JP4710218B2 - Data processing method, data processing system, management apparatus, program - Google Patents

Description

  The present invention relates to a data processing method for performing processing related to identification data for identifying a recording medium, a program thereof, an apparatus thereof, and a recording medium.

When content is provided using a recording medium such as an optical disk, if the recording medium is illegally copied, the profit of the content provider is unjustly harmed.
In order to solve such a problem, a system is known in which an ID for identifying each recording medium is recorded on each recording medium, and the illegally duplicated recording medium is specified based on the ID.

  However, the above-described conventional system has a problem that it cannot be verified whether the ID recorded on the recording medium has been falsified and whether the ID has been created by a person with a legitimate authority.

The present invention has been made in view of the above-described problems of the prior art, and in the case of managing a recording medium based on identification data, a data processing method capable of generating the identification data in a form that is difficult to illegally generate and falsify, A first object is to provide the program and the apparatus.
The present invention also provides a data processing method that achieves the first object, a program thereof, a data processing method that can appropriately verify identification data generated by the device, a program thereof, and a device thereof. The purpose.
The third object of the present invention is to provide a data processing method that achieves the first object described above, a program thereof, and a recording medium on which identification data generated by the apparatus is recorded.

According to the present invention, a disc-shaped recording medium having a number W (W: an integer of 2 or more) to be manufactured by the manufacturing apparatus using a management apparatus, a manufacturing apparatus, and a content providing apparatus used by a management source . A data processing method for generating different identification information for each recording medium so as to be able to verify whether it is an unauthorized copy disk , wherein the management device has a plurality of disks on which the same identification information is written. When a state recording medium is found, the identification information is registered as invalid and the version is updated to generate an identification information list of invalid disks, and the public key of the management source which is key data for digital signature data, wherein the management source of the secret key data, W number of different messages according to the number W for signature generation, and was created in the verification based on the identification information list First step and a second step of inputting the number W from the content providing apparatus, at least the W number of signature messages with the management source of the secret key data for the generation of determining parameters including the message with bets, a third step of generating a W number of different signature data, the set information and messages for the previous SL verification before Symbol signature data is included as being different, to produce disk assigned as the identification information for each Jo recording medium body, in order to write the assigned identification information to the respective disk-shaped recording medium corresponding with the identification information list of the invalid disc, the identification information list of the assigned identification information and disable the disk the having, a fourth step of outputting to the manufacturing apparatus, a data processing method is provided.

Preferably, the management device, in the third step, a W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, manufacturing disk-shaped W different signature data corresponding to the number W of recording media are generated.

Preferably, the manufacturing apparatus inputs, from the management apparatus, the W pieces of identification information including each message for verification and corresponding signature data, and an identification information list of the invalid disk from the management apparatus ; , and W pieces of identification information the input, recorded in each disc-shaped recording medium corresponding identification information list along with the identification information invalid disc by the input, W disc-shaped recording medium to be manufacturing And a sixth step.

Preferably, the secret key data of the management source is stored in a secure memory in the management device.

Preferably, the management device, in the fourth step, the after performing the assignment of the identification information, the W number of the assigned identification information secure portable recording medium together with identification information list of the invalid disc The manufacturing apparatus inputs the W identification information and the invalid disk identification information list from the secure portable recording medium.

Preferably, the management device publishes the public key data and the parameters determined in the first step, and the message for the verification is based on the public key data and the parameters disclosed. It can be reproduced from the signature data of the identification information .

In addition, according to the present invention, a disc-shaped recording medium having a management device used by a management source, a manufacturing device, and a content providing device and having the number W (W: an integer of 2 or more) to be manufactured by the manufacturing device A data processing system for generating different identification information for each recording medium so as to be able to verify whether it is an unauthorized copy disk , wherein the management device includes a plurality of pieces of information to which the same identification information is written. When a disc-shaped recording medium is found, the identification information is registered as invalid and the version is updated to generate an invalid disc identification information list, and the management source is released as key data for digital signature key data, the management source of the secret key data, W number of different messages according to the number W for signature generation, and the created based on the identification information list the test Message to determine a parameter that contains for the inputs the number W from the content providing apparatus, using at least the W number of signature private key data message of the management source for generating, W number of different signature data to generate, assign the set information included as the messages for the previous SL verification before Symbol signature data is different from each other, as said identification information for each disc-shaped recording medium to be produced, the There is provided a data processing system for outputting the assigned identification information and the invalid disk identification information list to the manufacturing apparatus in order to write the assigned identification information together with the invalid disk identification information list to each corresponding disk-shaped recording medium. The

Preferably, the management device, upon generation of the signature data, and the W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, manufacturing disk-shaped W different signature data corresponding to the number W of recording media are generated.

Preferably, the manufacturing apparatus inputs, from the management apparatus, the W pieces of identification information including each message for verification and the corresponding signature data and the identification information list of the invalid disk . and W pieces of identification information, each identification information corresponding with the identification information list of invalid disk to which the input and recorded in the disc-shaped recording medium W disc-shaped recording medium to be manufacturing.

Preferably, the secret key data of the management source is stored in a secure memory in the management device.

Preferably, after assigning the identification information , the management device stores W assigned identification information together with the identification information list of the invalid disk in a secure portable recording medium, and the manufacturing device The W identification information and the invalid disk identification information list are input from the secure portable recording medium.

Preferably, the management device exposes it was determined boss the public key data of the parameter, the message for verification, based on the public key data and said parameter published, signature data of the identification information Can be played from .

Further, according to the present invention , information can be exchanged between the manufacturing apparatus and the content providing apparatus, and each recording medium of the disc-shaped recording medium having the number W (W: an integer of 2 or more) to be manufactured by the manufacturing apparatus. different identification information for, managing apparatus that generated possible to verify whether or not an illegal copy disc, the management apparatus, a plurality of disc-shaped recording medium in which the same identification information is written is found The identification information list of the invalid disk is generated by registering the identification information as invalid and updating the version, and the public key data of the management source, which is key data for the digital signature, secret key data, W number of different messages according to the number W for signature generation, and messages for the verification which has been created based on the identification information list The containing parameters determined, the type of the number W from the content providing apparatus, using at least the W number of signature private key data message of the management source for generating, generates a W number of different signature data and, the set information message is the before Symbol signature data are included as those different from each for the previous SL verification, assigned as the identification information for each disc-shaped recording medium to be produced, the assigned identification information A management device is provided that outputs the assigned identification information and the invalid disk identification information list to the manufacturing apparatus for writing to each corresponding disk-shaped recording medium together with the invalid disk identification information list .

Preferably, the management device, upon generation of the signature data, and the W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, manufacturing disk-shaped W different signature data corresponding to the number W of recording media are generated.

Preferably, the secret key data of the management source is stored in a secure memory in the management device.

Preferably, after assigning the identification information , the management device stores W assigned identification information together with the identification information list of the invalid disk in a secure portable recording medium, and the manufacturing device It can be used with.

Preferably, the management device exposes it was determined boss the public key data of the parameter, the message for verification, based on the public key data and said parameter published, signature data of the identification information Can be played from .

According to the present invention, is capable of passing information between the manufacturing apparatuses and the content providing apparatus, the manufacturing apparatus number to be produced W: each recording medium (W 2 or more integer) disc-shaped recording medium On the other hand, a plurality of disc-shaped recording media in which the same identification information is written, which is a program that operates in a management device that generates different identification information so as to be able to verify whether it is an unauthorized copy disk A procedure for generating an identification information list of invalid disks by registering the identification information as invalid and updating the version , public key data of the management source that is key data for digital signature, and the management source the secret key data, W number of different messages according to the number W for signature generation, and was created in the verification based on the identification information list A procedure for determining parameters including messages, using the procedure of inputting the number W from the content providing apparatus, at least the W number of signature private key data message of the management source for generating, W the identification information and instructions to generate a number of different signature data, the set information message is the before Symbol signature data are included as those different from each for the previous SL verification, for each disk-shaped recording medium to be produced a step of allocating as, for writing the assigned identification information to the respective disk-shaped recording medium corresponding with the identification information list of the invalid disc, and outputs the identification information list of the assigned identification information and disabling the disc to the manufacturing apparatus A program for causing a computer to execute the procedure is provided.

Preferably, in generating the signature data, and the W number of messages for the signature generation, and W random numbers, using said management source of secret key data, the number of manufacturing disk-shaped recording medium W The computer is caused to execute a procedure for generating W different signature data corresponding to.

According to the present invention, when managing a recording medium based on identification data, there is provided a data processing method, a program thereof, and an apparatus thereof capable of generating the identification data in a form in which it is difficult to illegally generate and falsify the identification data. The first effect that it can be obtained.
In addition, according to the present invention, it is possible to provide a data processing method, the program, and the apparatus that can appropriately verify the identification data generated by the data processing method, the program, and the apparatus, which obtain the first effect. The second effect is obtained.
In addition, according to the present invention, a third effect is obtained in which a data processing method for obtaining the first effect, a program thereof, and a recording medium on which identification data generated by the device can be provided can be provided.

Hereinafter, embodiments of the present invention will be described.
<First Embodiment>
This embodiment is an embodiment corresponding to the first to sixth and twenty-fifth inventions.
[Disc type recording medium 2]
FIG. 1 is a diagram for explaining data recorded on a disk-type recording medium 2 (a recording medium according to a twenty-fifth invention) according to an embodiment of the present invention.
The disk type recording medium 2 is a CD (Compact Disc), a DVD (Digital Versatile Disk), an MD (Mini Disk) or other disk type recording medium.
The disc type recording medium 2 corresponds to the recording medium of the 25th invention. The recording medium of the present invention may be a semiconductor recording device such as a flash memory and other recording media in addition to the disk type.

As shown in FIG. 1, a disc ID, encrypted content data ECONT, encryption key information EKB, and a revocation list DIRL of disc ID are recorded on the disc type recording medium 2.
The disk ID is identification data for identifying the disk type recording medium 2 and is stored in the disk type recording medium 2 so that erasure and rewriting are difficult.
The disc ID corresponds to the identification data of the present invention. A method for generating the disk ID will be described later.
In the embodiment described below, a disk-shaped medium is shown as an example of a content storage information recording medium, and therefore, the identification data will be described as a disk ID.
Identification data corresponding to the disk ID is also set when various information recording media such as a flash memory are used.

The encrypted content data ECONT is encrypted content data, and the content key data for decrypting the encrypted content data ECONT is sent to a playback device as a legitimate content using device, for example, by a hierarchical key data distribution configuration. Based on the provided device node key data (DNK: Device Node Key), it is obtained by decrypting an enabling key block (EKB) that is encryption key information stored in the disk type recording medium 2 The
Details of the key acquisition process by providing the device node key data DNK by the hierarchical key data distribution configuration and the decryption process of the activation key block EKB based on the device node key data DNK will be described later.

  Further, a disc ID revocation list (DIRL) is a disc ID recognized as having been illegally copied, such as a CD-R that stores illegally copied content in the market. This is a list of data obtained by extracting the disc IDs copied together with the contents on the unauthorized CD-R. The generation and management of the revocation list DIRL and the provision of list information to the disc manufacturer are executed by a specific trusted management authority (CA).

〔System configuration〕
FIG. 2 is a configuration diagram of the content providing system 1 according to the first embodiment of the present invention.
As shown in FIG. 2, the content providing system 1 includes a management device 12 used by the management station CA, a content providing device 13 used by a content provider, a disc manufacturing device 14 used by a disc manufacturer, and a user's use. And a playback device 15 that performs the playback.
Here, the management device 12 corresponds to the data processing devices of the second and third inventions.
Further, the playback device 15 corresponds to the data processing devices of the fifth and sixth inventions.
In this embodiment, the playback device 15 is exemplified. However, if the validity of the disk ID recorded on the disk type recording medium 2 is verified and processing is performed based on the result, the playback device 15 In addition, for example, a data processing apparatus that records or edits content data read from the disk type recording medium 2 may be used.

The management apparatus 12 generates the disk ID and the revocation list DIRL described above and provides them to the disk manufacturing apparatus 14.
Further, the content providing device 13 provides the encrypted content ECONT and the enabling key block EKB to the disc manufacturing device 14.
The disk manufacturing apparatus 14 manufactures the disk type recording medium 2 in which the disk ID and revocation list DIRL received from the management apparatus 12, the encrypted content data ECONT received from the content providing apparatus 13, and the activation key block EKB are recorded. To do.
The user purchases the disk type recording medium 2, for example, and sets it in the playback device 15.
The playback device 15 verifies that the disc ID recorded in the disc type recording medium 2 is valid, confirms that the disc ID does not exist in the revocation list DIRL, and based on its own device node key data DNK. The encrypted content data ECONT is decrypted on the condition that appropriate content key data has been acquired from the validation key block EKB, and subsequently reproduced.

Hereinafter, each apparatus which comprises the content provision system 1 shown in FIG. 2 is demonstrated in detail.
[Management device 12]
FIG. 3 is a configuration diagram of the management apparatus 12 shown in FIG.
As shown in FIG. 3, the management device 12 includes, for example, a main memory 22, a secure memory 23, an input / output interface (I / F) 24, a recording medium interface (I / F) 25, an arithmetic unit 26, and a controller 27. These are connected via the bus 21.

The main memory 22 stores data having a low security level among various data used for processing of the arithmetic unit 26 and the controller 27.
The secure memory 23 stores data having a high security level among various data used for processing of the arithmetic unit 26 and the controller 27.
The secure memory 23 stores, for example, secret key data of the management station CA used for generating the disk ID.
The input / output interface 24 is connected to, for example, an operation unit (not shown) or a network, and inputs various data used by the management apparatus 12.
The recording medium interface 25 writes the disc ID and revocation list DIRL generated under the control of the controller 27 in the recording medium 29a. The recording medium 29a is provided to the content providing device 13.
Further, the recording medium interface 25 writes the device node key data DNK generated under the control of the controller 27 to the recording medium 29b.
The recording medium 29b is provided to the playback device 15 or the manufacturer of the playback device 15.

The arithmetic unit 26 generates signature data based on the control from the controller 27, and generates a disk ID based on the signature data.
In addition, the arithmetic unit 26 generates a revocation list DIRL.
The controller 27 executes the program PRG1 (the program of the second invention) and controls the processing of the management device 12 in an integrated manner.
The function (processing) of the management device 12 in this embodiment is defined according to the execution of the program PRG1 by the controller 27.
All or part of the functions (processing) of the management device 12 may be defined by the program PRG1 or may be realized by hardware.

Hereinafter, the disk ID generation operation by the management apparatus 12 shown in FIG. 3 will be described.
FIG. 4 is a flowchart for explaining the disk ID generation operation by the management apparatus 12 shown in FIG.
In FIG. 4, step ST2 corresponds to the first process of the first invention, and step ST3 corresponds to the second process of the first invention.
Further, the controller 27 executes step ST2 to realize the first means of the third invention, and the execution of step ST3 realizes the second means of the third invention.

Step ST1:
The controller 27 of the management apparatus 12 includes the public key data of the management station CA (public key data of the first invention) and secret key data (secret key data of the first to third inventions), which are key data for digital signatures. ), And parameters for signature generation and verification.
The controller 27 discloses the public key data and the parameters.
For example, the controller 27 performs the disclosure by transmitting the public key data and the parameters from the output interface 24 over the network.
The process of step ST1 need only be performed once when setting up the management apparatus 12.

Step ST2:
The management device 12 inputs the title of the content (for example, a movie) and the number W (W ≧ 2) of the disc type recording media 2 to be manufactured from the content provider via the input / output interface 24, and stores them in the main memory 22. To store.
The arithmetic unit 26 uses the arbitrary message M (second data of the first invention), the random number r (w), and the secret key data of the management station CA, and W digital different signature data SIG. (W) (signature data of the first to third inventions) is generated.
The signature data SIG (w) is generated using public key data corresponding to the secret key data of the management station CA in a form in which the presence / absence of tampering and validity can be confirmed.
Here, w = 1, 2,..., W, and r (w) is an individual random number.
Note that the arithmetic unit 26 may generate the signature data SIG (w) based on the individual W messages M (w) (not necessarily individual random numbers).
The arithmetic unit 26 is a method for generating the signature data SIG (w), which is a method in which the signer can use an arbitrary random number when generating a signature. Also, ECDSA, which is an elliptic curve encryption version, is used. DSA (Digital Signature Alogorithm) is, for example, Tatsuaki Okamoto and Hiroshi Yamamoto, “Contemporary Cryptography”, Sangyo Tosho, 1997 pp. 179-180, which is described at http: // grouper. iee. org / groups / 1363 / tradPK / index. Details are given in the specifications available from html.

Step ST3:
The controller 27 uses the message M or M (w) determined in step ST1 and the signature data SIG (w) generated in step ST2, and sets (M, SIG (w)) or (M (w), A set of SIG (w)) is generated as the w-th disc ID (w) and is provided to the disc manufacturer in a secure state together with the title.
Specifically, for example, the disc ID (w) is recorded on the recording medium 29a shown in FIG. 3 and provided to the disc manufacturer.

  In addition, the management device 12 generates a revocation list DIRL indicating the disc ID of the information recording medium to be revoked, and also provides this to the disc manufacturer.

[Disk manufacturing apparatus 14]
FIG. 5 is a block diagram of the disk manufacturing apparatus 14 shown in FIG.
As shown in FIG. 5, the disk manufacturing apparatus 14 includes, for example, an input / output interface 32, an encryption processing unit 33, a memory 34, a controller 35, and a recording medium interface 36, which are connected via a bus 31. .

The input / output interface 32 receives an externally supplied digital signal and outputs it on the bus 31.
The input / output interface 32 receives, for example, the encrypted content data ECONT and the validation key block EKB from the content providing apparatus 13.
The input / output interface 32 inputs data such as a disk ID (w) and a revocation list DIRL from the management apparatus 12 via the recording medium 19a.
The input / output interface 32 receives a number of disk IDs (w) corresponding to the number of disks to be manufactured from the management apparatus 12.
Further, the input / output interface 32 receives the encrypted content data ECONT and the enabling key block EKB from the content providing apparatus 13 via a recording medium.

The encryption processing unit 33 is configured by, for example, a one-chip LSI (Large Scale Integrated Circuit), and encrypts or decrypts a digital signal as content supplied via the bus 31 and outputs the encrypted signal to the bus 31. have.
The encryption processing unit 33 is not limited to a one-chip LSI, and can be realized by a configuration in which various types of software or hardware are combined.

  The memory 34 stores the encrypted content data ECONT and the activation key block EKB received from the content providing device 13, and the disk ID and revocation list DIRL received from the management device 12.

The controller 35 comprehensively controls the processing of the disk manufacturing apparatus 14.
The recording medium interface 36 manufactures the disk type recording medium 2 shown in FIG.

Hereinafter, an operation example of the disk manufacturing apparatus 14 shown in FIG. 5 will be described.
FIG. 6 is a flowchart for explaining an operation example of the disk manufacturing apparatus 14 shown in FIG.
Step ST11:
The disk manufacturing apparatus 14 inputs W disk IDs (w) and the revocation list DIRL from the management apparatus 12 via the recording medium 19 a via the input / output interface 32 and writes them in the memory 34.
Step ST12:
The disc manufacturing apparatus 14 inputs the activation key block EKB from the content providing apparatus 13 via the input / output interface 32 and writes it in the memory 34.
Step ST13:
The disc manufacturing apparatus 14 inputs the encrypted content data ECONT from the content providing apparatus 13 via the input / output interface 32 and writes it in the memory 34.

Step ST14:
The controller 35 of the disk manufacturing apparatus 14 reads the revocation list DIRL, the enabling key block EKB, and the encrypted content data ECONT from the memory 34, writes these data to an information recording medium (disk), and manufactures a master disk.
Step ST15:
The controller 35 manufactures a disk as a replica by stamping with a stamper based on the master disk manufactured in step ST14.
Step ST16:
The controller 35 manufactures the disk type recording medium 2 by writing the disk ID (w) read from the memory 34 on the disk manufactured in step ST15.
Step ST17:
The controller 35 determines whether or not W disk-type recording media 2 have been manufactured. If it is determined that the disk has been manufactured, the process ends. If not, the process returns to step ST15.

As described above, the disk manufacturing apparatus 14 writes different disk IDs (w) to the respective manufacturing disks according to the number W of the disk type recording media 2 received from the management apparatus 12.
Therefore, different disc IDs (w) are set for the disc type recording media 2 distributed in the market, and a plurality of disc type recording media 2 in which the same disc ID (w) is recorded are found. If it is determined that the illegal copy has been executed, the management station CA executes an update process for writing the disk ID (w) in the revocation list DIRL, and provides the updated list to the disk manufacturer. The list is stored in the new disk.

  When a user who has purchased the disc-type recording medium 2 sets the disc-type recording medium 2 in the playback device 15 and executes content playback processing, the user who purchases the disc-type recording medium 2 is connected to the revocation list DIRL stored in the memory in the playback device 15. A version comparison is performed and the updated list is stored in memory. Therefore, the list stored in the memory of the user's playback device 15 is updated as needed.

Hereinafter, the revocation list DIRL manufactured by the management apparatus 12 will be described.
FIG. 7 is a diagram for explaining the revocation list DIRL shown in FIG.
As shown in FIG. 7, the revocation list DIRL includes a version number 51 that increases according to the time when the revocation list DIRL is created, and the disc ID of the disc-type recording medium 2 to be invalidated (revoked). The revoked disk ID list 52 enclosing (w), the version number 51, and the authenticator as the falsification verification value 53 for the revoked disk ID list 52 are included.
The falsification verification value 53 is data applied to determine whether or not the target data, in this case, the version number 51 and the revoked disk ID list 52 has been falsified, and is a digital signature using public key cryptography. Alternatively, a message authentication code (MAC) using a common key encryption technique is applied.

  When a digital signature using public key cryptography is used as the falsification verification value 53, the playback device obtains a signature verification key (public key) of a trusted organization such as the management station CA described above, and the signature of the management station CA is obtained. Whether the version number 51 and the revoked disk ID list 52 have been falsified by verifying the signature created using the generated key (private key) with the signature verification key (public key) acquired by each player. Determine.

FIG. 8 is a diagram for explaining MAC generation and verification processing when the message authentication code MAC is used as the falsification verification value 53.
The message authentication code MAC is generated as data for falsification verification of data, and various modes are possible for the MAC generation processing and verification processing modes. As an example, a MAC using a DES encryption processing configuration is used. A value generation example will be described with reference to FIG.

As shown in FIG. 8, the target message, in this case, the version number 51 and the revoked disk ID list 52 shown in FIG. 7 are divided into units of 8 bytes (hereinafter, the divided messages are divided into M1, M2,. First, the initial value (Initial Value (IV)) and M1 are exclusive-ORed (the result is I1).
Next, I1 is put into the DES encryption unit and encrypted using a key (hereinafter referred to as K1) (the output is assumed to be E1).
Subsequently, E1 and M2 are exclusively ORed, and the output I2 is input to the DES encryption unit and encrypted using the key K1 (output E2). Thereafter, this is repeated, and encryption processing is performed on all messages. The EN that comes out last becomes the message authentication code MAC.

  When the generation data is changed, the MAC value becomes a different value, and the MAC generated based on the data (message) to be verified is compared with the recorded MAC. It is proved that the data (message) to be verified has not been changed or altered.

  As the key K1 in the MAC generation, for example, a key (root key data) obtained by the decryption process of the enabling key block (EKB) based on the device node key data DNK by the hierarchical key data distribution configuration can be applied. is there. A predetermined value can be used as the initial value IV.

[Hierarchical key distribution tree configuration]
Hereinafter, a key providing process according to a hierarchical key distribution tree configuration, which is an aspect of the broadcast encryption method, and a playback device management configuration as a playback device will be described.

Numbers 0 to 15 shown at the bottom of FIG. 9 are user devices that use content. In the present embodiment, the user device corresponds to the playback device 15 shown in FIG.
Each leaf (leaf) of the hierarchical tree (tree) structure shown in FIG. 9 corresponds to each device.

Each device 0 to 15 has a key (node key data) assigned to a node from its own leaf to the root in the hierarchical tree (tree) structure shown in FIG. A key data set consisting of leaf key data of a leaf (device node key data DNK is stored in a memory.
In FIG. 9, K0000 to K1111 shown at the bottom are leaf key data respectively assigned to the devices 0 to 15, and are described in the second node (node) from the bottom to the top KR (root key data). The key data: KR to K111 are set as node key data.

In the tree configuration shown in FIG. 9, for example, the device 0 has leaf key data K0000 and node key data: K000, K00, K0, and KR. The device 5 owns K0101, K010, K01, K0, and KR. The device 15 owns K1111, K111, K11, K1, and KR.
In the tree of FIG. 9, only 16 devices from 0 to 15 are described, and the tree structure is shown as a balanced configuration with a four-stage configuration, but more devices are configured in the tree. In addition, it is possible to have a different number of stages in each part of the tree.

In addition, each device included in the tree structure of FIG. 9 includes various types of recording media, such as various types using a device embedded type or a DVD, CD, MD, flash memory, etc. that are configured to be detachable from the device. The device is included.
Furthermore, various application services can coexist. The hierarchical tree structure as the content or key distribution configuration shown in FIG. 9 is applied on the coexistence configuration of different devices and different applications.

In a system in which these various devices and applications coexist, for example, the portion surrounded by a dotted line in FIG. 9, that is, devices 0, 1, 2, and 3 are set as one group using the same recording medium.
For example, for the devices included in the group surrounded by the dotted line, it is possible to collectively provide common contents by encrypting them and storing them on an information recording medium such as a network or CD from a provider. Processing such as sending content key data to be used or encrypting and outputting content fee payment data from each device to a provider or a settlement organization is executed.
The entity that performs data transmission / reception with each device such as a content server, license server, shop server, etc., collects data in a lump with the portions surrounded by the dotted lines in FIG. 9, ie, devices 0, 1, 2, and 3 as one group. Processing to send can be executed. There are a plurality of such groups in the tree of FIG.

  Note that node key data and leaf key data may be managed by a management system having a certain key management center function, or message data from a provider or a settlement organization that performs various data transmission / reception with respect to each group. It is good also as a structure managed for every group by a delivery means. These node key data and leaf key data are updated when, for example, key data is leaked. This updating process can be executed by a management system having a key management center function, a provider, a settlement organization, or the like.

In this tree structure, as is apparent from FIG. 9, the three devices 0, 1, 2, 3 included in one group are device node keys including common key data K00, K0, KR as device node key data DNK. Data DNK is held.
By using this node key data sharing configuration, for example, common key data can be provided only to devices 0, 1, 2, and 3. For example, commonly held node key data K00 is owned key data common to devices 0, 1, 2, and 3.
If the value Enc (K00, Knew) obtained by encrypting the new key data Knew with the node key data K00 is stored in a recording medium via a network or distributed to the devices 0, 1, 2, 3 Only 0, 1, 2, 3 can use the shared node key data K00 possessed by each device to break the encryption Enc (K00, Knew) and obtain new key data Knew. Enc (Ka, Kb) indicates data obtained by encrypting Kb with Ka.

Further, at a certain time t, when it is discovered that the keys possessed by the device 3: K0011, K001, K00, K0, KR are analyzed and exposed by an attacker (hacker), the system (devices 0, 1) , 2 and 3), the device 3 needs to be disconnected from the system.
For this purpose, the node key data: K001, K00, K0, KR are updated to new keys K (t) 001, K (t) 00, K (t) 0, K (t) R, respectively, It is necessary to transmit the update key data to 1 and 2. Here, K (t) aaa represents the update key data of the generation (t) of key Kaaa: t.

The update key data distribution process will be described. For example, the key data is updated by storing a table constituted by the enabling key block EKB shown in FIG. .
The enabling key block EKB is composed of encryption key data for distributing newly updated key data to devices corresponding to the leaves constituting the tree structure as shown in FIG. The activation key block EKB is sometimes called a key data update block (KRB: Key Renewal Block).

The enabling key block EKB shown in FIG. 10A is configured as block data having a data configuration that can be updated only by a device that needs to update node key data.
The example of FIG. 10 is block data formed for the purpose of distributing generation t update node key data in the devices 0, 1, and 2 in the tree structure shown in FIG.
As is apparent from FIG. 9, device 0 and device 1 require K (t) 00, K (t) 0, and K (t) R as update node key data, and device 2 has update node key data. K (t) 001, K (t) 00, K (t) 0, and K (t) R are required.

As shown in the EKB in FIG. 10A, the EKB includes a plurality of encryption key data. The lowermost encryption key data is Enc (K0010, K (t) 001). This is the updated node key data K (t) 001 encrypted by the leaf key data K0010 possessed by the device 2, and the device 2 decrypts the encrypted key data by using the leaf key data possessed by itself, and K (t ) 001 can be obtained.
Also, using K (t) 001 obtained by the decryption, it becomes possible to decrypt the encryption key data Enc (K (t) 001, K (t) 00) at the second stage from the bottom of FIG. Update node key data K (t) 00 can be obtained.
Subsequently, the encrypted key data Enc (K (t) 00, K (t) 0) in the second stage from the top in FIG. 10A is sequentially decrypted, and the update node key data K (t) 0, FIG. The encrypted key data Enc (K (t) 0, K (t) R) at the first stage from the top of A) is decrypted to obtain K (t) R. On the other hand, the device K0000. K0001 is not included in the node key data K000 to be updated, and K (t) 00, K (t) 0, and K (t) R are required as the updated node key data.
Device K0000. K0001 decrypts the encryption key data Enc (K000, K (t) 00) in the third row from the top in FIG. 10A to obtain K (t) 00. The encryption key data Enc (K (t) 00, K (t) 0) in the second row from the top is decrypted, and the update node key data K (t) 0, the first row from the top in FIG. The encrypted key data Enc (K (t) 0, K (t) R) is decrypted to obtain K (t) R. In this way, the devices 0, 1, and 2 can obtain the updated key K (t) R.
The index in FIG. 10A indicates the absolute address of node key data and leaf key data used as decryption key data.

  When the update of the node key data at the upper level of the tree structure shown in FIG. 9: K (t) 0, K (t) R is unnecessary, and only the update processing of the node key data K00 is required, FIG. By using the activation key block EKB of (B), the updated node key data K (t) 00 can be distributed to the devices 0, 1, and 2.

The EKB shown in FIG. 10B can be used, for example, when distributing new content key data shared in a specific group.
As a specific example, it is assumed that a recording medium having devices 0, 1, 2, and 3 in a group indicated by a dotted line in FIG. 9 is used and new common content key data K (t) con is required.
At this time, a new common updated content key data: Data Enc (K (t) con) encrypted using K (t) 00 updated from the common node key data K00 of the devices 0, 1, 2, 3 K (t) 00, K (t) con) are distributed together with the EKB shown in FIG. This distribution enables distribution as data that is not decrypted in other groups of devices such as the device 4.

  That is, if the devices 0, 1, and 2 decrypt the ciphertext using K (t) 00 obtained by processing the EKB, the content applied to the encryption / decryption of the key data at time t, for example, the content It becomes possible to obtain the key data K (t) con.

FIG. 11 shows a processing example in which key data at time t, for example, content key data K (t) con applied to content encryption / decryption is acquired by EKB processing.
The EKB includes data Enc (K (t) 00, K (t) con) obtained by encrypting the content key data K (t) con using K (t) 00 and the data shown in FIG. 10B. Assume that it is stored. Here, a processing example of the device 0 is shown.

As shown in FIG. 11, the device 0 uses the same EKB process as described above using the generation EKB stored at the recording medium: t and the node key data K000 stored in advance by itself. Data K (t) 00 is generated.
Further, the encrypted content Enc (K (t) 00, K (t) con) is decrypted by using the decrypted updated node key data K (t) 00 to obtain updated content key data K (t) con. Further, the device may be encrypted and stored with the leaf key data K0000 that only the device has for later use.

  As another example, there is a case where the node key data in the tree structure is not required to be updated, and a device that needs only the content key data K (t) con at the time t may be obtained. In this case, the following method can be used.

Now, as in the example of FIG. 11, it is assumed that the content key data K (t) con is sent only to the devices 0, 1, and 2. At this time, EKB
Version: t
Index Encryption key data 000 Enc (K000, K (t) con)
0010 Enc (K0010, K (t) con)
It becomes.

  The device 0 and device 1 can use K000, and the device 2 can use K0010 to decrypt the ciphertext of one of the EKBs to obtain the content key data. By doing so, the node key data cannot be updated, but the method of providing the content key data to the necessary device is more efficient (that is, the number of ciphertexts contained in the EKB is reduced to reduce the size of the EKB). In addition, it is possible to reduce the number of times of encryption at the management center and decryption processing at the device.

  FIG. 12 shows a format example of the enabling key block EKB. Version 61 is an identifier indicating the version of the enabling key block EKB. Note that the version has a function for identifying the latest EKB and a function for indicating a correspondence relationship between contents. The depth indicates the number of layers in the hierarchical tree for the device to which the enabling key block EKB is distributed. The data pointer 63 is a pointer indicating the position of the data part in the enabling key block EKB, the tag pointer 64 is the position of the tag part, and the signature pointer 65 is a pointer indicating the position of the signature.

  The data unit 66 stores, for example, data obtained by encrypting node key data to be updated. For example, each encryption key data related to the updated node key data as shown in FIG. 5 is stored.

The tag part 67 is a tag indicating the positional relationship between the encrypted node key data and leaf key data stored in the data part. The tag assignment rule will be described with reference to FIG.
FIG. 13 shows an example in which the activation key block EKB described above with reference to FIG. 10A is sent as data.
The data at this time is as shown in Table (b) of FIG. The top node address included in the encryption key data at this time is set as the top node address. In this case, since the update key data K (t) R of the root key data is included, the top node address is KR.
At this time, for example, the uppermost data Enc (K (t) 0, K (t) R) is at the position shown in the hierarchical tree shown in FIG. Here, the next data is Enc (K (t) 00, K (t) 0), and is in the lower left position of the previous data on the tree. When there is data, the tag is set to 0, and when there is no data, 1 is set. The tags are set as {left (L) tag, right (R) tag}. Since there is data on the left of the uppermost data Enc (K (t) 0, K (t) R), L tag = 0, and there is no data on the right, so R tag = 1. Hereinafter, tags are set for all data, and a data string and a tag string shown in FIG. 13C are configured.

The tag is set to indicate where the data Enc (Kxxx, Kyyy) is located in the tree structure. Key data Enc (Kxxx, Kyyy) stored in the data part. . . Is merely enumerated data of encrypted key data, so that the position on the tree of the encrypted key data stored as data can be determined by the tag described above. Without using the tag described above, using a node index corresponding to the encrypted data as in the configuration described in FIG. 10, for example,
0: Enc (K (t) 0, K (t) root)
00: Enc (K (t) 00, K (t) 0)
000: Enc (K ((t) 000, K (T) 00)
. . . However, if such a configuration using an index is used, redundant data is generated and the amount of data increases, which is not preferable for distribution via a network.
On the other hand, by using the above-described tag as index data indicating the key data position, the key data position can be determined with a small amount of data.

  Returning to FIG. 12, the EKB format will be further described. The signature (Signature) 68 is an electronic signature executed by, for example, a management system having a key management center function, a content server, a license server, or a shop server that has issued the enabling key block EKB. The device that has received the EKB confirms that it is an activation key block EKB issued by a valid activation key block EKB issuer by signature verification.

  A configuration in which a hierarchical tree structure defining node key data and the like is classified for each device category and efficient key data update processing, encryption key data distribution, and data distribution will be described below.

FIG. 14 is a diagram for explaining an example of category classification of a hierarchical tree structure.
In FIG. 14, root key data Kroot 71 is set at the top level of the hierarchical tree structure, node key data 72 is set at the intermediate level below, and leaf key data 73 is set at the bottom level. Each device has individual leaf key data and a series of node key data and root key data from the leaf key data to the root key data.

  Here, as an example, a node having the Mth stage from the top is set as the category node 74. That is, each of the M-th level nodes is set as a device setting node of a specific category. The nodes and leaves of the Mth stage and below are assumed to be nodes and leaves related to devices included in the category, with one node at the Mth stage as a vertex.

  For example, category A is set in one node 75 in the M-th stage in FIG. 14, and nodes and leaves connected to this node are classified into category A and set as nodes or leaves dedicated to category A including various devices. Is done. That is, the nodes 75 and lower are defined as a set of related nodes and leaves of devices classified as category A.

Furthermore, a stage that is several stages lower than the M stage can be set as the subcategory node 76.
For example, as shown in the figure, a node of [reproduction-only device] is set as a subcategory Aa node included in category A at a node two steps below category A node 75.
Further, a node 77 of the telephone with music playback function included in the category of the playback-only device is set below the node 76 of the playback-only device, which is a subcategory Aa node, and further included in the category of the phone with music playback function below it. [PHS] node 78 and [mobile phone] node 79 can be set.

  Furthermore, the category and subcategory can be set in any unit such as a device type, a maker, a content provider, a settlement institution, or a node that is uniquely managed, that is, a processing unit, a jurisdiction unit, or a service provision unit. For example, if one category node is set as a vertex node dedicated to the game device XYZ sold by the game device manufacturer, the node key data and leaf key data below the vertex node are stored in the game device XYZ sold by the manufacturer. After that, it becomes possible to sell, and the distribution of the encrypted content data, or the distribution and update processing of various key data, the activation key block EKB configured by the node key data and leaf key data below the vertex node key data Is generated and distributed, and data that can be used only for devices below the vertex node can be distributed.

  In addition, when the node managed by the content provider is a category node, the information recording medium such as a CD, MD, or DVD that stores the content provided by the content provider or a device that uses the net distribution content is set below the category node. Thus, it is possible to provide the device with the node key data and leaf key data at the lower level below the vertex node.

  In this way, by setting one node as a vertex and setting the following nodes as related nodes in the category or subcategory defined in the vertex node, one vertex node in the category stage or subcategory stage is set. It is possible for the manufacturer, content provider, etc. to manage to create an enabling key block (EKB) with the node as a vertex and distribute it to devices belonging to the vertex node or lower, and other categories that do not belong to the vertex node The key data update can be executed without affecting the devices belonging to the node.

For example, as shown in FIG. 15, key data management is performed in a tree configuration system.
In the example of FIG. 15, nodes of 8 + 24 + 32 levels have a tree structure, and categories correspond to the nodes from the root node to the lower 8 levels. The category here means a category such as a category of a device that uses a semiconductor memory such as a flash memory or a category of a device that receives a digital broadcast.
The system (referred to as a T system) corresponds to one of the category nodes as a system for managing licenses.

That is, the key data corresponding to the 24 levels of nodes below the T system node is applied to a service provider as a management entity such as a shop server or a license server, or a service provided by the service provider.
In this example, this would define 2 ²⁴ (about 16 mega) service providers or services. Furthermore, 2 ³² (about 4 giga) users (or user devices) can be defined by the lowest 32 levels.
The key data corresponding to each node on the path from the lowest 32 nodes to the T system node constitutes the DNK, and the ID corresponding to the lowest leaf is the leaf ID.

  For example, the content key data obtained by encrypting the content is encrypted by the updated root key data KR ′, and the update node key data of the upper hierarchy is encrypted using the update node key data of the immediately lower hierarchy. And placed in the EKB. The updated node key data one level above the end in the EKB is encrypted with the node key data or leaf key data at the end of the EKB, and is placed in the EKB.

  Using the DNK key data described in the service data, the user device decrypts the update node key data of the latest higher layer described in the EKB distributed together with the content data, and decrypts it. Using the key data obtained in this way, the update node key data in the hierarchy further described in the EKB is decrypted. By sequentially performing the above processing, the user device can obtain the updated root key data KR ′.

  As described above, the category classification of the tree enables a configuration in which one node is set as a vertex and the following nodes are set as related nodes of the category or subcategory defined in the vertex node. A configuration is realized in which a manufacturer, service provider, or the like that manages one vertex node independently generates an enabling key block EKB having that node as a vertex and distributes it to devices belonging to the vertex node or lower.

[Reproducing device 15]
FIG. 16 is a block diagram of the playback device 15 shown in FIG.
As shown in FIG. 16, the playback device 15 includes, for example, an input / output interface 81, a codec 82 for generating and decoding various encoded data such as MPEG (Moving Picture Experts Group), and an A / D / D / A converter. 84, an input / output interface 83, a cryptographic processor 85, a ROM (Read Only Memory) 86, a controller 87, a memory 88, and a recording medium interface 89 for accessing the disk type recording medium 2, and these are buses. 80 are connected to each other.

The input / output interface 81 receives a digital signal supplied from the outside, such as a network, and outputs the digital signal to the bus 80, and also receives the digital signal on the bus 80 and outputs the digital signal to the outside.
The codec 82 decodes, for example, MPEG-encoded data supplied via the bus 80, outputs the decoded data to the input / output interface 83, and encodes a digital signal supplied from the input / output interface 83 on the bus 80. Output.
The input / output interface 83 includes a converter 84.
The input / output interface 83 receives an analog signal supplied from the outside, and performs A / D (Analog Digital) conversion by the converter 84 to output the digital signal to the codec 82 as well as the digital signal from the codec 82. By D / A (Digital Analog) conversion by the converter 84, it is output to the outside as an analog signal.

The encryption processing unit 85 is configured by, for example, a one-chip LSI, and has a configuration in which a digital signal such as content supplied via the bus 80 is encrypted or decrypted and output onto the bus 80.
The cryptographic processing unit 85 is not limited to a one-chip LSI, and can be realized by a configuration in which various types of software or hardware are combined.

The ROM 86 is, for example, leaf key data that is unique to each playback device or unique to each group of a plurality of playback devices, and device key data that is shared by a plurality of playback devices or a plurality of groups. Node key data is stored.
The controller 87 executes the program PRG3 (the program of the fifth invention) stored in the memory 88, thereby controlling the processing of the playback device 15 in an integrated manner.
That is, the function (processing) of the playback device 15 is defined by the program PRG3. Note that all or part of the functions of the playback device 15 may be realized by hardware.

The memory 88 reads the above-mentioned revocation list DIRL from the disk type recording medium 2 and stores it in a secure state.
For example, it is preferable to store the data as tamper-resistant data by performing encryption based on the ID set in the playback device 15 and storing it in a memory. As described above, the revocation list DIRL is stored so that it is not easily executed that the revocation list DIRL is deleted from the outside, the contents are altered, or the list is replaced with an old version list.
The recording medium interface 89 is used for accessing the disk type recording medium 2.

Hereinafter, an operation example of the playback device 15 shown in FIG. 16 will be described.
FIG. 17 is a flowchart for explaining an example of the overall operation of the playback apparatus 15 shown in FIG. 16, FIG. 18 is a flowchart for explaining the disk ID verification processing in step ST32 shown in FIG. 17, and FIG. It is a flowchart for demonstrating the content reproduction of step ST38.
Step ST31:
When the disc type recording medium 2 is set at a predetermined access position, the playback device 15 reads the disc ID from the disc type recording medium 2 via the recording medium interface 89 and stores it in the memory 88.
Step ST32:
The controller 87 of the playback device 15 reads the disk ID stored in the memory 88 in step ST31 and verifies the presence / absence and validity of the tampering.
The verification will be described in detail later.
Step ST33:
If the controller 87 verifies that the disk ID is valid in step ST32, the controller 87 proceeds to the process of step ST35, and if not, the controller 87 proceeds to step ST34.

Step ST34:
The controller 87 stops (inhibits) the decryption and reproduction of the encrypted content data ECONT recorded on the disc type recording medium 2.
Step ST35:
The controller 87 reads the revocation list DIRL from the disc type recording medium 2 via the recording medium interface 89.
Then, if the digital signature using the public key cryptography is made as the falsification verification value of the read revocation list DIRL, the controller 87 verifies with the signature verification key (public key). Further, when the message authentication code MAC is assigned as the falsification verification value, the MAC verification process described above with reference to FIG. 8 is executed.
The controller 87 then performs a version comparison between the version of the revocation list DIRL and the revocation list DIRL already stored in the memory 88 on the condition that it has been determined that the revocation list DIRL has not been falsified. To do.
If the version of the read revocation list DIRL is newer than the revocation list DIRL already stored in the memory 88, the controller 87 updates the revocation list DIRL in the memory 88 with the read revocation list DIRL. To do.

Step ST36:
The controller 87 determines whether or not the disk ID read in step ST31 exists in the revocation list DIRL. If it is determined that the disk ID exists, the controller 87 proceeds to step ST38, otherwise proceeds to step ST37.
Step ST37:
The controller 87 stops (inhibits) the decryption and reproduction of the encrypted content data ECONT recorded on the disc type recording medium 2.
Step ST38:
The controller 87 reads the encrypted content data ECONT recorded on the disc type recording medium 2, decrypts it and reproduces it.
The process of step ST38 will be described later in detail.

The disk ID verification (ST32) shown in FIG. 17 will be described in detail below.
FIG. 18 is a flowchart for explaining step ST32 shown in FIG.
The process of FIG. 18 corresponds to the process of the fourth invention, step ST42 corresponds to the first process, and steps ST43 to ST46 correspond to the second process.
Further, the controller 87 performs the processing of FIG. 18 to realize the means of the sixth invention.
Step ST41:
The controller 87 of the playback device 15 extracts the signature data SIG (w) (signature data of the fourth to sixth inventions) in the disc ID (w) read in step ST31 shown in FIG.
Step ST42:
The controller 87 reads the signature data read in step ST41 based on the public key data (public key data of the fourth to sixth inventions) of the management apparatus 12 (management station CA) read from the memory 88 and the public parameters. A message M (w) ′ (first data of the fourth invention) is generated from SIG (w).
Step ST43:
The controller 87 compares the message M (w) or M (second data of the fourth invention) in the disk ID (w) with the message M (w) ′ generated in step ST42.

Step ST44:
If the controller 87 determines that they match in the comparison in step ST43, the process proceeds to step ST45, and if not, the process proceeds to step ST46.
Step ST45:
The controller 87 determines that the disk ID (w) taken out in step ST41 is valid.
Step ST46:
The controller 87 determines that the disk ID (w) taken out in step ST41 is invalid.

Hereinafter, the reproduction process of step ST38 shown in FIG. 17 will be described.
FIG. 19 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG.
Step ST51:
The playback device 15 reads out the encryption key information, that is, the enabling key block EKB from the disk type recording medium 2 via the recording medium interface 89.
Step ST52:
As described above with reference to FIG. 11, the controller 87 executes the decryption process of the enabling key block EKB based on the device node key data DNK provided in advance to the playback device by the hierarchical key data distribution configuration. Get content key data.

Step ST53:
The controller 87 reads the encrypted content data ECONT from the disc type recording medium 2 via the recording medium interface 89.
Step ST54:
The controller 87 decrypts the encrypted content data ECONT read in step ST53, using the content key data acquired in step ST52.
Step ST55:
If the controller 87 determines that all the encrypted content data ECONT recorded on the disc type recording medium 2 has been decrypted, the controller 87 ends the process. If not, the process returns to step ST53.

As described above, in the content providing system 1, the disc ID to be recorded on the disc type recording medium 2 is generated in the management device 12 as signature data based on the secret key data of the management device 12.
Further, the playback device 15 verifies the disk ID read from the disk type recording medium 2 using the public key data of the management device 12.
Therefore, when the disc ID recorded on the disc type recording medium 2 is falsified or generated by an unauthorized person, the playback device 15 or the like can easily detect this.
As a result, the distribution of the illegally copied disc-type recording medium 2 can be effectively suppressed, and the profit of the content provider can be protected.

As described above, in the first embodiment, the disk ID is not an arbitrary value, but is generated and signed by the management apparatus 12 of the management station CA, which is a reliable organization.
In the first embodiment described above, the content key data used to encrypt the content data to obtain the encrypted content data ECONT is generated independently of the disc ID.
In the embodiment described below, a case where the content key data is derived from the disc ID is exemplified.
As a result, it is possible to further enhance the effect that an unauthorized person manufactures an unlimited number of pirated discs using an arbitrary disc ID.

<Second Embodiment>
The second embodiment is an embodiment corresponding to the seventh to twelfth and twenty-sixth aspects of the invention.
The content providing system of this embodiment is the same as the first embodiment except for the disc ID generation processing by the management device 12 shown in FIG. 4, the disc ID verification processing shown in FIG. 18, and the content decryption data acquisition processing in FIG. 19. This is the same as the content providing system 1 of the embodiment.
In the present embodiment, the disc ID is generated so that a common message S can be derived for each title from the disc ID, and this message S is used as content key data.
Hereinafter, a disk ID generation method of the management apparatus 12a in this embodiment will be described.
FIG. 20 is a flowchart for explaining a disk ID generation method performed by the management apparatus 12a in the content providing system of this embodiment.
Each process shown in FIG. 20 is realized by the controller 27 executing the program PRG1a. In this case, the program PRG1a corresponds to the eighth invention.
Further, the controller 27 executes the steps shown in FIG. 20 to realize the first means and the second means of the ninth invention. In this case, the management device 12a corresponds to the data processing devices of the eighth and ninth inventions.
Note that all or part of the processing illustrated in FIG. 20 may be realized by hardware such as a circuit that realizes the same function, instead of the form in which the controller 27 executes the program PRG1a.

Step ST101:
The controller 27 of the management device 12a determines key data for digital signature (public key data and secret key data of the management station CA) and parameters for signature generation and verification.
The controller 27 discloses the public key data and the parameters.
The disclosure is realized by, for example, the controller 27 performing transmission via the network via the input / output interface 24.
The process of step ST101 may be performed only once when setting up the management apparatus 12.

Step ST102:
The management device 12 inputs the title of the content (for example, a movie) and the number W of discs to be manufactured (W ≧ 2) from the content provider via the input / output interface 24 and stores them in the main memory 22.
The arithmetic unit 26 determines the message S (the data S of the seventh to ninth inventions) for the title of the content data.
The message S is a value derived from the disc ID, which will be described later, and is used as content key data.

Step ST103:
The arithmetic unit 26 generates W digital different signature data SIG (w) using the message S determined in step ST102, the random number r (w), and the parameter.
Here, w = 1, 2,..., W, and r (w) is an individual random number.
Step ST104:
The controller 27 provides the disc manufacturer with a set of (S, SIG (w)) as the w-th disc ID (w) together with the title.
The disc manufacturing apparatus 14 of the disc manufacturer manufactures the disc type recording medium 2a (the recording medium of the 26th invention) on which the disc ID (w) is recorded in the procedure described above with reference to FIG.
Further, the disc manufacturing apparatus 14 records the encrypted content data ECONT obtained by encrypting the content data as the content key data with the message S determined in step ST102 in the disc type recording medium 2a.

Hereinafter, an operation example of the playback device 15a in the present embodiment will be described.
The playback device 15a of this embodiment is different from that of the first embodiment only in the processing of step ST32 and step ST38 shown in FIG.
FIG. 21 is a flowchart for explaining verification of the disk ID by the playback device 15a in the present embodiment.
The process shown in FIG. 21 corresponds to the first step of the tenth invention, and the process shown in FIG. 22 corresponds to the second process of the tenth invention.
The controller 87 implements the first means of the twelfth invention by executing the process shown in FIG. 21, and the second means of the twelfth invention is realized by executing the process of FIG. .
The processing shown below is realized when the controller 87 of the playback device 15b executes the program PRG3c (the program of the seventeenth invention).

Step ST111:
The controller 87 of the reproducing device 15a takes out the signature data SIG (w) in the disc ID (w) read from the disc type recording medium 2a described above in step ST31 shown in FIG.
Step ST112:
Based on the public key data of the management apparatus 12 (management station CA) read from the memory 88 and the publicly disclosed parameters, the controller 87 sends a message S ′ (10th to 10th) from the signature data SIG (w) extracted in step ST111. The first data of the twelfth invention is generated.
Step ST113:
The controller 87 compares the message S (second data of the tenth to twelfth inventions) in the disk ID (w) with the message S ′ generated in step ST112.

Step ST114:
If controller 87 determines that the values match in step ST113, the process proceeds to step ST115, and if not, the process proceeds to step ST116.
Step ST115:
The controller 87 determines that the disk ID (w) taken out in step ST111 is valid.
Step ST116:
The controller 87 determines that the disk ID (w) taken out in step ST111 is invalid.

FIG. 22 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG. 17 in the present embodiment.
This embodiment is the same as that described in the first embodiment with reference to FIG. 19 except that step ST51 is not provided and step ST52a is performed instead of step ST52.
Step ST52a:
The controller 87 of the playback device 15a has been described using the message S in the disk ID (w) and FIG. 9 acquired by the playback device 15a on the condition that the validity of the disk ID was confirmed in the verification of FIG. Content key data (decryption key) is generated based on the root key data. For example, the controller 87 uses the exclusive OR of the root key data and the message S as content key data.
Also by the content providing system of the present embodiment, the same effect as the content providing system 1 of the first embodiment can be obtained.

<Third Embodiment>
The third embodiment is an embodiment corresponding to the thirteenth to eighteenth and twenty-seventh inventions.
The content providing system of this embodiment is the same as the first embodiment except for the disc ID generation processing by the management device 12 shown in FIG. 4, the disc ID verification processing shown in FIG. 18, and the content decryption data acquisition processing in FIG. 19. This is the same as the content providing system 1 of the embodiment.
In the present embodiment, the disc ID is generated so that a common message S can be derived for each title from the disc ID, and this message S is used as content key data.
Hereinafter, a disk ID generation method of the management apparatus 12b in this embodiment will be described.
FIG. 23 is a flowchart for explaining a disk ID generation method performed by the management apparatus 12b in the content providing system of this embodiment.
Each process shown in FIG. 23 is realized by the controller 27 of the management apparatus 12b executing the program PRG1b. In this case, the program PRG1b corresponds to the fourteenth invention.
Further, the controller 27 executes the steps shown in FIG. 23, thereby realizing the first means and the second means of the fifteenth aspect of the invention. In this case, the management device 12b corresponds to the data processing devices of the fourteenth and fifteenth inventions.
Note that all or part of the processing illustrated in FIG. 23 may be realized by hardware such as a circuit that realizes the same function, instead of the form in which the controller 27 executes the program PRG1b.

Step ST201:
The controller 27 of the management device 12b selects prime numbers q1 and q2 that are large enough to be safe for use in RSA encryption.
Step ST202:
The controller 27 discloses data M that is the product of the prime numbers q1 and q2 selected in step ST201.
Steps ST201 and ST202 need only be performed once at the time of system setup.

Step ST203:
The controller 27 randomly selects data K satisfying K∈Z ^* _M (K is a generation source of the cyclic group Z ^* _M ) for each title.
Here, for example, X∈Z ^* _M indicates that X is an element of a set having an inverse element modulo x among integers x of 1 to X−1.
Step ST204:
The controller 27 receives the title of the content and the scheduled maximum production number W of the disc type recording medium 2b to be manufactured from the content producer.
Step ST205:
The controller 27 determines prime numbers p (w) (w = 1, 2... W) by the number corresponding to the number W of sheets in step ST204. For example, the wth odd prime number may be defined as p (w).

Step ST206:
The controller 27 determines data S (= K ^T modM) as a value derived from the disc ID corresponding to the title.
However, the following formula (1) holds.

Step ST207:
The controller 27 calculates (K ^{T / p (w)} modM), and obtains the data ID key (w) as a result.

Step ST208:
The controller 27 sets a pair (p (w), IDkey (w)) of the prime p (w) determined in step ST205 and the data IDkey (w) obtained in step ST207 as the wth disk ID (w). Is provided to the disc manufacturer along with the title as a disc ID.
The disk manufacturing apparatus 14 of the disk manufacturer manufactures the disk type recording medium 2b (the recording medium of the twenty-seventh invention) on which the disk ID (w) is recorded in the procedure described above with reference to FIG.
Further, the disc manufacturing apparatus 14 generates encrypted content data ECONT by encrypting the content data using the data S (= K ^T modM) determined in step ST206 described above as content key data, and generates the encrypted content data ECONT. To record.

Hereinafter, an operation example of the playback device 15b in this embodiment will be described.
The playback device 15b of this embodiment is different from that of the first embodiment only in the processing of step ST32 and step ST38 shown in FIG.
FIG. 24 is a flowchart for explaining verification of the disk ID by the playback device 15b in the present embodiment.
The process shown in FIG. 24 corresponds to the first step of the sixteenth invention.
Further, the controller 87 executes the processing shown in FIG. 24, thereby realizing the first means of the eighteenth invention.
The processing shown below is realized when the controller 87 of the playback device 15b executes the program PRG3b (the program of the seventeenth invention).

Step ST211:
The controller 87 of the reproducing device 15b takes out the data p (w) in the disc ID (w) read from the disc type recording medium 2a described above in step ST31 shown in FIG.
Step ST212:
The controller 87 determines whether or not the data p (w) extracted in step ST111 is a prime number.
If the controller 87 determines that the data p (w) is a prime number, the controller 87 proceeds to step ST213, otherwise proceeds to step ST214.
Step ST213:
The controller 87 determines that the disk ID (w) taken out in step ST211 is valid.
Step ST214:
The controller 87 determines that the disk ID (w) taken out in step ST211 is invalid.

FIG. 25 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG. 17 in the present embodiment.
Step ST221 shown in FIG. 25 corresponds to the second step of the sixteenth invention, and step ST224 corresponds to the third step of the sixteenth invention.
Further, the controller 87 executes step ST221 to realize the first means of the eighteenth invention, and executing step ST224 realizes the second means of the eighteenth invention.
Step ST221:
The controller 87 of the playback device 15b calculates (IDKey ^p mod M) through the recording medium interface 89 based on the data p, IDKey read from the disc type recording medium 2 and the published data M, and the result Is data S ′.
Step ST222:
The controller 87 generates content key data (decryption key) based on the data S ′ calculated in step ST221 and the root key data described with reference to FIG. 9 acquired by the playback device 15b. For example, the controller 87 uses the exclusive OR of the root key data and the data S ′ as the content key data.
Step ST223:
The controller 87 reads the encrypted content data ECONT from the disc type recording medium 2b via the recording medium interface 89.
Step ST224:
The controller 87 decrypts the encrypted content data ECONT read in step ST223 using the content key data in step ST222.
Step ST225:
If the controller 87 determines that all the encrypted content data ECONT recorded on the disc type recording medium 2b has been decrypted, the controller 87 ends the process. If not, the process returns to step ST223.

  Also by the content providing system of the present embodiment, the same effect as the content providing system 1 of the first embodiment can be obtained.

<Fourth embodiment>
The fourth embodiment is an embodiment corresponding to the nineteenth to twenty-fourth and twenty-eighth inventions.
The content providing system of this embodiment is the same as the first embodiment except for the disc ID generation processing by the management device 12 shown in FIG. 4, the disc ID verification processing shown in FIG. 18, and the content decryption data acquisition processing in FIG. 19. This is the same as the content providing system 1 of the embodiment.
Hereinafter, a disk ID generation method of the management apparatus 12c in this embodiment will be described.
FIG. 26 is a flowchart for explaining a disk ID generation method performed by the management apparatus 12c in the content providing system of this embodiment.
Each process shown in FIG. 26 is realized by the controller 27 executing the program PRG1c. In this case, the program PRG1c corresponds to the twentieth invention.
Further, the controller 27 executes the steps shown in FIG. 26, thereby realizing the first means and the second means of the twenty-first invention. In this case, the management device 12c corresponds to the data processing devices of the twentieth and twenty-first aspects.
Note that all or part of the processing illustrated in FIG. 26 may be realized by hardware such as a circuit that realizes the same function, instead of the form in which the controller 27 executes the program PRG1c.

Step ST301:
The controller 27 of the management apparatus 12c selects prime numbers q1 and q2 that are large enough to be safe for use in RSA encryption.
Step ST302:
The controller 27 discloses data M that is the product of the prime numbers q1 and q2 selected in step ST301.
Steps ST301 and ST302 need only be performed once during system setup.

Step ST303:
The controller 27 randomly selects data S satisfying SεZ ^* _M (S is a generation source of the cyclic group Z ^* _M ) for each title. The data S is a value derived from the disk ID.
Step ST304:
The controller 27 receives the title of the content and the scheduled maximum production number W of the disc type recording medium 2b to be manufactured from the content producer.
Step ST305:
The controller 27 selects different data e (w) satisfying e (w) εZ ^* _M (e (w) is a generator of the cyclic group Z ^* _M ).
Here, e (w) and λ (M) are relatively prime, that is, the greatest common divisor of e (w) and λ (M) is 1. Note that λ (M) is the least common multiple of prime numbers (q1-1) and (q2-1).

Step ST306:
The controller 27 calculates (S ^{d (w)} mod M), and obtains data I (w) as a result.
Here, d (w) is the reciprocal of e (w) when modulo the λ (M). That is, d (w) = e (w) ⁻¹ mod λ (M).
Step ST307:
The controller 27 uses the data e (w) determined in step ST305 and the data I (w) obtained in step ST306 (e (w), I (w)) as the w-th disk ID (w). Is provided to the disc manufacturer together with the title as the disc ID (w).
The disk manufacturing apparatus 14 of the disk manufacturer manufactures the disk type recording medium 2c (the recording medium of the twenty-eighth aspect of the invention) on which the disk ID (w) is recorded by the procedure described above with reference to FIG.
Further, the disc manufacturing apparatus 14 generates encrypted content data ECONT by encrypting the content data using the data S selected in step ST303 described above as content key data, and records this on the disc type recording medium 2c.

Hereinafter, an operation example of the playback device 15c in this embodiment will be described.
FIG. 27 is a diagram for explaining an operation example of the playback device 15c.
Step ST312 shown in FIG. 27 corresponds to the first step of the twenty-second invention, and step ST316 corresponds to the second step of the twenty-second invention.
Further, the controller 87 executes step ST312 to realize the first means of the twenty-fourth invention, and executing step ST316 realizes the second means of the twenty-fourth invention.
Each step shown in FIG. 27 is realized by the controller 87 of the playback device 15c executing the program PRG3c (the program of the twenty-third invention).

Step ST311:
When the disc type recording medium 2c is set at a predetermined access position, the playback device 15c reads the disc ID from the disc type recording medium 2c via the recording medium interface 89 and stores it in the memory 88.
Step ST312:
The controller 87 of the playback device 15c calculates I (w) ^{e (w)} modM using the data e (w) and I (w) in the disc ID recorded in the memory 88, and uses the result as the data S. 'And.
Step ST313:
The controller 87 reads the revocation list DIRL from the disk type recording medium 2c via the recording medium interface 89.
Then, if the digital signature using the public key cryptography is made as the falsification verification value of the read revocation list DIRL, the controller 87 verifies with the signature verification key (public key). Further, when the message authentication code MAC is assigned as the falsification verification value, the MAC verification process described above with reference to FIG. 8 is executed.
The controller 87 then performs a version comparison between the version of the revocation list DIRL and the revocation list DIRL already stored in the memory 88 on the condition that it has been determined that the revocation list DIRL has not been falsified. To do.
If the version of the read revocation list DIRL is newer than the revocation list DIRL already stored in the memory 88, the controller 87 updates the revocation list DIRL in the memory 88 with the read revocation list DIRL. To do.

Step ST314:
The controller 87 determines whether or not the disk ID read in step ST311 exists in the revocation list DIRL. If it is determined that the disk ID exists, the controller 87 proceeds to step ST315, otherwise proceeds to step ST316.
Step ST315:
The controller 87 stops (inhibits) reproduction of the encrypted content data ECONT recorded on the disk type recording medium 2c.
Step ST316:
The controller 87 reads the encrypted content data ECONT recorded on the disk type recording medium 2c, and decrypts the encrypted content data ECONT using the content key data acquired based on the data S ′ generated in step ST312. And then play.
For example, the controller 87 uses the exclusive OR of the root key data and the data S ′ as the content key data.

  Also by the content providing system of the present embodiment, the same effect as the content providing system 1 of the first embodiment can be obtained.

<Fifth Embodiment>
The fifth embodiment is an embodiment corresponding to the 29th to 35th aspects of the invention.
The content providing system of this embodiment is the same as the first embodiment except for the disc ID generation processing by the management device 12 shown in FIG. 4, the disc ID verification processing shown in FIG. 18, and the content decryption data acquisition processing in FIG. 19. This is the same as the content providing system 1 of the embodiment.
In the present embodiment, the disc ID is generated so that a common message S can be derived for each title from the disc ID, and this message S is used as content key data.
Hereinafter, a disk ID generation method of the management apparatus 12d in this embodiment will be described.
FIG. 28 is a flowchart for explaining a disk ID generation method performed by the management apparatus 12d in the content providing system of this embodiment.
28 is realized by the controller 27 executing the program PRG1d. In this case, the program PRG1d corresponds to the thirtieth invention.
The controller 27 executes the steps shown in FIG. 28, thereby realizing the first to third means of the thirty-first invention. In this case, the management device 12d corresponds to the data processing devices of the 30th and 31st inventions.
Note that all or part of the processing illustrated in FIG. 28 may be realized by hardware such as a circuit that realizes the same function, instead of the form in which the controller 27 executes the program PRG1d.

Step ST401:
The controller 27 of the management device 12d determines parameters such as key data for the digital signature (public key data and secret key data of the management station CA).
Further, the management device 12d determines a size | S | of the data S that is a value derived from the disk ID and is used as the encryption key data.
Further, the management device 12d determines a common size | e (w) | of W pieces of data e (w) described later.
The controller 27 discloses the public key data, the size | S |, and the size | e (w) |.
The disclosure is realized by, for example, the controller 27 performing transmission via the network via the input / output interface 24.
The process in step ST401 may be performed only once when setting up the management apparatus 12d.

Step ST402:
The management device 12 d inputs the title of content (for example, a movie) from the content provider via the input / output interface 24 and stores it in the main memory 22.
Then, the management apparatus 12d indicates a value derived from the disc ID for the title, and determines (selects) the data S used for content encryption to have the size | S | determined in step ST401. )

Step ST403:
The management device 12d inputs the number W (W ≧ 2) of disks to be manufactured from the content provider via the input / output interface 24, and stores this in the main memory 22.
The management apparatus 12d indicates different values corresponding to the number of disks W to be manufactured (W ≧ 2), and displays W e (w) having the size | e (w) | determined in step ST401. Determine (select).
For example, w = 1, 2,..., W, and r (w) is an individual random number.
Step ST404:
The arithmetic unit 26 of the management device 12d generates the message M (w) by concatenating the data S determined in step ST402 and the data e (w) determined in step ST403. Here, since the data e (w) is a value unique to each disk type recording medium 2d to which the disk ID (w) is allocated as described later, the message M (w) is also recorded in each disk type recording medium. The value is specific to the medium 2d.
In the connection, the arithmetic unit 26 arranges data S on the upper bit side of the message M (w) and arranges data e (w) on the lower bit side.

Step ST405:
The arithmetic unit 26 generates a disk ID (w) by encrypting the message M (w) generated in step ST404 based on the secret key data determined in step ST401.
Here, as described above, since the message M (w) has a value unique to each disk type recording medium 2d, the disk ID (w) also has a value unique to each disk type recording medium 2d.
Step ST406:
The controller 27 provides the W disc IDs (w) generated at step ST405 to the disc manufacturer together with the title and data S.
The disk manufacturing apparatus 14 of the disk manufacturer manufactures the disk type recording medium 2d (the recording medium of the thirty-fifth aspect of the invention) on which the disk ID (w) is recorded by the procedure described above with reference to FIG.
Further, the disc manufacturing apparatus 14 records the encrypted content data ECONT obtained by encrypting the content data as the content key data on the disc type recording medium 2d.

Hereinafter, an operation example of the playback device 15d in the present embodiment will be described.
The playback device 15d of the present embodiment performs the following process of FIG. 29 instead of steps ST31 to ST34 shown in FIG.
FIG. 29 is a flowchart for explaining verification of a disc ID by the playback device 15d in the present embodiment.
Each means of the thirty-fourth aspect of the present invention is realized by the controller 87 executing the processing shown in FIG.
The processing shown below is realized when the controller 87 of the playback device 15d executes the program PRG3d (the program of the thirty-third invention).

Step ST411:
The controller 87 of the playback device 15d generates the message M (w) by decrypting the disk ID (w) read from the disk-type recording medium 2d described above based on the public key data of the management device 12d (management station CA). To do.
As described above, the message M (w) is data in which the data S determined in step ST402 shown in FIG. 28 and the data e (w) determined in step ST403 are connected.
Step ST412:
The reproduction device 15d is decrypted in step ST411 based on the size | S | disclosed by the management device 12d, the size | e (w) |, and the combination pattern of the data S and the data e (w). Data S is extracted from the message M (w).

The playback device 15d performs the processes of steps ST35 to ST38 shown in FIG. 17 following the process of FIG. 29 described above.
In this case, the playback device 15d uses the disk ID (w) read from the disk type recording medium 2d in step ST411 as the disk ID in step ST36 shown in FIG.
For example, in step ST38 shown in FIG. 17, the reproducing device 15d decrypts the content data using the data S extracted in step ST412 as the content key data.
Therefore, when the appropriate data S cannot be obtained through the processes of steps ST411 and ST412, the content data cannot be decrypted properly.

  Also by the content providing system of the present embodiment, the same effect as the content providing system 1 of the first embodiment can be obtained.

<Sixth Embodiment>
The sixth embodiment is an embodiment corresponding to the thirty-sixth to thirty-eighth aspects of the invention.
The content providing system of this embodiment is the same as the management apparatus 12b of the third embodiment except for part of the processing shown in FIG.
Further, the playback device of the present embodiment is the same as the playback device 15b of the third embodiment.
In the present embodiment, the disc ID is generated so that a common message S can be derived for each title from the disc ID, and this message S is used as content key data.
Hereinafter, the disk ID generation method of the management apparatus 12e in this embodiment will be described.
FIG. 30 is a flowchart for explaining a disk ID generation method performed by the management apparatus 12e in the content providing system of this embodiment.
Each process shown in FIG. 30 is realized by the controller 27 of the management apparatus 12e executing the program PRG1e. In this case, the program PRG1e corresponds to the thirty-seventh aspect.
Further, each means of the thirty-eighth aspect of the present invention is realized by the controller 27 executing the steps shown in FIG. In this case, the management device 12e corresponds to the data processing devices of the 37th and 38th inventions.
Note that all or part of the processing illustrated in FIG. 30 may be realized by hardware such as a circuit that realizes the same function, instead of the controller 27 executing the program PRG1e.

Step ST501:
The controller 27 of the management device 12e selects prime numbers q1 and q2 large enough to be safe for use in RSA encryption.
Step ST502:
The controller 27 discloses data M that is the product of the prime numbers q1 and q2 selected in step ST501.
Steps ST501 and ST502 need only be performed once at the time of system setup.

Step ST503:
The controller 27 randomly selects data S satisfying SεZ ^* _M (S is a generation source of the cyclic group Z ^* _M ) as a value derived from the disc ID for each title.
Here, for example, X∈Z ^* _M indicates that X is an element of a set having an inverse element modulo x among integers x of 1 to X−1.
Step ST504:
The controller 27 receives the title of the content and the scheduled maximum production number W of the disc type recording medium 2b to be manufactured from the content producer.
Step ST505:
The controller 27 determines prime numbers p (w) (w = 1, 2... W) by the number corresponding to the number W of sheets in step ST504. For example, the wth odd prime number may be defined as p (w).

Step ST506:
The controller 27 generates data K (= S ^{1 / T} modM) using the data S selected in step ST503.
However, 1 / T is “1 / T mod λ (M)”, T is a value obtained by multiplying p (1) to p (w), and λ (M) is (p−1) and (q -1) is the least common multiple.

Step ST507:
The controller 27 calculates (K ^{T / p (w)} modM), and obtains the data ID key (w) as a result.

Step ST508:
The controller 27 sets the pair (p (w), IDkey (w)) of the prime p (w) determined in step ST505 and the data IDkey (w) obtained in step ST507 as the wth disk ID (w). Is provided to the disc manufacturer along with the title as a disc ID.
The disk manufacturer's disk manufacturing apparatus 14 manufactures the disk type recording medium 2b on which the disk ID (w) is recorded in the procedure described above with reference to FIG.
Further, the disc manufacturing apparatus 14 generates encrypted content data ECONT by encrypting the content data using the data S determined in step ST503 described above as the content key data, and records this on the disc type recording medium 2e.

  Also by the content providing system of the present embodiment, the same effect as the content providing system 1 of the first embodiment can be obtained.

  The present invention is applicable to a system that performs processing related to identification data for identifying a recording medium.

FIG. 1 is a diagram for explaining data recorded on a disk-type recording medium according to an embodiment of the present invention. FIG. 2 is an overall configuration diagram of the content providing system according to the embodiment of the present invention. FIG. 3 is a block diagram of the management apparatus shown in FIG. FIG. 4 is a flowchart for explaining disk ID generation processing by the management apparatus shown in FIG. FIG. 5 is a block diagram of the disk manufacturing apparatus shown in FIG. FIG. 6 is a flowchart for explaining a disk manufacturing procedure by the disk manufacturing apparatus shown in FIG. FIG. 7 is a view for explaining the data structure of the revocation list DIRL recorded on the disc type recording medium shown in FIG. FIG. 8 is a diagram illustrating an example of MAC value generation processing. FIG. 9 is a tree configuration diagram illustrating various keys, data encryption processing, and distribution processing. FIG. 10 is a diagram showing an example of an enabling key block (EKB) used for distributing various keys and data. FIG. 11 is a diagram showing a distribution example and a decryption processing example using the content key validation key block (EKB). FIG. 12 is a diagram illustrating a format example of the enabling key block (EKB). FIG. 13 is a diagram for explaining the configuration of the tag of the enabling key block (EKB). FIG. 14 is a diagram for explaining category division in the tree structure. FIG. 15 is a diagram for explaining category division in the tree structure. FIG. 16 is a block diagram of the playback apparatus shown in FIG. FIG. 17 is a flowchart for explaining the reproduction process of the reproduction apparatus shown in FIG. FIG. 18 is a flowchart for explaining the disk ID verification processing in step ST32 shown in FIG. FIG. 19 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG. FIG. 20 is a flowchart for explaining disk ID generation processing of the management apparatus according to the second embodiment of the present invention. FIG. 21 is a flowchart for explaining the disk ID verification processing in step ST32 shown in FIG. 17 by the playback apparatus in the second embodiment of the present invention. FIG. 22 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG. 17 by the reproduction device according to the second embodiment of the present invention. FIG. 23 is a flowchart for explaining disk ID generation processing of the management apparatus according to the third embodiment of the present invention. FIG. 24 is a flowchart for explaining the disk ID verification processing in step ST32 shown in FIG. 17 by the playback apparatus in the third embodiment of the present invention. FIG. 25 is a flowchart for explaining the reproduction processing in step ST38 shown in FIG. 17 by the reproduction device according to the third embodiment of the present invention. FIG. 26 is a flowchart for explaining disk ID generation processing of the management apparatus according to the fourth embodiment of the present invention. FIG. 27 is a flowchart for explaining playback processing by the playback device according to the fourth embodiment of the present invention. FIG. 28 is a flowchart for explaining disk ID generation processing of the management apparatus according to the fifth embodiment of the present invention. FIG. 29 is a flowchart for explaining playback processing by the playback device according to the fifth embodiment of the present invention. FIG. 30 is a flowchart for explaining disk ID generation processing of the management apparatus according to the sixth embodiment of the present invention.

Explanation of symbols

2, 2a, 2b, 2c ... disc type recording medium, 12, 12a, 12b, 12c, 12d, 12e ... management device, 13 ... content providing device, 14 ... disc manufacturing device, 15, 15a, 15b, 15c, 12d ... Playback device, 21 ... bus, 22 ... main memory, 23 ... secure memory, 24 ... input / output interface, 25 ... recording medium interface, 26 ... arithmetic unit, 27 ... controller, 80 ... bus, 81 ... input / output interface, 82 ... Codec, 83 ... Input / output interface, 84 ... Converter, 85 ... Cryptographic processing unit, 86 ... ROM, 87 ... Controller, 88 ... Memory, 89 ... Recording medium interface

Claims (19)

Using the management device used by the management source, the manufacturing device, and the content providing device , each recording medium of the disk-shaped recording medium of the number W (W: integer of 2 or more) to be manufactured by the manufacturing device A data processing method for generating different identification information so that it can be verified whether it is an unauthorized copy disk ,
The management device is
When multiple disc-shaped recording media with the same identification information written are found, the identification information is registered as invalid, and the version is updated to generate an invalid disk identification information list for digital signature. The management source public key data, the management source private key data, the W different messages corresponding to the number W for generating signatures, and the identification information list A first step of determining a parameter including a message for the verification ;
A second step of inputting the number of sheets W from the content providing device;
A third step of generating W different signature data using at least the W signature generation message and the secret key data of the management source;
A set information included as the previous SL and messages before Symbol signature data for verification are different respectively, assigned as the identification information for each disc-shaped recording medium to be produced, disable the the assigned identification information A fourth step of outputting the assigned identification information and the invalid disk identification information list to the manufacturing apparatus for writing to each corresponding disk-shaped recording medium together with the disk identification information list ;
Having
Data processing method. The management device, in the third step, a W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, the disk-shaped recording medium for manufacturing Generating W different signature data corresponding to the number W ,
The data processing method according to claim 1 . The manufacturing apparatus is
A fifth step of inputting, from the management device, the W pieces of identification information composed of each message for verification and corresponding signature data, and an identification information list of the invalid disk ;
And W pieces of identification information the input, each identification information corresponding with the identification information list of invalid disk to which the input and recorded in the disc-shaped recording medium W disc-shaped recording medium to be manufacturing And a sixth step
The data processing method according to claim 1 or 2 . The management source private key data is stored in a secure memory in the management device,
The data processing method according to claim 1 or 2 . The management device, after assigning the identification information in the fourth step, stores the W identification information assigned in a secure portable recording medium together with the identification information list of the invalid disk ,
The manufacturing apparatus inputs the W pieces of identification information and the invalid disk identification information list from the secure portable recording medium.
The data processing method according to claim 3 . The management device publishes the public key data and the parameters determined in the first step ,
The message for verification, based on the public key data and said parameter published, the data processing method according to any one of claims 1 to 3 which is reproducible from the signature data of the identification information. For each recording medium of a disk-shaped recording medium having a management device used by a management source, a manufacturing device, and a content providing device, and having the number W (W: an integer of 2 or more) to be manufactured by the manufacturing device A data processing system for generating different identification information so as to be able to verify whether it is an unauthorized copy disk ,
The management device is
When a plurality of disc-shaped recording media having the same identification information written therein are found, the identification information is registered as invalid and the version is updated to generate an identification information list of invalid disks.
Based on the public key data of the management source, which is key data for digital signature, the secret key data of the management source, W different messages according to the number W for signature generation, and the identification information list Determining a parameter including the verification message created in
Input the number W from the content providing device,
Generating W different signature data using at least the W signature generation message and the secret key data of the management source ;
A set information and messages for the previous SL verification before Symbol signature data is included as being different, assigned as the identification information for each disc-shaped recording medium to be produced,
A data processing system for outputting the assigned identification information and the invalid disk identification information list to the manufacturing apparatus in order to write the assigned identification information together with the invalid disk identification information list to each corresponding disk-shaped recording medium . The management device, upon generation of the signature data, and the W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, the disk-shaped recording medium for manufacturing Generating W different signature data corresponding to the number W ,
The data processing system according to claim 7 . The manufacturing apparatus includes:
W identification information consisting of each message for verification and corresponding signature data and an invalid disk identification information list are input from the management device ,
And W pieces of identification information the input, each identification information corresponding with the identification information list of invalid disk to which the input and recorded in the disc-shaped recording medium W disc-shaped recording medium to be manufacturing ,
The data processing system according to claim 7 or 8 . The management source private key data is stored in a secure memory in the management device,
The data processing system according to claim 7 or 8 . After the allocation of the identification information , the management device stores the W identification information allocated together with the invalid disk identification information list in a secure portable recording medium,
The manufacturing apparatus inputs the W pieces of identification information and the invalid disk identification information list from the secure portable recording medium.
The data processing system according to claim 10 . The management device, published it was determined boss said public key data to said parameter,
The data processing system according to claim 10 or 11 , wherein the message for verification can be reproduced from the signature data of the identification information based on the public key data and the parameters disclosed . Information can be exchanged between the manufacturing apparatus and the content providing apparatus, and different identification information is provided for each recording medium of the number W (W: integer of 2 or more) of disc-shaped recording media to be manufactured by the manufacturing apparatus . A management device that can be generated to verify whether it is an unauthorized copy disk ,
The management device
When a plurality of disc-shaped recording media having the same identification information written therein are found, the identification information is registered as invalid and the version is updated to generate an identification information list of invalid disks.
Based on the public key data of the management source, which is key data for digital signature, the secret key data of the management source, W different messages according to the number W for signature generation, and the identification information list Determining a parameter including the verification message created in
Input the number W from the content providing device,
Generating W different signature data using at least the W signature generation message and the secret key data of the management source ;
A set information and messages for the previous SL verification before Symbol signature data is included as being different, assigned as the identification information for each disc-shaped recording medium to be produced,
A management apparatus that outputs the assigned identification information and the invalid disk identification information list to the manufacturing apparatus in order to write the assigned identification information together with the invalid disk identification information list to each corresponding disk-shaped recording medium . The management device, upon generation of the signature data, and the W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, the disk-shaped recording medium for manufacturing Generating W different signature data corresponding to the number W ,
The management apparatus according to claim 13 . The management source private key data is stored in a secure memory in the management device,
The management device according to claim 13 or 14 . After assigning the identification information , the management apparatus stores the W identification information assigned together with the identification information list of the invalid disk in a secure portable recording medium and can be used in the manufacturing apparatus. And
The management apparatus in any one of Claims 13-15 . The management device, published it was determined boss said public key data to said parameter,
The management apparatus according to claim 13 , wherein the message for verification can be reproduced from the signature data of the identification information based on the public key data and the parameters that have been made public . It is possible to exchange information with the manufacturing apparatus and the content providing apparatus, the manufacturing apparatus number to be produced W: the identification information different for each recording medium of the disc-shaped recording medium (W 2 or more integer) , A program that operates in the management device that can be generated to verify whether it is an unauthorized copy disk ,
When a plurality of disc-shaped recording media in which the same identification information is written are found, the identification information is registered as invalid and the version is updated to generate an invalid disk identification information list;
Based on the public key data of the management source, which is key data for digital signature, the secret key data of the management source, W different messages according to the number W for signature generation, and the identification information list Determining a parameter including the verification message generated
A procedure for inputting the number of sheets W from the content providing device;
Generating W different signature data using at least the W signature generation message and the secret key data of the management source;
A step of pre-SL and messages before Symbol signature data for verification assigns a set information included as being different, as the identification information for each disc-shaped recording medium to be produced,
A procedure for outputting the assigned identification information and the invalid disk identification information list to the manufacturing apparatus in order to write the assigned identification information to each corresponding disk-shaped recording medium together with the invalid disk identification information list;
A program that causes a computer to execute. Upon generation of the signature data, and the W number of messages for the signature generation, using a W number of random numbers, and the management source of the secret key data, corresponding to the number W of manufacturing disk-shaped recording medium Causing the computer to execute a procedure for generating W different signature data;
The program according to claim 18 .

Images