JP4741852B2 - Restricted data creation device, restricted data utilization device, and restricted key generation device - Google Patents

Description

  The present invention relates to a restricted data creation device, a restricted data utilization device, and a restricted key generation device.

  Data such as music, video, and computer programs may be restricted when used by the copyright holder (that is, playback is performed for music or video, and execution is performed for a computer program).

  For example, there is a use frequency limit that can be used up to how many times, and a use time limit that can be used up to which date and time. A technique for using restricted data, which is data with such restrictions, while complying with the restrictions is disclosed (for example, see Patent Document 1).

  Patent Document 1 discloses a technique related to a recording apparatus that records AV (audio / video) data on a recording medium such as a tape, and a playback apparatus that reads and uses AV data from the recording medium. The recording apparatus encrypts AV data and records it on a recording medium, and stores the encryption key used for the encryption in a storage means such as a FIFO (First In First Out). The playback device reads the encrypted AV data recorded on the recording medium, reads the encryption key corresponding to the AV data from the storage means, and decrypts and uses the AV data.

  In one embodiment of the prior art (referred to as the first embodiment of the prior art for convenience), the encryption key used when the recording device encrypts AV data is updated to a new key each time AV data is recorded. Alternatively, the same key is used for a certain period such as one day, and the key is renewed after the period. Each time the encryption key is updated, a new encryption key is stored in the storage means. Further, when the storage means erases the stored encryption key after a certain period of time such as one week, the playback device cannot obtain the encryption key and cannot decrypt and use the AV data. Furthermore, the playback device is provided with a counter that counts the number of times the AV data has been used, and the storage device discards the encryption key corresponding to the AV data when the specified number is exceeded, so that the playback device obtains the encryption key. The AV data cannot be obtained and cannot be decrypted and used.

Another embodiment of the prior art (referred to as the second embodiment of the prior art for convenience) is equivalent to the first embodiment of the prior art, but stores the encryption key instead of discarding the encryption key by the storage means. The encryption key acquisition means acquired from the means determines whether the AV data to be used is within a certain period or within the limited number of times, and determines whether to acquire the encryption key from the storage means.
Japanese Patent Laid-Open No. 11-232776

  The first problem in the above-described prior art is that the data use restriction is fixed such that the use period is one week. For this reason, different restrictions cannot be imposed on each data.

  A second problem is that a countermeasure against a so-called tampering action such as reading or rewriting an internal state by reading a signal or operating in hardware is not considered. For this reason, there is a case where data that should have become unusable may become usable due to a tampering action after reaching the data utilization limit. In addition, it is difficult to implement a defense against tampering.

  For example, in the second embodiment of the prior art, the encryption key stored in the storage means is not discarded even when the data use limit is reached. For this reason, even after the data usage limit is reached, the encryption key can be obtained from the storage means by tampering, and the AV data can be decrypted and used. As a countermeasure against this, it may be possible to make the portion including the storage means tamper resistant. However, since the storage means does not discard the encryption key, the storage means is required to have a large storage capacity. Therefore, it is difficult to make a typical one-chip as a defense against tampering. On the other hand, in the first embodiment of the prior art, when the data usage limit is reached, the encryption key stored in the storage means is discarded. However, if a plurality of AV data is encrypted with the same encryption key, if one AV data reaches the usage limit, the encryption key is discarded, and even AV data that has not yet reached the usage limit cannot be used. End up. Therefore, practically, each AV data needs to be encrypted using a unique encryption key and stored in the storage means. In this case, the number of keys stored in the storage means increases, so that the data is stored. The storage capacity required for the means increases. Therefore, it is difficult to make a typical one-chip as a defense against tampering.

  Therefore, in view of the above problems, the present invention can impose different restrictions for each data, and it is easy to implement a defensive measure against the tampering action. In particular, the tampering action after reaching the data usage restriction. It is an object of the present invention to provide a restricted data creation device, a restricted data use device, and a restricted key generation device, which cannot use data even if the device is used.

  In order to achieve the above object, a first feature of the present invention is a restricted data creation device for creating restricted data in which a use time limit or a use frequency limit is imposed, and (a) a use time limit or a use frequency limit Requesting a restriction key generation device that generates restriction keys to obtain a restriction key that matches restriction information indicating the restriction key, and (b) encryption for encrypting restricted data using the restriction key The gist of the present invention is a restricted data creation apparatus comprising: a section; and (c) an input / output section that transmits the encrypted restricted data to a restricted data utilization apparatus that uses the restricted data.

  According to the restricted data creation device according to the first feature, it is possible to impose different restrictions for each data, and it is easy to implement a defensive measure against tampering, especially after reaching the limit of data usage. It can be configured such that data cannot be used even by tampering.

  In the restricted data creation device according to the first feature, the restriction information is information that defines the use time limit of the restricted data in an absolute time period, and the restriction key obtaining unit uses the time difference variable to determine the absolute time limit. It is converted into an absolute time based on the clock of the restriction key generator, and the converted absolute time, the unique value that is unique to the restricted data, and the value of the generation variable that represents the generation of the clock that defines the absolute time A certain generation value may be used as a parameter, and a restriction key may be requested from the restriction key generation device. Here, “generation” refers to a value that changes when the continuity of an object is lost. That is, the “clock generation” is a value that changes when the clock is reset or replaced with a different clock.

  According to this restricted data creation device, it is possible to obtain from the restricted data creation device a restriction key that cannot be obtained after the use time limit of the designated processing target data based on the absolute time. It is possible to create encrypted data that cannot be decrypted after the use time period specified using the restriction key.

Further, in the restricted data creation device according to the first feature, the restriction information is information that defines a use time limit of the restricted data in a relative time period, and the restriction key obtaining unit includes a relative time period and a unique property of the restricted data. The limit value generating apparatus may request the limit key generation apparatus to generate a limit value and a generation value representing a clock generation that defines the absolute time limit and a limit key.

  According to this restricted data creation device, it is possible to obtain from the restricted data utilization device a restriction key that cannot be obtained after the use time limit according to the relative time of the designated processing target data. It is possible to create encrypted data that cannot be decrypted after the use time period specified using the restriction key.

  Further, in the restricted data creation device according to the first feature, the restriction information is information that defines a restriction on the number of times of use of restricted data, and the restriction key acquisition unit includes a virtual number that designates a use number restriction and a virtual counter. The restricted key may be requested from the restricted key generation device using the specified counter value and the generation value that is the value of the generation variable representing the generation of the virtual counter as parameters. As described above, the “generation” refers to a value that changes when the continuity of an object is lost. In other words, the “virtual counter generation” is a value that changes when the continuity of counting of the virtual counter is lost and the counter becomes substantially different.

  According to this restricted data creation device, it is possible to obtain from the restricted data utilization device a number-restricted key that cannot be obtained when an attempt is made to use the data to be processed exceeding the designated number of uses. It is possible to create encrypted data that cannot be decrypted after the number of times specified by using the number of times limit key is used.

  A second feature of the present invention is a restricted data utilization device that uses restricted data with a use time limit or a use frequency restriction, and (a) is encrypted by a restricted data creation device that creates restricted data. And (b) requesting a restriction key suitable for restriction information indicating the use time limit or the use frequency restriction from the restriction key generating device that generates the restriction key, and encrypting with the restriction key. The gist of the present invention is a restricted data use apparatus comprising: a decryption unit that decrypts the restricted data that has been converted; and (c) a use unit that uses the decrypted restricted data.

  According to the restricted data utilization device according to the second feature, it is possible to impose different restrictions for each data, and it is easy to implement a defensive measure against tampering, especially after reaching the data utilization restriction. It can be configured such that data cannot be used even by tampering.

  Further, in the restricted data utilization device according to the second feature, the restriction information is information that defines a use time limit of the restricted data, and the decoding unit includes a use time limit and a unique value that is a value unique to the restricted data. Alternatively, a restriction key may be requested from the restriction key generation apparatus using a generation value that is a value of a generation variable representing a generation of a clock that defines an absolute time limit as a parameter.

  According to this restricted data utilization device, the restricted data, which is the timed data sent from the restricted data creation device, is stored in the storage unit, read out later, and the restricted key generation device is in the timed data Similarly, the encrypted data to be processed in the time-limited data can be decrypted and used by the restriction key reproduced from the above information. However, after the usage time limit, the restriction key generation device does not regenerate a restriction key that can normally decrypt the processing target data, so that the subsequent processing target data cannot be used, and the usage time limit is observed.

  In the restricted data utilization device according to the second feature, the restriction information is information that defines a restriction on the number of times of use of restricted data, and the restriction key obtaining unit is a virtual that designates a use number restriction and a virtual counter. The restricted key may be requested from the restricted key generation device using the specified counter value and the generation value that is the value of the generation variable representing the generation of the virtual counter as parameters.

  According to this restricted data utilization device, the restricted data, which is the number of times restricted data sent from the restricted data creation device, is stored in the storage unit, read out later, and the restricted key generating device causes the timed data to be read. Similarly, the encrypted data to be processed in the data with the limited number of times can be decrypted and used by the number-of-times limited key regenerated from the information in the information. However, after using only the number limit, the limit key generation device will not regenerate the number limit key that can normally decrypt the processing target data, so the subsequent processing target data cannot be used, and the usage number limit is limited. It is protected.

  The third feature of the present invention is that it is used from (a) a restricted data creation device that creates restricted data in which a use time limit or a use frequency restriction is imposed, or a restricted data use device that uses restricted data. An input / output unit that receives a request for a restriction key that matches the restriction information indicating the time limit or the number of times of use, (b) a storage unit that stores the master key, and (c) a restriction key that depends on the master key and the restriction information The gist of the present invention is that it is a restricted key generation device including a hash calculation unit that calculates

  According to the restriction key generation device according to the third feature, different restrictions can be imposed for each data, and it is easy to implement a defensive measure against tampering. In particular, the tamper after reaching the restriction on data use. It can be set as the structure which cannot utilize data also by action.

  In the restriction key generation device according to the third feature, the restriction information is information that defines the use time limit of the restricted data in an absolute time period, and includes a clock that defines the time relationship between the two times and the two absolute time periods. It further includes a comparison unit that determines whether the generation variable matches, and a clock unit that includes the current time and the generation variable, and uses the absolute time limit, the eigenvalue that is unique to the restricted data, and the value of the generation variable as parameters. When receiving the request for the limit key, the comparison unit has a condition that the value of the generation variable of the parameter is equal to the value of the generation variable of the clock unit and is a future value from the current time of the absolute timed clock unit of the parameter. If the condition is satisfied, the hash calculation unit may calculate a master key, an absolute time limit, and a limit key that is a hash value depending on the eigenvalue.

  According to this limit key generation device, the absolute time value of the parameter is compared with the current time of the clock of the clock unit, and only when the former is a future value, a hash value depending on the absolute time value is calculated and Therefore, it is possible to realize a restricted key that cannot obtain the value after a certain time. The hash value is calculated only when the value of the generation variable, which is a value that changes every time the clock is initialized, and the generation value of the parameter, so the reference time that has been initialized and changed Therefore, the time comparison is not performed and the hash value is not calculated. In addition, since the calculation of the hash value is performed depending on the eigenvalue of the parameter, another person who does not know the eigenvalue does not obtain the same restricted key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  In the restriction key generation device according to the third feature, the restriction information is information that defines a use time limit of the restricted data in a relative time limit, and further includes a clock unit including a current time and a generation variable, When a request is received for a generation variable representing a clock that defines the absolute time limit and the absolute time limit, and a limit key, the hash calculator calculates the master key and the parameter value. A value obtained by adding the current time provided by the clock unit to the relative time limit and a limit key that is a hash value depending on the unique value may be calculated.

  According to this restriction key generation device, a hash value depending on an absolute time value obtained by adding the relative time value of the parameter and the current time of the clock of the clock unit is calculated and used as the restriction key. In addition, since the calculation of the hash value is performed depending on the eigenvalue of the parameter, another person who does not know the eigenvalue does not obtain the same restricted key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  In the restriction key generation device according to the third feature, the restriction information is information that defines a restriction on the number of times the restricted data is used, and is a generation that represents a clock that defines a magnitude relationship between two values and two absolute time limits. It further includes a comparison unit for determining whether the variables match, a counter table that is a table having a virtual counter column, a value column, and a generation column, and a counter unit that includes generation variables, and specifies a usage count limit and a virtual counter. When receiving a request for a restriction key that uses a virtual counter specified value and a generation value that is a value of a generation variable representing the generation of the virtual counter as a parameter, the counter unit corresponds to the virtual counter specified value of the parameter in the counter table. Reads the value in the value column and the value in the generation column of the attached line, and the comparison unit has the same value as the generation variable in the parameter and the value in the generation column, and the parameter usage limit is greater than the value in the value column. Too large If this condition is met, the hash calculation unit obtains a master key, a usage count limit, and a limit key that is a hash value that depends on the virtual counter specified value of the parameter. You may calculate.

  According to this limit key generation device, the value of the virtual counter specified by the parameter count limit value and the virtual counter specified value of the parameter (the value in the value column of the counter table row associated with the virtual counter specified value) ) And only when the former is large, a hash value that depends on the number limit value is calculated and used as a number limit key. it can. In addition, the calculation of the hash value is performed by calculating the generation value of the virtual counter (the value in the generation column of the counter table row associated with the specified value of the virtual counter) that changes every time the virtual counter is initialized. ) And the generation value of the parameter, the above-described value comparison is performed based on the value of the virtual counter that has been initialized and changed, and the hash value is calculated. There is no. In addition, since the calculation of the hash value is performed so as to depend on the virtual counter designation value of the parameter, another person who does not know the value does not obtain the same number of times limit key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  According to the present invention, it is possible to impose different restrictions for each data, and it is easy to implement a defensive measure against tampering. In particular, data is also used by tampering after reaching the limit of data usage. It is possible to provide a restricted data creation device, a restricted data utilization device, and a restricted key generation device that cannot be performed.

  Next, embodiments of the present invention will be described with reference to the drawings. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. However, it should be noted that the drawings are schematic.

  The restricted data management system according to the present embodiment includes a restricted data creation device 100 that creates restricted data that is data with a use time limit or a use frequency limit, and a restricted data use device that uses restricted data. 200 and a restriction key generation device 300 that generates a restriction key that cannot be acquired when the time limit or the number of times of use is reached.

(Restricted data creation device)
Next, the configuration of the restricted data creation device 100 according to the present embodiment will be described. As shown in FIG. 1, the restricted data creation apparatus 100 includes an encryption unit 101, an input / output unit 102, a restricted key acquisition unit 103, an ID generation unit 104, a storage unit 105, and a clock unit 106. .

  The encryption unit 101 encrypts the processing target data input to the restricted data creation device 100 with the restriction key provided by the restriction key obtaining unit 103, and transmits the encrypted data to the restricted data utilization device 200 via the input / output unit 102. .

  The input / output unit 102 mediates the exchange of information between the restricted data creation device 100 and the restricted data utilization device 200 using information transmission means such as a network.

  Based on the restriction information input to the restricted data creation device 100, the restricted key acquisition unit 103 sends restriction information to the restricted key generation device 300 provided in the restricted data utilization device 200 via the input / output unit 102. Request and obtain a restriction key (restriction key or number of times restriction key) that matches Here, “restricted information” indicates a use time limit or a use frequency limit, for example, information that defines the use time of restricted data as an absolute time limit, or a use time limit of restricted data as a relative time limit. Information, information that defines the limit on the number of times to use restricted data, and the like.

  The ID generation unit 104 generates an ID used as a unique value that is a data-specific value or a virtual counter designation value that designates a virtual counter, which is necessary when the restriction key obtaining unit 103 obtains the restriction key.

  The ID may be generated by a means that generates a value that has not been generated as an ID in a certain period of time in the past, but even if an ID generated in the past is known, it is difficult to estimate the ID to be generated next. It is more desirable to generate by means. As an example, a method of generating an ID using a random number generator may be used.

  The storage unit 105 provides a time difference variable 115 required when the restriction key obtaining unit 103 obtains the restriction key and a generation variable 125 representing a clock that defines the absolute time limit.

  The clock unit 106 includes a clock and provides the current time. Note that this clock need not be synchronized with other clocks.

(Restricted data use device)
Next, the configuration of the restricted data utilization device 200 according to the present embodiment will be described. As shown in FIG. 2, the restricted data utilization device 200 includes an input / output unit 201, a storage unit 202, a decryption unit 203, a utilization unit 204, and a restriction key generation device 300.

  The input / output unit 201 mediates exchange of information between the restricted data creation device 100 and the restricted data utilization device 200 using information transmission means such as a network.

  The storage unit 202 temporarily stores time-limited data or number-of-times-limited data sent from the limited data creation device 100. Although the storage unit 202 is temporarily stored, the storage unit 202 does not need to use a erasable storage unit such as a dynamic RAM, and a storage unit that can permanently store the storage content, such as a write-once optical disc. It may be used. Further, the storage unit 202 does not always need to have a storage capability, and a storage unit having a storage capability may be used only in a specific case. For example, the storage unit 202 may be a device that records and reproduces information on a recording medium, but the storage medium is removed from the device, the storage medium is uninitialized, or the storage capacity is exhausted, etc. The memory ability can be lost for a reason. Such a storage unit can be an embodiment of the storage unit 202.

  The decrypting unit 203 decrypts the encrypted processing target data in the time-limited data or the number-limited data with the key provided by the limited key generation device 300.

  The utilization unit 204 uses the processing target data. As a form of use, for example, when the processing target data is music or video data, it can be reproduced, and when it is image data, it can be displayed. The utilization unit 204 may use any other data utilization method.

  The limit key generation device 300 generates a limit key or a number limit key. Details of the restriction key generation device 300 will be described later.

(Restriction key generator)
Next, the configuration of the restricted key generation apparatus 300 according to this embodiment will be described. As shown in FIG. 3, the restricted key generation device 300 includes an input / output unit 301, a comparison unit 302, a hash calculation unit 303, a master key unit 304, an initialization unit 305, a clock unit 306, and a counter unit. 307.

  The input / output unit 301 mediates exchange of information between the restriction key generation device 300 and an external device using information transmission means such as a bus or a network.

  The comparison unit 302 determines the anteroposterior relationship of two absolute times, the magnitude relationship of two numerical values, and the coincidence of two generation values.

  The hash calculator 303 calculates a hash value that is a value depending on all the given parameters. A necessary condition as a method of calculating a hash value is that the same parameter has the same hash value and it is difficult to estimate the original parameter from the calculated hash value. As an example, all parameters may be combined in bit representation and converted by MD5 (message digest 5). In addition, it is difficult to estimate the original parameter from the calculated hash value, and the same hash value is obtained for the same parameter, and any calculation means that the output value depends on all the parameters is used. Can be used.

  The master key unit 304 stores a master key 314. The master key 314 is a bit string generated by the initialization unit 305.

  The initialization unit 305 detects the occurrence of an abnormal event described later. Further, when the occurrence of such an event is detected, a new master key is generated, the master key 314 of the master key unit 304 is updated, the generation variable 316 of the clock unit 306 is updated, and the counter table of the counter unit is updated. Initialization 317 and generation variable 327 are updated.

  The clock unit 306 includes a clock and provides the current time. A generation variable 316 is also provided. The clock may not be synchronized with other clocks.

  The counter unit 307 holds the counter table 317 and operates it. A generation variable 327 representing the generation of the virtual counter is also provided. The counter table 317 is tabular data including a virtual counter column, a value column, and a generation column. A counter table 337 illustrated in FIG. 12 is an example of data of the counter table 317. The counter table 337 in this example has five rows, of which “(invalid value)” is described in the virtual counter column of the fourth row, but this is that the invalid value is assigned to the column. Means. An invalid value is a value that is invalid as a virtual counter value. Substituting a virtual counter specified value into a virtual counter field of a line is expressed as associating the virtual counter specified value with the line, and a specific virtual counter specified value is assigned to the virtual counter field of a certain line. That the virtual counter designation value is associated with the row.

Further, the entity corresponding to the virtual counter, that is, the designated value of the real counter is 1 to 5 corresponding to the row numbers of the first to fifth rows of the counter table 337. A virtual counter designation value that designates a virtual counter plays a role corresponding to a unique value in the case of a time key. For this reason, a virtual counter designated value that can take an arbitrary value is used instead of the actual counter designated value.

  It should be noted that the restriction key generation device 300 is preferably mounted with a defensive measure against so-called tampering action such as reading a signal or operating the hardware to read or rewrite the internal state. Typical measures for tamper defense are tight sealing of hardware and one-chip implementation. That is, the hardware on which the restriction key generation device 300 is mounted may be tightly sealed, or the restriction key generation device 300 may be mounted on a single chip.

(Restricted data creation method)
Next, the operation of the restricted data creation device 100 will be described with reference to FIGS.

= Timed data transmission (absolute time limit) =
First, with reference to FIG. 4, processing target data and restriction information for designating the use time limit of the data by an absolute time (absolute time limit) with reference to the clock of the clock unit 306 is input to the restricted data creation apparatus 100. The operation at that time will be described.

  Here, the “absolute time” is a term that distinguishes the time designation format from the relative time, and is a time designation format that expresses a specific time regardless of what time the current time is. Examples of absolute time include “1:23:45 am”, “23:45”, “5:06 am on March 4,” “7:08 pm on May 6, 1992”, etc. It is done. However, even if it is an absolute time, the time represented by the time in which clock may be actually different. Therefore, in order to grasp more accurately, it is necessary to specify which clock is the absolute time based on. In the above case, it is specified that the clock of the clock unit 306 is used as a reference.

  One relative time is a format for designating a future time after the time designated with the current time as a base point has elapsed. Examples of the relative time include “12,345 seconds later”, “23 hours 45 minutes later”, “34 days 5 hours 6 minutes later”, “4 years 5 months later”, and the like. In addition, the use time limit of the processing target data designates a limit time at which the processing target data may be used. There are two methods for specifying the time period: absolute time and relative time. The time periods depending on the time are expressed as “absolute time” and “relative time”, respectively.

  First, in step S101 of FIG. 4, the restriction key obtaining unit 103 of the restricted data creating apparatus 100 requests the current time and generation of the clock from the restricted key generating apparatus 300 of the restricted data using apparatus 200. Then, the returned current time value and generation value are received. Each value will be called Tu and Gu.

  Next, in step S102, the restriction key obtaining unit 103 substitutes a value obtained by subtracting the current time provided by the clock of the clock unit 306 from Tu for the time difference variable 115 (hereinafter referred to as a variable Td) provided by the storage unit 105. Then, Gu is substituted into the generation variable 125 (hereinafter referred to as variable Gd) provided by the storage unit 105.

  Next, in step S103, the restriction key obtaining unit 103 adds the value of the variable Td to the restriction information that is an absolute time limit value input to the restricted data creating apparatus 100. The resulting value is called Ta.

  Next, in step S104, the ID generation unit 104 generates an ID. This generated ID is called I. This ID is a numerical value that is preferably different every time it is generated. The ID generation unit 104 that generates the ID generates the ID by using a counter or a random number generator that updates the value each time an ID is generated, for example. be able to.

  Next, in step S105, the restriction key obtaining unit 103 requests a restriction key from the restriction key generation apparatus 300 in the restricted data utilization apparatus 200 using Ta as the absolute time limit value, Gd as the generation value, and I as the eigenvalue as parameters. To do. Then, the returned restriction key is received. This received restriction key is called K.

  Next, in step S <b> 106, the encryption unit 101 encrypts the processing target data input to the restricted data creation device 100 with the key K. This encrypted data to be processed is called Dk.

  Next, in step S107, the encryption unit 101 transmits Dt [Ta, Gd, I, Dk] as time-limited data to the limited data utilization apparatus 200, and ends the process. The time-limited data is data including (absolute) time value, generation value, eigenvalue, and encrypted processing target data, and Dt [absolute time limit value, generation value, eigenvalue, encrypted processing target data] ].

= Timed data transmission (relative time limit) =
Next, with reference to FIG. 5, the operation when the processing target data and the restriction information for designating the use time limit of the data with the relative time limit are input to the restricted data creation apparatus 100 will be described.

  First, in step S <b> 111, the restriction key obtaining unit 103 of the restricted data creating apparatus 100 receives restriction information that is a relative time limit value input to the restricted data creating apparatus 100. This value will be referred to as Tr.

  Next, in step S112, the ID generation unit 104 generates an ID. This generated ID is called I.

  Next, in step S113, the restriction key obtaining unit 103 requests an absolute time limit and a restriction key from the restriction key generation apparatus 300 in the restricted data utilization apparatus 200 using Tr as a relative time limit value and I as a characteristic value as parameters. Then, the returned absolute time, generation value, and restriction key are received. Each value will be called Ta, Gu and K.

  In step S <b> 114, the encryption unit 101 encrypts the processing target data input to the restricted data creation device 100 with the key K. The encrypted processing target data is called Dk.

  Next, in step S115, the encryption unit 101 transmits Dt [Ta, Gu, I, Dk] as time-limited data to the restricted data utilization device 200, and ends the process.

= Data transmission with limited number of times =
Next, with reference to FIG. 6, description will be given of an operation when processing target data and restriction information for specifying restriction on the number of times the data is used are input to the restricted data creation apparatus 100. FIG.

  The processing object data use frequency limit is to specify the number of times the processing object data may be used. Examples of the number limit include “5 times”, “1,024 times”, “0 times”, and the like.

  First, in step S121 of FIG. 6, the ID generation unit 104 of the restricted data creation device 100 generates an ID. This generated ID is called I.

  Next, in step S122, the restriction key obtaining unit 103 requests initialization of the virtual counter to the restriction key generation apparatus 300 in the restricted data utilization apparatus 200 using I as a parameter for the virtual counter designation value. The returned generation value is received and substituted into a generation variable 125 (hereinafter referred to as a variable Gd) provided by the storage unit 105.

  Next, in step S123, the restriction key obtaining unit 103 receives restriction information that is a number-of-times restriction value input to the restricted data creation device 100. This value will be referred to as N.

  Next, in step S124, the restriction key obtaining unit 103 uses the number N as the number limit value, Gd as the generation value, and I as the virtual counter designation value as parameters to the limit key generation apparatus 300 in the restricted data utilization apparatus 200. Request a restricted key. Then, the returned number limit key is received. This number limit key is called K.

  Next, in step S125, the encryption unit 101 encrypts the processing target data input to the restricted data creation device 100 with the key K. This encrypted data to be processed is called Dk.

  Next, in step S126, the encryption unit 101 transmits Dn [N, Gd, I, Dk] as the limited number of times data to the limited data utilization device 200, and ends the process. Note that the data with the number of times limit is data including the number of times limit value, the generation value, the virtual counter specified value, and the encrypted processing target data, and the data includes Dn [number limit value, generation value, virtual counter specified value, encryption Data to be processed]].

(How to use restricted data)
Next, the operation of the restricted data utilization apparatus 200 will be described with reference to FIGS.

= Timed data reception =
First, the operation of the restricted data utilization device 200 when the time-limited data Dt [Tp, Gp, I, Dk] is input to the restricted data creation device 100 will be described with reference to FIG.

  In step S <b> 201, the storage unit 202 of the restricted data utilization device 200 stores the timed data Dt [Tp, Gp, I, Dk] input to the restricted data utilization device 200.

  Thereafter, at an arbitrary time point (a dotted line in the figure indicates that an arbitrary process can be performed between them), the process proceeds to step S202. In step S202, the storage unit 202 stores the time-limited data stored in step S201. Read Dt [Tp, Gp, I, Dk].

  Next, in step S203, the decryption unit 203 uses the time-limited data read in step S202 to assign a restriction key to the restriction key generation device 300 using Tp as the time value, Gp as the generation value, and I as the eigenvalue as parameters. Request. Then, the returned restriction key is received. This value will be called K.

  Next, in step S204, the decrypting unit 203 decrypts Dk of the time-limited data read in step S202 with the key K. The decrypted processing target data is called D.

  Next, in step S205, the use unit 204 uses D and ends the process.

= Receive data with limited number of times =
Next, the operation of the restricted data utilization device 200 when the restricted number of times data Dn [Np, Gp, I, Dk] is input to the restricted data creation device 100 will be described using FIG.

  First, in step S211, the storage unit 202 of the restricted data utilization device 200 stores the number of times restricted data Dn [Np, Gp, I, Dk] input to the restricted data utilization device 200.

  Thereafter, at an arbitrary time point (a dotted line in the figure indicates that an arbitrary process can be performed in the meantime), the process proceeds to step S212. In step S212, the storage unit 202 stores the number-limited data stored in step S211. Dn [Np, Gp, I, Dk] is read.

  Next, in step S213, the decryption unit 203 uses the number-limited data read in step S212 to generate a limit key using Np as the number limit value, Gp as the generation value, and I as the virtual counter designation value as parameters. The apparatus 300 is requested to use the time limit key. Then, the returned number limit key is received. This value will be called K.

  Next, in step S214, the decryption unit 203 decrypts Dk of the number-limited data read in step S212 with the key K. The decrypted processing target data is called D.

  Next, in step S215, the use unit 204 uses D to end the process.

(Restriction key generation method)
Next, the operation of the restricted key generation apparatus 300 will be described with reference to FIGS.

= Time + Generation request processing =
First, the operation of the restriction key generation device 300 when the restriction key generation device 300 requests the current time and generation of the clock will be described with reference to FIG.

  In step S301, the clock unit 306 of the restricted key generation device 300 reads the current time of the clock and the value of the generation variable 316. Each value will be referred to as T and G.

  Next, in step S302, the input / output unit 301 outputs T as the current time value and G as the generation value as a return value for the request, and ends the process.

= Restricted key request processing (absolute time limit) =
Next, the operation of the restriction key generation device 300 when a restriction key is requested to the restriction key generation device 300 using the absolute restriction value, the generation value, and the unique value as parameters will be described with reference to FIG.

  First, in step S311, the input / output unit 301 of the restricted key generation device 300 receives the requested parameter. The absolute limit value of the parameter is called Tp, the generation value is called Gp, and the eigenvalue is called I.

  Next, in step S312, the clock unit 306 reads the current time of the clock and the value of the generation variable 316. Each value will be referred to as T and G.

  Next, in step S313, the comparison unit 302 determines whether the condition that Gp and G are the same value and Tp is a future time value after T is satisfied. If the condition is satisfied, the process proceeds to step S314. Otherwise, the process proceeds to step S316.

  When the process proceeds to step S314, in this step, the hash calculation unit 303 calculates a hash value using the master key 314 stored in the master key unit 304, Tp, and I as parameters. This calculated hash value is called K.

  Next, in step S315, the input / output unit 301 outputs K as a return value for the request as the restriction key, and ends the process.

  On the other hand, when the process proceeds to step S316, in the same step, the restriction key generation device 300 performs an exception process and ends the process. The exception process is a process having a different content from the process composed of steps S314 and S315. That is, when the exception process is performed, the restriction key that should have been output in the processes of steps S314 and S315 is not output. Examples of such exception processing include processing for generating a dummy restriction key and outputting it as a return value, processing for outputting a return value for identifying that an error has occurred, or processing for not outputting a return value at all. Can be mentioned.

= Restricted key request processing (relative time limit) =
Next, the operation of the restriction key generation device 300 when the restriction key generation device 300 is requested for the absolute restriction and the restriction key using the relative time value and the eigenvalue as parameters will be described with reference to FIG.

  First, in step S321, the input / output unit 301 of the restriction key generation device 300 receives the requested parameter. The relative time limit value of the parameter is called Td, and the eigenvalue is called I.

  Next, in step S322, the clock unit 306 reads the current time of the clock and calculates an absolute time obtained by adding Td thereto. This absolute time value will be referred to as Ta. Further, the value of the generation variable 316 is read. This value is called G.

  In step S323, the hash calculation unit 303 calculates a hash value using the master key 314 stored in the master key unit 304, Ta, and I as parameters. This calculated hash value is called K.

  Next, in step S324, the input / output unit 301 outputs Ta as an absolute time limit value and K as a limit key as a return value for the request, and ends the process.

= Virtual counter initialization request processing =
Next, the operation of the restriction key generation device 300 when the restriction key generation device 300 is requested to initialize the virtual counter using the virtual counter designation value as a parameter will be described with reference to FIG.

  First, in step S331, the input / output unit 301 of the restriction key generation device 300 receives the requested parameter. The virtual counter designation value of the parameter is called I.

  Next, in step S332, the counter unit 307 selects one of the rows of the counter table 317 where the virtual counter column has an invalid value (see FIG. 12). Let's call this line J. Further, by assigning I to the virtual counter column in row J, the virtual counter specified value I is associated with row J.

  Next, in step S333, the counter unit 307 updates the value of the generation variable 327. To update a value is to substitute a value that the generation variable 327 did not take in a certain period of time in the past. For example, a value obtained by adding a minute value to the value of the current generation variable 327 is substituted. Or a method of substituting a random number may be used.

  Next, in step S334, the counter unit 307 substitutes the value of the generation variable 327 in the generation column of the row J of the counter table 317, and similarly substitutes the initial value in the value column. The initial value to be assigned to the value column may be any numerical value, but a typical example is 0 (zero).

  Next, in step S335, the input / output unit 301 outputs the value in the generation column of the row J of the counter table 317 as a generation value as a return value for the request, and ends the process.

= Number of times limit key request processing =
Next, with reference to FIG. 14, the operation of the limit key generation device 300 when the limit key generation device 300 is requested for the number limit key using the number limit value, the limit value, and the virtual counter specified value as parameters will be described. .

  First, in step S341, the input / output unit 301 of the restricted key generation device 300 receives the requested parameter. The parameter number limit value is called Np, the generation value is called Gp, and the virtual counter value is called I.

  Next, in step S342, the counter unit 307 specifies the row of the counter table 317 associated with the virtual counter specified value I. This identified line is called J. Further, the value in the generation column of the value column in row J is read out. Each value will be referred to as N and G.

  Next, in step S343, the comparison unit 302 determines whether the condition that Gp and G are the same value and Np is a value greater than N is satisfied. If the condition is satisfied, the process proceeds to step S344. Otherwise, the process proceeds to step S346.

  When the process proceeds to step S344, in this step, the hash calculation unit 303 calculates a hash value using the master key 314, Np, and I stored in the master key unit 304 as parameters. This calculated hash value is called K.

  Next, in step S345, the input / output unit 301 outputs K as a return value for the request as the number limit key, and ends the process.

  On the other hand, when the process proceeds to step S346, in the same step, the restriction key generation device 300 performs an exception process and ends the process. The exception process is a process having a different content from the process consisting of steps S344 and S345. That is, when the exception process is performed, the number-of-times limiting key that should have been output in the processes of steps S344 and S345 is not output. Such exception processing includes, for example, processing for generating a dummy number limit key and outputting it as a return value, processing for outputting a return value for identifying that an error has occurred, or processing for not outputting a return value at all Etc.

= Time limit key "use" request processing =
Next, the operation of the limit key generation device 300 when the limit key generation device 300 is requested to use the number limit key using the number limit value, the limit value, and the virtual counter value as parameters will be described with reference to FIG. .

  This operation is similar to the operation (steps S341 to S346) of the restriction key generation device 300 when the above-mentioned number restriction key is requested, but step S354 is mainly different from step S344.

  First, in step S351, the input / output unit 301 of the restricted key generation device 300 receives a requested parameter. The parameter count limit value is called Np, the generation value is called Gp, and the virtual counter designation value is called I.

  Next, in step S352, the counter unit 307 specifies the row of the counter table 317 associated with the virtual counter specified value I. This identified line is called J. Further, the value in the value column and the value in the generation column of row J are read out. The respective values will be called N and G.

  Next, in step S353, the comparison unit 302 determines whether the condition that Gp and G are the same value and Np is a value greater than N is satisfied. If the condition is satisfied, the process proceeds to step S354. Otherwise, the process proceeds to step S356.

  When the process proceeds to step S354, in the same step, the counter unit 307 updates the value in the value column of the row J of the counter table 317. Updating the value in this value column means substituting a value different from the currently assigned value. As a typical example, a value obtained by adding 1 to the currently assigned value is substituted. In step S354, the hash calculation unit 303 further calculates a hash value using the master key 314, Np, and I stored in the master key unit 304 as parameters. This calculated hash value is called K.

  Next, in step S355, the input / output unit 301 outputs K as a return value for the request as the number limit key, and ends the process.

  On the other hand, when the process proceeds to step S356, in the same step, the restriction key generation device 300 performs an exception process and ends the process. The exception process is a process having a different content from the process composed of steps S354 and S355. That is, when the exception process is performed, the number-of-times limiting key that should have been output in the processes of steps S354 and S355 is not output. Examples of such exception processing include processing for generating a dummy number limit key and outputting it as a return value, processing for outputting a return value for identifying that an error has occurred, or processing for not outputting a return value at all, etc. Is mentioned.

= Initialization process =
Next, the operation of the restriction key generation device 300 when the initialization unit 305 of the restriction key generation device 300 detects that an event requiring an initialization process has occurred will be described using FIG.

  Note that an event that requires initialization processing can change the speed of time update, such as when the clock time of the clock unit 306 returns to a past time, advances more than necessary, or the time is not updated. This is an abnormal event including an event and an event in which the value assigned to each row and each column of the counter table 317 of the counter unit 307 can be changed without normal operation by the counter unit 307 or the initialization unit 305. Such abnormal events are mainly caused by instability of power supply to the restriction key generation device 300, consumption of a battery to back it up, powerful radiation intrusion, and intervention in hardware signals. Artificial operations (patterns) and clocks may be unstable due to unstable operation of the reference frequency oscillator.

  There are many known techniques as means for detecting the occurrence of these events, and since it is considered that those skilled in the art can easily implement them, details are omitted, but those techniques are implemented in the initialization unit 305. It shall be. In addition, the event requiring the initialization process may include an event in which a device outside the restricted key generation device 300 such as the restricted data use device 200 explicitly requests the initialization process through the input / output unit 301. For example, when it is useful to allow an external device to explicitly request initialization processing, for example, when it is detected that the external device has failed to authenticate the user continuously, In addition, there are cases where it is preferable that the restricted data stored in the external device is erased all at once, such as when an unauthorized act of the user is detected or when the user is explicitly changed.

  First, in step S <b> 601, the initialization unit 305 of the restriction key generation device 300 generates a new master key and stores it in the master key unit 304. As a new master key, it is desirable to use a bit pattern that has not been stored in the master key unit 304 as a master key in the past. A typical example is a method of generating a new bit string from random numbers and using it as a new master key.

  Next, in step S362, the initialization unit 305 updates the value of the generation variable 316 of the clock unit 306 and the value of the generation variable 327 of the counter unit 307, respectively. The meaning of the update is the same as that described in step S333 described above, that is, the value that each generation variable has not taken in a certain period in the past is substituted. A method of substituting a value obtained by adding a minute value or a method of substituting a random number may be used. In particular, in the process of step S362, a method of substituting constants such as each generation variable 0 (zero) may be used. In step S362, the initialization unit 305 further assigns invalid values to the virtual counter fields in all the rows of the counter table 317 of the counter unit 307, and the process ends.

(Function and effect)
In the restricted data creation device 100 according to the present embodiment, the restriction key obtaining unit 103 receives the input of restriction information that defines the use time limit of the processing target data in absolute time, and the absolute time period defined by the restriction information is set to the value of the time difference variable. Is converted to an absolute time period based on the clock of the restriction key generation device 300, and the converted absolute time value, the eigenvalue generated by the ID generation unit 104, and the generation value that is the value of the generation variable are used as parameters. A restriction key can be requested from the key generation device.

  For this reason, it is possible to obtain from the restricted data creation device a restriction key that cannot be obtained after the use time limit of the designated processing target data based on the absolute time. It is possible to create encrypted data that cannot be decrypted after the use time period specified using the restriction key.

  Further, in the restricted data creation device 100, the restriction key acquisition unit 103 requests the current time value and generation value of the clock from the restriction key generation device 300, and the generation value input from the restriction key generation device 300 is stored in the storage unit 105. The difference between the current time value and the current time value of the clock of the clock unit 106 that is also input can be substituted into the time difference variable of the storage unit 105.

  For this reason, the delay or advance of the clock of the limit key generation device 300 and the generation of the clock can be accurately grasped, so that a limit key that accurately corresponds to the use time limit can be obtained from the restricted data utilization device.

  Further, the restricted data creation device 100 receives the restriction key input from the restriction key generation device 300 by the restriction key acquisition unit 103, encrypts the processing target data input by the encryption unit 101 with the restriction key, and encrypts it. The restricted data, which is time-limited data including the processed data, the converted absolute time period, the value of the generation variable, and the eigenvalue, can be sent to the restricted data utilization apparatus.

  For this reason, the processing target data is encrypted using a restriction key that cannot be obtained after the use time limit of the specified processing target data based on the absolute time, and the time limit including the absolute time period, generation value, and eigenvalue necessary for the decryption is obtained. Restricted data that is data can be sent to the restricted data utilization device.

  Further, in the restricted data creation device 100, the restriction key obtaining unit 103 receives the input of restriction information that defines the use time limit of the processing target data by the relative time, and the relative time determined by the restriction information and the ID generation unit 104 generate the restriction data. Using the eigenvalue as a parameter, it is possible to request the absolute time limit value, the generation value, and the restriction key from the restriction key generation device 300 of the restricted data utilization device 200.

  For this reason, it is possible to obtain from the restricted data utilization apparatus a restriction key that cannot be obtained after the use time limit according to the relative time of the designated processing target data. It is possible to create encrypted data that cannot be decrypted after the use time period specified using the restriction key.

  In addition, the restricted data creation apparatus 100 restricts the processing target data to which the encryption unit 101 is input when the restriction key obtaining unit 103 receives the absolute time value, the generation value, and the restriction key from the restriction key generation device 300. It is possible to send the restricted data, which is time-limited data including the encrypted processing target data, the converted absolute time period, the value of the generation variable, and the unique value, to the restricted data utilization apparatus 200 by encrypting with the key.

  For this reason, the processing target data is encrypted using a restriction key that cannot be obtained after the specified time limit based on the relative time of the processing target data, and the time limit including the absolute time, generation value, and eigenvalue necessary for the decryption is obtained. Restricted data that is data can be sent to the restricted data utilization device.

  In addition, the restricted data creation apparatus 100 receives the restriction information that defines the restriction on the number of times the processing target data is used by the restriction key acquisition unit 103, and the virtual counter generated by the ID generation unit 104 and the number of times that the restriction information defines. The specified number and the value of the generation variable may be used as parameters, and the limited number key generation device 300 of the limited data utilization device 200 may be requested.

  For this reason, it is possible to obtain from the restricted data utilization apparatus a number-of-times restriction key that cannot be obtained when the number of uses of the designated processing target data is exceeded. It is possible to create encrypted data that cannot be decrypted after the number of times specified by using the number of times limit key is used.

  Further, the restricted data creation apparatus 100 uses the restricted key acquisition unit 103 as a parameter for the virtual counter designation value, requests the restricted key generation apparatus 300 to initialize the virtual counter, and receives the generation value input from the restricted key generation apparatus 300. Can be substituted into the generation variable of the storage unit 105.

  Therefore, a counter that counts the number of times the processing target data is used can be virtually created and initialized in the restriction key generation device 300, so that the number of times the processing target data is used can be accurately counted in the restriction key generation device. it can.

  Further, in the restricted data creation device 100, the restriction key obtaining unit 103 receives the input of the number-of-times restriction key from the restriction key generation device 300, and the encryption unit 101 encrypts the input processing target data with the number-of-times restriction key. The restricted data, which is the restricted data including the encrypted processing target data, the number of times restriction, the value of the generation variable, and the virtual counter specified value, can be sent to the restricted data utilization device 200.

  For this reason, the processing target data is encrypted using the number limiting key that cannot be obtained when the number of times of use of the specified processing target data is exceeded, and the number limit value, generation value, and virtual counter required for the decryption are encrypted. Restricted data that is data with a limited number of times including a specified value can be sent to the restricted data utilization device.

  In the restricted data utilization device 200 according to the present embodiment, the storage unit 202 stores restricted data that is timed data sent from the restricted data creation device 100, and the storage unit 202 includes restricted data that is timed data. The data is read, the absolute time value, generation value, and eigenvalue of the time-limited data read by the decryption unit 203 are used as parameters, a restriction key is requested from the restriction key generation device 300, and input from the restriction key generation device 300 The processing target data encrypted with the time-limited data can be decrypted with the restriction key and input to the utilization unit 204.

  For this reason, the restricted data, which is the time-limited data sent from the restricted data creation device 100, is stored in the storage unit, read out later, and the restricted key generation device 300 reproduces it from the information in the time-limited data. Similarly, the encrypted processing target data in the time-limited data can be decrypted and used by the restricted key. However, after the usage time limit, the restriction key generation device 300 does not regenerate a restriction key that can normally decrypt the processing target data, so that the subsequent processing target data cannot be used, and the usage time limit is observed.

  Further, in the restricted data utilization device 200, the storage unit 202 stores the restricted data that is the limited number of times data sent from the restricted data creating device 100, and the storage unit 202 is the restricted data that is the limited number of times data. And the decryption unit 203 uses the number limit value, generation value, and virtual counter specified value of the data with the number limit read as parameters, and requests the limit key generation device 300 to use the number limit key. The encrypted data to be processed with the number-of-times-restricted data can be decrypted by the number-of-times-limit key input from the above and input to the utilization unit 204.

  For this reason, the restricted data, which is the number of times restricted data sent from the restricted data creation device, is stored in the storage unit, read out later, and the restricted key generation device regenerates from the information in the timed data. Similarly, the encrypted processing target data in the data with the limited number of times can be decrypted and used by the limited number of times key. However, after using only the number limit, the limit key generation device will not regenerate the number limit key that can normally decrypt the processing target data, so the subsequent processing target data cannot be used, and the usage number limit is limited. It is protected.

  When receiving a request for a restriction key that uses an absolute time value, a generation value, and a unique value as parameters, the restriction key generation device 300 according to the present embodiment causes the comparison unit 302 to generate the parameter generation value and the value of the generation variable of the clock unit 306. Are equal and the absolute time limit value of the parameter is a future value than the current time value of the clock of the clock unit 306, the hash calculation unit 303 determines that the master key unit A limit key which is a hash value depending on the master key stored in 304, the absolute time limit value of the parameter, and the unique value of the parameter can be calculated.

  For this reason, the absolute time limit value of the parameter is compared with the current time of the clock of the clock unit, and only when the former is a future value, a hash value that depends on the absolute time value is calculated and used as a limit key. After that, it is possible to realize a restricted key whose value cannot be obtained. The hash value is calculated only when the value of the generation variable, which is a value that changes every time the clock is initialized, and the generation value of the parameter, so the reference time that has been initialized and changed Therefore, the time comparison is not performed and the hash value is not calculated. In addition, since the calculation of the hash value is performed depending on the eigenvalue of the parameter, another person who does not know the eigenvalue does not obtain the same restricted key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  Further, upon receiving a request for the current time value and generation value of the clock, the restriction key generation device 300 can output the current time value of the clock unit 306 and the generation value that is the value of the generation variable of the clock unit 306. .

  For this reason, since the current time value of the clock of the clock unit and the value of the generation variable can be transmitted to the external device that is requesting the restriction key, the external device has an absolute time limit that exactly complies with the clock of the clock unit. , It can be specified as a parameter for requesting a restricted key.

  In addition, upon receiving a request for an absolute time value, a generation value, and a restriction key using the relative time value and the unique value as parameters, the restriction key generation device 300 causes the hash calculation unit 303 to store a master key stored in the master key unit 304, It is possible to calculate a limit key that is a hash value depending on a value obtained by adding the current time value provided by the clock unit 306 to the relative time limit value of the parameter and the unique value of the parameter.

  Therefore, a hash value depending on the absolute time value obtained by adding the relative time value of the parameter and the current time of the clock of the clock unit is calculated and used as the limit key. In addition, since the calculation of the hash value is performed depending on the eigenvalue of the parameter, another person who does not know the eigenvalue does not obtain the same restricted key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  Further, when the initialization unit 305 detects the occurrence of an abnormal event that may cause a failure in the time update of the clock of the clock unit 306, the restriction key generation device 300 generates a new master key and generates the master key unit 304. And the value of the generation variable of the clock unit 306 can be updated.

  For this reason, if there is an abnormal event that may cause a failure in updating the clock of the clock, the master key is updated and the value of the generation variable of the clock is updated. The restriction key that should not have been obtained from the restriction key generation device because it has passed is not likely to be obtained again because the clock of the clock unit returns to the past due to the occurrence of an abnormal event.

  When the limit key generation device 300 receives a request for the number limit key or the request for using the number limit key using the number limit value, the generation value, and the virtual counter specified value as parameters, the counter unit 307 displays the parameter in the counter table. The value column value and the generation column value of the row associated with the virtual counter specified value of the current value are read out, and the comparison unit 302 has the parameter generation value equal to the generation column value and the parameter count limit value is It is determined whether or not the condition that the value is larger than the value is satisfied, and when the condition is satisfied, the hash calculation unit 303 stores the master key, the parameter count limit value stored in the master key unit 304, and the parameter virtual counter. It is possible to calculate a key for limiting the number of times, which is a hash value depending on the specified value.

  Therefore, the parameter count limit value is compared with the value of the virtual counter specified by the virtual counter specified value of the parameter (the value in the value column of the counter table row associated with the virtual counter specified value). Only when the former is large, a hash value that depends on the number limit value is calculated and used as the number limit key. Therefore, after a certain number of times the value is used, the number limit key that can no longer be obtained can be realized. In addition, the calculation of the hash value is performed by calculating the generation value of the virtual counter (the value in the generation column of the counter table row associated with the specified value of the virtual counter) that changes every time the virtual counter is initialized. ) And the generation value of the parameter, the values are compared based on the value of the virtual counter that has been initialized and changed, and a hash value may be calculated. No. In addition, since the calculation of the hash value is performed so as to depend on the virtual counter designation value of the parameter, another person who does not know the value does not obtain the same number of times limit key. In addition, the calculation of the hash value is performed so as to depend on the master key that is not output to the outside of the restricted key generation device and is difficult to know from the outside. The same restriction key cannot be obtained from the same parameter even if the device is used. In addition, since the restriction key generation device does not store the generated restriction key, the required storage capacity is small.

  In addition, when the limit key generation device 300 receives a request for using the number limit key using the number limit value, the generation value, and the virtual counter specified value as parameters, the counter unit 307 displays the value in the value column when this condition is satisfied. The value can be updated.

  For this reason, the virtual counter can accurately reflect the number of times the number-limited key is used.

  In addition, upon receiving a request for virtual counter initialization using the virtual counter specified value as a parameter, the restriction key generation device 300 identifies a row in which the virtual counter column is an invalid value in the counter table, and the specified row By substituting the virtual counter specified value of the parameter into the virtual counter field, the specified row is associated with the virtual counter specified value, the value of the generation variable of the counter unit 307 is updated, and the value of the generation variable is specified. Can be assigned to the generation field.

  For this reason, an external device that is requesting the number-of-times restriction key can dynamically prepare a dedicated virtual counter in the restriction key generation device, so that the external device can perform dynamically changing processing. Increased flexibility.

  In addition, when the initialization unit 305 detects the occurrence of an abnormal event that can change the value described in the counter table, the restriction key generation device 300 generates a new master key and stores it in the master key unit. , Generation variables can be updated.

  For this reason, when an abnormal event that can change the value described in the counter table of the counter unit 307 occurs, the master key is updated and the value of the generation variable of the counter unit is updated. The number limit key that should have been unavailable from the limit key generation device because the usage count limit has been reached again due to the decrease in the value of the virtual counter realized in the counter table of the counter unit due to the occurrence of an abnormal event There is no such thing as getting it.

(Other embodiments)
Although the present invention has been described according to the above-described embodiments, it should not be understood that the descriptions and drawings constituting a part of this disclosure limit the present invention. From this disclosure, various alternative embodiments, examples and operational techniques will be apparent to those skilled in the art.

  For example, in the above embodiment, it has been described that the restricted key generation device 300 is provided inside the restricted data use device 200. However, the restricted data use device 200 and the restricted key generation device 300 are separate devices. It does not matter.

  As described above, the present invention naturally includes various embodiments not described herein. Therefore, the technical scope of the present invention is defined only by the invention specifying matters according to the scope of claims reasonable from the above description.

It is a block diagram of the configuration of the restricted data creation apparatus according to the present embodiment. It is a block diagram of the configuration of the restricted data utilization apparatus according to the present embodiment. It is a block diagram of a restriction key generation device according to the present embodiment. It is a flowchart which shows the data creation method with a limit which concerns on this embodiment (time-limited data transmission (absolute time limit)). It is a flowchart which shows the data creation method with a limit which concerns on this embodiment (time-limited data transmission (relative time limit)). It is a flowchart which shows the data creation method with restrictions which concerns on this embodiment (times time limit data transmission). It is a flowchart which shows the limited data utilization method (time-limited data reception) which concerns on this embodiment. It is a flowchart which shows the data utilization method (limited time limit data reception) based on this embodiment. It is a flowchart which shows the restriction | limiting key production | generation method (time + generation request process) concerning this embodiment. It is a flowchart which shows the restriction | limiting key production | generation method (restriction key request | requirement process (absolute time limit)) based on this embodiment. It is a flowchart which shows the restriction | limiting key production | generation method (restriction key request | requirement process (relative time limit)) based on this embodiment. It is an example of the counter table | surface which the restriction | limiting key generation apparatus which concerns on this embodiment hold | maintains. It is a flowchart which shows the restriction | limiting key generation method (virtual counter initialization request | requirement process) which concerns on this embodiment. It is a flowchart which shows the limiting key production | generation method (number-of-times limitation key request | requirement process) which concerns on this embodiment. It is a flowchart which shows the restriction | limiting key production | generation method (number-of-times restriction | limiting key "use" request processing) concerning this embodiment. It is a flowchart which shows the restriction | limiting key generation method (initialization process) which concerns on this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Restricted data production apparatus 101 ... Encryption part 102 ... Input / output part 103 ... Restriction key acquisition part 104 ... ID generation part 105 ... Storage part 106 ... Clock part 115 ... Time difference variable 125 ... Generation variable 200 ... Restricted data utilization apparatus DESCRIPTION OF SYMBOLS 201 ... Input / output part 202 ... Memory | storage part 203 ... Decoding part 204 ... Utilization part 300 ... Restriction key production | generation apparatus 301 ... Input / output part 302 ... Comparison part 303 ... Hash calculation part 304 ... Master key part 305 ... Initialization part 306 ... Clock Part 307 ... counter part 314 ... master key 316, 327 ... generation variable 317, 337 ... counter table

Claims (13)

A restricted data creation device that creates restricted data with a usage time limit or usage frequency limit,
A restriction key acquisition unit that requests and obtains a restriction key that matches restriction information indicating a use time limit or a use frequency limit from the restriction key generation device that generates the restriction key;
An encryption unit for encrypting the restricted data using the restriction key;
An input / output unit that transmits the encrypted restricted data to a restricted data using device that uses the restricted data, and
The restriction key has a master key, an absolute time limit value, and a unique value as parameters, and a hash value that depends on the parameters ,
Or, the restriction key and the master key, the value obtained by adding the current time value of the relative time limit, the eigenvalues and parameters, data creation Restricted, characterized in that a hash value which depends on the parameter apparatus. The restriction information is information that defines the use time limit of the restricted data as an absolute time limit,
The restriction key obtaining unit converts the absolute time period into an absolute time period based on a clock of the restriction key generating device using a time difference variable, and uses the converted absolute time period and a value unique to the restricted data. Requesting the restriction key generation device for the restriction key that is a hash value calculated using a specific value and a generation value that is a value of a generation variable that represents a generation of a clock that defines the absolute time limit as parameters. The restricted data creation device according to claim 1. The restriction information is information that defines a use time limit of the restricted data as a relative time limit,
The restriction key obtaining unit is the restriction key that is a hash value calculated using the relative time and a unique value that is a unique value of the restricted data as parameters, an absolute time limit of the use period of the restricted data, and The restricted data creation device according to claim 1, wherein the restricted key generation device requests a generation value representing a generation of a clock that defines the absolute time limit. The restriction information is information that defines a use frequency limit of the restricted data,
The restriction key obtaining unit is a hash value calculated using the use frequency restriction, a virtual counter designation value that designates a virtual counter, and a generation value that is a value of a generation variable representing a generation of the virtual counter as parameters. The restricted data creation apparatus according to claim 1, wherein the restriction key is requested to the restriction key generation apparatus. A restricted data use device that uses restricted data with a use time limit or a use time limit,
A storage unit for storing the restricted data encrypted by the restricted data creation device for creating the restricted data;
A request for a restriction key that matches restriction information indicating a use time limit or a use frequency restriction, to a restriction key generation device that generates the restriction key, and a decryption unit that decrypts the restricted data encrypted by the restriction key;
And a utilization unit that uses the decrypted restricted data,
The restriction key has a master key, an absolute time limit value, and a unique value as parameters, and a hash value that depends on the parameters ,
Or, the restriction key and the master key, the value obtained by adding the current time value of the relative time limit, the eigenvalues and parameters, restricted data usage, which is a hash value that depends on the parameter apparatus. The restriction information is information that defines the use time limit of the restricted data as an absolute time limit,
The decryption unit obtains the restriction key that is a hash value calculated using the use time period, a unique value that is a unique value of the restricted data, and a generation value that represents a generation of a clock that defines the absolute time limit as parameters. 6. The restricted data utilization apparatus according to claim 5, wherein the restriction key generation apparatus is requested. The restriction information is information that defines a use frequency limit of the restricted data,
The restriction key obtaining unit is configured to restrict the restriction key, which is a hash value calculated using the use number restriction, a virtual counter designation value designating a virtual counter, and a generation value representing a generation of the virtual counter as parameters. 6. The restricted data utilization apparatus according to claim 5, wherein a request is made to the key generation apparatus. From the restricted data creation device that creates restricted data with a usage time limit or usage frequency limit, or the restricted data usage device that uses the restricted data, it matches the restriction information indicating the usage time limit or the usage frequency limit. An input / output unit that receives a request for a restricted key;
A storage unit for storing a master key;
A hash calculator that calculates a restriction key depending on the master key and the restriction information,
The restriction key has a master key, an absolute time limit value, and a unique value as parameters, and a hash value that depends on the parameters ,
Or, the restriction key and the master key, and a value obtained by adding the current time value of the relative time limit, the eigenvalues and parameters, limiting the key generation apparatus, characterized in that the hash value that depends on the parameter . The restriction information is information that defines the use time limit of the restricted data as an absolute time limit,
A comparison unit for determining whether the two-time context and two generation values match,
A clock unit having current time and generation variables,
When receiving a request for a restriction key using the absolute time, a unique value that is unique to the restricted data, and a generation value as parameters,
Whether the comparison unit satisfies a condition that the generation value of the parameter is equal to the value of the generation variable of the clock unit, and that the absolute time limit of the parameter is a future value from the current time of the clock unit. Determine whether
9. The restricted key according to claim 8, wherein when the condition is satisfied, the hash calculation unit calculates a restricted key that is a hash value depending on the master key, the absolute time period, and the eigenvalue. Generator. The restriction information is information that defines a use time limit of the restricted data as a relative time limit,
It further comprises a clock unit with current time and generation variables,
When the relative time limit and a unique value that is a unique value of the restricted data are used as parameters, and an absolute time limit, a generation value, and a request for the restriction key are received,
The hash calculation unit calculates the master key, a value obtained by adding a current time provided by the clock unit to a relative time limit of the parameter, and a limit key that is a hash value depending on the eigenvalue. The restriction key generation device according to claim 8. The restriction information is information that defines a use frequency limit of the restricted data,
A comparison unit for determining a magnitude relationship between two values and a match between two generation values;
A counter unit comprising a counter table and a generation variable, which is a table having a virtual counter column, a value column, and a generation column;
When receiving a request for a limit key using the usage count limit, a virtual counter designation value for designating a virtual counter, and a generation value representing the generation of the virtual counter as parameters,
The counter unit reads the value in the value column and the value in the generation column of the row associated with the virtual counter specified value of the parameter in the counter table;
The comparison unit determines whether or not a condition that the generation value of the parameter is equal to the value of the generation column and the use frequency limit of the parameter is larger than the value of the value column;
The said hash calculation part calculates the restriction | limiting key which is a hash value depending on the said virtual key specified value of the said master key, the said use frequency restriction | limiting, and the parameter when the said conditions are satisfied. 9. The restriction key generation device according to 8. A restricted data creation device that creates restricted data with a usage time limit or usage frequency limit,
A restriction key acquisition unit that requests and obtains a restriction key that matches restriction information indicating a use time limit or a use frequency limit from the restriction key generation device that generates the restriction key;
An encryption unit for encrypting the restricted data using the restriction key;
An input / output unit that transmits the encrypted restricted data to a restricted data using device that uses the restricted data, and
The limit key is a hash value that depends on the master key, an absolute time limit value, and a unique value as parameters, and depends on the parameter,
The restriction information is information that defines the use time limit of the restricted data as an absolute time limit,
The restriction key obtaining unit converts the absolute time period into an absolute time period based on a clock of the restriction key generating device using a time difference variable, and uses the converted absolute time period and a value unique to the restricted data. Requesting the restriction key generation device for the restriction key that is a hash value calculated using a specific value and a generation value that is a value of a generation variable that represents a generation of a clock that defines the absolute time limit as parameters. Restricted data creation device. A restricted data creation device that creates restricted data with a usage time limit or usage frequency limit,
A restriction key acquisition unit that requests and obtains a restriction key that matches restriction information indicating a use time limit or a use frequency limit from the restriction key generation device that generates the restriction key;
An encryption unit for encrypting the restricted data using the restriction key;
An input / output unit that transmits the encrypted restricted data to a restricted data using device that uses the restricted data, and
The restriction key is a hash value that depends on the parameter, the master key, a value obtained by adding a current time value to a relative time value, and a unique value as parameters.
The restriction information is information that defines a use time limit of the restricted data as a relative time limit,
The restriction key obtaining unit is the restriction key that is a hash value calculated using the relative time and a unique value that is a unique value of the restricted data as parameters, an absolute time limit of the use period of the restricted data, and A restricted data creation device that requests a generation value representing a generation of a clock that defines the absolute time limit to the restriction key generation device.

Images