JP4667517B2 - Content usage device - Google Patents

Description

  The present invention relates to a content usage system, a content usage device, and a content usage information storage device that acquire content usage information including encrypted digital content and usage rules of the digital content and use the digital content.

In recent years, with the spread of communication networks represented by the Internet and the high functionality and high performance of devices, copyrights of digital content (hereinafter abbreviated as content as appropriate) such as music data, video data, and game programs have been increased. So-called digital rights management (DRM: Digital Rights Management) that allows users to freely distribute while protecting
Technology is drawing attention.

  As an example of DRM technology, in order to store encrypted digital content in a storage device (for example, a removable hard disk drive that can be removed from a memory card or a device) and to decrypt the digital content It is known to store “content usage information” including a content key used for the content and a usage rule indicating the number of times the digital content can be used (reproduced) or copied (for example, Non-Patent Document 1). ).

  Specifically, the storage device (content usage information storage device) stores the content usage information in a tamper resistant module provided inside to prevent unauthorized use of the content usage information. Store.

  The content usage information stored in the tamper-resistant module includes a content playback device that receives and plays back (or executes) digital content, and a content recording device that copies the digital content to another recording medium (hereinafter referred to as “recording device”). The encrypted content is transmitted to the content reproduction device and the content recording device (referred to as “content use device”).

  The content utilization apparatus decrypts the digital content using the content key included in the content utilization information received from the storage device, and reproduces or duplicates the digital content.

  Further, when the content usage information is transmitted to the content usage device, the storage device updates the content usage information based on the digital content usage rules.

  For example, in the usage rule, when copying of the digital content is permitted up to two times, the storage device transmits the content usage information permitting copying to the content usage device, and the content usage information corresponding to the digital content is transmitted. Of the contents, the remaining number of times that the digital content can be copied is updated to one.

“PKI based DRM“ UDAC-MB V2 ”Overview and DRM Implementation Guide”, [online], May 2004, UDAC Consortium, full text, [December 23, 2004 search], Internet <URL: http://www.udac-consortium.org/open_spec/open_spec_j.html>

  However, the above-described conventional DRM technology has the following problems. That is, there is a problem in that even when the content use apparatus receives the content use information and the digital content is not used, the content use information is updated on the storage device side.

  For example, there is a problem that the number of times that a digital content can be copied decreases even if the content usage device receives content usage information that permits copying of the digital content but does not use the digital content. was there.

  Similarly, when (1) the content using device uses only a part of the digital content (so-called intro scan or the like), for example, as in the case of listening to music data, (2) the content using device and the storage device The content on the storage device side also when the content usage device cannot receive the content usage information normally due to a communication channel failure, or (3) the copy of the digital content to another recording medium fails. There was a problem that the contents of usage information were updated.

  Accordingly, the present invention has been made in view of such circumstances, and content usage information managed by a storage device when digital content is not normally used using content usage information transmitted by the storage device. It is an object of the present invention to provide a content use system, a content use device, and a content use information storage device that can restore the contents of the content to the state before transmission.

    In order to solve the problems described above, the present invention has the following features. First, the first feature of the present invention is to store content usage information (license data LIC) including usage rules (AU, UC) relating to the definition of usage requirements for digital content, and to output stored content usage information stored therein. In response, the content usage information is received from the content usage information storage device (storage device 200) that updates the content of the stored content usage information, and the content usage device (for example, the content playback device 300) uses the digital content. When the content usage information is acquired, the content usage information identifier including the content usage information identifier for identifying the content usage information and the usage rule is stored in the transfer log list, and the acquired content usage information When using the digital data using In the provided transfer log list management unit for deleting the contents use information log from the transfer log list (cipher engine 305), and summarized in that.

  The content use device shares a public key (KPp3) of the content use device and a first symmetric key (Kb2) temporarily generated by the content storage device with the content use information storage device, The second symmetric key (Ks3) that is temporarily generated by itself using the first symmetric key is encrypted, and the content usage information encrypted by using the second symmetric key and the public key is encrypted. The transfer log list management unit further includes an encryption processing unit that performs decryption, and the transfer log list management unit transmits the encrypted second symmetric key to the content usage information storage device, and is encrypted from the content usage information storage device. When acquiring the content usage information, a content usage information log including the content usage information identifier for identifying the content usage information and the usage rule is transferred to the transfer log list. When the encrypted content usage information stored and decrypted and the digital data is used using the decrypted content usage information, the content usage information log is deleted from the transfer log list. Also good.

  The content usage device is based on whether the content usage information log is stored in the transfer log list and the usage rule of the content usage information log is different from the usage rule of the stored content usage information. , The usage determination unit (controller 301) that determines whether or not the stored content usage information needs to be restored to the state before the update, and if the usage determination unit determines that the restoration is necessary, the storage content usage information is stored in the transfer log list The stored content usage information identifier and the usage rule are transmitted to the content usage information storage device, and the stored content usage information is restored to the state before the update by rewriting the usage rule of the stored content usage information. And a restoration request unit (for example, the controller 301 and the cryptographic engine 305) for requesting .

According to the feature of the present invention, when the digital content is not normally used by using the content usage information transmitted by the storage device, the content usage information managed by the storage device is restored to the state before transmission. It is possible to provide a content use system, a content use device, and a content use information storage device that can perform the above.

It is a schematic block diagram of the content utilization system which concerns on embodiment of this invention. It is a schematic logic block block diagram of the content recording device which concerns on embodiment of this invention. It is a schematic logic block block diagram of the content reproduction apparatus which concerns on embodiment of this invention. 1 is a schematic logical block configuration diagram of a storage device according to an embodiment of the present invention. It is a logic block block diagram of the encryption engine with which the content reproduction apparatus which concerns on embodiment of this invention is equipped. It is a logic block block diagram of the encryption engine with which the storage device which concerns on embodiment of this invention is equipped. It is a whole schematic operation | movement flowchart of the content utilization system which concerns on embodiment of this invention. It is a connection process flow figure performed in the content utilization system which concerns on embodiment of this invention. It is a connection process flow figure performed in the content utilization system which concerns on embodiment of this invention. It is a reconnection process flow figure performed in the content utilization system which concerns on embodiment of this invention. It is a read transfer processing flowchart performed in the content utilization system which concerns on embodiment of this invention. It is a read transfer processing flowchart performed in the content utilization system which concerns on embodiment of this invention. It is a restoration transfer process flow figure performed in the content utilization system which concerns on embodiment of this invention. It is a restoration transfer process flow figure performed in the content utilization system which concerns on embodiment of this invention.

  Next, an embodiment of the present invention will be described. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. However, it should be noted that the drawings are schematic and ratios of dimensions and the like are different from actual ones.

Accordingly, specific dimensions and the like should be determined in consideration of the following description. Moreover, it is a matter of course that portions having different dimensional relationships and ratios are included between the drawings.
(Schematic configuration of content usage system)
FIG. 1 shows a schematic configuration of a content use system 10 according to the present embodiment. As shown in FIG. 1, the content use system 10 includes a content recording device 100, a storage device 200, and a content reproduction device 300.

  The content recording device 100 (content utilization device) records digital content such as music data, video data, or a game program on a DVD 200A (see FIG. 2) that is different from the storage device 200. In the present embodiment, music data will be described below as an example.

  The storage device 200 (content use information storage device) stores digital content encrypted. The storage device 200 also includes a content key Kcont used to decrypt the digital content stored in an encrypted state, digital content playback (play) by the content playback device 300, and digital playback by the content recording device 100. “License data LIC” (content usage information) including usage rules (AC, UC) indicating the number of times content can be copied can be managed.

  Specifically, the storage device 200 updates and stores the license data LIC including usage rules in accordance with the output of the digital content to the content recording device 100 or the content playback device 300.

  As the storage device 200, a removable hard disk drive (HDD), a memory card (multimedia card), or the like can be used. Further, the storage device 200 has a tamper resistant module in order to prevent the license data LIC from being illegally acquired.

  The content reproduction apparatus 300 (content utilization apparatus) reads out and reproduces digital content stored in the storage device 200.

  Specifically, the content reproduction device 300 decrypts the digital content stored in the storage device 200 using the content key Kcont included in the license data LIC transmitted by the storage device 200, and the decrypted digital content is decrypted. Reproduce.

As the content recording device 100 and the content reproduction device 300, a personal computer or a dedicated recording device (such as a small music player) specialized for the type of digital content can be used.
(Outline logical block configuration of content usage system)
Next, schematic logical block configurations of the content recording device 100, the storage device 200, and the content reproduction device 300 that constitute the content usage system 10 will be described with reference to FIGS.

Hereinafter, portions related to the present invention will be mainly described. Accordingly, the content recording apparatus 100, the storage device 200, and the content reproduction apparatus 300 shown in FIGS. 2 to 4 are logical blocks (not shown in the figure or omitted in description) that are essential for realizing the functions of the apparatus (power supply unit and display Note that there may be a part).
(1) Content Recording Device FIG. 2 shows a schematic logical block configuration of the content recording device 100. As shown in the figure, the content recording apparatus 100 includes a controller 101, a storage interface 103, a cryptographic engine 105, a decryptor 107, a cryptographic unit 109, a cryptographic engine 111, a storage interface 113, and a data bus 115.

  The controller 101 controls the operation of each logical block constituting the content recording apparatus 100 via the data bus 115.

  In particular, in the present embodiment, the controller 101 determines whether or not the digital content read from the storage device 200 has been used, that is, whether or not the digital content has been normally recorded on another recording medium (for example, the DVD 200A). It determines and constitutes a usage determination unit.

  If the controller 101 determines that the digital content is not normally recorded on another recording medium (for example, a writing error occurs), the controller 101 requests that the license data LIC be restored to the state before the update. It is. In this embodiment, the controller 101 and the cryptographic engine 105 constitute a restoration request unit.

  Specifically, the controller 101 transmits a license ID (LID) and a usage rule AC that are encrypted using a temporary key (a storage device-side temporary key) temporarily generated in the storage device 200 to the storage device 200. To do.

  The license ID (LID) is an ID (content usage information identifier) that identifies the license data LIC. A more specific method for restoring the license data LIC will be described later.

  The storage interface 103 provides a connection interface with the storage device 200 and controls input / output of information with the storage device 200.

  The cryptographic engine 105 executes management of a content key Kcont used for encryption of transmission / reception information transmitted / received to / from the storage device 200.

  The decryptor 107 decrypts the digital content acquired from the storage device 200 using the content key Kcont.

  The encryption device 109 encrypts the digital content decrypted by the decryption device 107 by an encryption method according to the DVD200A standard.

  The cryptographic engine 111 executes management of keys used for encryption of transmission / reception information transmitted / received to / from the DVD 200A. In the present embodiment, the cryptographic engine 105, the decryptor 107, the cryptographic unit 109, and the cryptographic engine 111 constitute a utilization device side cryptographic processing unit.

The storage interface 113 provides a connection interface with the DVD 200A and controls input / output of information with the DVD 200A.
(2) Content Playback Device FIG. 3 shows a schematic logical block configuration of the content playback device 300. As shown in the figure, the content reproduction apparatus 300 includes a controller 301, a storage interface 303, a cryptographic engine 305, a decryptor 307, and a content decoder 309.

  The controller 301 controls the operation of each logical block constituting the content reproduction device 300 via the data bus 311.

  In particular, in this embodiment, the controller 301 determines whether or not the digital content read from the storage device 200 has been used, that is, whether or not the digital content has been normally played back. Constitute.

  If the controller 301 determines that the digital content read from the storage device 200 cannot be played back normally, the controller 301 stores a license ID (LID) (content usage information identifier) stored in the log storage unit 335 (see FIG. 5). ) And the usage rule AC are transmitted to the storage device 200, and the license data LIC (stored content usage information) stored in the storage device 200 is requested to be restored to the state before the update. In this embodiment, the controller 301 and the cryptographic engine 305 constitute a restoration request unit.

  Here, “unsuccessfully reproduced” means that the content reproduction apparatus 300 cannot normally receive the license data LIC due to a failure in the communication path between the content reproduction apparatus 300 and the storage device 200. For example, the content cannot be reproduced.

  In addition, “not reproduced normally” means that the acquired digital content was not reproduced even though the license data LIC was received from the storage device 200, or only a part of the digital content was used. Cases (so-called intro scans) are included.

  Specifically, the controller 301 uses the temporary key (storage device side temporary key) temporarily generated in the storage device 200 to store the encrypted license ID (LID) and usage rule AC in the storage device 200. Send. A more specific method for restoring license data LIC will be described later.

  The storage interface 303 provides a connection interface with the storage device 200 and controls input / output of information with the storage device 200.

  The cryptographic engine 305 performs cryptographic processing on transmission / reception information transmitted / received to / from the storage device 200, and constitutes a utilization device side cryptographic processing unit.

  Specifically, the cryptographic engine 305 performs cryptographic processing on transmission / reception information transmitted / received to / from the storage device 200 using a temporary key generated on the use device side.

  The cryptographic engine 305 includes a log storage unit 335 (see FIG. 5), and stores a license ID (LID) for identifying the license data LIC and a usage rule (AC, UC) as a content usage information log. It is. Details of the cryptographic engine 305 will be described later.

  The decryptor 307 decrypts the digital content stored in the storage device 200 using the content key Kcont.

The content decoder 309 converts digital content encoded according to a predetermined encoding rule (for example, MPEG audio layer 3 (MP3)) into an analog audio signal or the like.
(3) Storage Device FIG. 4 shows a schematic logical block configuration of the storage device 200. As shown in the figure, the storage device 200 includes a controller 201, a storage interface 203, a cryptographic engine 205, a tamper resistant data storage unit 207, and a normal data storage unit 209.

  The controller 201 controls the operation of each logical block constituting the storage device 200 via the data bus 211.

  In particular, in this embodiment, the controller 201 uses the license data LIC (stored content usage) in which the license ID (LID) transmitted by the content reproduction device 300 (or the content recording device 100) is stored in the tamper resistant data storage unit 207. Whether or not the license data LIC (content usage information) is rewritten is determined based on whether or not the license ID (LID) (content usage information identifier) included in the information matches. In the present embodiment, the controller 201 and the cryptographic engine 205 constitute a rewrite determination unit.

  Specifically, the controller 201 includes the license ID (LID) transmitted by the content reproduction device 300 (or the content recording device 100) in the license data LIC updated and stored in the tamper resistant data storage unit 207. It is determined whether or not the license ID (LID) matches.

  Further, the controller 201 is included in the license data LIC stored in the tamper resistance data storage unit 207 based on the usage rule AC transmitted by the content reproduction device 300 (or the content recording device 100) together with the license ID (LID). It is determined whether or not the usage rule AC can be rewritten.

  Further, the controller 201 uses the usage rule included in the license data LIC based on the determination result of whether or not the license data LIC can be rewritten by the cryptographic engine 205, and is transmitted by the content reproduction device 300 (or the content recording device 100). And constitutes a rewriting unit.

  Specifically, when the controller 201 can decrypt the received license ID (LID) and the usage rule AC using the temporarily generated temporary key (temporary key on the storage device side), the usage rule is used. The usage rule AC transmitted by the content reproduction device 300 (or the content recording device 100) is rewritten.

  In addition, before rewriting the usage rule AC, the controller 201 permits the license data LIC to be output together with the rewriting of the usage rule AC, regardless of whether the license data LIC (stored content usage information) is output permitted or prohibited. Can be changed to

  The storage interface 203 provides a connection interface between the content recording apparatus 100 and the content reproduction apparatus 300 and controls input / output of information with the apparatus.

  The encryption engine 205 encrypts transmission / reception information transmitted / received to / from the content recording apparatus 100 or the content reproduction apparatus 300, and constitutes a recording apparatus side encryption processing unit.

  Specifically, the cryptographic engine 205 performs cryptographic processing on transmission / reception information transmitted / received to / from the storage device 200 using a temporarily generated storage device-side temporary key.

The tamper resistant data storage unit 207 includes a tamper resistant module (Tamper Resistant Module).
). The tamper resistant data storage unit 207 stores license data LIC, a connection log composed of temporary keys, and the like.

  Note that the tamper resistant module is based on software (for example, transmitting and receiving information using an encrypted communication path) and hardware (for example, a structure in which an internal circuit is completely destroyed when the surface of the tamper resistant module is removed). Realized.

The normal data storage unit 209 stores encrypted digital content and the like. Unlike the tamper resistant data storage unit 207, the normal data storage unit 209 does not ensure tamper resistance.
(Logical engine logic block configuration)
Next, with reference to FIGS. 5 and 6, the logical block configuration of the cryptographic engines (the cryptographic engine 305 and the cryptographic engine 205) that execute processing according to the main part of the present invention will be described. Note that the cryptographic engine 105 included in the content recording apparatus 100 has substantially the same configuration and function as the cryptographic engine 305 included in the content reproduction apparatus 300. Therefore, the cryptographic engine 305 will be described below as an example. explain.
(1) Key, Encryption Information, and Certificate Representation Method First, a key used in the cryptographic engine 305 and the cryptographic engine 205, encrypted information (E) encrypted using the key, and a certificate representation method Will be described.
(1.1) Key Based on Public Key Cryptography Keys based on main public key cryptography used in cryptographic engine 305 and cryptographic engine 205 are expressed as follows.

KPp3: Public key of the cryptographic engine 305 KPd3: Public key of the cryptographic engine 305 Kp3: Private key of the cryptographic engine 305 paired with the public key KPp3 Kd3: Private key of the cryptographic engine 305 paired with the public key KPd3 KPp2: public key of the cryptographic engine 205 KPd2: public key of the cryptographic engine 205 Kp2: private key of the cryptographic engine 205 paired with the public key KPp2 Kd2: private key of the cryptographic engine 205 paired with the public key KPd2 KPa: Root public key issued by the certificate authority (1.2) Key based on the symmetric key cryptosystem Key based on the symmetric key (common key) cryptosystem used in the cryptographic engine 305 and the cryptographic engine 205 (temporary key) ) Is expressed as follows.

Kb3, Kc3, Ks3: Symmetric key generated in the cryptographic engine 305 Kb2, Kc2, Ks2: Symmetric key generated in the cryptographic engine 205 (1.3) Encryption information (E)
The encrypted information (E) encrypted using the above-mentioned key is expressed in the form of “E (K, D)”. “E (K, D)” means encrypted information (E) in which the information D is encrypted using the key K. “A‖B” means that information A and information B are linked.
(1.4) Certificate The key certificate described above is expressed as follows.

C [KPd3]: Certificate of content playback device 300 (public key KPd3) C [KPd2]: Certificate of storage device 200 (public key KPd2) (2) Configuration of license data LIC Next, license data LIC ( The configuration of the content usage information) will be described. The license data LIC has the following configuration.

License data LIC: License information LC + content key Kcont
The license information LC has the following configuration.

License information LC: License ID (LID) + Usage rules (AC, UC)
The license ID (LID) is a content usage information identifier for identifying the license data LIC.

  The usage rule AC (Access Condition) defines usage requirements that are compulsory in the storage device 200, and limits the number of times digital content is played, the number of times it is copied, a protection level (for example, a license period for using digital content), and the like. .

The usage rule UC (Usage Condition) defines usage requirements that are compulsory when digital content is decrypted (for example, prohibition of editing digital content).
(3) Cryptographic engine 305
FIG. 5 shows a logical block configuration of the encryption engine 305 provided in the content reproduction apparatus 300. As shown in the figure, the cryptographic engine 305 includes a control unit 321, a certificate output unit 323, a certificate verification unit 325, an encryption unit 327, a decryption unit 329, a random number generation unit 331, a signature calculation unit 333, and a log storage unit. 335 and a local bus 337 are provided.

  The control unit 321 controls each logical block constituting the cryptographic engine 305 via the local bus 337 according to the control content by the controller 301.

  The certificate output unit 323 outputs the certificate C [KPd3] of the content reproduction device 300 (public key KPd3). The certificate C [KPd3] is composed of a public key KPd3 encrypted (signed) with the private key (Ka) of the certificate authority.

  The certificate verification unit 325 verifies the certificate C [KPd2] of the storage device 200 (public key KPd2). The certificate verification unit 325 verifies the certificate C [KPd2] using the root public key KPa of the certificate authority.

  In addition, the certificate verification unit 325 excludes invalid certificates from verification targets using a certificate revocation list (CRL) that is a list of invalid certificates.

  The encryption unit 327 encrypts information output to the outside of the encryption engine 305 using a public key encryption method and a symmetric key (common key) encryption method. In the present embodiment, the encryption unit 327 uses an elliptic curve cryptosystem as a public key cryptosystem, and uses Triple-DES as a common key cryptosystem. Of course, the encryption unit 327 may use another encryption method (for example, RSA public key encryption method).

  The decryption unit 329 decrypts information input to the cryptographic engine 305 using a public key cryptosystem and a common key cryptosystem. In the decryption unit 329, the same encryption method as that of the encryption unit 327 is used. In addition, the decryption unit 329 outputs the decrypted license data LIC to the decryptor 307.

  The random number generator 331 generates random numbers used to generate temporary keys (symmetric keys Kb3, Kc3, Ks3) that are temporarily generated for encryption.

  The signature calculation unit 333 calculates electronic signature data added to information output to the outside of the cryptographic engine 305. Specifically, the signature calculation unit 333 calculates electronic signature data using a predetermined hash function (for example, SHA-1).

As described above, the log storage unit 335 includes the license ID (LID) for identifying the license data LIC received from the storage device 200, the usage rules AC and UC, and address information indicating the storage location of the license data LIC in the storage device 200. A transfer log list (content usage information log) including ADR, a connection log including a temporary key, and the like are stored.
(4) Cryptographic engine 205
FIG. 6 shows a logical block configuration of the cryptographic engine 205 provided in the storage device 200. As shown in the figure, the cryptographic engine 205 includes a control unit 221, a certificate output unit 223, a certificate verification unit 225, an encryption unit 227, a decryption unit 229, a random number generation unit 231, a signature calculation unit 233, and a local bus 235. It has.

  The control unit 221 controls each logical block constituting the cryptographic engine 205 via the local bus 235 in accordance with the control content of the controller 201.

  The certificate output unit 223 outputs the certificate C [KPd2] of the storage device 200 (public key KPd2). The certificate C [KPd2] is composed of a public key KPd2 encrypted (signed) with the private key (Ka) of the certificate authority.

  The certificate verification unit 225 verifies the certificate C [KPd3] of the content reproduction device 300 (public key C [KPd3]). The certificate verification unit 225 verifies the certificate C [KPd3] using the root public key KPa of the certificate authority.

  In addition, the certificate verification unit 225 excludes invalid certificates from verification targets using a certificate revocation list (CRL) that is a list of invalid certificates.

  The encryption unit 227 and the decryption unit 229 have substantially the same functions as the above-described encryption unit 327 and the decryption unit 329 (see FIG. 5), and use the public key cryptosystem and the common key cryptosystem, Encryption of the information output from the computer, and decryption of the information input to the encryption engine 205.

  The random number generator 231 generates random numbers used to generate temporary keys (symmetric keys Kb2, Kc2, Ks2) that are temporarily generated for encryption.

The signature calculation unit 233 calculates electronic signature data added to information output to the outside of the cryptographic engine 205.
(Recovery operation of license data by content usage system)
Next, the restoration operation of the license data LIC by the above-described content use system 10 (the storage device 200 and the content playback device 300) will be described with reference to FIGS.
(1) Overall Schematic Operation FIG. 7 is an overall schematic operation flow including a license data LIC restoration operation by the content use system 10.

  As shown in the figure, in step S10, the storage device 200 and the content playback apparatus 300 (the controller 301 and the cryptographic engine 305) need to establish a communication connection again between the storage device 200 and the content playback apparatus 300. If there is, execute “reconnection process”. The specific contents of the reconnection process will be described later.

  In step S <b> 20, the controller 301 determines whether a communication connection has been established with the storage device 200.

  When a communication connection is established with the storage device 200 (YES in step S20), in step S30, the controller 301 transmits a transmission request for a transfer log list (content usage information log) to the cryptographic engine 305.

  If a communication connection has not been established with the storage device 200 (NO in step S20), the controller 301 executes the process in step S100.

  In step S <b> 40, the cryptographic engine 305 receives a transfer log list transmission request from the controller 301.

  In step S50, the cryptographic engine 305 transmits to the controller 301 a list of “LC‖ADR” in which the permission information LC and the address information ADR are linked based on the transfer log list.

  Here, the following content usage information log is stored in the “transfer log list”. That is, during transmission of the license data LIC from the storage device 200 to the content reproduction apparatus 300, the communication path between the storage device 200 and the content reproduction apparatus 300 is disconnected, and the content reproduction apparatus 300 normally receives the license data LIC. If the content reproduction device 300 has successfully received the license data LIC, the content reproduction device 300 is turned off before it is determined that the content key Kcont has been decrypted, that is, the digital content has been used. The content usage information log in the case where the processing is not completed due to an unexpected cause such as the case of being performed is stored as a transfer log list.

  The list of “LC‖ADR” is transmitted based on the transfer log list. Therefore, when the list of “LC‖ADR” is empty, it indicates that all processing for the license data LIC transmitted by the previously set communication connection has been completed.

On the other hand, when the list of “LC‖ADR” is not empty, that is, when some information is included in the list of “LC‖ADR”, it indicates the possibility that the license data LIC needs to be restored.
In step S <b> 60, the controller 301 receives a list of “LC‖ADR” from the cryptographic engine 305.

  In step S70, the controller 301 determines whether or not the content of the received “LC リ ス ト ADR” list is empty, that is, whether or not the information is included in the “LC‖ADR” list.

  When the content of the “LC‖ADR” list is empty (YES in step S70), the controller 301 determines that the restoration of the license data LIC is unnecessary, and executes the process of step S160 (read transfer process).

  If the contents of the “LC‖ADR” list are not empty (NO in step S70), in step S80, the storage device 200 and the content reproduction device 300 use the contents of the license data LIC as the license data LIC associated with the use of the digital content. The “restore transfer process” is executed to restore the state before the update. The specific contents of the restoration transfer process will be described later.

  In step S90, the controller 301 deletes the transfer log list (content usage information log) to be restored from the “LC‖ADR” list based on the completion of the restoration transfer process in step S80.

  In step S <b> 100, the storage device 200 and the content reproduction apparatus 300 execute “connection processing” for establishing a communication connection between the storage device 200 and the content reproduction apparatus 300. The specific contents of the connection process will be described later.

  In step S <b> 110, the controller 301 determines whether a communication connection has been established with the storage device 200.

  If a communication connection has not been established with the storage device 200 (NO in step S110), the controller 301 determines that a communication connection cannot be established with the storage device 200, and terminates the processing as an abnormal end. To do.

  When a communication connection is established with the storage device 200 (YES in step S110), the controller 301 transmits a transfer log list discard request to the cryptographic engine 305 in step S120.

  That is, when the connection process in step S100 is executed, it is determined that the transfer log list previously recorded for restoring the license data LIC is unnecessary, and the controller 301 sends a transfer log list discard request to the cryptographic engine 305. Send.

  In step S130, the cryptographic engine 305 receives the transfer log list discard request. In step S140, the cryptographic engine 305 discards the transfer log list stored in the log storage unit 335 based on the received transfer log list discard request.

  In step S150, the controller 301 determines whether or not to execute a read request, specifically, whether to read the license data LIC to use the digital content or to end the process.

  Here, “reading out the license data LIC” means starting reading out the license data LIC corresponding to the digital content instructed to be played back by the user of the content playback apparatus 300.

  “End processing” means that the power supply to the storage device 200 is turned off in order to switch off the power source of the content playback apparatus 300 through normal processing or to shift to a low power consumption state for power saving. For example, stopping the supply.

  That is, in step S150, the controller 301 is waiting for an instruction to start the next process.

  When a read request is executed (YES in step S150), in step S160, the storage device 200 and the content playback apparatus 300 execute “read transfer processing” for reading out and playing back the encrypted digital content from the storage device 200. .

In addition, when the read transfer process ends, the storage device 200 and the content playback apparatus 300 return to the process of step S150 to prepare for the transfer of the next license data LIC or the like.
(2) Connection Process FIGS. 8 and 9 show the contents of the connection process in step S100 described above. As illustrated in FIG. 8, in step S <b> 100-1, the controller 301 transmits a certificate transmission request to the cryptographic engine 305. In step S <b> 100-3, the cryptographic engine 305 receives a certificate transmission request from the controller 301.

  In step S100-5, the encryption engine 305 transmits the certificate C [KPd3] of the content reproduction device 300 to the controller 301. In step S100-7, the controller 301 receives the certificate C [KPd3] from the cryptographic engine 305.

  In step S100-9, the controller 301 transmits a certificate C [KPd3] verification command to the storage device 200. In step S <b> 100-11, the storage device 200 receives a certificate C [KPd3] verification instruction from the controller 301.

  In step S <b> 100-13, the controller 301 transmits the certificate C [KPd3] received from the cryptographic engine 305 to the storage device 200. In step S100-15, the storage device 200 receives the certificate C [KPd3] from the controller 301.

  In step S100-17, the storage device 200 verifies the certificate C [KPd3] and determines whether or not the certificate C [KPd3] is valid.

  When the certificate C [KPd3] is valid (YES in step S100-17), in step S100-19, the storage device 200 holds the public key KPd3 included in the certificate C [KPd3].

  When the certificate C [KPd3] is not valid (NO in step S100-17), the storage device 200 notifies the verification error indicating that the certificate C [KPd3] cannot be verified in step S10-45. Is transmitted to the controller 301.

  In step S <b> 100-21, the controller 301 issues a first challenge information generation command to the storage device 200. In step S100-23, the storage device 200 receives a first challenge information generation command from the controller 301.

  In step S100-25, the storage device 200 generates and holds the symmetric key Kc2 based on the first challenge information generation command.

  In step S100-27, the storage device 200 generates first challenge information E (KPd3, Kc2) ‖C [KPd2] using the generated symmetric key Kc2.

  In step S100-29, the controller 301 issues a first challenge information output command to the storage device 200. In step S <b> 100-31, the storage device 200 receives an output command for first challenge information from the controller 301.

  In step S100-33, the storage device 200 transmits the first challenge information E (KPd3, Kc2) ‖C [KPd2] to the controller 301. In step S100-35, the controller 301 acquires the first challenge information E (KPd3, Kc2) ‖C [KPd2] transmitted by the storage device 200, and transmits the acquired first challenge information to the cryptographic engine 305.

  In step S100-37, the cryptographic engine 305 receives the first challenge information E (KPd3, Kc2) ‖C [KPd2].

  In step S100-39, the cryptographic engine 305 verifies the certificate C [KPd2] included in the first challenge information E (KPd3, Kc2) ‖C [KPd2], and the certificate C [KPd2] is valid. It is determined whether it is a thing.

  If the certificate C [KPd2] is not valid (NO in step S100-39), the cryptographic engine 305 transmits a verification error notification to the controller 301 in step S100-41. In step S100-43, the controller 301 receives the verification error notification from the cryptographic engine 305 or the storage device 200, and terminates the connection process as abnormal termination.

  If the certificate C [KPd2] is valid (YES in step S100-39), in step S100-47, the cryptographic engine 305 determines the first half of the first challenge information E (KPd3, Kc2) ‖C [KPd2]. Part E (KPd3, Kc2) is decoded.

  Next, as illustrated in FIG. 9, in step S <b> 100-49, the controller 301 transmits a second challenge information transmission request to the cryptographic engine 305. In step S100-51, the cryptographic engine 305 receives a transmission request for the second challenge information from the controller 301.

  In step S100-53, the cryptographic engine 305 generates and holds the symmetric key Kb3 based on the second challenge information generation command.

  In step S100-55, the cryptographic engine 305 generates the second challenge information E (Kc2, E (KPd2, KPp3‖Kb3)) using the generated symmetric key Kb3, and generates the generated second challenge information E (Kc2). , E (KPd2, KPp3‖Kb3)) is transmitted to the controller 301.

  In step S100-57, the controller 301 receives the second challenge information E (Kc2, E (KPd2, KPp3‖Kb3)) from the cryptographic engine 305.

  In step S <b> 100-59, the controller 301 issues a processing command for second challenge information to the storage device 200. In step S <b> 100-61, the storage device 200 receives a processing command for second challenge information from the controller 301.

  In step S100-63, the controller 301 transmits the second challenge information E (Kc2, E (KPd2, KPp3 （Kb3)) to the storage device 200. In step S100-65, the storage device 200 receives the second challenge information E (Kc2, E (KPd2, KPp3‖Kb3)) from the controller 301.

  In step S100-67, the storage device 200 decrypts the second challenge information E (Kc2, E (KPd2, KPp3‖Kb3)).

  In step S100-69, the storage device 200 generates and holds the symmetric key Kb2. In step S100-71, the storage device 200 generates connection information E (KPp3, Kb2‖KPp2) using the symmetric key Kb2.

  In step S100-73, the controller 301 issues a connection information output command to the storage device 200. In step S <b> 100-75, the storage device 200 receives a connection information output command from the controller 301.

  In step S100-77, the storage device 200 outputs connection information E (KPp3, Kb2‖KPp2). Furthermore, the storage device 200 records KPp3, Kb2, and Kb3 in the “connection log”.

  The connection log is used in the reconnection process, and the symmetric keys Kb2 and Kb3 shared in the latest communication connection (including the communication connection by the reconnection process) and the public key KPp3 of the communication connection destination are respectively One is remembered.

  In step S100-79, the controller 301 acquires the connection information E (Kb3, E (KPp3, Kb2‖KPp2)) transmitted by the storage device 200, and transmits the acquired connection information to the cryptographic engine 305.

  In step S100-81, the cryptographic engine 305 receives the connection information E (Kb3, E (KPp3, Kb2‖KPp2)) from the controller 301. In step S100-83, the cryptographic engine 305 decrypts the connection information E (Kb3, E (KPp3, Kb2‖KPp2)) and extracts the symmetric key Kb2 and the public key KPp2.

  In step S100-85, the cryptographic engine 305 holds the symmetric key Kb2 and the public key KPp2 extracted from the connection information E (Kb3, E (KPp3, Kb2‖KPp2)), and KPp2, Kb2, Kb3 in the “connection log”. Is recorded and the connection process is terminated.

  That is, by executing the processing up to step S100-85, the public keys KPp2 and KPp3 of the storage device 200 (cryptographic engine 205) and the cryptographic engine 305 are exchanged, and the storage device 200 and the content playback device 300 In both, Kb2 and Kb3 are temporarily shared and a communication connection is established. Then, encrypted communication is performed by the established communication connection.

The connection log is used in the reconnection process, and the symmetric keys Kb2 and Kb3 shared in the latest communication connection (including the communication connection by the reconnection process) and the public key KPp2 of the communication connection destination are respectively One is remembered. (3) Reconnection Processing FIG. 10 shows the contents of the reconnection processing in step S10 described above. As shown in the figure, in step S10-1, the controller 301 encrypts the transmission request for the first reconnection information necessary for establishing the communication connection again between the storage device 200 and the content reproduction apparatus 300. Send to engine 305. In step S <b> 10-3, the cryptographic engine 305 receives a transmission request for first reconnection information from the controller 301.

  In step S10-5, the cryptographic engine 305 generates and holds the symmetric key Kb3 based on the transmission request for the first reconnection information.

  In step S10-7, the cryptographic engine 305 acquires the public key KPp2 and the symmetric key Kb2old from the connection log. The symmetric keys Kb2old and Kb3old mean the symmetric keys Kb2 and Kb3 recorded in the connection log at the time of the process of step S10-7.

  The cryptographic engine 305 acquires the public key KPp2 and the symmetric key Kb2old, generates first reconnection information E (KPp2, E (Kb2old, Kb3)), and transmits the generated first reconnection information to the controller 301.

  In step S10-9, the controller 301 receives the first reconnection information E (KPp2, E (Kb2old, Kb3)) from the cryptographic engine 305.

  In step S <b> 10-11, the controller 301 issues a processing instruction for first reconnection information to the storage device 200. In step S <b> 10-13, the storage device 200 receives a processing instruction for first reconnection information from the controller 301.

  In Step S10-15, the controller 301 transmits the first reconnection information E (KPp2, E (Kb2old, Kb3)) to the storage device 200. In step S10-17, the storage device 200 receives the first reconnection information E (KPp2, E (Kb2old, Kb3)) from the controller 301.

  In step S10-19, the storage device 200 acquires the symmetric key Kb2old from the connection log, decrypts the first reconnection information, and extracts the symmetric key Kb3.

  In step S10-21, the storage device 200 generates and holds the symmetric key Kb2. In step S10-23, the storage device 200 acquires the public key KPp3 and the symmetric key Kb3old from the connection log, and generates the second reconnection information E (KPp3, E (Kb3old, Kb2)).

  In step S <b> 10-25, the controller 301 issues a second reconnection information output command to the storage device 200. In step S <b> 10-27, the storage device 200 receives an output command for second reconnection information from the controller 301.

  In step S10-29, the storage device 200 outputs the second reconnection information E (KPp3, E (Kb3old, Kb2)). Furthermore, the storage device 200 rewrites the symmetric keys Kb2old and Kb3old recorded in the connection log to Kb2 and Kb3.

  In step S10-31, the controller 301 acquires the second reconnection information E (KPp3, E (Kb3old, Kb2)) transmitted by the storage device 200, and transmits the acquired second reconnection information to the cryptographic engine 305. To do.

  In step S10-33, the cryptographic engine 305 receives the second reconnection information E (KPp3, E (Kb3old, Kb2)) from the controller 301.

  In step S10-35, the cryptographic engine 305 acquires the symmetric key Kb3old from the connection log, decrypts the first reconnection information, and extracts the symmetric key Kb2.

  In step S10-37, the cryptographic engine 305 determines whether or not a communication connection has been established between the storage device 200 and the content playback apparatus 300, that is, the storage device 200 (cryptographic engine 205) and the cryptographic engine 305 are symmetrical. It is determined whether or not the keys Kb2 and Kb3 are shared.

  When a communication connection is established with the storage device 200 (YES in step S10-37), in step S10-39, the cryptographic engine 305 holds the symmetric keys Kb2 and KPp2 and is recorded in the connection log. The existing symmetric keys Kb2old and Kb3old are rewritten to Kb2 and Kb3, and the reconnection process is terminated.

  If a communication connection has not been established with the storage device 200 (NO in step S10-37), the controller 301 and the cryptographic engine 305 determine that a communication connection cannot be established with the storage device 200, The reconnection process is terminated as an abnormal termination.

  Whether or not a communication connection has been established can be determined, for example, based on whether or not the data structure of the decrypted digital content is in a predetermined format.

  Further, the processing may be continued assuming that the communication connection is always established without determining the establishment of the communication connection in step S10-37.

In this case, if the communication connection is established, the subsequent encrypted data is normally transferred. This is because if the communication connection is not established, the encrypted data cannot be decrypted even if it is transferred.
(4) Read Transfer Process FIGS. 11 and 12 show the contents of the read transfer process in step S160 described above. As shown in FIG. 11, in step S160-1, the controller 301 refers to the transfer log list and issues a license read command for reading the license data LIC stored in the storage device 200 (tamper resistant data storage unit 207). It is issued to the storage device 200, and the address of the tamper resistant data storage unit 207 in which the license data LIC is stored is designated.

  In step S160-3, the storage device 200 receives a license read command from the controller 301. In step S160-5, the storage device 200 reads and holds the license data LIC stored at the designated address.

  In step S160-7, the controller 301 issues a permission information LC output command to the storage device 200. In step S <b> 160-9, the storage device 200 receives an output command for the license information LC from the controller 301.

  In step S160-11, the storage device 200 transmits the license information LC included in the license data LIC to the controller 301.

  In step S160-13, the controller 301 determines whether or not the content of “AC‖UC” in which the usage rules AC and UC included in the permission information LC received from the storage device 200 are connected is OK, that is, It is determined whether or not the digital content to be used can be used (for example, reproduced).

  If the digital content is available (YES in step S160-13), in step S160-15, the controller 301 transmits a session information transmission request (LC‖ADR‖P) to the cryptographic engine 305. The processing information “P” indicates the usage type (playback, copy, move) of the digital content.

  If the digital content is not available (NO in step S160-13), the controller 301 ends the read transfer process as an abnormal end.

  In step S160-17, the cryptographic engine 305 receives a session information transmission request from the controller 301.

  In step S160-19, the cryptographic engine 305 generates and holds the symmetric key Ks3 based on the session information transmission request.

  In step S160-21, the cryptographic engine 305 adds the received session information transmission request (LC‖ADR‖P) to the transfer log list. Note that the processing information “P” may not be included in the transmission request. As the contents of the usage rule AC included in the license data LIC stored in the storage device 200 change, the contents of the processing information “P” can be confirmed.

  In step S160-23, the cryptographic engine 305 generates session information E (Kb2, Ks3), and transmits the generated session information to the controller 301. In step S160-25, the controller 301 receives session information from the controller 301.

  In step S160-27, the controller 301 issues a session information processing command to the storage device 200. At this time, the controller 301 also specifies the usage type.

  In step S <b> 160-29, the storage device 200 receives a session information processing command from the controller 301.

  In step S160-31, the controller 301 transmits session information E (Kb2, Ks3) to the storage device 200. In step S160-33, the storage device 200 receives the session information from the controller 301.

  In step S160-35, the storage device 200 determines whether the license data LIC can be output based on the usage type specified by the session information processing instruction and the usage rule AC included in the license data LIC. .

  The usage type applied to the content playback apparatus 300 is only playback. Therefore, 1) when the number of playbacks of the digital content is set in the usage rule AC and the value of the number of playbacks is “0” (that is, there is no remaining number of playbacks). 3) When the output destination is described in the usage rule AC and the content playback apparatus 300 is contrary to the requirement, the storage device 200 is a target of (move). Determines that the license data LIC cannot be output.

  The reason why the output disabled state is set for the move is that the license data LIC cannot be restored if the license data LIC is deleted by the move. Further, in the present embodiment, it is assumed that whether or not the license data LIC can be output can be determined based on the usage rule AC by reflecting the state incapable of output due to movement in the usage rule AC.

  However, it is not always necessary to reflect the state incapable of being output due to movement in the usage rule AC, and it is possible to separately determine whether the output is possible using new “state information”. In this case, in step S160-35, the storage device 200 also refers to the state information and determines whether the output is possible.

  When the content recording apparatus 100 is used instead of the content reproduction apparatus 300, the usage type is “copy” or “move”. In the case of copying, determination based on “duplication prohibition / duplication number” is added instead of the number of reproductions. In the case of movement, determination based on “movement prohibition” is added instead of the number of reproductions.

  If the license data LIC cannot be output (NO in step S160-35), in step S160-37, the storage device 200 transmits an error notification indicating that the license data LIC cannot be output to the controller 301. In step S160-39, the controller 301 receives an error notification from the storage device 200, and terminates the read transfer process as abnormal termination.

  When the license data LIC can be output (YES in step S160-35), in step S160-41, the storage device 200 decrypts the received session information E (Kb2, Ks3).

  Next, as shown in FIG. 12, in step S160-43, the storage device 200 generates E (Ks3, E (KPp3, LIC)), which is the encrypted license data LIC.

  In step S160-45, the controller 301 issues an output command for encrypted license data to the storage device 200. In step S <b> 160-47, the storage device 200 receives an encryption license data output command from the controller 301.

  In step S160-49, the storage device 200 changes the contents of the usage rule AC of the license data LIC stored at the specific address of the tamper resistance data storage unit 207. For example, in the usage rule AC, when the number of times digital content is played is defined as 100 times, the number is subtracted to 99 times.

  In the case of copying, if the number of times of copying is specified, “1” is subtracted from the number of times of copying. In the case of a move, the license data LIC is set in a non-outputable state where the license data LIC cannot be output thereafter.

  In step S160-51, the storage device 200 transmits the generated encrypted license data E (Ks3, E (KPp3, LIC)) to the controller 301. In step S160-53, the controller 301 acquires the encrypted license data E (Ks3, E (KPp3, LIC)) transmitted by the storage device 200, and transmits the acquired encrypted license data to the cryptographic engine 305.

  In step S160-55, the cryptographic engine 305 receives the encrypted license data E (Ks3, E (KPp3, LIC)) from the controller 301.

  In step S160-57, the cryptographic engine 305 decrypts the encrypted license data E (Ks3, E (KPp3, LIC)).

  In step S160-59, the cryptographic engine 305 determines whether or not the decrypted license data LIC matches the license ID (LID) included in the stored transfer log list. Further, the cryptographic engine 305 checks the usage rule UC included in the license data LIC with the matching license ID (LID) to confirm the reproduction requirement.

  If the license IDs (LIDs) do not match or the reproduction requirement is not satisfied (NO in step S160-59), the cryptographic engine 305 transmits an error notification indicating that reproduction cannot be performed to the controller 301 in step S160-61.

  If the license IDs (LID) match and satisfy the reproduction requirement (YES in steps S160-59), in step S160-63, the cryptographic engine 305 sends the content key Kcont included in the license data LIC to the decryptor 307. It is determined whether to hold for supply or whether to end use of the content key Kcont and discard the content key Kcont.

  When the content key Kcont is held (YES in step S160-63), in step S160-65, the cryptographic engine 305 determines that the digital content has been used (for example, the music data exceeds a predetermined number of seconds). Monitor if there was a playback).

  If there is no use that determines that the digital content has been used (NO in step S160-65), the cryptographic engine 305 repeats the processing from step S160-63.

  If there is a use that determines that the digital content has been used (YES in steps S160-65), in step S160-67, the cryptographic engine 305 determines the license of the license data LIC associated with the digital content. The ID (LID) is confirmed, and the corresponding “(LC‖ADR‖P)” is deleted from the transfer log list.

  Note that the processing in steps S160-63 to S160-65 is periodically repeated while the content key Kcont is held.

  When discarding the content key Kcont (NO in step S160-63) or following the processing in step S160-61, in step S160-69, the controller 301 changes the contents of the license data LIC received from the storage device 200 to It is determined whether or not it is necessary to restore the state before the update accompanying the use of the digital content.

  That is, when there is no use that determines that the digital content has been used, for example, the content playback device 300 acquires license data LIC for playing back predetermined digital content from the storage device 200. When the digital content corresponding to the license data LIC is not reproduced at all or the reproduction is performed for a short time such that it is not determined to be used, the controller 301 converts the content of the license data LIC into the use of the digital content. It is determined that it is necessary to restore the state before the update.

  When it is necessary to restore the contents of the license data LIC (YES in Steps S160-69), in Step S160-71, the storage device 200 and the content reproduction apparatus 300 execute “restoration transfer processing”.

  Note that the contents of the “restoration transfer process” in step S160-71 are the same as the contents of the “restoration transfer process” in step S80. That is, the “restoration transfer process” in step S160-71 is executed when it is determined during the “read transfer process” that the contents of the license data LIC need to be restored.

If it is not necessary to restore the contents of the license data LIC (NO in Steps S160-69), the controller 301 ends the read transfer process.
(5) Restore Transfer Processing FIGS. 13 and 14 show the contents of the restore transfer processing in step S80 described above. As shown in FIG. 13, in step S80-1, the controller 301 refers to the transfer log list and issues a license read command for reading the license data LIC stored in the storage device 200 (tamper resistant data storage unit 207). It is issued to the storage device 200, and the address of the tamper resistant data storage unit 207 in which the license data LIC is stored is designated.

  In step S80-3, the storage device 200 receives a license read command from the controller 301. In step S80-5, the storage device 200 reads and holds the license data LIC stored at the designated address.

  In step S80-7, the controller 301 issues a permission information LC output command to the storage device 200. In step S <b> 80-9, the storage device 200 receives an output command for the license information LC from the controller 301.

  In step S80-11, the storage device 200 transmits the license information LC included in the license data LIC to the controller 301. In step S <b> 80-13, the controller 301 receives permission information LC from the storage device 200.

  In step S80-15, based on the license information LC received from the storage device 200, the controller 301 needs to restore the content of the license data LIC to the state before the update accompanying the use of the corresponding digital content. Determine whether.

  Specifically, the controller 301 matches the license ID (LID) included in the license information LC received from the storage device 200 with the license ID (LID) included in the license information LC to be determined. If the contents of the usage rule AC included in each license information LC are different, that is, the read transfer process is interrupted (the same license ID (LID) is included in the transfer log list), and the previous license data The content of the usage rule AC included in the license data LIC stored in the storage device 200 is updated by the transmission of the LIC (the content of the usage rule AC included in each license information LC is different). In this case, it is determined that the license data LIC needs to be restored.

  If it is necessary to restore the license data LIC stored in the storage device 200 (YES in step S80-15), the controller 301 issues a session information generation command to the storage device 200 in step S80-17.

  When it is not necessary to restore the license data LIC stored in the storage device 200 (NO in step S160-15), the controller 301 ends the restoration transfer process.

  In step S80-19, the storage device 200 receives a session information generation command from the controller 301.

  In step S80-21, the storage device 200 generates and holds a symmetric key Ks2. In step S80-23, the storage device 200 generates session information E (Kb3, Ks2) using the symmetric key Ks2.

  In step S80-25, the controller 301 issues a session information output command to the storage device 200. In step S <b> 80-27, the storage device 200 receives a session information output command from the controller 301.

  In step S80-29, the storage device 200 transmits session information E (Kb3, Ks2) to the controller 301. In step S80-31, the controller 301 receives session information from the storage device 200.

  In step S80-33, the controller 301 transmits a log verification request (session information grant information LC) to the cryptographic engine 305. In step S80-35, the cryptographic engine 305 receives a log verification request (specifically, the permission information LC included in the log verification request) from the controller 301.

  In step S80-37, the cryptographic engine 305 confirms the content of the license information LC received from the controller 301 and the content of the license information LC included in the transfer log list, specifically, received from the controller 301. It is determined whether or not the license information LC including the same license ID (LID) as the license ID (LID) included in the license information LC is included in the transfer log list.

  When the corresponding license information LC is included in the transfer log list (YES in step S80-37), in step S80-39, the cryptographic engine 305 includes the contents of the usage rule AC included in each license information LC. Compare

  If the contents of the two usage rules AC are different (Yes in step S80-39), that is, in the transmission of the previous license data LIC, the usage rule AC included in the license data LIC stored in the storage device 200 is the same. If it is determined that the update has been made, the cryptographic engine 305 proceeds to the process of step S80-45 shown in FIG.

  When the corresponding license information LC is not included in the transfer log list (NO in step S80-37), and when it is determined that the two usage rules AC match and the content has not been updated (step S80-39). In step S80-41, the cryptographic engine 305 transmits to the controller 301 an error notification indicating that the license data LIC cannot be restored.

  In step S80-43, the controller 301 receives an error notification from the cryptographic engine 305, and terminates the transfer restoration process as abnormal termination.

  Next, as shown in FIG. 14, in step S80-45, the cryptographic engine 305 decrypts the received session information E (Kb3, Ks2) and extracts the symmetric key Ks2.

  In step S80-47, the encryption engine 305 uses the symmetric key Ks2 and the public key KPp3 of the storage device 200 to encrypt the restoration information E (Ks2, E (KPp2, LID‖AC) obtained by encrypting “LID‖AC”. ) And the generated restoration information E (Ks2, E (KPp2, LID‖AC)) is transmitted to the controller 301. In step S80-49, the controller 301 receives the restoration information E (Ks2, E (KPp2, LID‖AC)) from the cryptographic engine 305.

  In step S80-51, the controller 301 issues a license data LIC restoration command to the storage device 200. Further, the controller 301 designates the storage address of the license data LIC in the storage device 200 (tamper resistant data storage unit 207) and notifies the storage device 200 of it.

  In step S80-53, the storage device 200 receives from the controller 301 an instruction to restore the license data LIC. The storage device 200 requests the controller 301 to transmit the restoration information E (Ks2, E (KPp2, LID‖AC)) based on the restoration command.

  In step S80-55, the controller 301 transmits the restoration information E (Ks2, E (KPp2, LIDＥAC)) to the storage device 200.

  In step S80-57, the storage device 200 receives the restoration information E (Ks2, E (KPp2, LID‖AC)) from the controller 301. Further, the storage device 200 decrypts E (Ks2, E (KPp2, LID‖AC)) using the secret key Kp2 and the symmetric key Ks2, and extracts the license ID (LID) and the usage rule AC.

  In step S80-58, the storage device 200 determines the license ID (LID) included in the license data LIC stored at the address designated by the controller 301 and E (Ks2, E (KPp2, LID‖AC It is determined whether or not the license ID (LID) extracted by decrypting ()) matches.

  If the license IDs (LID) do not match (NO in step S80-58), in step S80-60, the storage device 200 determines that the restoration information E (Ks2, E (KPp2, LID‖AC)) is unreliable information. Then, an error notification indicating that the process for the restoration command for the license data LIC is not executed is transmitted to the controller 301.

  In step S80-62, the controller 301 receives the error notification from the storage device 200, and ends the restoration transfer process as an abnormal end.

  On the other hand, if the license IDs (LID) match, the storage device 200 restores the usage rule AC included in the license data LIC stored at the address specified by the controller 301 in step S80-59. The usage rule AC extracted from the above is rewritten. At this time, the license data LIC stored at the address is set in a state where it can be output.

  The usage rule AC extracted from the restoration information is the usage rule AC before the transmission of the previous license data LIC, and the rewriting of the usage rule AC restores the license data LIC to the state before the transmission. Note that the setting to the output enabled state is a state in which the license data LIC cannot be output when the transmission of the license data LIC is a move, so that the license data LIC is restored to the state before the transmission.

  As a result, the license data LIC can be restored to the state before transmission regardless of the usage type of playback, copy, or move. Therefore, the storage device 200 does not need to record the usage type of the license data LIC in the previous transmission for restoration.

  In step S80-61, the storage device 200 transmits a completion notification indicating that the rewriting of the usage rule AC has been completed to the controller 301. The completion notice includes a license ID (LID).

  In step S80-63, the controller 301 acquires the completion notification transmitted by the storage device 200, and transmits the acquired completion notification to the cryptographic engine 305. In step S80-65, the cryptographic engine 305 receives a completion notification from the controller 301.

In step S80-67, the cryptographic engine 305 confirms the license ID (LID) included in the received completion notification, deletes the license data LIC having the license ID (LID) from the transfer log list, and performs transfer restoration. The process ends.
(Action / Effect)
According to the content usage system 10 according to the present embodiment described above, when it is determined that the digital content is not used in the content playback apparatus 300 even though the right to use the digital content is acquired, The playback device 300 requests the storage device 200 to restore the license data LIC received from the storage device 200 to the state before the update.

  Further, the storage device 200 determines whether or not the content of the transfer log list received from the content reproduction apparatus 300 in response to the restoration request matches the license data LIC that has been updated and stored, and updates the license data LIC. Restore the previous state.

  In other words, according to this feature, when the digital content is not normally used using the license data LIC transmitted by the storage device 200, the contents of the license data LIC managed by the storage device 200 are restored to the state before transmission. can do.

  Further, according to the content usage system 10, even when the communication connection is disconnected due to interruption of transmission / reception of the license data LIC (usage rule AC), the content usage system 10 is used for transmission / reception of the license data LIC and is temporarily generated. After establishing the communication connection again using the symmetric key (Kb2old, Kb3old) which is a temporary key to be executed, a process for restoring the contents of the license data LIC to the state before transmission is executed (the above-described reconnection process is performed). reference).

That is, even after the communication connection is disconnected, by using the symmetric key (Kb2old, Kb3old) used in the disconnected communication connection, it is possible to reliably identify the partner device that has transmitted and received the license data LIC. The restoration of the license data LIC that exceeds the permitted range of the right to use the digital content, such as impersonation of the content reproduction device 300, is prevented. For this reason, it is possible to protect the rights (such as copyright) of the author of the digital content while enhancing the convenience of the user of the digital content.
(Other embodiments)
As described above, the content of the present invention has been disclosed through one embodiment of the present invention. However, it should not be understood that the description and drawings constituting a part of this disclosure limit the present invention. From this disclosure, various alternative embodiments will be apparent to those skilled in the art.

  For example, in the above-described embodiment of the present invention, the license data LIC transmitted by the storage device 200 is encrypted with the public key KPp3 and further encrypted with the symmetric key Ks3 (E (Ks3, E (KPp3, LIC)). However, the order of encryption is not limited to this.

  For example, the order of encryption may be reversed (E (KPp3, E (Ks3, LIC)), and in this case, the same encryption strength as E (Ks3, E (KPp3, LIC)) can be obtained. Similarly, the restoration information E (Ks2, E (KPp2, LID‖AC)) may be E (KPp2, E (Ks2, LID‖AC)).

  In the above-described embodiment of the present invention, the symmetric keys Ks2 and Ks3 are transmitted as a single encryption as the session information E (Kb2, Ks3) and E (Kb3, Ks2). However, the license data LIC and the restoration information are used. As with, double encryption is also possible. For example, session information may be E (Kb2, E (Kb3, Ks3)), E (Kb3, E (Kb2, Ks2)), or the like.

  In the embodiment of the present invention described above, the symmetric keys Kb2 and Kb3 shared by both the storage device 200 and the cryptographic engine 305 are continuously used for generating session information when establishing a communication connection. The symmetric key may be updated each time the license data LIC or the restoration information sent / received is transmitted / received.

  In this case, the symmetric keys Ks2 and Ks3 (hereinafter referred to as Ks2old and Ks3old) used immediately before may be used as the symmetric keys Kb2 and Kb3, respectively.

  When the session information E (Ks2old, Ks3) and E (Ks3old, Ks2) are encrypted twice, the session information is E (Ks2old, E (Ks3old, Ks3)), E (Ks3old). , E (Ks2old, Ks2)). Further, as the first Ks2old and Ks3old, the symmetric keys Kb2 and Kb3 may be used.

  In the above-described embodiment of the present invention, the communication connection is re-established using the symmetric keys Kb2old and Kb3old, which are temporary keys generated when the communication connection is established. However, the symmetric key may not be used. Absent. Any temporary key may be used as long as it is a temporary key generated at or after the establishment of the communication connection.

  In the above-described embodiment of the present invention, the processing between the storage device 200 and the content reproduction apparatus 300 has been mainly described. However, the present invention also applies to the processing between the storage device 200 and the content recording apparatus 100. be able to.

  In the above-described embodiment of the present invention, digital content playback has been described as an example. However, the present invention can be used for copying digital content and moving license data LIC to other recording media. It can also be applied to.

  In the above-described embodiment of the present invention, music data has been described as an example of digital content. However, the present invention is not limited to music data, and video data (still images and moving images), games, etc. It can be applied to any multimedia information such as programs and documents.

  The logical blocks (controller 201, cryptographic engine 205, controller 301, cryptographic engine 305) according to the present invention can also be provided as a program that can be executed on a personal computer or the like.

  As described above, the present invention naturally includes various embodiments that are not described herein. Therefore, the technical scope of the present invention is defined only by the invention specifying matters according to the scope of claims reasonable from the above description.

DESCRIPTION OF SYMBOLS 10 ... Content utilization system, 100 ... Content recording apparatus, 101 ... Controller, 103 ... Storage interface, 105 ... Cryptographic engine, 107 ... Decryptor, 109 ... Cryptographic device, 111 ... Cryptographic engine, 113 ... Storage interface, 115 ... Data bus , 200, 200A ... storage device, 201 ... controller, 203 ... storage interface, 205 ... cryptographic engine, 207 ... tamper-resistant data storage unit, 209 ... normal data storage unit, 211 ... data bus, 221 ... control unit, 223 ... Certificate output unit, 225 ... Certificate verification unit, 227 ... Encryption unit, 229 ... Decryption unit, 231 ... Random number generation unit, 233 ... Signature calculation unit, 235 ... Local bus, 300 ... Content playback device, 301 ... Controller, 303 ... Storage in 305 ... Cryptographic engine, 307 ... Decoder, 309 ... Content decoder, 311 ... Data bus, 321 ... Control unit, 323 ... Certificate output unit, 325 ... Certificate verification unit, 327 ... Encryption unit, 329 ... Decryption , 331 ... Random number generator, 333 ... Signature calculation unit, 335 ... Log storage unit, 337 ... Local bus

Claims (2)

From the content usage information storage device that stores the content usage information including usage rules relating to the usage requirements of the digital content, and updates the content of the stored content usage information according to the output of the stored content usage information stored therein. A content utilization device that receives the content utilization information and uses the digital content,
When acquiring the content usage information, a content usage information identifier including the content usage information identifier for identifying the content usage information and the usage rule is stored in a transfer log list, and the digital content is acquired using the acquired content usage information. A transfer log list management unit that deletes the content use information log from the transfer log list when content is used ;
Based on whether the content usage information log is stored in the transfer log list and the usage rule of the content usage information log is different from the usage rule of the stored content usage information, the stored content usage information A use determination unit that determines whether or not restoration is necessary in the state before the update,
If the usage determining unit determines that restoration is necessary, the content usage information identifier and the usage rule stored in the transfer log list are transmitted to the content usage information storage device, and the stored content usage information is used. A content use apparatus comprising: a restoration request unit that requests to restore the stored content use information to a state before update by rewriting a rule . Shares the public key of the content usage device with the content usage information storage device and the first symmetric key temporarily generated by the content storage device, and temporarily uses the first symmetric key to Further comprising: a utilization device side encryption processing unit that encrypts the second symmetric key generated automatically and decrypts the content utilization information encrypted using the second symmetric key and the public key,
The transfer log list management unit transmits the encrypted second symmetric key to the content usage information storage device, and acquires the content usage information encrypted from the content usage information storage device. The content usage information identifier including the content usage information and the content usage information log including the usage rule are stored in the transfer log list, the obtained encrypted content usage information is decrypted, and the decrypted content usage information is stored. 2. The content use apparatus according to claim 1, wherein when the digital content is used, the content use information log is deleted from the transfer log list.

Images