timer 240 indicates a timeout, all authentication results that have not been terminated are determined to be invalid, and the authentication result is notified to the control unit 236 (step S104).
The communication units 231 and 233 attempt to communicate with a wireless tag that has not been authenticated (step S105).

If the communication cannot be performed with the wireless tag that has not been authenticated, the process returns to step S103.
If communication can be performed with a wireless tag that has not been subjected to authentication processing, authentication processing is performed (step S106).
As described above, the authentication process is challenge and response authentication, and the authentication result indicates whether it is valid or invalid.

The authentication unit that has performed the authentication process notifies the control unit 236 of the authentication result (step S107).
The control unit 236 holds the authentication result.
The control unit 236 determines whether or not all the authentication processes have been completed by checking whether or not the authentication results to be acquired have been obtained (step S108).

If it is determined that all the authentication processes have not been completed, the process returns to step S103 and continues.
If it is determined that all authentication processes have been completed, the process proceeds to step S109.
The control unit 236 instructs the timer 240 to stop the countdown, and ends the timeout measurement process (step S109).

The control unit 236 selects a reproduction path associated with the acquired combination of authentication results from the reproduction path selection table (step S110).
The control unit 236 selects encryption information associated with the acquired combination of authentication results from the reproduction permission / inhibition determination table (step S111).
The decryption unit 237 obtains the first content key and the second content key from the control unit 236, and generates the third content key (step S112).

The decryption unit 237 decrypts the selected content whose content is encrypted using the corresponding content key of any of the first to third content keys, and outputs the decrypted content to the playback unit 238.
The playback unit 238 plays back the content 151 according to the selected playback path (step S113).

Subsequently, the playback unit 238 plays back the decrypted content received from the decryption unit 237.
<Third Embodiment>
Hereinafter, a third embodiment of the present invention will be described with reference to the drawings.
<Overview>
FIG. 14 is a schematic diagram of the content reproduction system 2 according to the third embodiment of the present invention.

The BD player 332 is a content reproduction device that reproduces content held in a BD-ROM or an SD card, and has a function of performing wireless communication with a wireless tag.
The package 301 includes a BD-ROM 302 that is a medium on which content is recorded, an outer box 303 for storing the medium, and a wireless tag 304 attached to the outer box 303.

The wireless tag 304 performs wireless communication with the BD player 332.
The content recorded in the BD-ROM 302 is stream information that is a data stream related to video and audio of a movie whose title is “Galaxy Battle Chapter 1”.
The package 312 includes a BD-ROM 312, an outer box 313 for storing the BD-ROM 312, and a wireless tag 311 attached to the outer box 313.

The wireless tag 314 performs wireless communication with the BD player 332.
The BD-ROM 312 holds stream information that is a video and audio data stream of a movie titled “Galaxy Battle Chapter 2”, which is a sequel to “Galaxy Battle Chapter 1” recorded in the BD-ROM 302. ing.
The package 321 includes a BD-ROM 322, an outer box 323 for storing the BD-ROM 322, and a wireless tag 324 attached to the outer box 323.

The wireless tag 324 performs wireless communication with the BD player 332.
The BD-ROM 322 is stream information that is a video and audio data stream of a movie titled “Galaxy Battle Chapter 3”, which is a sequel to the “Galaxy Battle Chapter 2”.
It is assumed that the user of the BD player 332 owns the packages 301, 311, and 321 in advance.

When the user causes the BD player 332 to reproduce the content recorded in the packages 301, 311, 321, the user holds the content desired to be reproduced from any one of the BD-ROM 302, the BD-ROM 312, and the BD-ROM 322. The inserted BD-ROM is inserted into a predetermined BD-ROM slot of the BD player 332.
The BD player 332 reads and reproduces the content recorded on the inserted BD-ROM.

Further, the user transmits a user instruction to the BD player 332 by pressing an operation key such as a fast forward key, a rewind key, or a reproduction stop key provided in the remote controller 333.
When the BD player 332 receives the user instruction, the BD player 332 performs control related to content reproduction such as fast forward, rewind, and reproduction stop according to the user instruction.

The SD card 331 is a recording medium for recording content, and is distributed to the user separately from the packages 301, 311, and 321.
The SD card 331 is connected to the BD player 332 by being inserted into a predetermined SD card slot included in the BD player 332.
The SD card 331 holds three contents of content 341, content 342, and content 343.

Here, each of the contents 341 to 343 is data stream information which is a data stream related to movie video and audio.
<Configuration>
FIG. 15 is a block diagram showing a configuration of a content reproduction system 300 according to the third embodiment of the present invention.
<Wireless tag 304, wireless tag 314, wireless tag 324>
The wireless tags 304, 314, and 324 have a specific configuration that is a module including an IC that performs wireless communication, an antenna, and a small-capacity storage area.

The wireless tag 304 functionally includes a communication unit 351 and an information holding unit 352 as shown in FIG.
The communication unit 351 performs wireless communication with the BD player 332.
The information holding unit 352 holds a medium instruction identifier for identifying an SD card that is assumed to be used.

The value of the medium instruction identifier held by the information holding unit 352 is “3”.
The information holding unit 352 transmits the medium instruction identifier to the BD player 332 via the communication unit 351.
The wireless tags 314 and 324 have the same configuration as the wireless tag 304.
The value of the medium instruction identifier held by the information holding unit 362 is “1”.

The value of the medium instruction identifier held by the information holding unit 372 is “3”.
<SD card 331>
The SD card 331 includes a communication unit 381, an authentication unit 382, and a content holding unit 383. A medium identifier for identifying a medium is allocated to each SD card.

It is assumed that the medium identifier of the SD card 331 is the value “3”.
The medium identifier is held by the authentication unit 382.
The communication unit 381 communicates information with the BD player 332.
The authentication unit 382 performs authentication processing with the BD player 332 via the communication unit 381.

The authentication process is challenge and response authentication.
Here, the challenge and response authentication will be described.
The BD player 332 and the authentication unit 382 hold a parent password in advance.
The BD player 332 generates a random number and transmits it to the authentication unit 382.
The authentication unit 382 calculates a child password that is a hash value of information obtained by adding the parent password and the random number, and transmits the child password to the BD player 332.

The BD player 332 calculates a hash value of information obtained by adding the parent password and the random number, and if the calculated hash value matches the child password received from the authentication unit 382, the authentication result is valid. If there is a mismatch, the authentication result is invalid.
The authentication unit 382 transmits the medium identifier to the BD player during the authentication process.

The content holding unit 383 holds content 341, content 342, and content 343.
Information held by the content holding unit 383 is read by the BD player 332 via the communication unit 381.
<BD player 332>
The communication unit 391 performs wireless communication with the wireless tag 304, the wireless tag 314, and the wireless tag 324.

The authentication unit 392 performs the challenge and response authentication process with the authentication unit 382 via the communication unit 393 and the communication unit 381.
The authentication unit 392 outputs the result of the authentication process to the control unit 394.
The control unit 394 acquires the authentication result from the authentication unit 392.
The authentication unit 392 acquires the medium identifier held by the authentication unit 392 from the authentication unit 382 during the authentication process.

When the authentication result indicates validity, the control unit 394 plays the content held by the SD card 331 based on the held content playback control table.
FIG. 16 is a diagram showing the contents of the content reproduction control table.
The content reproduction control table shows correspondence between the received medium instruction identifiers and the number of matches indicating the number of medium identifiers of the media holding the contents and the contents instructing reproduction. It is a table | surface which shows.

For example, in the present embodiment, the value of the medium identifier read from the SD card 331 is “3”, the medium instruction identifier acquired from the wireless tag 304 is the value “3”, and the medium instruction identifier acquired from the wireless tag 314. Is the value “1”, and the medium instruction identifier acquired from the wireless tag 324 is the value “3”, so the number of matches is two.
Therefore, the control unit 394 determines that the content 342 should be reproduced according to the content reproduction control table.

The control unit 394 notifies the playback unit 395 of the content to be played back selected according to the content playback control table.
The reproduction unit 395 reproduces the content 342 that is the content to be reproduced in accordance with the notification acquired from the control unit 394.
The reproduction request acquisition unit 396 acquires the user instruction from the remote controller 333 and outputs it to the control unit 394.

The timer 397 includes a clock and a counter, and a timeout value in units of 1 second is set in the counter by the control unit 394.
The timer 397 counts down by “1” from the counter value every time one second elapses.
<Operation>
Content reproduction processing in the content reproduction system 300 will be described with reference to the drawings.

FIG. 17 is a flowchart showing content reproduction processing in the content reproduction system 2.
The user inserts the SD card 331 into the SD card slot of the BD player 332 (step S201).
The BD player 332 and the SD card 331 are electrically connected.

The user installs wireless tags 304, 314, and 324 within a range where wireless communication with the BD player 332 is possible.
The control unit 394 sets a value “5” indicating 5 seconds as a timeout value in the timer 397 (step S202).
The timer 397 counts down one by one from the set value every 1 second.

The control unit 394 determines whether or not the value counted down by the timer 397 is a value “0” indicating a timeout (step S203).
If the timer 397 indicates a timeout, the process proceeds to step S207.
If the timer 397 does not indicate a timeout, communication is scheduled and detection of a wireless tag that has not yet communicated the medium instruction identifier is attempted (step S204).

If not detected in step S204, the process returns to step S203.
If detected in step S204, the BD player 332 acquires the medium instruction identifier from the detected wireless tag (step S205).
The BD player 332 determines whether or not communication has been performed with all the wireless tags scheduled for communication (step S206).

If it is determined in step S206 that the process has not ended, the process returns to step S203.
If it is determined in step S206 that the process has ended, the control unit 394 notifies the timer 397 of the end of timeout detection (step S207).
The timer 397 ends the timeout detection process and clears the counted value.

The control unit 394 selects content to be played based on the content playback control table (step S208).
The playback unit 395 plays back the content selected in step S208 (step S209).
<Other variations>
It should be noted that the content reproduction system of the present invention is not limited to the above-described embodiment, and various changes can be made without departing from the scope of the present invention.
(1) In the second and third embodiments, a wireless tag is used as a medium for authentication, and a BD-ROM or SD card is used as a medium for holding content. However, the present invention is not limited to these media, and MO, DVD, DVD- Any medium or device having an equivalent function may be used, such as a ROM, DVD-RAM, semiconductor memory, IC card, mobile phone or PDA equipped with an LSI having an authentication function.

The content reproduction apparatus that performs the authentication process is not limited to the BD player, and may be an apparatus having an equivalent function such as a DVD player, a personal computer, a video deck, or an HDD-equipped home server.
(2) In the second and third embodiments, challenge and response authentication is performed as an authentication process. However, any other authentication method may be used as long as it can be authenticated.

For example, other authentication methods include one-time password authentication and digital signature authentication.
Further, as a secure authentication method, a method using PKI, a method using media key acquisition means used in CPRM for DVD-RAM, and a media key acquisition method with mutual authentication used in CPRM for SD may be used. Good.

Further, the authentication process may be performed on one side without performing the mutual authentication process.
In the second embodiment, the wireless tag side transmits a tag identifier for identifying the wireless tag, holds an authentication identifier for identifying the wireless tag to be authenticated in advance on the BD player side, and the tag identifier and the authentication If the identifier matches, the authentication may be valid.
(3) If playback control can be performed by the authentication process performed by the content playback apparatus, content stored in the SD card or the like and other information may be stored without encryption.
(4) In the second embodiment, one content may be held in the SD card, and the content may be reproduced when the authentication results of the wireless tags 104 and 114 are both valid.
(5) In the second embodiment, the content 151 is always played back. However, the content 151 may not be played back.

Further, the playability determination table included in the BD player may be another control performed by combining a plurality of authentication processing results.
For example, in the playability determination table, a combination of authentication process results may be stored in association with a process to be executed according to an instruction among user instructions such as rewind, fast forward, and stop playback.

In this case, the contents that the user can instruct the BD player using the remote control change depending on the combination of the authentication processing results.
(6) The number of contents selected to be reproduced with respect to the combination of authentication results is not limited to one content, and two or more contents may be reproduced continuously.

Further, when all of the authentication results are inappropriate, none of the contents is reproduced, but other contents may be reproduced.
(7) In the third embodiment, the correspondence between the number of matches determined by the BD player and the content instructing reproduction is set to 1: 1, but is not limited to 1: 1.
For example, if the number of matches is 2 or more, the content 343 may be reproduced.

If the number of matches is 2, the contents 342 and 343 may be reproduced.
(8) It is not always necessary that the authentication medium and the medium for recording content have different configurations.
For example, in the second embodiment, the authentication process in the wireless tag 114 may be performed by the SD card 121, and the wireless tag 114 may be omitted.
(9) (Claim 1) A content playback apparatus for playing back content based on an authentication result,
Authentication means for performing first device authentication with the first authentication device and further performing second device authentication with the second authentication device;
Determining means for determining a content reproduction method based on a combination of authentication results by the first and second device authentications;
A content playback apparatus comprising: playback means for playing back content stored in a content storage medium based on the determined playback method.

(Claim 2) The determination means further determines to prohibit the reproduction of content when both the first and second device authentications fail.
The content playback apparatus according to claim 1, wherein the playback unit further prohibits playback of the content when it is determined that playback of the content is prohibited.

(Claim 3) The reproduction method includes a plurality of reproduction ranges related to the content and a reproduction order of the reproduction ranges,
The content playback apparatus according to claim 1, wherein the playback unit plays back the content based on the determined playback ranges and the playback order of the playback ranges.

(Claim 4) A content playback apparatus for playing back content based on an authentication result,
Authentication means for performing first medium authentication based on the first information acquired from the first storage medium and further performing second medium authentication based on the second information acquired from the second storage medium;
Determining means for determining a content reproduction method based on a combination of authentication results by the first and second medium authentication;
A content playback apparatus comprising: playback means for playing back content stored in a content storage medium based on the determined playback method.

(Claim 5) The content is an encrypted digital work,
The first information includes a first encryption key; and the second information includes a second encryption key;
The content playback device further includes:
Decrypting means for generating a content key from the first and second encryption keys, and decrypting the encrypted digital work using the content key;
The content playback apparatus according to claim 4, wherein the playback means plays back the decrypted digital work based on the determined playback method.

(Claim 6) An acquisition means for acquiring the first medium designation information from the first storage medium and further obtaining the second medium designation information from the second storage medium;
Reading means for reading medium identification information for identifying the medium from the content storage medium;
Determining means for determining a content reproduction method based on the number of medium designation information that matches the medium identification information;
A content playback apparatus comprising: playback means for playing back content stored in a content storage medium based on the determined playback method.

(Claim 7) A content playback method for playing back content based on an authentication result,
An authentication step of performing first device authentication with the first authentication device and further performing second device authentication with the second authentication device;
A determination step of determining a content reproduction method based on a combination of authentication results obtained by the first and second device authentications;
A content playback method comprising: a playback step of playing back content stored in a content storage medium based on the determined playback method.

(Claim 8) A program applied to a content reproduction apparatus for reproducing content based on an authentication result,
An authentication step of performing first device authentication with the first authentication device and further performing second device authentication with the second authentication device;
A determination step of determining a content reproduction method based on a combination of authentication results obtained by the first and second device authentications;
A program for causing a computer to execute each step of reproducing content stored in a content storage medium based on the determined reproduction method.

(Claim 9) A content playback device that plays back content based on an authentication result, first and second authentication devices that perform device authentication with the content playback device, and a content storage medium that stores content. A content playback system,
The content playback device
Authentication means for performing first device authentication with the first authentication device and further performing second device authentication with the second authentication device;
Determining means for determining a content reproduction method based on a combination of authentication results by the first and second device authentications;
A content reproduction system comprising: reproduction means for reproducing the content stored in the content storage medium based on the determined reproduction method.
(10) The present invention may be a method including the steps described in the embodiments. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.

  The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

  In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and is executed by another independent computer system. It is good.

  The content playback apparatus, content playback method, and program of the present invention are produced by a digital home appliance manufacturer such as a player that plays back digital content stored in a BD-ROM, DVD, SD card, etc. Used in systems that distribute and play while protecting copyright.

It is a figure which shows the outline of the content reproduction system which concerns on this invention. It is a block diagram which shows the structure of a key management apparatus. It is the figure which showed typically the information written in BD-ROM. It is a block diagram which shows the structure of a recording device. It is a figure which shows an example of the data which the sub content holding part hold | maintains. It is a figure which shows typically the data recorded on the unit value holding | maintenance part in an SD card, and the encryption subcontent holding | maintenance part. It is a block diagram which shows the structure of a reproducing | regenerating apparatus. It is a flowchart which shows operation | movement in case a reproducing | regenerating apparatus reproduces | regenerates a content. It is the schematic of the content reproduction system which is 2nd Embodiment of this invention. It is a figure which shows the information regarding the content which SD card hold | maintains. It is a block diagram which shows the structure from the function surface of a content reproduction system. The information regarding the reproduction | regeneration control currently hold | maintained at the control part is shown. It is a flowchart which shows the reproduction | regeneration processing of the content in a content reproduction system. It is the schematic of the content reproduction system which is 3rd Embodiment of this invention. It is a block diagram which shows the structure of the content reproduction system which is 3rd Embodiment of this invention. It is a figure which shows the content of a content reproduction | regeneration control table. It is a flowchart which shows the reproduction | regeneration processing of the content in a content reproduction system.

Explanation of symbols

10a, 10b, 10c, 10d, 10e Playback device 20 Remote control 21 Monitor 30 BD-ROM
40 SD card 50 Recording device 51 Keyboard 52 Monitor 70 Key management device 100 Content playback system 101 Package 102 BD-ROM
103 Outer box 104 Wireless tag 111 Package 112 BD-ROM
113 Outer box 114 Wireless tag 121 SD card 122 BD player 123 Remote control 301 Package 302 BD-ROM
303 Outer box 304 Wireless tag 311 Package 312 BD-ROM
313 Outer box 314 Wireless tag 321 Package 322 BD-ROM
323 outer box 324 wireless tag 333 remote control

Claims (15)

The content encrypted based on the first key is acquired, the first key is generated by performing a predetermined operation on the key generation information based on the second key, and the second key is: A content playback apparatus for decrypting and playing back the encrypted content recorded and acquired on a recording medium so as to be taken out by a predetermined procedure,
Key acquisition means for extracting the second key from the recording medium by the predetermined procedure;
Information acquisition means for acquiring the encrypted content and the key generation information from an information source other than the recording medium;
Key generation means for generating a third key by performing the predetermined calculation based on the second key with respect to the acquired key generation information;
A content reproduction apparatus comprising: decryption means for decrypting the encrypted content based on a third key generated by the key generation means. In the recording medium, a media key encrypted based on the fourth key is recorded as key management information,
The key acquisition means includes
A key holding means for holding the fourth key allocated in advance to the own content playback apparatus,
Information reading means for reading the key management information from the recording medium;
And a key obtaining unit for obtaining the media key by decrypting the key management information based on the fourth key and obtaining the second key using the obtained media key. Item 2. A content playback apparatus according to Item 1. In the recording medium, key management information which is a list of media keys encrypted based on a fourth key allocated to each content reproduction device is recorded,
The key acquisition means includes
A key holding means for holding the fourth key allocated in advance to the own content playback apparatus,
Information acquisition means for reading out the key management information from the recording medium;
Key acquisition that obtains the second key using the obtained media key by decrypting the key management information based on the fourth key held in the key holding unit and obtaining the media key The content reproduction apparatus according to claim 1, further comprising: means. Wherein the recording medium, key management information is a list of encrypted media key based on the fourth key allocated to each content playback apparatus are recorded,
The key acquisition means includes
Key holding means for holding the fourth key allocated in advance to the content reproducing apparatus ;
Information acquisition means for acquiring the key management information from the recording medium;
When the key management information is decrypted based on the fourth key held in the key holding unit and the decrypted result indicates that the media key is not successfully acquired A key acquisition means for determining and using the effective media key as a valid media key and obtaining the second key using the valid media key when the decrypted result is not information indicating that the decrypted result is invalid The content reproduction apparatus according to claim 1, comprising: The key generation information is arbitrary data having a predetermined length associated with the content, and the first key is a predetermined encryption method based on the second key with respect to the key generation information. Is a result of one-way function processing based on
The key generation means regards a result of one-way function processing based on a predetermined encryption scheme based on the second key for the key generation information as the third key. The content reproduction device described. The first key is an exclusive OR of the key generation information and the key generation information encrypted using the second key based on the predetermined encryption method,
The key generation means includes
Encryption means for encrypting the key generation information using the second key based on the predetermined encryption method;
An arithmetic means for regarding an exclusive OR of the key generation information and the encrypted key generation information as the third key;
The content reproduction apparatus according to claim 5 , comprising: The predetermined encryption method is an AES encryption method,
The content reproduction apparatus according to claim 6 , wherein the encryption unit encrypts the key generation information based on the second key based on an AES encryption method . The content reproduction apparatus according to claim 1 , wherein the information acquisition unit acquires the encrypted content and the key generation information via a network . 2. The content reproducing apparatus according to claim 1 , wherein the information acquisition unit acquires the encrypted content and the key generation information from a subordinate recording medium that is a recording medium different from the recording medium. . The content is encrypted using a block cipher based on the first key;
2. The content reproduction apparatus according to claim 1 , wherein the decryption unit decrypts the encrypted content using a block encryption method based on the first key . The content is encrypted using a C2 encryption scheme based on the first key,
The content reproduction apparatus according to claim 10 , wherein the decryption unit decrypts the encrypted content using a C2 encryption method based on the first key . The content is encrypted using a DES encryption scheme based on the first key;
11. The content reproduction apparatus according to claim 10 , wherein the decrypting unit decrypts the encrypted content using a DES encryption method based on the first key . The content is encrypted using an AES encryption scheme based on the first key,
The content reproduction apparatus according to claim 10 , wherein the decryption unit decrypts the encrypted content using an AES encryption method based on the first key . A key acquisition device, an information acquisition unit, a key generation unit, and a decryption unit are provided to acquire content encrypted based on the first key. The first key is a second key for the key generation information. The second key is recorded on a recording medium so as to be taken out according to a predetermined procedure, and is obtained by the content reproduction device that decrypts and reproduces the obtained encrypted content. A content playback method,
A key obtaining step of taking out the second key from the recording medium by the predetermined procedure by the key obtaining means;
An information acquisition step of acquiring the encrypted content and the key generation information from an information source other than the recording medium by the information acquisition means;
A key generation step of generating a third key by performing the predetermined calculation based on the second key on the acquired key generation information by the key generation means;
A decrypting step of decrypting the encrypted content based on the third key generated by the key generating means by the decrypting means;
A content reproduction method comprising: A key acquisition device, an information acquisition unit, a key generation unit, and a decryption unit are provided to acquire content encrypted based on the first key. The first key is a second key for the key generation information. The second key is recorded on a recording medium so as to be taken out according to a predetermined procedure, and the obtained content decrypting and reproducing content is reproduced and reproduced. An applied program,
A key obtaining step of taking out the second key from the recording medium by the predetermined procedure by the key obtaining means;
An information acquisition step of acquiring the encrypted content and the key generation information from an information source other than the recording medium by the information acquisition means;
A key generation step of generating a third key by performing the predetermined calculation based on the second key on the acquired key generation information by the key generation means;
A decrypting step of decrypting the encrypted content based on the third key generated by the key generating means by the decrypting means;
A program that causes a computer to execute each step.

Images