JP4734391B2 - Content management method, content management apparatus, recording medium, and mutual authentication method - Google Patents

Description

The present invention relates to, for example, a content management method for protecting copyright by regulating the number of duplicate contents and a content management apparatus using the content management method.

  Conventionally, copy management has been performed for contents (such as copyrighted works). By managing copy generation and managing the number of copies, we have balanced the protection of copyright and the convenience of use.

  Furthermore, the concept of “move” has appeared instead of copy management. In contrast to the copy not erasing the original data, the movement transfers the data to a different location (recording medium (media)) and erases the original data. The digitalization of content and the spread of networks, etc. are behind the emergence of copy protection by movement.

  In recent years, it has become possible to copy an original faithfully over a network or the like, and it has become difficult to protect copyrights only with copy management. Also, unlimited movement from media to media, such as for-profit (distributed) distribution of data, cannot perform copyright management.

  As described above, it has become difficult to reliably manage copying of original data (particularly, content that is subject to copyright protection).

  In particular, in content management for recording and erasing duplicate content on a recording medium while restricting the number of duplicate contents for copyright protection, the recording medium is transferred when the duplicate content recorded on the recording medium is moved. It is necessary to securely delete the duplicate content recorded in. In this case, unlike the case of recording duplicate content, it is easy to cut a signal so that a third party illegally receives a command for deleting the duplicate content, for example, during the procedure. In addition, it is possible to avoid erasing the copied content from the recording medium.

  In view of this, the present invention can ensure the erasure of the duplicate content recorded on the recording medium in content management in which the duplicate content is recorded and erased on the recording medium while restricting the number of duplicate contents to be recorded on the recording medium. It is an object of the present invention to provide a content management method that can be performed safely, a content management apparatus using the same, and a recording medium.

A content management apparatus according to an embodiment of the present invention
Mutual authentication processing is performed between the encrypted content and a recording medium on which key information necessary for decrypting the encrypted content is recorded. When the mutual authentication processing is successful, sharing is performed with the recording medium. Obtained shared key information,
When the mutual authentication process is successful, generate first data to overwrite the key information stored in the recording medium,
Encrypting the first data using the shared key information to generate first encrypted data;
Transmitting the first encrypted data to the recording medium;
Receiving, from the recording medium, second encrypted data generated by encrypting data in an area in which the key information has been recorded, using shared key information shared with the recording medium. ,
Decrypting the second encrypted data to obtain second data;
When the second data matches the first data, the key information stored in the recording medium is overwritten with the first data, and the key information is erased from the recording medium. Confirm.

A recording medium having an arithmetic processing function according to an embodiment of the present invention,
A first storage area;
A second storage area;
Recording means for recording the encrypted copy content transmitted from the content management device and the key information necessary for decrypting the encrypted copy content in each of the first storage area and the second storage area;
Erasing means for erasing the key information recorded in the second storage area by the recording means;
Including
The erasing means includes
Mutual authentication processing with the content management device, and when the mutual authentication processing is successful, mutual authentication means for obtaining shared key information shared with the content management device;
Receiving means for receiving the first encrypted data when the mutual authentication process is successful;
Decryption means for decrypting the first encrypted data with the shared key information to obtain first data;
Means for erasing the key information from the second storage area by overwriting the key information stored in the second storage area with the first data;
Second encrypted data is generated by encrypting the first data read from the second storage area using shared key information shared with the content management apparatus. Encryption means;
Means for transmitting the second encrypted data to the content management device;
including.

  According to the present invention, it is possible to easily and reliably manage the number of duplicate contents to be recorded on a recording medium.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a music content usage management system that regulates the number of duplicate contents that can be recorded on a recording medium (media) according to the present embodiment, records duplicate contents on the medium, reproduces duplicate contents recorded on the medium, and the like. 1 shows a configuration example of 1 (hereinafter sometimes simply referred to as LCM). Here, music is used as an example of content, but this is not the only case, and it may be a movie, game software, or the like. Further, although a memory card (MC) is used as a medium, the present invention is not limited to this, and various recording media such as a floppy (registered trademark) disk and a DVD may be used.

  An EMD (Electronic Music Distributor) is a music distribution server or a music distribution broadcast station.

  The content use management system 1 is, for example, a personal computer (PC) and includes receiving units # 1 to # 3 corresponding to a plurality of EMDs (here, EMDs # 1 to # 3), and the EMD distributes them. Encrypted content or its license (usage condition and decryption key Kc for encrypted content) is received. The receiving units # 1 to # 3 may have a reproduction function and a billing function. A playback function is used to audition the distributed music content. In addition, it is possible to purchase a favorite content using a billing function.

  The LCM 1 includes a secure content server (herein, Secure Music Server: SMS, which may be simply referred to as SMS hereinafter) 2, and content purchased by the user is an EMD interface (I / F) unit. 3 is stored in SMS 2 via 3. The music content is decrypted by the EMDI / F unit 3 as necessary, and subjected to format conversion and re-encryption. When the SMS 2 receives the encrypted content, it stores it in the music data storage unit 10 and stores the music data decryption key in the license storage unit 9. The SMS 2 may have a playback function. With the reproduction function, music content managed by the SMS 2 can be reproduced on the PC.

  The SMS 2 has a function of outputting content data to a medium 13 (hereinafter sometimes simply referred to as MC (memory card)). The MC 13 can be set in a recording / reproducing apparatus (hereinafter also referred to simply as a PD (Portable Device)) 12 and contents recorded in the MC 13 can be reproduced.

  Content recording from the SMS 2 to the MC 13 can be performed directly through the media (MC) interface (I / F) unit 6 or via the PD 12.

  The device ID storage unit 4 is composed of a ROM, for example, and stores identification information (device ID) of the LCM.

  The MC 13 has identification information (MID) unique to the medium and cannot be rewritten, and the content stored in the MC 13 may be encrypted with an encryption key that depends on the MC 13.

  First, check-in / check-out will be described with reference to LCM 1 in FIG.

  Checkout means that the LMS 1 stores the content as “parent” and copies the duplicate as “child” content to the MC 13. “Child” content can be freely played back on the PD 12, but “child” content cannot be created from “child” content. The number of “children” that a “parent” can produce is defined as an attribute of the “parent”. Check-in is, for example, that the MC 13 is connected to the LCM 1 and the LCM 1 deletes (or cannot use) the “child” content, so that the “parent” content in the LCM 1 has the right to create one “child”. It means to recover. This is also called checking in with the “parent”.

  If this check-in / check-out is simply realized by the conventional LCM 1, the following “attack” actually exists. That is, the “child” stored in the MC 13 is saved in another storage medium (except for the MID), and the “child” of the MC 13 is checked in to the “parent”. Next, the previously saved “child” is written back to the MC 13. Since the check-in has already been completed, the “parent” on the LCM 1 may copy the “child” to another MC 13. In this way, it is possible to create “children” that can be used in an arbitrary number.

  The above-mentioned “attack” can be countered by performing authentication at the time of data transfer between the MC 13 and the LCM 1. That is, it is assumed that the MC 13 does not accept data transfer from other than the valid LCM 1 and that the LCM 1 does not accept data transfer from other than the valid MC 13. In this case, the “child” in the MC 13 cannot be saved to another recording medium. Also, the LCM 1 cannot be checked in false. Therefore, the above “attack” breaks down.

  However, in reality, check-in / check-out cannot be realized even if authentication between LCM 1 and MC 13 is assumed. This is because the following “attack” exists. That is, first, in a state where the “parent” on the LCM 1 does not create a “child”, the data of the LCM 1 (particularly, information in the license storage unit 9) is backed up to another storage medium. After the “child” is copied to the MC 13, the backed up LCM1 data is restored. Since the “parent” of the LCM 1 returns to the state before the “child” is created, the “child” can be created in another MC 13. In this way, an arbitrary number of “children” can be created.

  Therefore, in order to realize check-in / check-out that can cope with such an attack, an area (secret area) that cannot be read and written by a published procedure is provided in the storage area in the MC 13 and is necessary for mutual authentication. Information, information necessary for content decryption, a list of identification information (device ID) of devices (LCM1, PD12) that cannot be accessed (revocation list (RVC list)), and the like are recorded (see FIG. 2). In addition, an area (secret area) that can be accessed only by a private procedure is provided on the storage area of the LCM 1 (for example, when the LCM 1 is configured by a PC, a hard disk (HDD)), and a guest book as described later is provided. Store in the secret area (see FIG. 2). Furthermore, an area (secret area) that can be accessed only by a private procedure may be provided on the storage area of the PD 12, and information necessary for content decoding may be recorded therein (see FIG. 2). Here, an area accessible by a normal procedure other than the secret area in the storage area is called a public area.

  As shown in FIG. 1, in the LCM 1, the secret book area is provided with a hotel book storage unit 8, and after the specific procedure for accessing the book book storage unit 8 is performed in the SMS 2, the secret book area is stored. A secret area driver 7 is provided for reading data from.

  As shown in FIG. 4C, the MC 13 has an identification information storage unit (ROM) 13b configured so that it cannot be rewritten from the outside for storing the identification information MID and cannot be copied. When the secret area 13c, the public area (readable / writable RAM) 13a, and the secret area 13c are accessed, authentication is performed by the authentication unit 13d. A switch (SW) 13e that opens the gate so as to access the region 13c is provided.

  Note that there are three types of MCs 13 that can be used in the present embodiment, and the type of the MC 13 that has both the identification information MID and the secret area as shown in FIG. 4C is referred to as “level 2”. The type of MC 13 as shown in FIG. 4B which does not have a secret area but has identification information MID is called “level 1”. The type of MC 13 having only a public area as shown in FIG. 4A having neither a secret area nor identification information will be called “level 0”. For example, level 0 and other types can be discriminated based on the presence / absence of identification information MID, and further, level 1 and level 2 are discriminated from the configuration of identification information MID. For example, when the identification information is a continuous numerical value, it is assumed that the predetermined value or more is level 2.

  Hereinafter, the case of the MC2 of level 2 will be described as an example unless otherwise specified.

  The MC 13 may be used by being set on the PD 12 connected to the LCM 1 or may be used by being set directly on the LCM 1.

  FIG. 3 shows a configuration example of the PD 12, and the MC 13 is set in the media interface (I / F unit) 12f. When the LCM 1 reads / writes to / from the MC 13 via the PD 12, the LCM 1 accesses the secret area of the MC 13 via the secret area access unit in the PD 12. The media I / F unit 12f includes a secret area access unit for accessing the secret area of the MC 13. The secret area in the PD 12 may be provided in the flash memory 12d. In the ROM 12c, a program for performing mutual authentication between the MC 13 and the LCM 1, a program describing an authentication procedure for accessing the secret area, and a program for determining the type of the MC 13 are written. In accordance with this program, processing such as various types of authentication and type determination with the MC 13 is executed under the control of the CPU 12a.

  Identification information (device ID) of the PD 12 may be stored in the ROM 12c. Also, for example, a secret device ID (SPDID) is stored in advance in a secret area provided in the flash memory 12d.

  FIG. 5 shows the configuration of the media I / F unit 6 of the LCM 1, an authentication unit 6c for performing mutual authentication with the MC 13, a media discrimination unit 6b for discriminating the type of the MC 13, and the whole It is comprised from the control part 6a for controlling. The authentication unit 6c is also a secret area access unit for accessing the secret area of the MC 13.

  FIG. 23 shows the configuration of the level 2 MC 13 shown in FIG. 4C more specifically. As shown in FIG. 23, the secret area 102 is configured on, for example, a one-chip memory element (for example, RAM), and includes a RAM area and a ROM area. For example, whether it is a RAM area or a ROM area is distinguished by a difference in access control by the control unit 101 constituted by, for example, a CPU. In the public area, the ROM area 103 and the RAM area 104 are composed of separate memory elements.

  A separate bus is connected to the control unit 101 when accessing the secret area 102 and when accessing the public areas 103 and 104, and the control unit 101 switches to one of the buses to switch to the secret area. 102 or the public areas 103 and 104 are accessed.

  The control unit 101 controls each component of the MC 13 and also executes an authentication process (AKE) that is executed whenever the LCM 1 or the like accesses the secret area of the MC 13.

  In the ROM area in the secret area 102, for example, a program for performing mutual authentication with the MC 13 and the LCM 1, a program describing an authentication process (AKE) for accessing the secret area, a secret media ID ( SMID) or the like may be stored in advance.

  Next, a guest book stored in the secret area of the LCM 1 will be described.

  All music contents held in the SMS 2 have a content ID (TID) which is identification information for identifying each music content, a predetermined number of duplicatable contents, that is, a remaining number of children and a checkout list. As attribute information. This attribute information is called a hotel book. The hotel book is recorded in the hotel book storage unit 8 provided in the secret area in the form as shown in FIG.

  In FIG. 7A, for example, the remaining number of children with content ID “TID1” is “2”, and the checkout list is L1.

  The checkout list is a list of identification information of the MC 13 in which the copied content (child) is recorded. For example, in FIG. 7A, the checkout list L1 has identification information “m1” and “m2”. It can be seen that the child of the content with the content ID “TID1” is checked out in the two MCs 13.

  Hereinafter, description will be made in the order of the following items.

  (1) Outline of mutual authentication method (2) Check-in / check-out / reproduction of duplicate content using level 2 MC (3) Check-in / check-out / reproduction of duplicate content using level 0 MC (1 ) Outline of Mutual Authentication Method As described above, in order to securely perform check-in / check-out, mutual authentication is performed between LCM1, PD12 and MC13 (for example, for checking whether they have the same algorithm as each other). There is a need. Generally, in mutual authentication processing, it is necessary to have secret information shared by one and the other performing mutual authentication. Accordingly, MC13, LCM1 and PD12 have such secret information, for example. From the viewpoint of information security, it is better that this secret information is dynamic such that different information is generated each time authentication is performed. However, if an advanced function for generating such secret information is added to the MC 13 itself, the medium becomes expensive. In order to widely spread the media to the general public, it is desirable that it be as cheap as possible. Therefore, in consideration of cost reduction of the media (MC13), it is better to store secret information in the MC13 in advance.

  However, if secret information common to all media or a certain number of media (hereinafter such information is called global secret information) is stored in advance in each media, the secret from one media When information is read in some way, there is a problem that other media storing the same secret information are also illegally used. It is extremely dangerous to give the media global secret information (see FIG. 8A).

  Even if the confidential information stored in a certain medium is illegally read, it can be used illegally because there is no problem if only the medium from which the confidential information has been read. The information may be unique to each medium.

  Therefore, in this case, secret information for mutual authentication that is different for each medium is stored in each medium, and the LCM 1 or the PD 12 and the MC 13 perform mutual authentication using this information. We propose a safer mutual authentication method with higher security. In other words, the mutual authentication method described in the present embodiment, as shown in FIG. 8 (b), each medium (level 2 medium) has a different secret for each medium required for mutual authentication (AKE). Information (here, a secret media ID (SMID), which is encrypted in advance by key information KM obtained by some method) is stored in advance (in a secret area), and LCM1, PD12 The identification information (MID) of the medium is transferred. On the LCM1 or PD12 side, information for mutual authentication (the same as the SMID of the media) is generated using a predetermined algorithm using the MID and the information (KM) previously obtained by some method and authenticated. Processing (AKE) is performed.

  In this way, the MC 13 only has its own secret information (SMID), and the LCM 1 and the PD 12 have the secret information (MID) based on the information (MID) unique to each medium transferred from the medium. By generating (SMID), secure mutual authentication can be performed without imposing a load on the media.

  In the following description, the above mutual authentication process will be referred to as AKE.

  When the MC 13 is set in the media I / F unit 6 or the PD 12 of the LCM 1, first, mutual authentication may be performed between the media IF unit 6 and the MC 13 or between the PD 12 and the MC 13 ( Step S1 in FIG. 9) and when it is determined that both parties are legitimate (for example, hardware configurations of the same standard) (step S2), the media I / F unit 6 or PD 12 starts from the MC 13. The type of MC 13 is determined based on the read identification information MID (step S3). Then, the media I / F unit 6 or the PD 12 executes a check-in / check-out / playback process corresponding to the type (step S6).

  Note that the mutual authentication in step S1 of FIG. 9 is not necessarily the mutual authentication as shown in FIG.

  In addition, although it has been described that there are three types of MC 13 from level 0 to level 2, here, the check-in / check-out of the duplicate content of FIG. / Reproduction processing operation will be described.

  Furthermore, although omitted in the following description, when accessing the respective secret areas between LCM1 and MC13, between LCM1 and PD12, and between PD12 and MC13, one and the other Mutual authentication is performed, and when the validity of both parties is confirmed, the gate to each secret area is opened, and when access to the secret area is completed, the gate that allowed access to the secret area is closed. It shall be. For example, between LCM1 and MC13, SMS2 performs mutual authentication with MC13 in order to access the secret area 13c of MC13, and the validity of both is confirmed and the gate to secret area 13c by switch 13e. Is opened, the key information or the like is written in the secret area 13c, and when it is completed, the gate that made it possible to access the secret area 13c is closed by the switch 13e.

  (2) Check-in / check-out / reproduction of duplicate content using level 2 MCs Description of check-in / check-out and reproduction processing operations using level 2 MCs 13 as shown in FIG. To do.

  A checkout instruction is issued to the SMS 2 via the user interface (I / F) unit 15 of the LCM 1 or via the PD 12 (ie, when the MC 13 is set to the PD 12 connected to the LCM 1). The case will be described with reference to FIG.

  The SMS 2 checks the number of remaining children n of the content requested to be checked out of the guest book (for example, the content ID is “TID1”). When n> 0, the device of the LCM 1 from the device ID storage unit 4 is checked. The ID (LCMID) is read out and transferred to the MC 13 (step S101).

  The MC 13 checks whether the transferred device ID is registered in the RVC list (step S102). If not registered, the MC 13 accesses the secret area 13c, reads the master key KM, and transfers it to the LCM 1 (step S102). S103). The MC 13 further reads the identification information (MID) from the identification information storage unit 13b and transfers it to the LCM 1 (step S104).

  The LCM 1 encrypts the media ID (MID) transferred from the MC 13 with the master key KM, and generates information (KM [MID]) necessary for mutual authentication processing (AKE) (step S105).

  The LCM 1 executes the mutual authentication process (AKE) using the generated information KM [MID], while the MC 13 also executes the mutual authentication process (AKE) using the secret media ID (SMID) (step S106). ). In this mutual authentication process (AKE), LCM1 and MC13 share the same functions g (x, y) and H (x, y), and information KM [MID] generated by LCM1 is the secret of MC13. If they are the same as the media ID (SMID), one can confirm that one of the other is valid by mutual authentication processing (AKE).

  Here, the processing operation of the mutual authentication process (AKE) in step S106 will be described with reference to FIG.

  The LCM 1 generates a random number R1 (step S301), transfers it to the MC 13, and substitutes it into one variable of the function g (x, y) having two variables x and y. Further, the value of the function g is obtained by substituting the information KM [MID] generated in step S105 of FIG. 10 into the other variable of the function g (x, y) (step S302).

  On the other hand, the MC 13 also substitutes the random number R1 transferred from the LCM1 into one variable of the function g (x, y) and substitutes its own secret media ID (SMID) into the other variable to obtain the function g Is transferred to LCM1 (step S303).

  In the LCM1, the value of the function g transferred from the MC 13 is compared with the value of the function g obtained on the LCM1 side, and if they match, the subsequent processing is executed. If they do not match, the AKE process on the LCM 1 side is stopped at this point (step S304).

  Next, the MC 13 generates a random number R2 (step S305), transfers it to the LCM1, and assigns it to one variable of the function g (x, y) having two variables. Further, the secret media ID (SMID) of the MC 13 is substituted into the other variable of the function g (x, y) to obtain the value of the function g (step S306).

  On the other hand, also in LCM1, the random number R2 transferred from the MC 13 is substituted into one variable of the function g (x, y), and the information KM [MID] generated in step S105 in FIG. When the value of the function g is obtained by substituting it into the other variable of (y), it is transferred to the MC 13 (step S307).

  The MC 13 compares the value of the function g transferred from the LCM 1 with the value of the function g obtained on the MC 13 side, and executes the subsequent processing if they match. If they do not match, the AKE process on the MC 13 side is stopped at this point (step S308).

  In MC13, if the values of the function g match in step S308, one variable of the function H (x, y) having two variables is a random number R2, and the other variable is the secret media ID (SMID) of the MC13. Is substituted to generate key information KT (step S309).

  On the other hand, in LCM1, if the value of the function g matches in step S304, the random number R2 transferred from the MC 13 is substituted into one variable of the function H (x, y) and generated in step S105 of FIG. The assigned information KM [MID] is substituted into the other variable to generate key information KT (step S310).

  Note that the key information KT generated using the same function H (x, y) in each of the LCM 1 and the MC 13 is the same because the value of the function g is the same in each of the steps S304 and S308. In each of the LCM 1 and MC 13, the content decryption key Kc is transferred using this key information KT.

  In addition, it is desirable for information security that the key information KT generated by the mutual authentication process (AKE) is different every time. Here, since a newly generated random number R2 is assigned to one of the two variables assigned to the function H that generates the key information KT, different key information KT is generated each time.

  Returning to the description of FIG. 10, when mutual authentication is performed between the LCM 1 and the MC 13 in Step S106, the MC 13 stores the generated key information KT (here, KT1) in the secret area (Step S106). S107). In LCM1, the decryption key (content decryption key) Kc for decrypting the encrypted content is encrypted with the key information KT1 generated in step S106 (KT1 [Kc]) and transferred to MC13 (step S108 to step S108). In step S109, the content information C is encrypted with Kc (Kc [C]) and transferred to the MC 13 (steps S110 to S111).

  Finally, as shown in FIG. 7B, the SMS 2 subtracts “1” from the remaining child number n of the content ID “TID1” for which the checkout request of the hotel book was requested, and the checkout list L1 The identification information “m0” of the MC 13 is added.

  The MC 13 stores the transferred encrypted content decryption key KT1 [Kc] and encrypted content Kc [C] in the public area 13a.

  FIG. 6 shows the contents stored in the MC 13 when the above processing is completed.

  Next, a case where a reproduction instruction is given to the SMS 2 or the PD 12 via the user interface (I / F) unit 15 of the LCM 1 will be described with reference to FIG.

  First, the PD 12 or LCM 1 transfers its own device ID to the MC 13 (step S121).

  If the LCM1 has a PD2 content playback function unit (demodulation unit 12g, decoder 12h, D / A conversion unit 12i, etc.) as shown in FIG. 3, when the MC13 is played back by the PD12, playback is also performed by the LCM1. Since the same applies to the case where the data is to be played, the case where the data is played back by the PD 12 will be described as an example.

  The MC 13 checks whether or not the transferred device ID is registered in the RVC list (step S122), and when not registered, accesses the secret area 13c to read out the master key KM and transfers it to the PD 12 (step S122). S123). The MC 13 further reads out the identification information (MID) from the identification information storage unit 13b and similarly transfers it to the PD 12 (step S124).

  The PD 12 encrypts the media ID (MID) transferred from the MC 13 with the master key KM, and generates information (KM [MID]) necessary for the mutual authentication process (AKE) (step S125).

  The PD 12 executes the mutual authentication process (AKE) using the generated information KM [MID], while the MC 13 also executes the mutual authentication process (AKE) using the secret media ID (SMID) (step S126). ). The mutual authentication process (AKE) in step S126 is the same as that in FIG.

  When mutual authentication is performed between the PD 12 and the MC 13, the MC 13 encrypts the key information KT1 stored in the secret area 13c using the generated key information KT (here, KT2) ( KT2 [KT1]) and transfer to the PD 12 (steps S127 to S128). On the other hand, the PD 12 can decrypt KT2 [KT1] transferred from the MC 13 using the key information KT2 generated in step S126 (step S128).

  From the MC 13, the encrypted content decryption key KT1 [Kc] and the encrypted content Kc [C] are read from the public area 13a and transferred to the PD 12 (steps S129 and S131).

  If the key information KT1 is successfully decrypted, the PD 12 decrypts the content decryption key KT1 [Kc] encrypted using the key information KT1 to obtain the content decryption key Kc (step S130). The encrypted content Kc [C] is decrypted using the key Kc to obtain the content C (step S132). In the PD 12, the content C is decoded by the decoder 12h, converted from a digital signal to an analog signal by the D / A conversion unit 12i, and reproduced content (for example, music) recorded in the MC 13 can be reproduced.

  Next, the check-in instruction is sent via the user interface (I / F) unit 15 of the LCM 1 or via the PD 12 (that is, when the MC 13 is set and used in the PD 12 connected to the LCM 1). The case where it was made will be described with reference to FIG.

  The processing operation at the time of check-in shown in FIG. 12 performs mutual authentication processing (AKE) when erasing key information (or key information and encrypted content information) recorded in MC 13 (overwriting and erasing with random numbers). Is characterized in that the data used for overwriting is encrypted using an encryption function shared by the LCM 1 and the MC 13 and transferred to the LCM 13 to confirm erasure.

  The SMS 2 reads the device ID (LCMID) of the LCM 1 from the device ID storage unit 4 and transfers it to the MC 13 (step S141).

  The MC 13 checks whether the transferred device ID is registered in the RVC list (step S142). If not registered, the MC 13 accesses the secret area 13c, reads the master key KM, and transfers it to the LCM 1 (step S142). S143). The MC 13 further reads out the identification information (MID) from the identification information storage unit 13b and transfers it to the LCM 1 (step S144).

  The LCM 1 encrypts the media ID (MID) transferred from the MC 13 with the master key KM, and generates information (KM [MID]) necessary for the mutual authentication process (AKE) (step S145).

  The LCM 1 executes the mutual authentication process (AKE) using the generated information KM [MID], while the MC 13 also executes the mutual authentication process (AKE) using the secret media ID (SMID) (step S146). ).

  The mutual authentication process (AKE) in step S146 is the same as that in FIG.

  In step S146, when LCM1 and MC13 are mutually authenticated, LCM1 has a conventional random number r1 for overwriting the key information KT1 stored in the secret area (RAM area) 13c of MC13. It is generated using a random number generator, and this and the overwrite instruction information for MC13 are encrypted with the key information KT (here, KT3) generated in step S146 (KT3 [overwrite instruction + r1]) and transferred to MC13. (Step S701). The overwriting instruction may include an address where the key information KT1 is written.

  In MC13, KT3 [overwrite instruction + r1] transferred from LCM1 is decrypted with the key information KT3 generated in step S146 to obtain a random number r1 (step S702). The random number r1 is erased by overwriting the key information KT1 stored in the secret area (RAM area) 13c of the MC 13 (step S703). In addition to the key information KT1, the content decryption key Kc encrypted with the key information KT1 (KT1 [Kc]) and the encrypted content information Kc [C] may be deleted by overwriting with the random number r1. Good.

  Next, a process for confirming whether or not the key information KT1 (or the key information KT1 and the encrypted content information or the like) has been securely deleted with the random number r1 is executed.

  First, the MC 13 stores data used for overwriting, that is, key information KT1 (or key information KT1 and encrypted content information, etc.) in one variable of the encryption function g used in AKE in step S146. The data (random number r1 if overwritten normally) is read from the address and substituted, and the SMID is substituted for the other variable to obtain the value of function g (g (r1)) (step S704). Then, the value of the function g is encrypted using the key information KT3 generated when LCM1 and MC13 are mutually authenticated in the AKE of the previous step S146 (KT3 [g (r1)]), Transfer to LCM1 (step S705).

  In LCM1, KT3 [g (r1)] transferred from MC13 is decrypted using key information KT3 generated when LCM1 and MC13 are mutually authenticated in AKE in step S146 (step S706). ).

  Then, LCM1 substitutes the information KM [MID] generated in step S145 for one variable of the encryption function g used in AKE of step S146, and substitutes the random number r1 generated in step S701 for the other variable. The value of function g (g (r1)) is obtained (step S707). The value of the function g is compared with the data obtained by decryption in step S706. If they match, the key information KT1 (or key information KT1 and encrypted content information, etc.) is changed to a random number r1 in MC13. The process is terminated (step S708). When there is a discrepancy, it is desirable for the LCM 1 to take measures such as notifying an abnormality.

  Finally, as shown in FIG. 7 (c), “1” is added to the remaining child number n of the content ID “TID1” for which the check-in request of the guest book was requested, and the MC 13 The identification information m0 is deleted.

  In the above embodiment, the encryption function g used for AKE is used for encrypting the data used for overwriting in step S704 and for encrypting the random number r1 in step S707. The algorithm is not limited, and any algorithm for encrypting information shared by the LCM 1 and the MC 13 may be used.

  Next, another processing operation at the time of check-in different from FIG. 12 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 12 and an identical part, and a different part is demonstrated. That is, in the processing operation at the time of check-in shown in FIG. 13, the MC 13 encrypts the data used for overwriting by using the key information shared by the LCM 1 and the MC 13 generated by the AKE previously performed and transfers the data to the LCM 13. Thus, the deletion is confirmed, and the processing operation up to AKE in step S146 is the same as that in FIG.

  In step S146, when LCM1 and MC13 are mutually authenticated, LCM1 has a conventional random number r1 for overwriting the key information KT1 stored in the secret area (RAM area) 13c of MC13. It is generated using a random number generator, and this and the overwrite instruction information for MC13 are encrypted with the key information KT (here, KT3) generated in step S146 (KT3 [overwrite instruction + r1]) and transferred to MC13. (Step S751). The overwriting instruction may include an address where the key information KT1 is written.

  In MC13, KT3 [overwrite instruction + r1] transferred from LCM1 is decrypted with the key information KT3 generated in step S146 to obtain a random number r1 (step S752). This random number r1 is erased by overwriting the key information KT1 stored in the secret area (RAM area) 13c of the MC 13 (step S753). In addition to the key information KT1, the content decryption key Kc encrypted with the key information KT1 (KT1 [Kc]) and the encrypted content information Kc [C] may be deleted by overwriting with the random number r1. Good.

  Next, a process for confirming whether or not the key information KT1 (or the key information KT1 and the encrypted content information or the like) has been securely deleted with the random number r1 is executed.

  First, the MC 13 obtains data used for overwriting, that is, data (random number r1 if overwritten normally) from the address where the key information KT1 (or key information KT1 and encrypted content information, etc.) is stored. It is read and encrypted with the key information KT3 generated by AKE in step S146 (KT3 [r1]) and transferred to LCM1 (step S754).

  In LCM1, KT3 [r1] transferred from MC13 is decrypted using key information KT3 generated when LCM1 and MC13 are mutually authenticated in AKE in step S146 (step S755). The obtained data is compared with the random number r1 generated in step S751, and if they match, the key information KT1 (or key information KT1 and encrypted content information, etc.) is erased with the random number r1 in MC13. The process is terminated (step S756). When there is a discrepancy, it is desirable for the LCM 1 to take measures such as notifying an abnormality.

  Finally, as shown in FIG. 7 (c), “1” is added to the remaining child number n of the content ID “TID1” for which the check-in request of the guest book was requested, and the MC 13 The identification information m0 is deleted.

  Next, another check-out processing operation different from FIG. 10 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 10 and an identical part, and a different part is demonstrated. That is, FIG. 14 is characterized in the processing for the content decryption key Kc to be transferred to the MC 13.

  In FIG. 14, the LCM 1 first encrypts the content decryption key Kc using the Km [MID] (hereinafter referred to as w) generated in step S105 (step S162). The content decryption key Kc (w [Kc]) encrypted with w is further encrypted using the key information KT1 generated in the mutual authentication process (AKE) in step S106 (KT1 [w [ Kc]]), the data is transferred to the MC 13 (step S163).

  The MC 13 decrypts the transferred KT1 [w [Kc]] using the key information KT1 generated in the mutual authentication process (AKE) in step S106 to obtain w [Kc]. (Step S164).

  Similarly to the case of FIG. 10, the content information C is encrypted with Kc (step S165) and then transferred to the MC 13 (step S166).

  The reproduction processing operation corresponding to the checkout processing operation as shown in FIG. 14 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 11 and an identical part, and only a different part is demonstrated. That is, in FIG. 15, the MC 13 encrypts the encrypted content decryption key w [Kc] stored in the secret area 13c with the key information KT2 generated by the mutual authentication process (AKE) in step S126 (KT2 [W [Kc]]) Transfer to LCM1 or PD12. (Step S172). The LCM1 or PD12 decrypts KT2 [w [Kc]] transferred from the MC 13 with the key information KT2 similarly generated in step S126 (step S173), and uses the resulting w [Kc] in step S123. The content decryption key Kc is obtained by decrypting using w = KM [MID] generated in (Step S174). Using this content decryption key Kc, the encrypted content Kc [C] is decrypted to obtain the content C (step S175). In the LCM 1 or PD 12, the content C is decoded by the decoder 12h, converted from a digital signal to an analog signal by the D / A conversion unit 12i, and reproduced content (for example, music) recorded in the MC 13 can be reproduced. it can.

  The check-in processing operation corresponding to the check-out processing operation as shown in FIG. 14 is almost the same as the description of FIG. 12 and FIG. 13, and is different from step S503 in FIG. 12 and step S555 in FIG. What is erased from the secret area 13c is not the key information KT1, but the content decryption key w [Kc] encrypted with w = KM [MID].

  (3) Check-in / check-out / reproduction of copied content using level 0 MC Next, check-in / check-out, reproduction processing using level 0 MC 13 having the configuration shown in FIG. The operation will be described.

  In this case, the MC 13 is set in the PD 12 and a checkout process is executed with the LCM 1 via the PD 12. The basic operation is the same as when the MC 13 is level 2. However, since the secret area and the media ID are not included in the level 0, the PD 12 performs processing for the LCM 1 on behalf of the level 13 MC 13. The processing as shown in FIG. 10 is executed. Therefore, the master key KM, the secret device key SPDID, and the revocation list (RVC list) are stored in advance in the secret area of the PD 12. The master key KM has the same function as the master key KM stored in the medium MC13, but the data itself does not have to be the same.

  First, in step S3 of FIG. 9, it is determined that the type of MC 13 is level 0.

  A case where a checkout instruction is issued to the SMS 2 via the user interface (I / F) unit 15 of the LCM 1 or via the PD 12 will be described with reference to FIG.

  The SMS 2 checks the number of remaining children n of the content requested to be checked out of the guest book (for example, the content ID is “TID1”). When n> 0, the device of the LCM 1 from the device ID storage unit 4 is checked. The ID (LCMID) is read out and transferred to the PD 12 (step S201).

  The PD 12 checks whether the transferred device ID is registered in the RVC list (step S202). If not registered, the PD 12 accesses the secret area of the PD 12, reads the master key KM, and transfers it to the LCM 1 ( Step S203). The PD 12 further reads out the identification information, that is, the device ID (PDID) from the ROM 12c, for example, and transfers it to the LCM 1 (step S204).

  The LCM 1 encrypts the device ID (PDID) transferred from the PD 12 with the master key KM, and generates information (KM [PDID]) necessary for the mutual authentication process (AKE) (step S205).

  The LCM 1 executes the mutual authentication process (AKE) using the generated information KM [PDID], while the PD 12 also executes the mutual authentication process (AKE) using the confidential device ID (SPDID) (step S206). ). The mutual authentication process (AKE) in step S206 is the same as that in FIG.

  When the LCM 1 and the PD 12 are mutually authenticated, the PD 12 stores the generated key information KT (here, KT1) in the secret area (step S207). In LCM1, the decryption key (content decryption key) Kc for decrypting the encrypted content is encrypted with the key information KT1 generated in step S206 (KT1 [Kc]), and transferred to the MC 13 via the PD 12 ( In addition, the content information C is encrypted with Kc (Kc [C]) and transferred to the MC 13 via the PD 12 (steps S210 to S211).

  Finally, as shown in FIG. 7B, the SMS 2 subtracts “1” from the remaining child number n of the content ID “TID1” for which the checkout request of the hotel book was requested, and the checkout list L1 Identification information PDID of the PD 12 is added.

  The MC 13 stores the transferred encrypted content decryption key KT1 [Kc] and encrypted content Kc [C] in the public area 13a.

  Next, a processing operation between the PD 12 and the MC 13 when a reproduction instruction is given to the PD 12 will be described with reference to FIG.

  First, the MC 13 transfers the encrypted content decryption key KT1 [Kc] recorded in the public area to the PD 12 (step S221). If the PD 12 is used when the content information to be reproduced is checked out to the MC 13, the key information KT1 for decrypting the encrypted content decryption key is stored in the secret area. (See step S207 in FIG. 16). Therefore, if it is such a legitimate PD 12, it is possible to obtain the content decryption key Kc by decrypting KT1 [Kc] transferred from the MC 13 using the key information KT1 read from the secret area ( Step S222). Further, the content C can be obtained by decrypting the encrypted content information Kc [C] transferred from the MC 13 using the content decryption key Kc (steps S223 to S224). In the PD 12, the content C is decoded by the decoder 12h, converted from a digital signal to an analog signal by the D / A conversion unit 12i, and reproduced content (for example, music) recorded in the MC 13 can be reproduced.

  Next, a case where the check-in instruction is issued to the SMS 2 via the PD 12 (that is, using the MC 13 set in the PD 12 connected to the LCM 1) will be described with reference to FIG. In this case, as in the case of the check-out, the PD 12 executes the process as shown in FIG.

  The SMS 2 reads the device ID (LCMID) of the LCM 1 from the device ID storage unit 4 and transfers it to the PD 12 (step S231).

  The PD 12 checks whether or not the transferred device ID is registered in the RVC list (step S232). When the device ID is not registered, it accesses the secret area, reads the master key KM, and transfers it to the LCM 1 (step S233). ). The PD 12 further reads out the identification information (PDID) and similarly transfers it to the LCM 1 (step S234).

  The LCM 1 encrypts the device ID (PDID) transferred from the PD 12 with the master key KM, and generates information (KM [PDID]) necessary for the mutual authentication process (AKE) (step S235).

  The LCM 1 executes the mutual authentication process (AKE) using the generated information KM [PDID], while the PD 12 also executes the mutual authentication process (AKE) using the confidential device ID (SPDID) (step S236). ).

  The mutual authentication processing (AKE1) operation in step S236 at the time of check-in is the same if KM [MID] is replaced with KM [PDID] and the secret media ID (SMID) is replaced with the secret device ID (SPID) in FIG. Therefore, explanation is omitted.

  In step S236, when LCM1 and PD12 are mutually authenticated, LCM1 uses a conventional random number r1 for overwriting key information KT1 stored in the secret area (RAM area) of PD12. It is generated using a generator, and the overwrite instruction information for MC 13 is encrypted with the key information KT (here, KT3) generated in step S236 (KT3 [overwrite instruction + r1]) and transferred to PD12. (Step S801). The overwriting instruction may include an address where the key information KT1 is written.

  The PD 12 decrypts the KT3 [overwrite instruction + r1] transferred from the LCM1 with the key information KT3 generated in step S236 to obtain a random number r1 (step S802). This random number r1 is erased by overwriting the key information KT1 stored in the secret area of the PD 12 (step S803).

  Next, a process for confirming whether or not the key information KT1 has been securely erased with the random number r1 is executed.

  First, the PD 12 stores data used for overwriting, that is, data from the address where the key information KT1 is stored in one variable of the encryption function g used in AKE in step S236 (if the data is normally overwritten, a random number is used. r1) is read and substituted, and SPDID is substituted for the other variable to obtain the value of function g (g (r1)) (step S804). Then, the value of the function g is encrypted using the key information KT3 generated when the LCM1 and the PD12 are mutually authenticated in the AKE of the previous step S236 (KT3 [g (r1)]), Transfer to LCM1 (step S805).

  In LCM1, KT3 [g (r1)] transferred from PD12 is decrypted using key information KT3 generated when LCM1 and PD12 are mutually authenticated in AKE in step S236 (step S806). ).

  Then, LCM1 substitutes the information KM [PDID] generated in step S235 for one variable of the encryption function g used in AKE of step S236, and substitutes the random number r1 generated in step S801 for the other variable. The value of function g (g (r1)) is obtained (step S807). The value of the function g is compared with the data obtained by decryption in step S806, and if they match, the PD 12 determines that the key information KT1 has been deleted with the random number r1, and ends the processing (step S808). When there is a discrepancy, it is desirable for the LCM 1 to take measures such as notifying an abnormality.

  Finally, as shown in FIG. 7C, “1” is added to the remaining child number n of the content ID “TID1” for which the check-in request of the hotel book was requested, and the PD 12 Delete identification information.

  In the above embodiment, the encryption function g used at the time of AKE is used when encrypting the data used for overwriting at step S804 and when encrypting the random number r1 at step S807. The algorithm is not limited, and any algorithm for encrypting information shared by the LCM 1 and the MC 13 may be used.

  Next, another check-in processing operation different from that in FIG. 18 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 18 and an identical part, and a different part is demonstrated. That is, in the processing operation at the time of check-in shown in FIG. 19, the PD 12 encrypts the data used for overwriting using the key information shared by the LCM 1 and the PD 12 generated by the AKE previously performed and transfers the data to the LCM 13. Thus, the deletion is confirmed, and the processing operation up to AKE in step S236 is the same as that in FIG.

  In step S236, when LCM1 and PD12 are mutually authenticated, LCM1 uses a conventional random number r1 for overwriting key information KT1 stored in the secret area (RAM area) of PD12. It is generated using a generator, and the overwriting instruction information for PD12 is encrypted with the key information KT (here, KT3) generated in step S236 (KT3 [overwrite instruction + r1]) and transferred to PD12. (Step S851). The overwriting instruction may include an address where the key information KT1 is written.

  The PD 12 decrypts the KT3 [overwrite instruction + r1] transferred from the LCM1 with the key information KT3 generated in step S236 to obtain a random number r1 (step S852). The random number r1 is erased by overwriting the key information KT1 stored in the secret area (RAM area) of the PD 12 (step S853).

  Next, a process for confirming whether or not the key information KT1 (or the key information KT1 and the encrypted content information or the like) has been securely deleted with the random number r1 is executed.

  First, the PD 12 reads the data used for overwriting, that is, the data (the random number r1 if overwritten normally) from the address where the key information KT1 was stored, and generates it in the AKE of step S236. The encrypted key information KT3 is encrypted (KT3 [r1]) and transferred to the LCM1 (step S854).

  In LCM1, KT3 [r1] transferred from PD12 is decrypted by using key information KT3 generated when LCM1 and PD13 are mutually authenticated in AKE in step S236 (step S855). The obtained data is compared with the random number r1 generated in step S851, and if they match, the PD 12 determines that the key information KT1 has been deleted with the random number r1, and ends the process (step S856). . When there is a discrepancy, it is desirable for the LCM 1 to take measures such as notifying an abnormality.

  Finally, as shown in FIG. 7C, “1” is added to the remaining child number n of the content ID “TID1” for which the check-in request of the hotel book was requested, and the PD 12 Delete identification information.

  Next, another check-out processing operation different from FIG. 16 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 16 and an identical part, and a different part is demonstrated. That is, FIG. 20 is characterized in the processing for the content decryption key Kc to be transferred to the PD 12, as in the case of FIG.

  In FIG. 20, the LCM 1 first encrypts the content decryption key Kc using Km [PDID] (hereinafter referred to as w) generated in step S205 (step S252). The content decryption key Kc (w [Kc]) encrypted with w is further encrypted using the key information KT1 generated in the mutual authentication process (AKE) in step S251 (KT1 [w [ Kc]]), the data is transferred to the PD 12 (step S253).

  The PD 12 uses the key information KT1 generated in the mutual authentication process (AKE) in step S251 to decrypt the transferred KT1 [w [Kc]] to obtain w [Kc], which is sent to the secret area. Store (step S254).

  As in the case of FIG. 16, the content information C is encrypted with Kc (step S255) and then transferred to the MC 13 via the PD 12 (step S256).

  A reproduction processing operation corresponding to the checkout processing operation as shown in FIG. 20 will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to FIG. 20 and an identical part, and only a different part is demonstrated. That is, in FIG. 21, the PD 12 decrypts the encrypted content decryption key w [Kc] stored in its own secret area by using its own secret device ID (SPDID = w), and uses the content decryption key Kc. Can be obtained (step S261). The content C can be obtained by decrypting the encrypted content Kc [C] transferred from the MC 13 using the content decryption key Kc (step S262). In the PD 12, the content C is decoded by the decoder 12h, converted from a digital signal to an analog signal by the D / A conversion unit 12i, and reproduced content (for example, music) recorded in the MC 13 can be reproduced.

  The check-in processing operation corresponding to the check-out processing operation as shown in FIG. 20 is almost the same as the description of FIG. 18 and FIG. 19, and the difference is in step S603 of FIG. 18 and step S655 of FIG. What is deleted from the secret area is not the key information KT1, but the content decryption key w [Kc] encrypted with w = KM [MID].

The figure which showed the structural example of the music content utilization management system (LCM) using the content management method for restrict | limiting the number of the replication content which can be memorize | stored in the recording medium (media) which concerns on embodiment of this invention. The figure which showed the structural example of the memory area. The figure which showed the internal structural example of the recording / reproducing apparatus (PD). The figure for demonstrating the characteristic of three types of recording media. The figure which showed the internal structural example of the media interface (I / F) part. The figure for demonstrating the recording content of the recording medium after check-in. The figure which showed the example of a memory | storage of the hotel book stored in the secret area | region of LCM. The figure for demonstrating the outline of a mutual authentication method. FIG. 5 is a flowchart for explaining a check-in / check-out processing procedure, showing a procedure until a type of media is determined and processing corresponding to the type is selected. The figure for demonstrating the procedure at the time of checkout in case the classification of a recording medium is level 2. FIG. The figure for demonstrating the procedure at the time of reproduction | regeneration in case the classification of a recording medium is level 2. FIG. The figure for demonstrating the procedure at the time of check-in when the classification of a recording medium is level 2. FIG. The figure for demonstrating the other procedure at the time of check-in when the classification of a recording medium is level 2. FIG. The figure for demonstrating the other procedure at the time of checkout in case the classification of a recording medium is level 2. FIG. The figure for demonstrating the other procedure at the time of reproduction | regeneration in case the classification of a recording medium is level 2. FIG. The figure for demonstrating the procedure at the time of a checkout in case the classification of a recording medium is level 0. The figure for demonstrating the procedure at the time of reproduction | regeneration in case the classification of a recording medium is level 0. The figure for demonstrating the procedure at the time of check-in when the classification of a recording medium is level 0. The figure for demonstrating the other procedure at the time of check-in when the classification of a recording medium is level 0. The figure for demonstrating the other procedure at the time of checkout in case the classification of a recording medium is level 0. The figure for demonstrating the other procedure at the time of reproduction | regeneration in case the classification of a recording medium is level 0. The figure for demonstrating the processing operation | movement of a mutual authentication process (AKE). The figure which showed more concretely the structure of the recording medium of the level 2 shown in FIG.4 (c).

Explanation of symbols

1. Content usage management system 2. Secure content server (SMS)
DESCRIPTION OF SYMBOLS 3 ... EMD interface part 4 ... Timeout determination part 5 ... PD interface (I / F) part 6 ... Media interface (I / F) part 7 ... Secret area driver 8 ... Accommodation book storage part 9 ... License storage part 10 ... Music data storage Unit 11: CD interface (I / F) unit 12: Recording / reproducing apparatus (PD)
13. Recording medium (MC)

Claims (12)

In order to decrypt the encrypted copy content of the content whose upper limit value of the copy content that can be recorded on the recording medium is predetermined, when the remaining number of the copy content within the upper limit value is not 0 Recording means for subtracting 1 from the remaining number each time a set of the encrypted copy content and the key information is recorded on a recording medium,
Erasing means for erasing the key information from the recording medium on which the encrypted copy content and the key information are recorded;
A content management method in a content management device including:
Wherein said erasing means between the encrypted content and a recording medium in which the key information is recorded by the recording means, performs mutual authentication processing, when the mutual authentication process has succeeded, shared between said recording medium A mutual authentication step for obtaining shared key information to be performed;
When the mutual authentication process is successful, the erasing unit generates first data for overwriting the key information stored in the recording medium; and
A first encryption step in which the erasing means encrypts the first data using the shared key information to generate first encrypted data;
A transmission step in which the erasing means transmits the first encrypted data to the recording medium;
The erasing means is generated by encrypting the data in the area where the key information is recorded from the recording medium using the shared key information shared between the recording medium and the content management apparatus. A receiving step for receiving the second encrypted data;
The erasing means decrypts the second encrypted data to obtain second data; and
When the second data and the first data match, the erasure unit overwrites the key information stored in the recording medium with the first data, and the key information is stored in the recording medium. A confirmation step to confirm that the
Content management method. The mutual authentication step includes:
The erasing means generating a first random number;
The erasing means transmitting the first random number to the recording medium;
The erasing means receiving a first value transmitted from the recording medium;
The erasing means substitutes the first random number and the encrypted ID information of the recording medium shared with the recording medium into the first function shared with the previous recording medium. Comparing the resulting second value with the first value;
When the first value and the second value match, the erasure unit substitutes the second random number and the encrypted ID information transmitted from the recording medium into the first function. And transmitting the third value obtained as a result to the recording medium, and from the second random number, the encryption ID information, and the second function H shared with the recording medium, the shared key Generating information;
The content management method according to claim 1, comprising: Mutual authentication processing is performed between the encrypted content and a recording medium on which key information necessary for decrypting the encrypted content is recorded. When the mutual authentication processing is successful, sharing is performed with the recording medium. Mutual authentication means for obtaining shared key information to be
Means for generating first data for overwriting the key information stored in the recording medium when the mutual authentication process is successful;
Means for encrypting the first data using the shared key information to generate first encrypted data;
Means for transmitting the first encrypted data to the recording medium;
Means for receiving the second encrypted data generated by the recording medium by encrypting the data in the area where the key information was recorded using the shared key information shared with the recording medium When,
Means for decrypting the second encrypted data to obtain second data;
When the second data matches the first data, the key information stored in the recording medium is overwritten with the first data, and the key information is erased from the recording medium. A means of confirming,
A content management device. The mutual authentication means includes
Means for generating a first random number;
Means for transmitting the first random number to the recording medium;
Means for receiving a first value transmitted from the recording medium;
A second obtained as a result of substituting the first random number and the encrypted ID information of the recording medium shared with the recording medium into the first function shared with the previous recording medium Means for comparing a value with the first value;
When the first value matches the second value, the second random number and the encrypted ID information transmitted from the recording medium are then substituted into the first function. Means for transmitting the value of 3 to the recording medium and generating the shared key information from the second random number, the encrypted ID information, and the second function H shared with the recording medium When,
The content management apparatus according to claim 3, comprising: A recording medium having an arithmetic processing function,
A first storage area;
A second storage area;
Recording means for recording the encrypted copy content transmitted from the content management device and the key information necessary for decrypting the encrypted copy content in each of the first storage area and the second storage area;
Erasing means for erasing the key information recorded in the second storage area by the recording means;
Including
The erasing means includes
Mutual authentication processing with the content management device, and when the mutual authentication processing is successful, mutual authentication means for obtaining shared key information shared with the content management device;
Receiving means for receiving the first encrypted data when the mutual authentication process is successful;
Decryption means for decrypting the first encrypted data with the shared key information to obtain first data;
Means for erasing the key information from the second storage area by overwriting the key information stored in the second storage area with the first data;
Second encrypted data is generated by encrypting the first data read from the second storage area using shared key information shared with the content management apparatus. Encryption means;
Means for transmitting the second encrypted data to the content management device;
Including recording medium. The mutual authentication means includes
Means for receiving a first random number transmitted from the content management device;
A first result obtained by substituting the first random number and the encrypted ID information of the recording medium shared with the content management device into a first function shared with the content management device. Means for transmitting a value of 1 to the content management device;
Means for generating a second random number;
Means for transmitting the second random number to the content management device;
Means for receiving a second value transmitted from the content management device;
When the third value obtained as a result of substituting the second random number and the encryption ID information into the first function matches the second value, the second random number, the encryption Means for generating the shared key information from ID information and a second function H shared with the content management device;
The recording medium according to claim 5. In order to decrypt the encrypted copy content of the content whose upper limit value of the copy content that can be recorded on the recording medium is predetermined, when the remaining number of the copy content within the upper limit value is not 0 Recording means for subtracting 1 from the remaining number each time a set of the encrypted copy content and the key information is recorded on a recording medium,
Erasing means for erasing the key information from the recording medium on which the encrypted copy content and the key information are recorded;
A content management method in a content management device including:
Using a first algorithm including a first function that is shared between the recording medium the encrypted content and the key information is recorded by said recording means, said erasing means, between said recording medium A shared key generation step for generating shared key information shared by
When the shared key information is generated, the erasure means generates first data for overwriting the key information stored in the recording medium; and
A first encryption step in which the erasing means encrypts the first data using the shared key information to generate first encrypted data;
A transmission step in which the erasing means transmits the first encrypted data to the recording medium;
Said erasing means, a receiving step from said recording medium, wherein the key information is received the second encrypted data by encrypting the data of the recorded which was region,
When the second encrypted data is the first data encrypted using the second algorithm including the first function, the erasure means stores the key stored in the recording medium. A confirmation step of confirming that the information has been overwritten with the first data and the key information has been erased from the recording medium;
Content management method. The erasing means includes the shared key generating step.
The erasing means generating a first random number;
The erasing means transmitting the first random number to the recording medium;
The erasing means receiving a first value transmitted from the recording medium;
A second value obtained as a result of the erasing means substituting the first random number and the encrypted ID information of the recording medium shared with the recording medium into the first function; Comparing the first value;
When the first value and the second value match, the erasure unit substitutes the second random number and the encrypted ID information transmitted from the recording medium into the first function. And transmitting the third value obtained as a result to the recording medium, and from the second random number, the encryption ID information, and the second function H shared with the recording medium, the shared key Generating information;
The content management method according to claim 7 including: Using the first algorithm including the first function shared between the encrypted content and the recording medium on which the key information necessary for decrypting the encrypted content is recorded, and the recording medium A shared key generating means for generating shared key information shared by
Means for generating first data for overwriting the key information stored in the recording medium when the shared key information is generated;
Means for encrypting the first data using the shared key information to generate first encrypted data;
Means for transmitting the first encrypted data to the recording medium;
Means for receiving, from the recording medium, second encrypted data obtained by encrypting the data of the area where the key information was recorded;
When the second encrypted data is the first data encrypted using the second algorithm including the first function, the key information stored in the recording medium is the first data. Means for confirming that the key information has been erased from the recording medium by being overwritten with the data of
A content management device. The shared key generation means includes
Means for generating a first random number;
Means for transmitting the first random number to the recording medium;
Means for receiving a first value transmitted from the recording medium;
A second value obtained as a result of substituting the first random number and the encrypted ID information of the recording medium shared with the recording medium into the first function, and the first value; A means of comparing
When the first value matches the second value, the second random number and the encrypted ID information transmitted from the recording medium are then substituted into the first function. Means for transmitting the value of 3 to the recording medium and generating the shared key information from the second random number, the encrypted ID information, and the second function H shared with the recording medium When,
The content management apparatus according to claim 9 including: A recording medium having an arithmetic processing function,
A first storage area;
A second storage area;
Recording means for recording the encrypted copy content transmitted from the content management device and the key information necessary for decrypting the encrypted copy content in each of the first storage area and the second storage area;
Erasing means for erasing the key information recorded in the second storage area by the recording means;
Including
The erasing means includes
A shared key generating means for generating shared key information shared with the content management device using a first algorithm including a first function shared with the content management device;
Receiving means for receiving first encrypted data when the shared key information is generated;
Decryption means for decrypting the first encrypted data with the shared key information to obtain first data;
Means for erasing the key information from the second storage area by overwriting the key information stored in the second storage area with the first data;
Means for generating second encrypted data by encrypting the first data read from the second storage area using a second algorithm including the first function g; ,
Means for transmitting the second encrypted data to the content management device;
Including recording medium. The mutual authentication means includes
Means for receiving a first random number transmitted from the content management device;
Obtained as a result of substituting the first random number and the encrypted ID information of the recording medium shared with the content management device into the first function shared with the content management device Means for transmitting a first value to the content management device;
Means for generating a second random number;
Means for transmitting the second random number to the content management device;
Means for receiving a second value transmitted from the content management device;
When the third value obtained as a result of substituting the second random number and the encryption ID information into the first function matches the second value, the second random number, the encryption Means for generating the shared key information from ID information and a second function H shared with the content management device;
The recording medium according to claim 11, comprising:

Images