MXPA06011197A - Unauthorized contents detection system - Google Patents

Abstract

Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Description

SYSTEM OF DETECTION OF UNAUTHORIZED CONTENTS Field of the Invention The present invention relates to a technology for verifying the validity of contents, especially a technology to reduce the processing load involved in this verification.

Background of the invention The means to prevent fraudulent acts that include illegal copying, falsification and replacement of contents include applying signature information indicating that the contents have been issued by a holder of legitimate rights as well as the distribution, along with the contents, information and verification to verify if the contents include unauthorized contents in the counterfeit and similar have been made. Patent reference 1, which is an example of this medium, describes a technology for verifying the validity of patents by distributing signature information, verification information and contents through a network. According to the technology, the verification information that includes signature information from a transmission source and verification information to check the consistency of individual partial contents that constitute the REF .: 175807 contents is transmitted to an executing device in advance of a transmission of contents. When the authentication information is received, the execution device verifies the signature information included therein. If the verification of the signature information is successful, the shading device receives and reproduces the sonnets. In parallel they are reprodussión, the device of axes repeats the verifisasión of the consistency of the individual partial contents when using the information of verification, and stops the reproduction when the verification fails. Even if the runtime device has received content that includes unauthorized content, the technology makes it possible for the runtime device not to start the playback of the contents or to stop playback in half. [Patent Reference 1] Publication of patent of E.U.A. No. 6480961; [Patent Reference 2] Japanese patent application open to the public Publication No. 2002-281013; [Non-Patent Reference 1] http://positron.jfet.org/dvdvideo.html (Accessed May 17, 2004); [Non-Patent Reference 2] http: //www.pioneer. co. jp / srdl / tesh / mpeg / l.html (Accessed May 17, 2004); [Non-patent reference 3] "The Art of Computer Programming Vol. 2 Semminumerical Algor i thms" ritten by Donald E. Knuth, ISBN: 0-201-03822-6; and [Non-Patent Reference 4] "Joho Securi ty (Information Security)" written and edited by Atsuko Miyaji and Hiroaki Kikuchi, and compiled by the Information Processing Society of Japan.

Brief Description of the Invention Problems that the Invention Will Solve However, in accordance with the conventional technology described above, the execution device has to continue verification of the verification information in parallel are reprodussión, and therefore there is a problem that the processing load of the execution device becomes high during the playback of the contents. Furthermore, from a security point of view, it is also commonly the case that encoded contents are distributed, rather than contents. In such a case, the ejection device also has to carry out processing of decryption in parallel, and in this way the processing load is further increased. Consequently, the execution device has to be equipped with a highly efficient processor that functions to carry out these processes in parallel. The present invention solves these problems, and focuses on offering a data processing device, a data-processing method, a data-processing program and a recording medium that achieves the reproduction of content free of impediments, even if the equipped processor, it is deficiently efisient, - Reduce the processing load of the ejection device during the playback of sonnets.

Means for Solving Problems In order to achieve the above objectives, the data processing device of the present invention uses a digital work recorded on a recording medium that also has recorded (i) a plurality of register digest values generated from a plurality of data blocks that constitute the digital work and (ii) record signature data generated based on some or all of the plurality of record compendium values therein. The data processing device comprises: a unit of use that functions to use digital work; a selection unit operating to randomly select a predetermined number of data blocks of the plurality of data blocks; a calculation unit that works to calculate a particle digest value are respected to each of the selected data blocks; . a reading unit that functions to read remaining register digest values, each of which corresponds to one of the unselected data blocks, from among the plurality of register digest values; a signature verification unit that functions to verify if the digital work is valid using the registration signature data, the cauldron compendium values and the remaining record digest values; and a use control unit that functions to stop the user unit from using the digital work no longer when the signature verification unit judges the digital work to be invalid.

Suitable Effects of Invention According to the above structure, the selection unit of the data processing device of the present invention selects a predetermined number of blocks of data from among the plurality of data blocks. The calculation unit calculates calculation digest values from the selected data blocks, while the signature verification unit verifies the validity of the digital work using the salsulated satulum sompend values, the log signature data read from the recording medium and the remaining registration signature data. In the present, it is possible to reduce a series of processing load involved in the verification of the registration signature data by limiting the somersolar values of saules so that they are again salted to a predetermined number. In addition, the selection carried out by the selection unit is random. In sonsesuensia, different blocks of data will be verifisation objectives every time the verification is carried out, and therefore it is possible to complement, to a certain extent, the degradation in precision of the verification of grasses to which the number of blocks is limited. data used for verification up to a predetermined number. Moreover, it is difficult for a third party to predict which blocks of data are to be selected, which makes it possible to avoid fraudulent acts that include falsification or replacement of only part of the digital work that will not be used for verification with unauthorized information.

In the data processing device of the present invention, the plurality of register digest values may include a plurality of primary register digest values, each of which is generated for one of the plurality of data blocks, and a plurality of secondary register digest values generated from two or more of the plurality of primary register digest values, and the registration signature data may be generated by carrying out a digital signature at the plurality of values of secondary record compendium. - The reading unit can read the remaining register digest values from among the plurality of primary record compendium values. The signature verifying unit can verify the validity of the digital work when one or more secondary bulleted sompendium values are based on the values of the compendium of the bullet and the remaining registration sompendium values., and leading to tasting a digital signature verification with the use of the registration signature data, the plurality of secondary register digest values and the secondary calculation digest values. In accordance with the previous statement, the register sompend values include first register digest values and second register digest values. The signature verification unit calculates one or more second calculation digest values based on the calculation compendium values and the remaining record digest values. Accordingly, the reading unit reads only the first register digest values required for the saule of the second sampled eompend values and second sompend values which do not deactivate the selected data blocks. In this way, it is possible to reduce the total number of record digest values read from the recording medium. In the data processing device of the present invention, the digital work may include a plurality of files, each of which corresponds to one of the plurality of secondary record compendium values and is constituted by two or more of the plurality of data blocks. Each of the plurality of secondary register digest values can be generated using primary register digest values corresponding one by one to two or more of the plurality of data blocks that constitute a file corresponding to the registration sompend value secondary. The signature verification unit may include: a primary reading subunit that functions to read the recording signature data of the recording medium; a sub-unit of a saule that functions to calculate a secondary cluster compendium value, with respect to each file that includes at least one of the selected data blocks, by using primary register sompendio values that correspond to the data blocks not selected included in the 'file and the calculation compendium values that correspond to the selected data blocks; a secondary lesion subunit that functions to read, with respect to each file that includes none of the selected data blocks, a secondary record compendium value corresponding to the file; a signature subunit that functions to generate calculation signature data by carrying out the digital signature with the use of the computed secondary values of the bullet digest-values and the secondary record digest values read; and a comparison subunit that functions to compare the calculation signature data and the registration signature data. The signature verifying unit can verify that the digital work is valid by suing the calculation signature data and the registration signature data conform to each other, and judges that the digital work is not valid when the calculation signature data and the registration signature data does not conform to each other. In accordance with the above structure, the reading unit reads, with respect to each file that includes at least one of the selected data blocks, first register digest values corresponding to the unselected data blocks included in the file . On the other hand, the second reading subunit in the signature verification unit reads, with respect to each file including none of the selected data blocks, a second register sompend value which is responsive to the arshive from the recording medium. In conssuensia, it is possible to redress the total number of register sompend values read from the recording medium. Moreover, it is possible to easily carry out the verifisation of the validity of the digital work when generating signature data of 'sálsulo are base in the second values of registration sompendium and second values of calculation sompendium and compare the calculation signature data generated and the .firma data record. In the data processing device of the present invention, the plurality of register digest values can be recast values each generated by a recast function. The calculation digest values calculated by the calculation unit can be recast values calculated by applying the recast function to each of the selected data blocks. The secondary bulge digest values calculated by the calculation subunit may be recast values ascalculated when the recast function is applied to the primary register sompend values which correspond to the unselected data blocks and the syllabus digest values. According to the previous structure, the register digest values are generated by the recast function. The calender unit and the calculation subunit calculate the calculation digest values and the second calculation digest values by using the recast function. Since the recast function is a unidirectional function, if the blocks of data used to calculate the first register digest values correspond to the blocks of data seleded they are unusually different from the blocks of data seleded, the first values of the compendium of registration and the first values of the digest digest do not conform to each other.

Accordingly, when the selected data blocks have been forged, the bag sompend values and the second calculation digest values do not match the first compendium values and corresponding second compendial values recorded in the recording medium. In this way, it is possible to accurately detect the falsification of the selected data blocks. In the data processing device of the present invention, the digital work can be digital contents, and the use unit uses the digital contents when reproducing the digital contents. In agreement they are the previous estrustura, the unit of sontrol of use stops the reproduction of digital contents that have been falsified. In the present, it is possible to reduce the cirsulasión of the falsified sonnets. In the data processing device of the present invention, the digital work may be a program of a computer, and the user unit may use the program of the computer in desensitizing the instruction codes that constitute the computer program and operating in accordance with the decrypted codes. According to the previous structure, the user sontrol unit stops the execution of computer programs that have been falsified. At present, it is possible to avoid negative influences caused by the shaping of non-authorized programs, such as the destruction of user data and the application of data that should not be used. The data processing device of the present invention may comprise, in place of the usage control unit, a warning display unit that functions to visually present, when the digital work is judged to be invalid, a notification of invalidity of digital work. According to the above structure, when it is verified that the digital work is not valid, the visual presentation unit of warning visually presents in sonsesuensia, and therefore, the data processing device is able to inform the user that the work digital recorded in the recording medium is not authorized. In this way, the user becomes aware that the digital work recorded in the recording medium is not authorized, and employs protective measures such as not loading the recording medium in the data-processing device from that point onwards. In this way, it is possible to avoid negative influences possible through the use of digital work. In the data processing device of the present invention, the recording medium further has filler (i) tapes that have a data size set such that the free space capacity in the recording medium becomes a value default or lower and (ii) signature data generated based on part or all of the digital work and filler contents. The data processing device may further comprise: a verification unit which functions to verify whether the digital work and the filler contents are valid using the digital work, the filler pads and the signature data. The use control unit works to stop the user unit from using the digital work anymore When the verification unit judges that at least one of the digital work and the filler contents is not valid. According to the above structure, the filling contents are. recorded on the recording medium. If the free sparse layer is a predetermined value, if it is sufficiently small, or even smaller than the default, an unauthorized third party can not add unauthorized information to the recording medium. In addition, the data processing device verifies not only the validity of the digital work but also that of the filling contents. Therefore, even if part or all of the filling contents are counterfeited, the data processing device stops the use of digital work. In consesuencia, even if unauthorized information is distributed in this way, it is possible to avoid the use of unauthorized information. In the data processing device of the present invention, the recording medium further has recorded (i) area information indicating an allowed access area, in the recording medium, that an external device is allowed to access and ( ii) signature data generated based on part or all of the digital work and area information. The data processing device may further comprise: an access prohibition unit that functions to prohibit access to areas other than the permitted asseso areas are based on the area information and a verification unit that functions to verify if the digital work and the area information are valid using the digital work, the area information and the signature data. The use sontrol unit works to stop the user unit from using the digital work anymore. When the verification unit judges that at least one of the digital work and the area information is not valid. In general, it is sometimes the case that a procedure file that shows a procedure for using digital work is included, in addition to digital work, in a recording medium. According to the above structure, the data processing device does not have access to areas other than the permitted access areas indicated by the area information. In consequence, even if an unauthorized third party has added unauthorized information to free space on the recording medium, and has also falsified the procedure file so that in this way it has unauthorized information used, the data processing device does not Read the unauthorized information.

In addition, since the signature data is generated is based on the digital work and the area information, the unit of use control is able to stop the use of digital work by the unit of use even if an unauthorized person has falsified the area information. Thus, it is possible to avoid the use of unauthorized information. Here, the data processing device in the claims is an ejection device in the following embodiments. The blocks of data in the claims correspond to units recorded in the first, fifth and sixth modes, as well as they correspond to partial soundings in the second to fourth modes.

BRIEF DESCRIPTION OF THE FIGURES FIG. 1 is a structural diagram showing a structure of a detection system for unauthorized sonnets of a first embodiment. Figure 2 is a block diagram showing a structure of a distribution device 1100 of the first embodiment. Figure 3 shows a content structure 1120 that will be input to the distribution device 1100. Figure 4 shows a structure of an identification table of devices 1130 souped by an information storage unit of execution devices 1104. Figure 5 shows the details of a key block 1150 generated by a key block generation unit 1103. Figure 6 shows a general outline of a divided content generation process carried out by a unit generation unit 1105. Figure 7 shows a unit capture information structure 1200 generated by the unit generation unit 1105. Figure 8 shows part of the encryption processing carried out by an encryption processing unit 1106. Figure 9 shows a crosstalk of encrypted sondes. 1330 generated by the spinning processing unit 1106. Figure 10 shows u A general outline of a generation of header information 1260 carried out by a sampled information generation unit 1107. Figure 11 shows a method of generating a first recast table carried out by the information generation unit. of header 1107. Figure 12 shows the details of a second recast table generated by the header information generation unit 1107. Figure 13 shows the processing carried out by a signature information generation unit 1111. The figure 14 shows information stored by a DVD 1500 of the first modality. Figure 15 is a block diagram showing a structure of an execution device 1600 of the first embodiment. Figure 16 shows the general outline of verification processing of the signature information carried out by a signature information verification unit 1611. Figure 17 shows part of the processing carried out by the signature information verifixing unit 1611. Figure 18 shows a procedure for generating a first replaced remelting table, carried out by the signature information verification unit 1611. Figure 19 shows a procedure for generating a second replaced remelting table, carried out by the signature information verification unit 1611. Figure 20 shows the verification of signature information carried out by the signature information verification unit 1611. Figure 21 is a flow chart showing the operasional somportamiento of the distributing device 1100. Figure 22 is a graph of flow showing the operational behavior of the distribution device 1100 (sontinuation of Figure 21). Figure 23 shows a proving of verification of signature information carried out by the ejection device 1600. Figure 24 is a graph flow diagram showing the operational behavior of the execution device 1600. Fig. 25 is a flow diagram showing the operational behavior of the execution device 1600 (continuity of Fig. 24). Figure 26 is a block diagram showing a structure of an ejection device 1100b according to a modification of the first embodiment. Figure 27 is a block diagram showing a structure of a distribution device 2100 according to a second embodiment. Figure 28 shows contents 2120 and pieces of identification information that will be entered into the 2100 distribution device.

Fig. 29 shows a general processing contour carried out by a selecting unit 2105. Fig. 30 shows a selected position information structure 2160 generated by a header information generation unit 2107. Fig. 31 shows a structure of header information 2200 generated by the header information generation unit 2107. Figure 32 shows a structure of encrypted contents generated by an encryption processing unit 2109. Figure 33 shows recorded information on a DVD 2500 of the second embodiment. Fig. 34 is a block diagram showing a structure of an execution apparatus 2600 of the second embodiment. Figure 35 is a flow chart showing the operational behavior of the distribution device 2100. Figure 36 is a flow chart showing the operational behavior of the execution device 2600. Figure 37 is a block diagram showing a structure of a distribution device 3100 of a third embodiment.

Figure 38 shows a header selection information structure 3130 generated by a header information generation unit 3107. Figure 39 shows information recorded on a DVD 3500 of the third mode. Fig. 40 is a block diagram showing a structure of an execution device 3600 of the third embodiment. Figure 41 is a block diagram showing a structure of a distribution device 4100 of a fourth embodiment. Figure 42 shows divided contents and pieces of identification information generated by a partial content generation unit 4105. Figure 43 shows a content position information structure 4140 generated by a header information generation unit 4107. The figure 44 shows a header information structure 4160 generated by header information generation unit 4107. Figure-45 shows recorded information on a DVD 4500 of the fourth embodiment. Figure 46 is a block diagram showing a strut of an axle drive device 4600 of the fourth embodiment.

Fig. 47 shows a general outline of a selected position information generation procedure 4620 carried out by a selection unit 4611. Fig. 48 shows a general outline of a selected form information generation procedure 4630 carried out by the selection unit 4611. Figure 49 shows a general outline of decryption processing sonduced by a partial content decryption unit 4616. Figure 50 is a flow graph showing the operasional behavior of the distribution device 4100. Figure 51 shows a method of generating signature information 4170 carried out by the distribution device 4100. Figure 52 is a flow chart showing the operational behavior of the execution device 4600. Figure 53 is a flow chart showing a Operational performance of the 4600 execution device (continuity Figure 52). Fig. 54 shows a verification procedure for signature information and header information carried to flavor by the spindle 4600. Fig. 55 is a block diagram showing a spreading of a spreading device 5100 of a fifth embodiment. Fig. 56 shows a structure of divided filler contents 5120 generated by a pad content generation unit 5108. Fig. 57 shows a unit billing information frame 5140 sent from the paddy packet generating unit 5108. Figure 58 shows a general outline of a procedure for generating header information 5109 carried out by a generating unit and header information 5107. Figure 59 shows a structure of a second recast table 5180 generated by a header information generating unit 5107. Figure 60 shows recorded information on a DVD 5500 of the fifth embodiment. Fig. 61 is a block diagram showing a structure of an execution device 5600 of the fifth embodiment. Figure 62 is a flow chart showing the operational behavior of the 5100 distribution device.

Figure 63 is a flow chart showing the operational behavior of the distribution device 5100 (continuation of Figure 62). Figure 64 is a flow chart showing the operational behavior of the execution device 5600. Figure 65 shows an unauthorized DVD 5500b contemplated. Figure 66 shows an unauthorized DVD 5500c contemplated. . Figure 67 is a block diagram showing a structure of a distribution device 6100 of a sixth embodiment. Figure 68 shows scribing assignment information 6120 generated by an allocation generation unit 6108. Figure 69 shows recorded information on a DVD 6500 of the sixth mode. Fig. 70 is a block diagram showing a structure of an execution device 6600 of the sixth embodiment and Fig. 71 shows a configuration of the DVD 1500 and a structure of an acquisition unit 1601.

Detailed description of the invention 1. First Mode A system for detecting unauthorized contents 1 is described below as an example of embodiments of the present invention, with the help of the figures. 1 . 1 Unauthorized Content Detection System 1 As shown in Figure 1, the unauthorized content detection system 1 comprises a distribution device 1100, an execution device 1600 and a monitor 1620. The distribution device 1100 is, as an example, a device owned by a legitimate copyright holder of content that includes video and audio. According to the operations carried out by an operator, the distribution device 1100 acquires contents, and generates encrypted contents by encrypting the acquired contents. In addition, the distribution device 1100 generates various types of information by using the contents. The information generated by the distribution device 1100 includes, for example, header information used in the execution device 1600 to verify if the unauthorized contents are included in the contents. In addition, the distribution device 1100 generates signature information using a specific signature key for itself, and spreads the generated encrypted contents, signature information, header information, and the like on a DVD (digital versatile disk) 1500. The DVD 1500 will be sold or distributed to users through distribution stores. When serged with the DVD 1500, the executing device 1600 reads the signature information, header information and the like from the uploaded DVD 1500, and carries the verification information of the signature read as well as verifying whether the contents are not included. authorized, based on the information read from the DVD 1500. Only when the verification of the signature information is successful, the execution device 1600 initiates the reproduction of the contents. Individual devices that make up the unauthorized content detection system 1 and the DVD 1500 are described below in detail. 1. 2 Distribution Device 1100 As shown in Figure 2, the distribution device 1100 comprises an input unit 1101, a content key generation unit 1102, a key block generation unit 1103, a storage unit of execution device information 1104, a unit generation unit 1105, an encryption processing unit 1106, a header information generation unit 1107, a signature information generation unit 1111, a key storage unit signature 1112 and a recording unit 1114. 1 . 2. 1 Input Unit 1101 The input unit 1101 receives contents from an external device or external recording medium according to the operation of the operator. Here, a structure of the contents received by the input unit 1101 is described with the help of FIG. 3. As shown in FIG. 3, contents 1120 received by the input unit 1101 are composed of c pieces (c is an integer of 1 or more) of files "CNTl" 1121, "CNT2" 1122, "CNT3" 1123, ..., and "CNTc" 1124. Here, the contents 1120 acquired by the input unit 1101 are a reproducible format for the ejection device 1600 (such as will be described hereinafter in more detail), and the DVD-Video format and the MPEG format. -2 (Group of Experts in Moving Images 2) are examples of these reproducible formats. The present modality is dessribe 'assuming that the 1120 are in DVD-Video format and each one of the files is a VOB file (Video Object). When the pads 1120 are acquired, the input unit 1101 instructs the content key generation unit 1102 to generate a content key, and sends the contents 1120 to the unit generation unit 1105. 1 .2.2 Content Key Generation Unit 1102 The content key generation unit 1102 is instructed by the input unit 1101 to generate the content key. In response to the instruction, the content key generation unit 1102 generates a pseudo random number, and then generates a content key with a length of 128 bits "CK" with the use of the generated pseudo random number. Instead of a pseudo random number, a true random number can be generated using, for example, noise in a signal. Non-patent reference 3 provides details about a method for generating random numbers. In addition, a different method can be used to generate the content key. Subsequently, the content key generation unit 1102 sends the content key "CK" generated to the key block generation unit 1103 and the encryption processing unit 1106. 1 .2. 3. Key Block Generation Unit 1103 and Execution Device Information Storage Unit 1104 The execution device information storage unit 1104 is, for example, composed of a ROM or an EEPROM, and stores a table of information. identification of devices 1130 as shown in figure 4. The device identification table 1130 is composed of n pieces of device identifiers and n pieces of device keys (n is a natural number).

The device identifiers are pieces of identification information and each piece is specific to a device that has been allowed to read the information on the DVD 1500 written by the distribution device 1100 and reproduce the information read. The device keys, which correspond one to one with the device identifiers, are pieces of key information respectively specific to individual devices indicated by the corresponding device identifiers. For example, a device identifier "AID_1" 1131 corresponds to a device key "DK_1" 1136. The key block generation unit 1103 receives the content key "CK" of the content slave generation unit 1102, and generates a block of keys. Figure 5 shows an example of a structure of a key block 1150 generated at this point. The key block 1150 is comprised of n pieces of device identifiers and n slave pieces of encrypted contents. The device identifiers are the same as the device identifiers included in the device identification table 1130. The device identifiers are one-to-one are the slaves of the encrypted contents, and the encrypted content keys are generated by applying an algorithm of Encryption The to the content key "CK" with the use of the corresponding device keys. For example, a device identifier "AID_1" 1141 is the same as the device identifier "AID_1" 1131 included in the device identification table 1130, and corresponds to an encrypted content key "Enc (DK_l, CK)" 1142 The encrypted content key "Enc (DK_l, CK)" 1142 is generated by encrypting the content key "CK" with the use of the device key "DK_1" 1136 included in the identifisation table of devices 1130. In the next dessripsión, a ensriptado text generated when ensriptar a flat text B are the use of a slave A is unsupervised somo "Ens (A, B)". Next, a method for generating the key block 1150 is described. When the content key "CK" is received, the key block generation unit 1103 reads the device identifier "AID_1" 1131 and the device key "DK_1" 1136 in the first line from the device identification table 1130 of the ejection device information storage unit 1104. The block generator unit 1103 generates the slave slave ensriptada "Ens (DK_i, CK)" when the encryption algorithm is appended The key to the "CK" encoders are the use of the device key read "DK_1" 1136. Here, AES is used (Enrollment Standard Advanced), as an example, for the encryption algorithm The referensia no of patent 4 provides details about AES. Note that the encryption system used here is not limited to AES, and that different systems can be employed. The slaving block generation unit 1103 stores the read device identifier "AID_1" 1131 and the encrypted contents key "Enc (DK_l, CK)" generated, associating these two with each other. The key block generation unit 1103 repeats the same type of process for all n pairs of device identifiers and device keys, and generates n pairs of device identifiers and content keys assigned, and puts these pairs together to forming the key block 1150. Subsequently, the key block generation unit 1103 sends the generated key block 1150 to the recording unit 1114. Here, as the simplest example, the case in which a key is described is described. Specifisa is assigned to the device that operates to reproduce the information written on the DVD 1500. However, the technologies described in the patent reference 2 include ones to reduce the number of encrypted content keys and to prevent specific devices from reproducing the sontenidos. 1 .2. 4 Unit Generating Unit 1105 Unit generating unit 1105 resides in units 1120 of input unit 1102. When it resides in units 1120, unit generating unit 1105 generates divided contents and unit capture information in a procedure Described below. The following describes: The generation of divided contents (a) and the generation of unit capture information (b). (a) Generation of Divided Contents As shown in Figure 6, the unit generation unit 1105 generates divided contents 1160 from the contents 1120. Next, a procedure for generating the contents is described with the help of Figure 6. divided 1160. When it receives the contents 1120, the unit generation unit 1105 generates a file identifier "FIDI" 1161 and a piece of file identification information "AD1" which corresponds to the "CNTl" file 1121 included in the received files 1120. The identification identifier of "FIDI" 1161 is identification information that uniquely indicates the name "CNT1" 1121, and is, for example, a natural number that indicates the order of the "CNT1" variable 1121 within the contents or a 120 file name. The file identification information piece "ADl" is information to 'identify the file "CNT2" 1121, and is, for example, a deviation of the head of the sondes 1120, a sestor number, or a direction. Then, the unit generation unit 1105 divides the file "CNT1" 1121 with respect to each VOBU (Video Object Unit) to generate m pieces (m is any natural number) of units "Ul_l", "Ul_2",. .., and "Ul_m". Then, the unit generation unit 1105 generates a unit number "Nl" indicating the number of units generated (here, Nl = m). Subsequently, the unit generation unit 1105 generates file information composed of the file identifier "FIDI" 1161, the piece of file identification information "ADl" and the unit number "Nl", and- stores the file information generated. Then, the unit generation unit 1105 generates unit identifiers for the respective units. The unit identifiers are pieces of identification information and each piece uniquely identifies one of the m pieces of units, and may be, for example, ordinal numbers starting from the head unit, such as 1, 2, 3, ..., and m, or can be cumulative numbers of bits from the header unit. In the present modalitySuppose that the unit identifiers are ordinal numbers from the unit of knowledge. In the following explanation, a pair of a corresponding unit identifier and unit are referred to as a piece of unit information while m 'pieces of unit-information are collectively referred to as a divided file. Thus, a split file "splCNTl" 1171 generated from the file "CNT1" 1121 is composed of m pieces of unit information 1191, 1192, 1193, ..., and 1194 as shown in figure 6. Each piece of Unit information is composed of a unit identifier and a corresponding unit. As an example, a unit information piece 1191 includes a unit identifier "UID1_1" 1181 and a unit "Ul_l" 1186. 'Next, the unit generation unit 1105 generates split file information 1176 which includes the file identifier "FIDl" 1161 and the divided file "splCNTl" 1171. Unit generation unit 1105 repeats processing of the same type for all files to generate c pieces of arshivo information and c pieces of information of divided arshivo 1176, 1177, 1178, ..., and 1179. Here, the c generated split file information pieces are collectively referred to as. the divided contents 1160. Note that the number of units generated m can be. different file in file. Then, the unit generation unit 1105 sends the divided contents 1160 generated to the encryption processing unit 1106. Note that the unit generation unit 1105 generates here the file identifiers and file identification information, however, these they can be entered externally together with the contents 1120. In addition, the individual files are divided with respect to each VOBU, however the divided unit is not limited to this. For example, each of the files can be divided every 64 kilobytes, or each portion corresponding to one second of the playing time. As an alternative, it can be designed to let the operator enter information that indicates the divided unit. (b) Generation of Unit Capture Information After finishing the broadcast of the divided contents 1160, the unit generation unit 1105 generates unit capture information composed of c pieces of file information. Figure 7 shows a structure of a unit capture information 1200 generated at this point. The unit capture information 1200 is composed of c pieces of file information 1201, 1202, ..., and 1204. Each piece of file information is composed of a file identifier, a piece of identification information of arshivo and a unit number As an example, a piece of file information 1201 includes a file identifier "FIDl" 1211, a piece of identification information of arshivo "AD1" 1216, and a unit number "Nl" 1221. The unit generation unit 1105 sends the captured unit capture information 1200 to the signature information generation unit 1111 and the recording unit 1114. 1. 2. 5 Encryption Processing Unit 1106 The rebroadcasting unit 1106 receives the content key "CK" from the content key generation unit 1102 as well as the divided contents 1160 of the unit generation unit 1105. Figure 8 shows part of the processing carried out by the encryption processing unit 1106. The processing carried out by the encryption processing unit 1106 is described below with the help of figure 8. When it receives the divided contents 1160, the encryption processing unit 1106 selects the split file "splCNTl" 1171 included in the split file information 1176 that composes the 1160 divided contents received. The encryption processing unit 1106 extracts the unit "Ul_l" 1186 from the head part of the unit information 1191 of the selected split file "splCNTl" 1171, and generates an encrypted unit "EU1_1" 1231 by applying the encryption algorithm El to the extracted unit "Ul_l" 1186 with the use of the content key "CK". Here, EU1_1 = Ene (CK, Ul_l). The enrollment prosecution unit 1106 generates encrypted unit information 1241 on the generated encrypted unit "EU1_1" 1231 and the unit identifier "UID1 1" 1181 which are included in the unit information 1191. In the following explanation, a pair of a corresponding unit identifier and a corresponding encrypted unit are referred to as a piece of encrypted unit information. The encryption processing unit 1106 repeats the same type of prosecution for the rest of the unit information 1192, 1193, ..., and 1194 to generate corresponding pieces of encrypted unit information '1242, 1243, ..., and 1244. Here, J? Encrypted unit information pieces generated from a split file are referred to colesively as an encrypted divided arshivo. As shown in Figure 8, an encrypted divided file "EsplCNTl" 1251 generated from the split file "splCNTl" 1171 in the above-mentioned procedure is composed of m pieces of the encrypted unit information 1241, 1242, 1243, ..., and 1244. Each piece of encrypted unit information is generated based on a piece of unit information that makes up the 'file' divided 11-71, and - it includes a unit identifier and an encrypted unit. For example, the encrypted unit information 1241 is generated based on the information of a unit 1191, and includes the unit identifier "UID1_1" 1181 and the encrypted unit "EU1_1" 1231. Next, the encryption processing unit 1106 extracts an encrypted unit of each piece of the encrypted unit information that composes the encrypted divided file "EsplCNTl" 1251. Here, m pieces of extracted encrypted units are collectively referred to as an encrypted file "ECNT1". Next, the encryption processing unit 1106 generates encrypted divided file information by replacing the split file "splCNTl" 1171 included in the split file information 1176 with the encrypted divided file "EsplCNTl" 1251 generated. The 1106 training processing unit is the same as the split file information pieces 1177, 1178, ..., and 1179 to generate encrypted divided file information and encrypted files. c Parts of the encrypted divided file information generated at this point are collectively referred to as encrypted divided contents. Then, the encryption processing unit 1106 sends the generated encrypted divided contents to the header information generation unit 1107. Figure 10 shows a structure of encrypted divided contents 1210 sent here. Next, the encryption processing unit 1106 sends c pieces of the encrypted files as encrypted contents to the recording unit 1114. Figure 9 shows a structure of encrypted contents 1330 generated here. The 1330 encrypted contents are composed of c pieces of encrypted files "ECNT1" 1331, "ECNT2" 1332, "ECNT3" 1333, ..., and "ECNTc" 1334. Each of the encrypted files is generated based on an arshive divided encrypted included in the divided contents ensriptados, and it includes a plurality of units ensriptadas. As an 'example, the encrypted arshivo "ECNT1" 1331 includes encrypted units "EU1_1", "EU1_2", ..., and so on. 1 .2. Header Information Generation Unit 1107 The header information generation unit 1107 receives the encrypted divided contents 1210 of the encryption processing unit 1106. When it receives the encrypted divided contents 1210, the header information generation unit 1107 generates header information 1260 with the use of the received received received encrypted contents as shown in figure 10. Figure 10 shows a general outline of a header information generation process 1260 carried out by the information generation unit of header 1107. The divided divided contents 1210 received by the header information generation unit 1107 are composed of c pieces of encrypted divided file information 1246, 1247, 1248, .., and 1249. Each piece of encrypted divided file information includes a file identifier and a divi file encrypted. For example, a piece of encrypted divided file information 1246 includes a file identifier "FIDl" 1161 and an encrypted divided file "EsplCNTl" 1251. The header information generation unit 1107 generates a first recast table based on each divided file included in the encrypted divided file information 1246. For example, the header information generation unit 1107 generates a first recast table "HA1TBL1" 1261 based on the encrypted divided file "EsplCNTl" 1251. The generation unit of header information 1107 generates a second recast table "HA2TBL" 1269 from the c generated pieces of first recast tables. The generation procedures of the first and second recast tables mentioned above are described in detail below. 1 .2. 6. 1 Generation of First Reflow Table Figure 11 shows a general outline of a procedure for generating the first recast table "HA1TBL1" 1261 carried out by the header information generation unit 1107. The process of generating the first recast table "HA1TBL1" 1261 is described below with the aid of FIG. 11. A generating method for all the first recast tables "HA1TBL2", "HA1TBL3", ..., and "HAlTBLc", is the same as for the first recast table "HA1TBL1" 1261. First, the header information generation unit 1107 extracts an encrypted unit "EU1_1" 1231 from the head encrypted unit information 1241 which composes the 'encrypted divided file' EsplCNTl "1251, and generates a recast value of unit" UHA1_1" 1271 by assigning the extracted encrypted unit "EU1_1" 1231 to a recast function. Here, SHA-1 (Secure Refund Algorithm-1) or CBC-MAC (String Blocking of Code-Authentication Message Code) using a block number is applied for the recast function. Here, the header information generation unit 1107 generates unit recast information 1281 by replacing the encrypted unit "Ul_l" 1231 of the encrypted unit information 1241 with the recast value of unit "UHA1__1" 1271 generated. header information generation 1107 repeats processing of the same type for the rest of the encrypted unit information 1242, 1243, ..., and 1244 to generate corresponding pieces of unit recast information 1282, 1283, ..., and 1284. m Pieces of unity recast information generated in this point are referred to by the first recast table "HA1TBL1" 1261. Figure 11 shows a structure of the first recast table "HA1TBL1" 1261 generated at this point. 1 .2. 6.2 Generation of Second Refund Table The header information generation unit 1107 repeats the previous procedure. After completing the generation of the c pieces of first recast tables from the divided scripts 1210, the header information generation unit 1107 generates the second recast table 1269 as shown in FIG. 12 from the c pieces of first recast tables generated. The second recast table "HA2TBL" 1269 is composed of c pieces of first recast tables generated. The second recast table "HA2TBL" 1269 is composed of c file recast information pieces 1301, 1302, 1303, ..., and 1304, and each piece of file recast information includes an arshive identifier and a value of file recast. As an example, a piece of file recast information 1301 includes the file identifier "FIDl" 1161 and a file recast value "FHA1" 1291. A method for generating the second recast table 1269 is now described. header information generation unit 1107 generates the recast value of file "FHAl" 1291 by assigning, to the recast function, a combined result formed by combining all unit identifiers and unit recast values that make up the first table of recast "HA1TBL1" 1261 generated. Subsequently, the header information generation unit 1107 extracts the file identifier "FIDl" 1161 from the encrypted divided file information 1246 corresponding to the first recast table "HA1TBL1" 1261, and generates the file recast information 1301 composed of the file identifier "FIDl" 1161 extracted and the recast value of file "FHAl" 1291 generated. The header information generation unit 1107 repeats processing of the same type for the first recast tables 1261, 1263, ..., and 1264 to generate the file recast information pieces 1302, 1303, ..., and 1304, respectively. Then, the header information generation unit 1107 places these c generated pieces of first file recast information together to form the second recast table "HA2TBL" 1269. This concludes the descriptions of the generation motions of the first ones. recasting tables (1. 2. 6. 1) and the second consolidation table (1, 2. 6. 2). The sampled information generation unit 1107 generates the sampled information 1260 which includes the c pieces of the first recast table and a single piece of the second recast table "HA2TBL" 1269 generated in the aforementioned processes, and sends the header information 1260 generated to the recording unit 1114. In addition, the information generation unit of. header 1107 sends the 2nd recast table "HA2TBL" generated to the signature information generating unit 1111. 1. 2. 7 Signature Information Generation Unit 1111 and Signature Key Storage Unit 1112 The signature key storage unit 1112 which is composed of a ROM stores a signature key 1113 specific to the distribution device 1100.

Figure 13 shows a general outline of the operational behavior of the signature information generation unit 1111. The generation of signature information carried out by the signature information generating unit 1111 is described below with the help of the figure 13. The signature information generation unit 1111 receives the unit capture information 1200 from the unit generation unit 1105 while receiving the 2nd recast table "" HA2TBL "1269 from the e-bearing information generation unit 1107 When you receive the unit capture information 1200 and the 2nd recast table 1269, the signature information generating unit 1111 reads the signature key 1113 from the signature key storage unit 1112. Subsequently, the signature information generation unit 1111 generates signature information 1310 from the capture information received unit 1,200 and the 2 a recast table 1269 with the use of the signature key read 1113. To be more specific, the signature information generation unit 1111 applies, with the use of the signature key read 1113, a signature generation algorithm S to a combined result formed by combining c pieces of the file recast values included in the received 2nd recast table 1269 and c pieces of file information included in the unit capture information -1200. As an example, DSA (Digital Signature Algorithm) is used for the signature generation algorithm S. Then, the signature information generation unit 1111 sends the generated signature information 1310 to the recording unit 1114. 1 .2. 8 Recording Unit 1114 Recording unit 1114 is loaded with DVD 1500. The recording unit 1114 receives: the key block 1150 from the slaves block generating unit 1103; the unit sapure information 1200 of the unit generating unit 1105; encrypted 1330 snifters from the 1106 encryption processing unit; the header information 1260 from the header information generation unit 1107 and the signature information 1310 from the unit of. generation of signature information 1111. When receiving the above information, the recording unit 1114 writes the received key block 1150, unit capture information 1200, sampled information 1260, signature information 1310 and encrypted contents 1330 in the DVD 1500 . 1 . 3. DVD 1500 The DVD 1500 is a transportable optical disk medium loaded on the 1600 execution device. As is. shown in Figure 14, the DVD 1500 stores a key block 1510, unit capture information 1530, header information 1550, signature information 1570 and encrypted contents 1580. These have been described by the distribution device 1100, and are the same as the key block 1150, the unit capture information 1200, the header information '1260, the signature information 1310, and the powered buffers 1330 generated by the distribution device 1100, respectively. Therefore, brief descriptions are provided for these articles. 1 . 3. 1 Key Block 1510 Slave block 1510 is composed of n pieces of device identifiers "AID_1", "AID_2", "AID_3", ..., and "AID_n" and n pieces of encrypted content keys "Enc (DK_l, CK "", "Enc (DK_2, CK)", "Enc (DK_3, CK" ", ..., and" Ens (DK_n, CK) "corresponding to the n pieces of the device identifiers, resplendently 1. 3. 2 Unit Capture Information 1530 The 1530 unit draft information is composed of c pieces of file information 1541 ,. 1542, ..., and so on, and each piece of file information includes a file identifier, arshivo identification information, and unit number. The individual pieces of the file information correspond to the encrypted files included in the encrypted contents 1580. In addition, each of the files corresponds to a recast table included in the header information 1550. 1 . 3. Encrypted Contents 1580 The encrypted files 1580 are bundled with c pieces of encrypted files 1581, 1582, 1583, ..., and 1587. Each of the encrypted files includes a plurality of encrypted units. 1 . 3. 4 Header Information 1550 Header information 1150 is composed of c pieces of first recast tables 1551, 1552, ..., and 1557 and a 2nd recast table 1556. Each of the first recast tables is composed of of a plurality of pieces of unit recast information, and each piece of unit recast information includes a unit identifier and a unit recast value.

The 2nd recast table 1556 is composed of c file recast information pieces 1561, 1562, 1563, ..., and 1567, and each piece of file recast information includes a file identifier and a recast value archive. 1 . 3. Signature Information 1570 The signature information 1570 is generated by flattening the signature generation algorithm 5 to a combined result formed by combining c pieces of file consolidation included in the 2nd 1556 rewrite table and c pieces of information of arshivo included in the capture information of unit 1530. 1 . 4 Execution Device 1600 As shown in Figure 15, the ejection device 1600 is comprised of an acquisition unit 1601, a content key acquisition unit 1602, a device key storage unit 1604, a memory unit 1604 ejection 1606, a signature information verification unit 1611 and a verification key storage unit 1612. 1 . Four . 1 Acquisition Unit 1601 Acquisition unit 1601 is slender are DVD 1500. When it detects DVD 1500 being loaded therein, acquisition unit 1601 reads key block 1510, unit 1530 capture information, and signature information 1570 of the DVD 1500, and send the key block 1510 read to the content key acquisition unit 1602 while sending the readout 1530 readout protocol and signature information 15J0 to the signature verification unit 1611. In addition, the acquisition unit 1601 reads all or part of the header information 1550 and encrypted contents 1580 of the DVD 1500 in accordance with the instructions from the ejection unit 1606 and the signature information verification unit 1611. 1 . 4 .2 Content Key Acquisition Unit 1602 and Device Keys Storage Unit 1604 The device key storage unit 1604 which is composed of a ROM masks an identifier of the device "AID_p" 1608 and a device key "DKJD" 1609 (p is a natural number of no smaller) as shown in the figure 15. The device identifier "AID_p" 1608 is identification information that uniquely indicates the execution device 1600, while the device key "DK_p" 1609 is specific key information for the 1600 ejection device. The procurement unit of content keys 1602 receives the key block 1510 from the acquisition unit 1601. When it receives the key block 1510, the content slaves acquisition unit 1602 reads the device identifier "AID_p" 1608 from the storage unit of the device. device keys 1604. Next, the probe key acquisition unit 1602 detests a device identifier that corresponds to the device identifier. "AID_p" device 1608 read from the received key block 1510, and extracts an encrypted content key corresponding to the detected device identifier. Subsequently, the content key acquisition unit 1602 reads the device key "DK_p" 1609 from the device key storage unit 1604. The content key acquisition unit 1602 generates the content key "CK" when applying a decryption algorithm DI to the extracted encrypted slave slave with the use of the read device key "DK_p" 1609, and then send the content key "CK" generated to the execution unit 1606. Here, the decryption algorithm DI is an algorithm used to decrypt encrypted texts generated through the use of the El encryption algorithm. 1 . 4.3 Signature Information Verification Unit 1611 and Verification Key Storage Unit 1612 Verification key storage unit 1612 which is composed of a ROM stores a verification key 1613. Verification key 1613 is key information that corresponds to the signature key 1113 stored by the distribution device 1100. The signature information verification unit 1611 supports the unit sampler information 1530 and the signature information 1570 of the acquisition unit 1601. Figure 16 shows a general contour of verification operations for signature information carried out by the signature information verification unit 1611. When it receives the unit capture information 1530 and signature information 1570, the signature information verification unit 1611 selects i pieces (i is a natural number of c or smaller) of file identifiers from the received 1530 unit capture information, as shown in the figure 16. Here, the following description is provided under the assumption that the signature information verification unit 1611 has selected file identifiers "FIDl" 1531, "FID3" 1533, ..., and so on. The signature information verification unit 1611 generates a recast table "REPHA1TBL1" 1631 replaced based on the recast table "HA1TBL1" and the encrypted file "ECNT1" 1581 corresponding to the file identifier "FIDl" 1531 selected . The signature information verification unit 1611 does the same with the other file identifiers selected "FID3", ..., and thus susesiva to generate first tables 1633, ..., replaced and so on. The signature information verification unit 1611 generates a second 2nd recast table "REPHA2TBL" 1639 replaced based on the replaced recast table 1631, 1633, .., generated, and so on, and the 2nd recast table " HA2TBL "1556 stored in the DVD 1500, and verify the signature information 1570 by using the 2nd recast table" REPHA2TBL "1639 replaced and generated. In this way, the general contour shown in Figure 16 is concluded. Detailed descriptions are given below on: The generation of the first recast tables replaced (1, 4. 3. 1); generation of a 2nd recast table replaced (1, 4. 3.2); and a procedure for verifying signature information (1, 4. 3. 3), with the help of the figures. 1 . 4. 3. 1 Generation of First Replaced Refundable Tables A procedure is explained with the help of figures 17 and 18 to generate first replaced recast tables. As shown in Figure 17, the signature information verification unit 1611 selects i pieces (i is a natural number of c or smaller) of between c pieces of file information included in the received 1530 unit capture information. How to select i pieces is, for example, to generate i pieces of pseudo random numbers (rl, r2, ..., and ri), one of the suals is 1 or more but c or smaller, and select the 41st, r2nd, ..., and ri-th file identifiers. The selection method is not limited to this, and its method is always apliable and it is difficult to predict which file identifiers are selected. For example, a temperature, humidity, noise in an electronic signal, and the like can be used. In the present embodiment, the following description is provided with the assumption that i = 7, and seven pieces of file information 1541, 1543, ..., and so on are selected. Subsequently, the signature information verification unit 1611 selects any of the units "encrypted in the encrypted file" ECNTl "1581 corresponding to the file identifier" FIDl "included in the selected 1541 file information, and reads the selected encrypted unit of the DVD 1500, as shown in FIG. 18. To be more specific, the signature information verification unit 1611 reads the unit number "Nl" included in the selected 1541 file information, and generates a pseudo-random number t (here, t = 3), the sual is "Nl" or smaller, then the signature information verification unit 1611 reads an encrypted unit "EU1_3", which is the third unit encrypted in the encrypted address "ENCT1"1581, of the DVD 1500 by means of the acquisition unit 1601 based on the file identification information" ADl "included in the selected file 1541 information. d of verification of signature information 1611 generates a recast value of replacement unit "H3" by assigning the encrypted unit "EU1_3" read to a recast function. Here, the signature information verification unit 1611 uses the same recast function as that used by the header information generation unit 1107 of the distribution device 1100. Then, the signature information verification unit 1611 reads the Ia remelting table "HA1TBL1" 1551 inscribed in the calender information 1150 by means of the acquisition unit 1601. Next, the signature information verification unit 1611 replaces, with the remelting value of the calculated "H3" replacement unit, a recast value of unit "UHA1_3" corresponding to a unit identifier "ÜID1_3" that is formed af = 3, of m pieces of unit recast information that make up the recast table "HA1TBL1" 1551 read. The result is the recast table "REPHA1TBL1" 1631 replaced. The signature information verification unit 1611 repeats processing of the same type for the other selected pieces of file information 1542, ..., and so on to generate first recast tables replaced "REPHATBL3" 1633, ..., and so on, respectively. 1 . 4.3.2 Generation of 2nd Refundable Table Replaced? A procedure for generating a second recast table replaced with the help of FIG. 19 is described below. After completing the generation of the first recast tables replaced based on the 7 pieces of selected file information, the verification unit signature information 1611 combines all unit identifiers, all unit recast values and replaced recast values that make up the first recast table replaced "REPHA1TBL1" 1631 generated, and generates a replacement file remelting value "fhal" by assigning the combined result to the recast function. In a similar way, the signature information verification unit 1611 generates replacement file recast values "fha3", ..., and so on based on the first "recast replaced 1633" REPHA1TBL3", .. ., and so on, xespestivamente.After, the signature information verification unit 1611 reads the 2nd recast table "HA2TBL" 1556 included in the 1550 rehearsal information of the DVD 1500. From among c pieces of information of re-consolidation of file included in the 2nd recast table "HA2TBL" 1556 read, the signature information verification unit 1611 replaces file recast information recast values that include the file identifiers "FIDl", "FID3",. .., and so on, which are included in the seven pieces of selected file information, with the replacement file recast values "fhal", "fha3", - ••, and so on, respec- tively. The 2nd recast table "HA2TBL" 1556 to which this replacement has been applied is the 2nd recast table replaced "REPHA2TBL" 1639. 1 . 4. 3. 3 Verification of Signature Information The following describes verification of signature information are the help of Figure 20. After generating the 2nd recast table replaced "REPHA2TBL" 1639, the signature information verification unit 1611 reads the verification key 1613 of the verification key storage unit 1612. Subsequently, the signature information verification unit 1611 generates a combined result formed by combining all the file recast values and file recast values of replacement included in the 2nd recast table replaced "REPHA2TBL" 1639 and c file information pieces included in unit 1530 capture information, and generates signature verification information by applying a signature verification algorithm V to the combined result generated with the use of verification key 1613.

Next, the signature information verification unit 1611 compares the generated signature verification information and the signature information 1570 received from the acquisition unit 1601. When these two do not match, the signature information verification unit 1611 judges that the signature verification is unsuccessful, and sends reproduction prohibition information indicating the prohibition of the reproduction of the contents to the execution unit 1606. Here, the signature verification algorithm V is an algorithm for verifying a signature generated using the S-signature generation algorithm. two agree, the signature information verification unit 1611. are the verification process. 1. 4. Execution Unit 1606 Execution unit 1606 receives the "CK" slave slave from the slave slaves acquisition unit 1602. In addition, the axis drive unit 1606 can receive the reprocessing information from the reproduction unit. verification of signature information 1611. When receiving the content key "CK", the execution unit 1606 reads the encrypted file "ECNTl" which composes the encrypted contents 1580 of the DVD 1500 by means of the acquisition unit 1601. The unit of Execution 1606 sequentially applies the desensitization algorithm DI to the encrypted units? Ul_l "," EU1_2", ..., and so on, which comprise the encrypted file 1581 read with the use of the content key" CK "received, to generate the file "CNT1" composed of the units "Ul_l", Ul_2", ..., and so on.- Subsequently, the ejection unit 1606 expands the arshive" CNT1"generated to generate video and audio data. The axes unit 1606 generates video and audio signals based on the generated video and audio data, and sends the generated video and audio signals to the monitor 1620. With respect to the encrypted files "ECNT2", ..., and "ECNTc", the 1606 ejection unit repeats the lestura, decryption and expansion as well as the sending of video and audio signals in a similar way. If it receives the reproduction prohibition information from the signature information verification unit 1611 during the repetition, the execution unit 1606 aborts the repetition, and notifies the user of the reproducibility impassability of the twisted DVD in the axes 1600 device. , for example, turning on an indiscerning lamp or having the monitor 1620 visually present a screen that reports an error. 1 . 4. Monitor 1620 The monitor 1620 has a built-in speaker that is connected to the execution device 1600 by a cable. The monitor 1620 receives the video and audio signals from the execution unit 1606 of the execution device 1600, generates screens from the received image signal and visually displays the screens. In addition, monitor 1620 generates audio from the audio signal, and sends the audio generated from the speaker. 1. 5 Operational Behaviors The operational behaviors of the distribution device 1100 and the execution device 1600 are described in the following. 1. 5.1 Operational Behavior of the Distribution Device 1100 The operational behavior of the distribution device 1100 is described with the help of flow charts shown in Figures 21 and 22. The input unit 1101 acquires the sonnets 1120 sets of pieces of files in accordance with operations carried out by an operator (Step S1011), and instructs the content key generating unit 1102 to generate the key of the contents. The content slave generation unit 1102 generates the content key "CK" using a random number, and sends the content key "CK" generated to the key block generation unit 1103 (Step S1012). The block generator unit 1103 receives the contents key "CK", and reads the device identification table 1130 from the execution device information storage unit 1104 (Step S1013). The key block generation unit 1103 generates the key block 1150, using the received "CK" content key and the device identification table 1130 read (Step S1016). In Steps S1017 to S1023, the unit generation unit 1105 of the distribution device 1100 repeats the processing of steps S1018 to S1022 with respect to each file that composes the contents 1120. The unit generation unit 1105 generates an identifier of file and file identification information corresponding to a file (Step S1018). Subsequently, the unit generation unit 1105 generates ai pieces of units by dividing the arshivo (Step S1019), generates a unit number that indicates the number of units generated and generates arshivo information composed of the generated file identifier, file identification and unit number (Step S1020). Then, the unit generation unit 1105 generates unit identifiers that correspond one-to-one with the generated units (Step S1021). Subsequently, the unit generation unit 1105 generates m pieces of unit information, each piece of which includes a corresponding unit identifier and unit, and places these pieces of unit information together to form a divided file. Next, the unit generation unit 1105 generates split file information composed of the divided arshivo and arshivo identifier (Step S1022). After completing the repetition of Steps S1017 to S1023 for all files and generation of divided information pieces of information and arshive information, the unit generation unit 1105 generates the capture information of unit 1200 of the units. c Arshivo information pieces (Step S1024), and send the generated unit capture information 1200 to the signature information generation unit 1111 and the recording unit 1114. In addition, the unit generation unit 1105 sends the divided contents 1160 composed of the c file information pieces divided into the processing processing unit 1106. The encryption processing unit 1106 receives the divided contents 1160 of the unit generation unit 1105, and generates the divided contents encrypted .1210 by encrypting each unit of individual divided files that make up the 1160 divided contents received with the or of the content key "CK" (Step S1026).

Then, the encryption processing unit 1106 generates c pieces of encrypted files by extracting encrypted units from each encrypted divided file, and places these encrypted files together to form the encrypted contents 1330 (Step S1027). Then, the encryption processing unit 1106 sends the encrypted divided contents 1210 to the header information generation unit 1107 while sending the encrypted packets 1330 to the recording unit 1114. The header information generation unit 1107 receives the contents encrypted split 1210 of the enrollment prosecution unit 1106. The header information generation unit 1107 calculates unit recast values by allocating encrypted units included in each encrypted divided file that composes the 1210 encrypted divided contents to the recast function, and generates c pieces of first recast tables (Step S1028). Then, the header information generation unit 1107 calculates, with respect to each of the first recast tables, a file recast value based on the recast table, and generates the 2nd recast table 1269 that includes c pieces of recast values of filed file (Step S1029). Then, the header information generation unit 1107 generates header information 1260 including the 2nd recast table 1269 generated and the c pieces from the first recast tables (Step S1031). The signature information generation unit 1111 reads the signature key 1113 from the signature key storage unit 1112 (Step S1032), and generates signature information by applying the signature generation algorithm to the 2nd recast table 1269 and unit capture information with the use of the signature key 1113 read (Step S1033). The recording unit 1114 is the key block 1150, unit information 1200, header information 1260, signature information 1310 and encrypted sondes 1330 on the DVD 1500 (Step S1034). 1 . 5.2 Operational Behavior of the 1600 Exception Device Figure 23 shows a process of manufacturing information involved in the verification of the signature information. For reasons of convenience of the description, with respect to header information 1550, only the unit recast values included in the first recast tables and the file recast values included in the 2nd recast table are illustrated in the figure. Figures 24 and 25 are flow graphs showing the operational behavior of the execution device 1600. Note that the same number of steps in figures 23 to 25 indicate the same processing. Next, the operational behavior of the ejection device 1600 is explained with the help of FIGS. 23 to 25. When it is loaded with the DVD 1500, the acquisition unit 1601 reads the key block 1510, unit 1530 capture information. signature information 1570 of the DVD 1500, and send the key block 151C to the content key acquisition unit 1602, while sending the unit capture information 1530 and the signature information 1570 to the information verification unit signature 1611 (Stage S1041). The signature information verification unit 1611 receives the unit capture information 1530 and signature information 1570, and selects i pieces of the c pieces of file identifiers included in the unit capture information 1530 with the use of a random number (Step S1046). In Steps S1047 to S1057, the signature information verification unit 1611 repeats the processing of steps S1048 to S1056 with respect to each of the selected pieces of file identifiers to generate pieces of first replacement recast tables. The signature information verification unit 1611 extracts a unit number that is responsive to one of the identified identifiers of the unit information (Step S1048). Subsequently, the signature information verification unit 1611 generates a random number t that is 1 or more but the unit number read or smaller (Step "S1049) The signature information verification unit 1611 extracts a piece of information of file identification corresponding to the selected file identifier of the unit information, and reads the unit t entered in the encrypted file corresponding to the selected file identifier of the DVD 1500 based on the extracted unit identification information (Step S1051) In Figure 23, each time the above processing is repeated, the signature information verification unit 1161 sequentially reads: A signed unit 1511 inscribed in the encrypted file 1581, an encrypted unit 1512 inscribed in the encrypted file 1583; ..., and an encrypted 1513 unit included in the encrypted file 1587. The information verification unit f irma 1611 calculates replacement unit recast values by assigning the encrypted units read to the recast functions (Step S1052).

Then, the signature information verification unit 1611 reads a recast table corresponding to the selected file identifier of the DVD 1500 (Stage S1054), and generates a first replacement recast table by replacing, with the recast value of the stamped replacement unit, a. unit recast value corresponding to the calculated replacement unit recast value (Step S1056). In Figure 23, each time the previous processing is repeated, the signature information verification unit 1611 generates: the replaced recast table 1631 of the encrypted unit 1511 and the recast table 1551; the replaced recast table 1633 of the encrypted unit 1512 and the rewriting table 1553; ... and the replaced recast table 1637 of the encrypted unit 1513 and the recast table 1557. After completing the repetition of steps S1047 to S1057 for all the. i pieces of file identifiers, the signature information verification unit 1611 calculates i pieces of replacement file recast values by individually assigning the first replaced recast tables to the recast function (Step S1059). Then the signature information verification unit 1611 reads the 2nd recast table 1556 from the DVD 1500 (Step S1061), and generates a second recast table 1639 replaced by replacing file recast values corresponding to the i selected pieces of file identifiers with the i pieces calculated from replacement file recast values (Stage SIO63). In Figure 23, the second generated recast table 1639 includes: A recast value of replacement file 1641 calculated from the recast table replaced 1631; a recast value of file 1572 read from DVD 1500; a recast value of the replaced 1643 file of the recast table replaced 1633; ... and a replacement file recast value 1647 calculated from the first replaced recast table 1637. Next, the signature information verification unit 1611 reads the verification key 1613 of the verifisation slaving unit 1612 (Step S1064 ), and performs the verification of the signature information 1570 when using the capture information of unit 1530, the 2nd replaced recast table generated and the verification key read 1613 (Step S1066) .When verification of the information of signature is successful (Step S1067: YES), the signature information verification unit 1611, then, the verification of signature information 1570 is included.

If the signature verification is not successful (Step S1067: NO), the signature information verification unit 1611 sends playback prohibition information to the execution unit 1606 (Step S1073). The content key acquisition unit 1602 receives the key block 1510, and reads the device identifier 1608 and device key 1609 from the device key storage unit 1604 (Step S1071). Then, the content key acquisition unit 1602 generates the content key "CK" of the read device identifier 1608, device key 1609, and key block 1510, and sends the generated "CK" key to the unit. axes 1606 (Step S1072). Execution unit 1606 receives content key 1606"CK". Here, upon receiving reproduction prohibition information from the signature information verification unit 1611 (Step S1074: YES), the ejection unit 1606 notifies the user of the reproducibility of the contents stored on the DVD 1500 (Step S1076). ), and the reproduction ends. If you have not received information from. prohibition of reproduction (Step S1074: NO), the execution unit 1606 reads encrypted files that make up the encrypted contents 1580 of the DVD 1500 (Step S1077). The execution unit 1606 first generates files by decrypting the encrypted files read in the use of the content key "CK" (Step S1079), and then generates video and audio data by expanding the generated files (Step S1081). Then, the execution unit 1606 generates video and audio signals of the generated video and audio data, respectively, sends these signals to the monitor 1400, and causes the monitor 1400 to reproduce the video and audio (Step S1082). When you have finished reading all the encrypted files or have been instructed to complete the playback for operations carried out by the user (Step S1084: YES), the axes unit 1606 contains the reprodusion. If there are still records that have not been read, and the axes unit 1606 has not received an instruction to terminate the user's reproduction, the axle unit 1606 returns to step S1074 and repeats the processing of steps 1074 to S1084. 1 . 6 Summary and Appropriate Effects As described, in the present embodiment, the DVD 1500 stores: encrypted contents that include c pieces of encrypted files, each of which includes a plurality of encrypted units; header information including c pieces of first recast tables generated based on the plurality of encrypted units as well as a 2nd recast table, and signature information generated based on the a. 2 a recast table. At the same time that reading, decryption and reproduction of the encoded scripts begins, the 1600 axes device randomly selects i pieces of encrypted units with the use of random numbers ', and calculates replacement units' recast values and recast values. replacement file based on the pieces of encrypted units selessionadas. Then, the executing device 1600 reads the 2nd recast table of the DVD, and generates a second recast table replaced by replacing, from among the recast values of the file included in the 2nd recast table read, file recast values corresponding to to the replacement file recast values calculated with the calculated replacement file recast value. Then, the execution device 1600 carries out the verification of the signature information using the 2nd recast table replaced. If the verification is not successful, the ejection device 1600 aborts the reprodussing of the sonnets. Thus, by limiting the number of unit recast values just calculated for the verification of the signature information to i pieces, it is possible to reduce the amount in calculation involved in the verification of the signature information, which leads to a reduction in the burden of prosecution in the reproduction of contents. Moreover, in carrying out verification of signature information with the use of a two-layer structure composed of Ia and 2a recast tables, the execution device 1600 is capable of reproducing the amount of information read from the DVD 1500. Speaking more specifically, in the first modality of the present invention, there is no need to read the first recast tables that correspond to the file information that has not been seleed. Consequently, it is possible to shorten the time required to read information. In addition, first recast tables that correspond to selected file information are read in the first mode. However, among the components that make up the first recast tables that correspond to the selected file information, only the components that are not the unit recast values that correspond to the calculated replacement unit recast values can be read. . The same applies to the reading of a 2nd recast table. Here, it is possible to further reduce the sanctity of information read from the DVD 1500. In carrying out the verification of the signature information with the use of replaced recast values generated from the encrypted units, it is possible to complete both the verification of whether Unauthorized content is included, such as verification of whether the signature information was generated using a signature key owned by a legitimate rights holder at a time. In the verification processing, if part or all of the encrypted contents of the DVD 1500 are replaced with unauthorized contents, the first mode has a high probability of detecting the unauthorized sounds since only pieces of energetic units are randomly selected pair. to be used Here, a specific description is provided under the assumption that half of the encrypted content has been referenced in unauthorized content. The probability that a single selected encrypted unit is a valid encrypted unit generated by the distribution device 1100 is 1/2. For example, in the case of selecting seven encrypted units and carrying out the verification, the probability that all seven encrypted units selected are valid encrypted units is (1/2) 7 = 1/128. In particular, in this case, the probability of not being able to detect unauthorized content is less than 1%. In the present, the first modality acts as an obstacle to prevent fraudulent acts that include replacing parts of content distributed by a legitimate owner of rights are unauthorized contents and distribute them. 1 . 7 Modification of the First Mode In the first mode, the distribution device 1100 divides each file that composes the contents acquired in units, and then carries out the encryption for each unit. However, the distribution device 1100 can carry out the encryption with respect to each file to generate encrypted files and generate encrypted units by dividing each of the generated encrypted files. In this case, the execution unit 1606 of the execution device 1600 reads the encrypted contents of the DVD 1500, decrypts the encrypted contents read with respect to the encrypted file and reproduces the decrypted contents. A distribution device 1100b of the present modification is described with the help of FIG. 26. The distribution device 1100b is composed of an input unit 1101b, a content key generation unit 1102, a key block generation unit. 1103, an ejection device information storage unit 1104, a unit generation unit 1105b, an encryption processing unit 1106b, a header information generation unit 1107, a signature information generating unit 1111, a signature key storage unit 1112 and a recording unit 1114. Since the content key generation unit 1102, key block generation unit • 1103 and ejection device information storage unit 1104, header information generation unit 1107, signature information generation unit 1111, signature key storage unit 1112 and • Recording unit 1114 are the same as in the first mode, the description for these somponents is left out. - In addition, since the input unit 1101b is the same as the input unit 1101 of the first exsept mode because it sends the stencils to the encryption processing unit instead of the unit generation unit, the description is also omitted . 1 . 7. 1 Encryption Processing Unit 1106b. The encryption processing unit 1106b receives the content key "CK" from the content slave generation unit 1102. The encryption processing unit 1106 hosts contents of the input unit 1101b. Here, the contents are filled with files "CNTl", "CNT2", ..., and "CNTc", as is the case with the contents 1120 shown in figure 3. When you receive the contents, the encryption processing unit 1106 generates the encrypted file "ECT1" when applying the encryption algorithm to the file "CNT1" included in the Content received with the use of the content key "CK". The training processing unit 1106 does the same with the files "CNT2" to "CNTc" to generate entries "ECNT2" to "ECNTc". Next, the encryption processing unit 1106 sends the ensriptados sompuestos of the arshivos ensriptados generated "ECNTl", "ECNT2", "ECNT3", ..., "ECNTc" to the unit generating unit 1105b and to the recording unit 1114b. 1 . 7.2 Unit Generation Unit 1105b The unit generating unit 1105b receives the energized devices from the corrugator 1106b. When it resides the encrypted files, the unit generation unit 1105b generates the file identifier "FID1" and the file identification information piece "AD1" which corresponds to the enscript file "ECNT1" included in the received encrypted contents. Next, the unit generation unit 1105b divides the encrypted file "ECNT1" every 64 kilobytes to generate m pieces of encrypted units. At this point, if the last encrypted unit is less than 64 kilobytes, the encrypted unit is supplemented with data such as "000 ... 000". Then, the unit generation unit 1105b generates a number "Nl" indicating the number of generated encrypted units, and then generates information from the generated file of the generated identifier "FIDl", piece of identification information of "arshivo" AD1", and unit number" Nl ". Then, the unit generation unit 1105b generates unit identifiers "UID1_1", UID1_2"," ÜID1_3", ..., and "UID1_J?" corresponding to the m generated pieces of the encrypted units "EU1_1", "EU1_2", "EU1_3", ..., and "EUl_m", respectively. Subsequently, the unit generation unit 1105b forms m pieces of encrypted unit information by matching the corresponding encrypted units with the unit identifiers. Then, the unit generation unit 1105b puts the m pieces of encrypted unit information together to form the encrypted divided file "SplECNTl".

The unit generation unit 1105b repeats the 'processing of the same type for the rest of the encrypted files "ECNT2", "ECNT3", ..., and "ECNTc" included in the encrypted contents to generate divided encrypted files "SplECNT2", "SplECNT3", ..., and "SplECNTc" as well as the pieces of file information. Next, the unit generation unit 1105b sends the c generated pieces of encrypted split files "SplECNTl", "SplECNT2", "SplECNT3", ..., and "SplECNTc" to the unit generating header information 1107b as divided encrypted contents. In addition, the unit generation unit 1105b generates unit capture information comprised of the c pieces of file information, and sends the generated unit capture information to the recording unit 1114 and the signature information generating unit. lllb. 2. Second Mode A second embodiment according to the present invention is described below with the aid of the figures. 2. 1 Unauthorized Content Detection System An unauthorized content detection system of a second modality is comprised of a distribution device, an execution device and a monitor, as well as the unauthorized content detection system 1 of the first modality. The distribution device acquires contents according to operations carried out by an operator, and generates encrypted contents by encrypting the acquired contents. In addition, the distribution device extracts part of the contents, and generates information such as header information used to detect if unauthorized content is included in the contents, signature information to prove that the contents are issued by a legitimate rights owner, and similar, are based on the part extracted from the sontenidos (hereinafter, referred to as "representative partial contents"). The distribution device writes the generated encrypted contents, signature information and the like on a DVD. The DVD will be sold or distributed to users through distribution stores. When loaded with the DVD, the ejection device generates partial contents representative of the encrypted contents stored in the loaded DVD, and carries out the verification of the signature information and header information based on the representative partial contents generated. If the verification is successful, the execution device starts the reproduction of the contents. When the verification is not successful, the execution device prohibits the reproduction of the contents. The individual devices that make up the unauthorized contents and the system for detecting unauthorized contents of the present modality and the DVD are described in detail below. 2. 2 Distribution Device 2100 Figure 27 shows a structure of a distribution device that represents the system for the deactivation of unauthorized sonnets of the present modality. As shown in Figure 27, the distribution device 2100 is comprised of an input unit 2101, a content key generation unit 2102, a key block generation unit 2103, a device information storage unit. of execution 1104, a selection unit 2105, a header information generation unit 2107, a signature information generation unit 2108, a signature key storage unit 1112, an encryption processing unit 2109 and a recording unit 2114. The individual components that make up the distribution device 2100 are described in detail below . Note that, since the execution device information storage unit 1104 and the signature key storage unit 1112 are the same as in the first embodiment, the descriptions for these components are left out. 2. 2.1 Input Unit 2101 Input unit 2101 acquires contents and several pieces of identification information of an external device or external recording means of agreement are operations of the operator. Figure 28 shows an example of a structure of the contents and identification information acquired by the input unit 2101. The contents 2120 are composed of c pieces of partial contents "CNT1", 2121, "CNT2" -2122, "CNT3" 2123, ..., and "CNTc" 2127. Here, the pads 2120 acquired by the input unit 2101 are in a reprodusible format for an execution device 2600 (as will be described hereinafter in detail), and the DVD-format. Video and the MPEG-2 format are examples of these reproduced formats. Each piece of the identification information is information that indicates in a unique way one of the partial contents that constitute the sonnets 2120, and is, for example, a deviation of a corresponding piece of partial content from the header of the contents, a sector number. , or a starting point of reproduction of the speci fi ed partial content piece having referensia to the sounding of the sonnets. For example, a piece of identification information "ADl" 2131 corresponds to the partial contents "C Tl" 2121, and the heading of the partial contents "CNT1" 2121 is collated in "ADl" from the header of the contents 2120. The input unit 2101 sends the acquired contents 2120 and c pieces of identification information to the sonde generation unit 2102. 2. 2. 2 Content Key Generation Unit 2102 The content key generation unit 2102 receives the contents 2120 and c pieces of identification information from the input unit 2101. When it receives the pads 2120- and c pieces of identifying information, the content key generation unit 2102 generates a pseudo-random number, and generates a content key with a 128-bit length "CK" with the use of the generated pseudo-random number. Instead of a pseudo random number, a real random number can be generated using, for example, noise in a signal. Then, the sonde key generation unit 2102 sends the. content key "CK" generated, the contents received 2120 and c pieces of identification information to the key block generating unit 2103 and encryption processing unit 2109. 2. 2. 3 Key Block Generating Unit 2103 The slaving block generating unit 2103 resides the content key "CK", contents 2120 and c pieces of identification information of the content key generation unit 2102. When it receives the slave slave "CK", the key block generating unit 2103 generates a key block using the device identification table 1130 stored in the storage device of the execution device 1104 and the content slave "CK" received . Since a procedure to generate the key block is the same as that of the first mode, the description is omitted. In addition, the key block generated here has the same structure as the key block 1150 shown in Figure 5. Next, the key block generating unit 2103 sends the generated key block, and the content key "CK" received, contents 2120 and c pieces of identification information to the security unit 2105. 2. 2. 4 Selection Unit 2105 Fig. 29 shows a general outline of the processing carried out by the selection unit 2105. Next, the selection unit 2105 is described with the help of Fig. 29. The selection unit 2105 receives the . key block, "CK" content slave, contents 2120 and c pieces of identification information of the key block generation unit 2103. When receiving these information sets, the separation unit 2105 selects k pieces of the c pieces of identifission information. The description, here, is provided with the assumption that k = 3. With respect to the selection method, k pieces can be selected, for example, using random numbers, or selected from dates, temperatures or the like. Alternatively, it can be designed to accept operator selections. If the contents 2120 are in MPEG format, the pieces of identification information indicating intermediate images can be seled. In addition, the sorting unit 2105 may pre-store information that identifies k pieces that will be selected, or may carry out the sorting in response to instruction from the operator. As shown in Fig. 29, the selection unit 2105 selects here pieces of identification information "AD3" 2133, "AD7" 2134, and "ADc" 2137. Then, the selection unit 2105 extracts a piece of partial contents " CNT3"corresponding to the identification information piece" AD3"2133 selected from the received contents 2120, and generates a piece of representative information 2141 composed of the selected piece of identification information" AD3"2133 and the extracted piece of partial contents "CNT3". Here, the selected piece of partial contents is referred to as "a piece of representative partial contents". The selection unit 2105 repeats the same type of processing for the pieces of information and identification "AD7" 2134 and "Adc" '2137 to generate pieces of representative information. Then, the security unit 2105 sends the header information generation unit 2107. The three generated pieces of representative information 2141, 2142 and 2143; and the received key block, content key "CK" and contents 2120. 2. 2. Header Information Generation Unit 2107 The header information generation unit 2107 receives the three pieces of representative information 2141, 2142 and 2143, key block, content key "CK" and contents 2120 of the unit of information. 2105. When it is received, the paging information generating unit 2107 generates an identification information identifier "ADID1" which uniquely identifies the piece of representative information 2141. The methods for generating the identifier identifier identifier include , for example, a sequential assignment of natural numbers and a random assignment using random numbers. Then, the header information generation unit 2107 extracts the identification information piece "AD3" from the received piece of representative information 2141, and generates a piece of representative representative information composed of the identifying information identifier generated "ADIDl" and the piece of identification information "AD3". Subsequently, the header information generation unit 2107 extracts the piece of representative partial contents "CNT3" from the received piece of representative information 2141, and generates a partial remelting value "HA3" by assigning the extracted partial contents "CNT3" to the recast function.

The sampler information generation unit 2107 generates a piece of representative recast information composed of the generated identification information identifier "ADID1" and partial recast value "HA3". The plating information generation unit 2107 repeats the same type for the representative information pieces 2142 and 2143, and generates pieces of representative detection information and representative reissuance information. The header information generation unit 2107 generates selected position information composed of the three pieces generated from the representative detection information. Figure 30 shows a structure of the selected position information generated at this point. The selected position information 2160 is comprised of representative representation information pieces 2161, 2162 and 2163, which correspond to representative pieces of information, 2141, 2142 and 2143, respectively. Each piece of the representative detection information is composed of an identifi- cation information identifier and an identification information piece. As an example, the piece of representative detection information 2161 corresponds to the piece of representative information 2141, and includes an identifier of identification information "ADIDl" 2171 and a piece of identification information "AD3" 2176. In addition, the unit of header information generation 2107 generates header information composed of the three generated pieces of representative recasting information. Figure '31 shows a structure of the header information generated at this point. As shown in Fig. 31, header information 2200 is composed of pieces, of representative reissution information 2201, 2202 and 2203, the superspondres to the representative detection information pieces 2161, 2162 and 2163, respectively. Each piece of representative recast information includes an identification identifier identifier and a partial recast value. For example, representative recast information piece 2201 is generated based on representative piece of information 2141, and includes an identifier identifier "ADIDl" 2211 and a partial recast value "HA3". Then, the sampled information generating unit 217 sends the selected position information 2160 generated, header information 2200 and the received key block, content key "C" and contents 2120 to the signature information generating unit 2108 . 2. 2. 6 Signature Information Generation Unit 2108 The Signature Information Generation Unit 2108 receives the selected position information 2160, header information 2200, key block, "CK" spreads key, and spreads 2120 from the sampler information generation unit 2107. When it receives these sets of information, the generation unit of Signature information 2108 extracts the partial recast values "HA3", "HA5", and "Hac" included in the received 2200 header information. Then, the signature information generation unit 2108 reads a signature key 1113 from the signature key storage unit 1112. The signature information generation unit 2108 generates signature information by assigning the signature generation algorithm S to a combined result formed by combining the partial recast values extracted "HA'3", "HA5" and "HAc" with the use of the signature key signature 1113. Next, the signature information generation unit 2108 sends the generated signature information, and the selected position information 2160, header information 2200, key block, content key "CK" and content 2120 received, to the processing unit by encryption 2109. 2. 2. 7 Encryption Processing Unit 2109 The encryption processing unit 2109 resides the signature information, selected position information 2160, header information 2200, - key block, "CK" content key, and unit contents 2120 for generation of signature information 2108. When these information sets are received, the encryption processing unit 2109 generates pieces of encrypted partial contents "ECNT1", "ECNT2", "ENCT3", ..., and "ECNTc" when applying the encryption algorithm Respectively to the pieces of parsial pads "CNT1", "CNT2", "CNT3", ..., and "CNTc" that are the sonnets received 2120 with the use of the content key "CK" received . The pieces generated from partial contents enerized "ECNTl", "ECNT2", "ECNT3", ..., and "ECNTc" are collectively referred to as encrypted contents. Here, the encryption contents can be indicated as ECNT ± »= Ene (CK, CNTj), where b is a natural number of c or smaller. Figure 32 shows a structure of the ensripted stencils 2220 generated at this point. Subsequently, the document prosecution unit 2109 generates selected position information encrypted by applying the encryption algorithm. The selected position information received is the use of the received "CK" slave slave. Then, the encryption processing unit 2109 sends the generated encrypted contents 2220 and the submitted sesion information, and the received signature information, header information 2200 and key block to the recording unit 2114. 2. 2. 8 Recording Unit 2114 The recording unit 21114 is capable of being loaded with the DVD. The recording unit 2114 receives the encrypted alarms 2220, encrypted selected position information, signature information, header information 2200 and key block of the encryption processing unit 2109, and writes the encrypted 2220 contents received, position information selected ensriptada, signature information, information of '2200 header and key block on the DVD. 2. 3 DVD 2500 As shown in Fig. 33, a DVD 2500 stores a key block 2510, sequenced poscript information 2530, cue information 2550, signature information 2570, and encrypted contention 2580. Key block 2510, cue information 2510. selected encrypted posion 2530, header information 2550, signature information 2570 and encrypted contents 2580 have been written by the distribution device 2100, and the structures of those components are as indicated above. 2. 4 Execution Device 2600 As shown in Fig. 34, the execution device 2600 is comprised of an acquisition unit 2601, a content key acquisition unit 2602, a device key storage unit 1604, a storage unit, and decryption of position information 2606, a signature information verification unit 2611, a verification key storage unit 1612, a representative partial content decryption unit 2616, a header information verification unit 2617 and a unit of information execution 2618. The individual components constituting the execution device 2600 are described in detail below. Note that, since the device key massaging unit 1604 and the verification key storage unit 1612 are the same as those that constitute the execution device 1600 of the first mode, the descriptions of those somponents are omitted. 2. 4. 1 Acquisition Unit 2601 The Acquisition Unit 2601 is serged are the DVD 2500. When the DVD 2500 being serged in it is detested, the purchasing unit 2601 reads the slaves block 2510, selected position information 2510, header information 2550, signature information 2570 and ensripted 2580 of the DVD 2500 The purchasing unit 2601 sends the slaving block 2510, selected poscript information 2530, header information 2550, signature information 2570 and encrypted contents 2580 read, to the sonde key acquisition unit 2602. 2. 4.2 Content Key Acquisition Unit 2602 Content key acquisition unit 2602 resides slave block 2510, encrypted selected position information 2530, header information 2550, signature information 2570 and encrypted contents 2580 of the acquisition unit 2601. When you receive these information sets, the unit of. acquisition of content slave 2602 generates the content key "CK" using the device identifier "AID_p" and the device key "DK_p" stored by the device key storage unit 1604 and the received key block. A procedure for generating the content key "CK" is the same as the procedure for generating the content key "CK" carried out by the content key acquisition unit 1602 which constitutes the execution device 1600 of the first modality, and therefore the dismemberment is left out. Then, the sonification slave acquisition unit 2602 sends the content slave "CK" generated, and the selected encrypted position information 2530, header information 2550, signature information 2570 and encrypted contents 2580 received, to the decryption unit. of position information 2606. 2. 4. 3 Position Information De-encryption Unit 2606 The position information desensitization unit 2606 receives the content key "CK", selected encrypted position information 2530, header information 2550, signature information 2570 and encrypted contents 2580 of the subsidiary slave addency unit 2602.

When receiving these information sets, the position information decryption unit 2606 generates positional information selesioned upon aping the decryption algorithm Di to the selected encrypted position information 2530 received with the use of the "CK" content key supported. The selected position information generated at this point has the same structure as the selected position information 2160 shown in FIG. 30. Then, the position information decryption unit 2606 sends the generated position position information, and the slave of "CK" files, 2550 password information, 2570 signature information, and 2580 encrypted contents received, to the signature information verification unit 2611. 2. 4. 4 Signature Information Verification Unit 2611 The signature information verification unit 2611 receives the selected position information, "CK" content key, 2550 header information, 2570 signature information and 2580 encrypted contents of the position information decryption unit 2606. When receiving these information sets, the signature information verification unit 2611 reads a verification slave from the verification key masking unit 1612. Then, the information verification unit of signature 2611 extracts the partial recast values "HA3", "HA7", and "HAc" from the three pieces of representative recast information, which restores the received 2550 header information, and generates signature verification information when applying the signature verification algorithm V to the combined result formed by combining the recast values partial "HA3", "HA7" and "HAc" extracted with the use of the verification key read. The information verification unit 2611 compares the generated signature verification information and the received signature information. When these two do not work, the signature verification verification unit 2611 judges that the signature verification is unsuccessful and aborts subsequent processing. When the two coinside, the signature information verification unit 2611 judges that the signature verification is successful, and sends the selected position information received, content key "CK", header information 2550 and encrypted contents 2580 to the Unit for decrypting representative partial contents 2616. 2. 4. 5 Representative Partial Content Disclosure Unit 2616 The representative partial contents decryption unit 2616 receives the position information, "CK" content key, 2550 header information, and 2580 encrypted contents selected from the information verification unit. signature 2611. When receiving these information sets, the representative partial contents decryption unit 2616 extracts the identification information identifier "ADID1" and the corresponding piece of identification information "AD3" included in the first representative detection information that constitutes the selected position information received, and extract 'further a piece of encrypted partial contents "ECNT3" from the encrypted contents 2580 received based on the piece of identification information extracted "AD3". Then, the representative partial content decryption unit 2616 generates the piece of representative partial contents "CNT3" by applying the decryption algorithm DI to the encrypted partial contents "ECNT3" extracted with the use of the received "CK" content key. Here, a pair of the piece generated from representative partial contents "CNT3" and the extracted piece of identifying information identifier "ADID1" is referred to as "a piece of representative verification information". Next, the representative partial sample decryption unit 2616 repeats processing of the same type for the rest of the pieces of representative detection information to generate a piece of representative verification information composed of the identifying information identifier "ADID2" and the piece of information. representative partial contents "CNT7" as well as a piece of information representative of verification composed of the identification information identifier "ADID3" and the piece of representative parsial pads "CNTc". Thereafter, the representative parsing unit desensitization unit 2616 sends the three pieces of generated verifisation representation information and the received "CK" content slave, header information 2550 and encrypted contents. 2580 to header information verification unit 2617. 2. 4. 6 Information Verification Unit of Header 2617 The header information verification unit 2617 receives the three pieces of representative verification information, content slave "CK", header information 2550 and encrypted contents 2580 of the representative partial contents decryption unit 2616. When it receives these information sets, the heading information verification unit 2617 generates check recast values "H3", "H7", and "He" by assigning respectively the representative partial contents pieces "CNT3", "CNT7" and " CNTc "included in the three representative verification information received to the recast function. The recast function used here is the same as that used in the header information generation unit 2107 of the distribution device 2100. Next, the sampler information verification unit 2617 searches, in the header information 2550, for a identifier of information, identification that conforms to identifier identifier information "ADIDl" included in the corresponding piece of information representative of verification, and extracts the partial recast value "HA3" that corresponds to the identifier of identification information detected. Next, the heading information verification unit 2617 shadows the extracted parsial remelting value "HA3" and the check recast value "H3" generated. In addition, the header information checking unit 2617 extracts the partial recast value "HA7" from the header information 2550 are based on the identification information identifier "ADID2" included in the corresponding piece of representative verification information, and compares the partial remelting value extracted "HA7" and the verification recast value "H7" generated. The header information verification unit 2617 extracts the partial recast value "HAc" from the header information 2550 based on the identification information identifier "ADIDc" included in the corresponding piece of representative verifisation information, and for the extracted parsial value "HAc" and the recast value of the "He" check generated. When each of the three pairs is shadowed and there is even a pair that does not match is another, the heading information verification unit '2617 aborts the subsequent processing. When the three pairs agree in the above comparison of the three pairs, the header information verification unit 2617 judges that the verification of the 2550 cache information is successful, and sends the received "CK" slave slave and the encrypted contents 2580 to the execution unit- 2618. 2. 4. 7 Execution Unit 2618 Execution unit 2618 receives the content key "CK" and encrypted contents 2580 from header information verification unit 2617. When it receives these information sets, execution unit 2618 generates the contents composed of the parts of partial contents "CNT1 '", "CNT2", "CNT3", ..., and "CNTc" when applying the decryption algorithm DI to each of the encrypted pieces of parsial contents "ECNT 1", "ECNT2", "ECNT3", ..., and "ECNTc" that compose the 2580 encrypted contents received with the use of the "CK" content key received. Then, the execution unit 2618 expands the generated contents to generate video and audio data, and generates video and audio signals from the generated video and audio data. Execution unit 2618 sends the generated video and audio signals to the monitor. 2. 5 Operational Behaviors of the Distribution Device 2100 and the Execution Device 2600 The operational behaviors of the distribution device 2100 and the ejection device 2600 are described below. 2. 5. 1 Operational Behavior of the Distribution Device 2100 The operational behavior of the distribution device 2100 is described with the help of a flow chart shown in Figure 35. The input unit 2101 receives the contents 2120 composed of c pieces of parsial pads and c identifisation information pieces (Step S2011), and sends the received contents 2120 and identification information to the content key generation unit 2102. The content key generation unit 2102 receives the 2120 and c information pieces of information from identification, and generates a content key (Stage S2012). The key block generating unit 2103 resides the content slave, contents 2120 and c pieces of identification information of the content key generation unit 2102, and reads device identifiers and device keys of the information storage unit of execution device 1104 (Step S2013). The key block generating unit 2103 generates a key block using the device identifiers and device key read (Step S2014), and sends the generated key block, to the content slave received, the contents 2120 and c pieces of identification information to the selection unit 2105. The selection unit 2105 receives the key block, content key, contents 2120 and identification information and generates representative pieces of information by selecting k pieces of partial contents representative of the received contents 2120 (Step S2016). Then, the selection unit 2105 sends the generated representative pieces of information and the content and content key 2120 received, to the header information generation unit 2107. The header information generation unit 2107 receives the k pieces of representative information, contents key and contents 2120 of the selection unit 2105, and generates the selected position information 2160 and header information 2200 of the k pieces of representative information received (Step S2018). Then, the header information generation unit 2107 sends the selected position information 2160 and header information 2200, and the key block, content key and content 2120 received, to the signature information generation unit 2108. Subsequently, the signature information generating unit 2108 receives the selected position information 2160, header information 2200, key block, content key and contents 2120 of the header information generation unit 2107. When these sets are received of information, signature information generating unit 2108 reads signature key 1113 from signature key storage unit 1112 (Step S2019), and generates signature information from signature key 1113 read and information from Header 2200 (Step S2021). Then, the signature information generating unit 2108 sends the generated signature information, and the key block, selected position information 2160, header information 2200, content key and content 2120 received, to the encryption processing unit 2109. The encryption processing unit 2109 receives the signature information, key block, selected position information 2160, header information 2200, content key and contents 2120 of the signature information generation unit 2108, and generates information of selected position encrypted when encrypting the selected information position 2160 with the use of the received content key (Step S2022). Subsequently, the encryption processing unit 2109 generates encrypted contents by encrypting the contents 2120 with the use of the content key (Step S2023), and then sends the encrypted selected position information and encrypted contents. and the slaves block, signature information and header information 2200 received to the recording unit 2114. The recording unit 2114 writes the key block, selected position information recorded, header information 2200, signature information and encoded stencils. , received from the encryption prosecution unit 2109 on the DVD 2500 (Step S2024). 2. 5.2 Operational Behavior of the Execution Device 2600 The operational behavior of the execution device 2600 is dessribe is the help of a flow chart shown in Figure 36. When it is loaded is the DVD 2500, the Acquisition Unit 2601 reads the block of slaves 2510, selected position information 2510, information of 'header 2550, signature information 2570 and encrypted contents 2580 of DVD 2500 (Step S2041). Then, the acquisition unit 2601 sends the key block 2510, encrypted selected position information 2530, header information 2550, signature information 2570 and encrypted contents 2580 read to the content key acquisition unit 2602. When it receives the block of keys 2510, information of selected position 251, 2550 readout information, signature information 2570 and signed 2580 of procurement unit 2601, content key acquisition unit 2602 reads device identifiers and device keys of the device key storage unit 1604 (Step S2042). The content key acquisition unit 2602 generates a content key of the device device and device slave identifiers read and the slaves block 2510 maintained (Step S2043). The content key acquisition unit 2602 sends the generated content key, and the encrypted selected position information 2530, header information 2550, signature information 2570 and encrypted contents 2580 received, to the position information decryption unit 2606 The item information decryption unit 2606 receives the content key, encrypted selected position information 2530, header information 2550, signature information -2570 and encrypted sonnets 2580 of the content slave acquisition unit 2602, and generates position information selected by decrypting the selected position information 2530 encrypted with the use of the received content slave (Step S2044). Then, the position information decryption unit 2606 sends the selected position information generated and the content key received, the sampled information 2550, the signature information 2570 and the encrypted contents 2580 to the signature information verification unit 2611. The signature information verification unit 2611 resides the selected position information, content key, header information 2550, signature information 2570, and encrypted contents 2580 of the position information decryption unit 2606, and reads a verification key of the verification key storage unit 1612 (Step S2046). Then, the signature information verification unit 2611 verifies signature information 2570 by using the verification and read key and the. received 2550 header information (Step S2048). When the verification of the signature information 2570 is not successful (Step S2049: NO), the signature information verification unit 2611 aborts the subsequent processing on the execution device 2600. When the verification of the signature information 2570 is successful (Step S2049: YES), the signature information verification unit 2611 sends the selected position information, spreads key, sampled information 2550 and encrypted contents 2580 received, to the representative partial content decryption unit 2616. The unit of decrypting representative partial contents 2616 receives selected position information, content key, header information • 2550 and encrypted contents 2580 from the signature information verification unit 2611, and generates k pieces of representative partial contents based on the information selected position received, encrypted contents 2580 and content key (Stage S2051). Then, the representative parsing unit decryption unit 2616 generates k pieces of representative verification information composed of corresponding pieces of representative partial contents and identification information identifiers (Step S2052), and sends the k pieces of information representative of verification generated, and the content key, header information 2550 and encrypted contents 2580 received to the heading information verification unit 2617. The heading information verification unit 2617 receives the k pieces of information representative of verification, content key , header information 2550 and encrypted contents 2580 of the representative partial content decryption unit 2616, and performs header information checking 2550 using the received pieces of representative verification information (Step S2054). If the verification is unsuccessful (Step S2056: NO), the header information checking unit 2617 aborts the subsequent processing. When the verification is successful (Step S2056: YES), the header information verification unit 2617 sends the content key and encrypted contents 2580 received to the execution unit 2618. When it resides the content key and encrypted contents 2580 of the header information verification unit 2617, the execution unit 2618 generates the contents by decrypting the encrypted contents 2580 with the use of the content key received (Step S2057), expands the contents generated (Step S2058), and causes the monitor reproduce the contents (Stage S2059). 2. 6 Summary and Appropriate Effects As described, in the second embodiment, the distribution device 2100 generates the header information using only k pieces of partial contents representing between c pieces of partial contents that constitute the contents, and also generates the information signature when applying the signature generation algorithm 2600 to the header information.

The execution device 2600 carries out the verification of unauthorized contents which are included in generating k pieces of representative partial contents based on the selected position information and carrying out verifisation of the header information using the k generated pieces of information. representative partial contents. When the verification is successful, the axes 2600 starts the reproduction of the sonnets, judging that no unauthorized content is included. Thus, to carry out the verifixing of the sampled information is the use of only k pieces of c pieces of partial contents constituting the contents, a reduction in the processing load of the execution device 2600 is achieved for the verifisation. Moreover, it is also possible to reduce the processing load involved in the generation of the header information in the 2100 distribution device. 3. Third Modality A system for detecting unauthorized sonnets of agreement is described below as a third embodiment of the present invention. 3. 1 Unauthorized Content Detection System The unauthorized content detection system of the third modality is comprised of a distribution device, an execution device and a monitor, such as the unauthorized content detection system of the first modality. . 'The distribution device acquires agreements with operations carried out by an operator, and generates encrypted contents by encrypting the acquired contents. In addition, the distribution device extracts part of the content, and generates information such as the information used to detest whether unauthorized content is included in the content, signature information to prove that the content is issued by a legitimate owner of the information. and similar, are based on the extracted part of the sontenidos (hereinafter, referred to somo "a piece of representative partial contents"). The distribution device repeats the extraction of a piece of representative partial stencils, the generation of a piece of header information and the generation of a piece of signature information to generate several pieces of header and signature information, and writes the encrypted contents generated, and several pieces of header information and signature on a DVD. The DVD will be sold and distributed to users through distribution stores. The ejection device seals a piece out of one of the different pieces of signature information and the different pieces of header information recorded on the DVD, and carries out the verification of the selected pieces of signature and header information. The individual devices that make up the unauthorized content detection system of the present embodiment and the DVD are described in detail below. 3. 2 Distribution Device 3100 Figure 37 shows a structure of the distributing device of the present embodiment. As shown in Figure 37, a distribution device 3100 is comprised of an input unit 2101, a content key generation unit 2102, a key block generation unit 2103, a device information storage unit. of execution 1104, a sorting unit 3105, a sampled information generation unit 3107, a signature generation information unit 3108, a signature slave storage unit 1112, a encryption processing unit 3109 and a recording unit 3114. The input unit 2101, content slave generation unit 2102, key block generation unit 2103, unit Execution device information storage 1104 and signature key storage unit 1102 are the same as in the second embodiment, and therefore the descriptions of their component are omitted. 3. 2. 1 Selection Unit 3105 The selection unit 3105 preallows the iteration number "x" (x is an integer of 2 or more). The security unit 3105 resides the slave block, content slave "CK", contents and c pieces of identification information of the key block generation unit 2103. When it receives the key block, the "CK" content slave, contents and c pieces of identification information, the selection unit 3105 generates k pieces of representative information in the same way as the selection unit 2105 of the second mode. The selection unit 3105 repeats processing of the same type x times to generate x groups of k pieces of representative information. Here, the first group of representative information is referred to as a "first representative group" while the second group, ..., and x group of representative information are respectively referred to as a "second representative group" and a "representative x group". A specific example here is that all of the representative 1 st to x th group are composite of k pieces of representative information, however, the number of pieces of representative information may be different from group to group. Then, the selection unit 3105 sends the generated Io, 2, ..., and x representative groups, and the received key block, content key "CK", and contents to the header information generation unit 3107. 3. 2.2 Header Information Generation Unit 3105 The header information generation unit 3107 receives the 1st, 2nd and x representative groups, key block, "CK" content key, and contents of the 3105 selection unit. receives these information sets, the header information generation unit 3107 generates selected position information "POS1" and information from the "HEADl" is based on the k pieces of representative information included in the first representative group and the received contents. A specific procedure for generating the selected position information and header information is the same as the selected position information generation procedures 2160 and header information 2200 carried out by the header information generation unit 2107 of the second modality, and therefore their descriptions are omitted here. The selected position information "POS1" has the same structure as the selected position information 2160 shown in Fig. 30, while the header information "HEAD1" has the same structure as the header information 2200 shown in Fig. 31. Then, the header information generation unit 3107 generates a header identifier "HEADID1" specific to a pair of the selected position information "POS1" and header information "HEADl" generated. Here, a solection of the header identifier generated "HEADIDl", a piece of position information selected "POS1", and a piece of header information "HEADl" is referred to as a "1st header group". The header information generation unit 3107 repeats processing of the same type for the 2nd, 3rd, ..., and x representative groups to generate 2 °, 3 °, ..., x header groups. Then, the sampler information generating unit 3107 extracts header identifiers from the 1st to x header groups, and generates header selection information composed of x pieces extracted from the identifiers of the sacking. Figure 38 'shows an example of a stressing of the latch generation information generated at this point. The header selection information 3130 is composed of x pieces of header identifiers, and the header identifiers correspond respectively to the 1st to x sets of the header. Then, the header information generation unit 3107 sends the header selection information 3130 and 1 °, 2 °, ..., and x generated header groups, and the key block, content key "CK" and contents received to the signature information generation unit 3108. 3. 2.3 Signature Information Generation Unit 3108 The Signature Information Generation Unit 3108 receives the header selection information 3130, 1 °, 2 °, .-., And header groups, key block, key of contents "CK" and addresses of the header generation unit 3107. When receives these data sets, the signature information generation unit 3108 reads the signature key 1113 from the signature key storage unit 1112. Next, the signature information generation unit 3108 generates a piece of signature information "Signl" with the use of the "HEADl" header information included in the 1st. Header group and signing key 1113 read. A specific procedure for generating the signature information piece is the same as the one carried out by the signature information generation unit 2108. Here, the term. "1st Sampling Group" is reassigned to a result formed by adding the generated signature information element "Signl" to the sampled identifier "HEADID1", the piece of position information selected "POS1", and the information piece of heading "HEAD1". The signature information generating unit 3108 repeats processing of the same type for the 2nd ax header groups to generate pieces of signature information, and again forms 2nd axes of the counters when adding the generated pieces of signature information respectively to the corresponding header identifiers, pieces of position information selected and pieces of header information. Then, the signature information generation unit 3108 sends the 1st, 2nd, ..., and x sets of the latch, and the latch release information 3130, slave block, content slave "CK", and content received to the encryption processing unit 3109. 5. 3.2. 4 3109 Encryption Processing Unit The 3109 enrollment prosecution unit receives the 1st, 2nd, ..., and x header groups, header selection information 3130, slaves block, 0 content slave "CK2 and contents of the signature information generating unit 3108. The 3109 feature prosecution unit generates c pieces of encrypted partial contents by applying the encryption algorithm to individual pieces of partial contents that constitute the received contents with the use of the key. contents "CK" resibida, and puts the c generated pieces of 'partial contents encrypted together to form encrypted contents.The encrypted contents generated in this point have the same structure as the encrypted contents 2220 of figure 32. Then, the processing unit encryption 3109 extracts the selected position information piece "POS1" from the 1st header group, and generates a pi Selected position information information encrypted "EPOS1" when applying the encryption algorithm El to the extracted piece of selected position information "P0S1" with the use of the content key "CK". Then, the encryption processing unit 3109 replaces the selected position information piece "POS1" included in the ler. header group with the generated piece of selected position information encrypted "EPOS1". Here, EPOS1 = Jan (CK, POS1). The encryption processing unit 3109 does the same with the 2nd to x header groups to generate pieces of selected encrypted position information, and replaces the corresponding pieces of selected position information are the specified encrypted possion information pieces. Next, the encryption processing unit 3109 sends the 1st, 2nd, ..., and x header groups, the generated encrypted contents and the header selection information received 3130 and the key block to the. recording unit 3114. 3. 2. 5 Recording Unit 3114 The recording unit 3114 receives the 1st, 2nd, ..., and x header groups, encrypted contents, selection information of the 3130, and block of slaves from the processing unit encryption 3109, and write the 1st, 2nd, ..., and x header groups, encrypted contents, header selection information 3130 and key block received on a DVD. 3. 3 DVD 3500 Figure 39 shows information recorded by a DVD according to the present modality. As shown in Figure 39, a DVD 3500 stores a key block 3510, header selection information 3520, a ler. header group 3530, a 2nd header group 3540, ..., and an x header group 3560, and encrypted contents 3580. Each of the ler. Sampling group 3530, 2nd header group 3540, ..., and x header group 3560 is composed of a sampled identifier, a piece of encrypted selected position information, a piece of header information and a piece of information from firm . For example, the ler. header group 3530 is composed of a header identifier "HEAD1" 3531, a piece of selected position information encrypted "EPOS1" 3532, a piece of header information "HEAD1", and a piece of signature information "Signl" 3534. These sets of information have been written to the DVD 3500 by the distribution device 3100. The structure of each set of information is as previously mentioned, and therefore its description is omitted here. 3. 4 Execution Device 3600 As shown in Fig. 40, an execution device 3600 is comprised of an acquisition unit 3601, a content key acquisition unit 2602, a device key storage unit 1604, a storage unit, and a storage unit. position information decryption 2606, a signature information verification unit 2611, a verification key storage unit 1612, a representative partial content decryption unit 2616, a sampled information verification unit 2617 and a unit of axes 2618. The components that are not the acquisition unit 3601 have the same structures and operational behaviors as the content key acquisition unit 2602, device key storage unit 1604, position information decryption unit 2606, unit of signature information verification 2611, storage unit of verification keys 1612, representative partial contents decryption unit 2616, header information verification unit 2617 and execution unit 2618 constituting the execution device 2600 of the second mode. Now, therefore, only the acquisition unit 3601 is described here. 3. 4. 1 Acquisition Unit 3601 When it detects the DVD 3500 that is being loaded therein, the acquisition unit 3601 reads the header selection information 3520 of the DVD 3500. Then, the 'acquisition unit 3601 selects one of the identifiers "HEADIDl", "HEADID2", "HEADID3", ...,. and "HEADIDx" included in the header information read 3520 with the use of a random number. The selection method is not limited to this, and any method is applicable as long as it is difficult for a third party to predict which identifier is selected. Then, the acquisition unit 3601 removes, from the 1 °, 2 °, ..., and x header groups recorded on the DVD 3500, a header group that includes the selected header identifier, and reads a piece of information of selected encrypted position, a piece of header information and a signature information piece of the header group. Subsequently, the acquisition unit 3601 reads the key block 3510 and encrypted contents 3580 of the DVD 3500, and sends the key block 3510 read, encrypted contents, encrypted selected position information, header information and signature information to the unit. acquisition of content key 26023. 5 Summary and Appropriate Effects As already described, the distribution device 3100 of the third mode generates x groups, each of which is composed of a piece of selected position information encrypted, a piece of header information, and a piece of signature information, and the execution device selects one of the x groups and carries out the verification of whether unauthorized contents are included using a piece of encrypted selected position information, a piece of header information, and a piece of signature information of the selected group. Thus, by increasing the number of pieces of representative partial content used for verification, it is possible to increase the position to detect unauthorized content. In addition, it is difficult to predict which heading group, from 1st to x header groups, is selected on the 3600 execution device, and therefore it is possible to avoid fraudulent acts that include specifically replacing only parts and partial contents that will not be ' used for verification with unauthorized content. 4. Fourth Mode A system of detesting unauthorized contents according to a fourth modality of the present modality is described below. 4. 1 Unauthorized Content Detection System The system of unauthorized contents of a fourth modality is composed of a distribution device, an execution device and a monitor, as in the first modality. The distribution device acquires contents according to the operations of an operator, and generates encrypted contents by encrypting the acquired contents. In addition, the distribution device divides the contents into several pieces of partial contents, and generates header information used to verify if unauthorized contents are included in the contents as well as signature information to prove that the contents are issued by a copyright owner. legitimate based on all the pieces of the partial contents. The distribution device writes the generated encrypted contents, signature information and the like on a DVD. The DVD will be sold or distributed to users through distribution stores. When loaded with the DVD, the execution device selects some pieces of the various pieces of partial contents that constitute the contents, and verifies the header information using only the selected parts of partial contents. The individual devices that make up the unauthorized content detection system of the present embodiment and the DVD are described in detail below. 4. 2 Distribution Device 4100 Figure 41 shows a structure of the distribution device of the fourth embodiment. As shown in Figure 41, a distribution device 4100 is composed of an input unit 4101, a content key generation unit 4102, a key block generation unit 4103, a device information storage unit. of execution 1104, a partial content generation unit 4105, a header information generation unit 4107, a signature information generation unit 4108, a signature key storage unit 1112, a 4109 encryption processing unit and a recording unit 4114. 'Individual components constituting the distribution device 4100 are described below. Note that, since the execution device information storage unit 1104 and the signature key storage unit 1112 are the In the first modality, the descriptions of these somponents were left out. 4. 2. 1 Input Unit 4101 The input unit 4101 acquires the contents of an external device or external recording medium according to the operation of the distribution device 4100 operator. The contents acquired here are in a reproducible format for a 4600 execution device. (as will be described hereinafter in detail), and the DVD-Video format and the MPEG-2 format are examples of these reproducible formats. The input unit 401 issues the acquired contents to the content key generation unit -4102. 4. 2.2 'Content Key Generation Unit 4102 The content key generation unit 4102 receives the contents of the input unit 4101. When it receives the contents, the content key generation unit 4102 generates a pseudo number. random, and generates a content key "CK" that has a length of 128 bits with the use of the pseudo random number generated. Instead of a pseudo random number, a real random number can be generated using, for example, noise in a signal. Then, the key generation unit 4102 sends the content key "CK" generated and the files received to the key block generation unit 41034. 2. 3 Key Block Generation Unit 4103 The key block generator unit 4103 receives the contents key "CK" and contents of the content key generation unit 4102. When it receives the content key "CK" and contents, the key block generation unit 4103 generates a key block using the received "CK" content key and a device identification table stored in the execution device information storage unit 1104. A specific procedure for generating the key block is the same as that carried out by the generation unit of the key block 1103 of the first mode, and therefore the description is omitted. Then, the key block generation unit 4103 sends the generated key block, and the content key "CK" and received contents to the partial content generation unit 4105. 4. 2. 4 Partial Content Generation Unit 4105 The partial content generation unit 4105 receives the key block, content key "CK" and contents of the key block generation unit 4103. When it receives these sets of information, the partial content generation unit 4105 divides the contents received into parts of partial contents "CNT1", "CNT2", "CNT3", ..., and "CNTc". For example, when the contents are in the DVD-Video format, VOBs or VOBUs can be used as the division unit. On the other hand, when the contents are in the MPEG-2 format, GOPs (Group of Images), fields, frames, or intermediate images can be used as the division unit. As an alternative, regardless of the format of the contents, the contents can be divided every 64 kilobytes, or each portion corresponding to one second of the reproduction time. The c pieces of partial contents generated in this point are collectively referred to as divided contents. Then, the partial content generation unit 4105 generates identification information pieces "AD1", "AD2", "AD3", ..., and "ADc" corresponding respectively to the n parts generated from partial contents. Each piece of identification information is information that identifies only one piece. corresponding partial contents, and is, for example, a starting point of reproduction of the piece of the parsial contents that is specified by reference to the header of the contents, or a deviation of the header of the contents. Figure 42 shows divided contents and identification information generated in this point. The divided contents 4120 are composed of c parts of partial contents "CNT1" 4121, "CNT2" 4122, "CNT3" 4123, ..., and "CNTc" 4127.. Each piece of the partial contents corresponds to a piece of identification information. For example, a piece of identifying information "AD1" 4131 is information for identifying the piece of partial contents "CNT1" 4121. Then, the partial content generation unit 4105 sends the c pieces of identification information of 4120 divided spheres , and the key block and content key "CK" received to the header information generation unit 4107. 4. 2. 5 Information Generation Unit of Header 4107 The header information generation unit 4107 receives the c pieces of identification information "ADl", "AD2", "AD3", ..., and "ADc", and divided contents 4120, key block and key of contents "CK" of the unit of generation of partial files 4105. When it receives these information sets, the unit of information generation of header 4107 generates an identifier of information of identification "ADID1" that uniquely identifies the piece of information identification "ADl" with the use of a random number. Here, a pair of the identification information identifier generated "ADIDl" and the piece of identification information received "AD1" is referred to as "a piece of content detection information". Then, the header information generation unit 4107 extracts the partial contents "CNTl" 4121 from the divided contents 4120 based on the received pieces of identification information "AD1", and calculates a partial remelting value "HAl" when assigning the part extracted from partial contents "CNTl" 4121 to the recast function. Here, a pair of the identification information identifier "ADIDl" and recast value "HA1" is referred to as "a piece of information of partial recasting". The header information generation unit 4107 repeats processing of the same type for the remaining pieces of identification information "AD2", "AD3", ..., and "ADc" to generate pieces of detection information of pads and pieces of information. partial recast information. After, the header information generation unit 4107 generates content position information composed of the c generated detent data pieces. Figure 43 shows a structure of the content position information generated at this point. The content position information 4140 is comprised of c pieces of content detection information 4141, 4142, 4143, ..., and 4146-; Each piece of content detection information includes an identification information identifier and a piece of identification information. As an example, the pager information detecting piece 4141 includes an identification information identifier "ADIDl" 4151 and the identification information piece "ADl" 4131. Subsequently, the paging information generation unit 4107 generates information from header composed of the c partial recast information pieces generated. Figure 44 shows a structure of the header information generated at this point. The header information 4160 is comprised of c pieces of partial recast information 4161, 4162, 4163, - .., and 4166. Each piece of the partial recast information includes an identifying information identifier and a recast value partial, and corresponds to a piece of smudge detection information which is the content item information 4140. For example, the piece of partial recast information 4161 includes an identifier of identification information "ADID1" 4171 and a recast value partial "HA1" 4172. Then, the header information generation unit 4107 sends the information, of the position of the contents 4140 and the generated header information 4160, and the divided contents of the 4120, key block and content key "CK" received to the signature information generation unit 4108. 4. 2. 6 Signature Information Generation Unit 4108 The Signature Information Generation Unit 4108 receives the content position information 4140, header information 4160, divided contents 4120, key block and content slave "CK" of the header information generation unit 4107. When it receives these information sets, the unit of signature generation 4108 extracts recast values included in individual pieces of partial recast information that constitutes the received 4160 header information. The signature information generating unit 4108 generates a value, of combined recasting by assigning a combined result formed by combining the c pieces of partial recast values "HA1", "HA2", "HA3", ..., and " HAc "extracted with the recast function. Then, the signature information generating unit 4108 reads the signature key 1113 of the signature key storage unit 1112, and generates signature information by applying the signature generation algorithm S to the combined recast value generated are the use of the signed signature slave 1113. When it has generated the signature information, the signature information generation unit 4108 sends the generated signature information, and the content position information 4140, header information 4160, divided contents 4120 , -block of keys and content key "CK" received, to the encryption processing unit 4109. 4. 2. 7 Encryption Processing Unit 4109 The encryption processing unit 4109 receives the signature information, content position information 4140, header information 4160, divided contents 4120, key block and content key "CK" of the signature information generating unit 4108. When - receiving these information sets, the encryption processing unit 4109 generates a piece of encrypted parsial pads "ECNT1" by applying an encryption algorithm to the piece of partial contents "CNT1" 4121 which constitutes divided contents 4120 divided. The processing unit 4109 repeats the processing of the same type for the pieces of partial contents "CNT2" 4122, "CNT3" 4123, ..., and "CNTc" 4127 to generate pieces of partial contents encrypted "ECNT2", " ECNT3", ..., and" ECNTc ". Next, the encryption processing unit 4109 generates encrypted contents composed of the c generated pieces of partial contents encrypted "ECNT1", "ECNT2", "ECNT3", ..., and "ECNTc". The encrypted contents generated in this point have the same structure as the encrypted contents 2220 (figure 32) of the second modality. Then, the encryption processing unit 4109 sends the generated encrypted contents, and the signature information, contents positing information 4140, header information 4160 and slave blocks received the recording unit 4114. 4. 2. 8 Recording Unit 4114 The 4114 recording unit is loaded with a DVD. The recording unit 4114 receives the encrypted contents, signature information, content position information 4140, header information 4160 and key block of the. encryption processing unit 4109. When receiving these information sets, the recording unit 4114 writes the encrypted contents, signature information, content position information 4140, header information 4160 and block of keys received on the DVD. 4. 3 DVD 4500 Figure 45 shows information stored on a DVD of the fourth mode. As shown in Figure 45, a DVD 4500 stores a key block 4510, content position information 4530, header information 4550, signature information 4570 and encrypted contents 4580-. These information sets have been written by the 4100 distribution device. The structures of the individual information sets are as indicated above, and therefore the descriptions are omitted here. 4. 4 Execution Device 4600 Figure 46 shows a structure of the execution device of the fourth embodiment. As shown in Fig. 46, an execution device '4600 is comprised of a procurement unit 4601, a content key acquisition unit 4602, a device key storage unit 1604, an information verification unit of signature 4606, a verification key storage unit 1612, a selection unit 4611, a partial content decryption unit 4616, a header information verification unit 4617, and an ejection unit 2618. The individual somponentes that constitute the 4600 shaft drive device are described in detail below. Note that, since the device key storage unit 1604 and the verification key storage unit 1612 are the same as in the first mode, while the execution unit 2618 is the same as in the second mode, they are omitted the descriptions of these components. 5 4. 4. 1 Acquisition Unit 4601 The acquisition unit 4601 is loaded with the DVD 4500. When it detects the DVD 4500 loaded therein, the acquisition unit 460-1 reads the slaving block 4510, -105 posison information of 4530, header information 4550, signature information 4570 and encrypted contents 4580, and send key block 4510, content position information 4530, header information 4550, signature information 4570 and sonnets readings 4580 read to the acquisition unit of elve de sontenidos 4602. 4. 4. 2 Content Acquisition Unit 4602 0 The content key acquisition unit 4602 receives the key block 4510, content position information 4530, header information 4550, signature information 4570 and encrypted contents 4580 of the acquisition unit 4601. When receiving these information sets, the key acquisition unit of 4602 generates the content slave "CK" when using the received key block 4510, the device identifier "AID_p" and the device key "DK_p" stored by the device key storage unit 1604. A procedure for generating the content key "CK" is the same as that carried out by the content key acquisition unit 1602 that constitutes the execution device 1600 of the first mode, and therefore its description is left out. Then, the content key acquisition unit 4602 sends the content key "CK" generated, and the content position information 4530, header information 4550, signature information 4570 and encrypted contents 4580 received to the verification unit of signature information 4606. 4. 4. 3 Signature Information Verification Unit 4606 The Signature Information Verification Unit 4606 receives the "CK" content key, content position information 4530, header information 4550, signature information 4570 and encrypted files 4580 of the content key acquisition unit 4602. When it receives these information sets, the unit of signature information verification 4606 leads to tas verification of signature information 4570 in the following procedure. First, the signature information verification unit 4606 extracts partial recast values of individual pieces of parsial recaster information that are the header information received, and calculates a recast value combined with signature verification by assigning a combined result formed to the combine the partial recast values extracted "HA1", "HA2", "HA3", ..., and "HAc" with the recast function. Then, the signature information verification unit 4606 reads a verification key 1613 from the verification key storage unit 1612, and generates signature verification information by applying the signature verification algorithm V to the recast value combined with calculated signature verification. Then, the signature information verification unit 4606 compares the generated signature verification information and the received signature information. When these two do not match, the signature information verification unit 4606 judges that the verification of the signature information 4570 is unsuccessful, and aborts the sub-sequent processing in the 4600 shaft transfer device. When these two are resolved, the verification unit of signature information 4606 judges that the verification of signature information 4570 is successful, and sends the content key "CK" received, content position information 4530, header information 4550 and encrypted content 4580 received to the unit- 4611 selection. 4. 4. 4 Selection Unit 4611 The selection unit 4611 receives the contents key "CK", content position information 4530, header information 4550 and encrypted contents 4580 of the signature information verification unit 4606. When receiving these For information sets, the selection unit 4611 generates selected position information from the content position information 4530 received in a procedure described as follows. Figure 47 shows a general outline of a method for generating the selected position information carried out by the selection unit 4611 and a structure of the selected position information generated at this point. The procedure for generating the selected position information with the help of FIG. 47 is described below. The selecting unit 4611 selects k pieces of c pieces of content detection information 4531, 4532, 4533, ..., and 4536 which constitutes the content position information 4530 received, with the use of random numbers. The selection method is not limited to this, and any method is applicable as long as it is difficult for a third party to predict which pieces were selected. Figure 47 shows a saso on the sual k pieces including pieces of information content sensing 4531, 4533 and 4536 have been selected. Then, the selection unit 4611 generates selected position information 4620 composed of the selected k pieces of content detection information 4531, 4533, ..., and 4536. Then, the detection unit 4611 generates selection cueing information in The following procedure is based on the information of the 4550 resampling. Figure 48 shows a general outline of a method for generating the selection header information and a structure of the selection header information. Next, an explanation of the procedure for generating the selection header information is given with the help of FIG. 48. First, the selection unit 4611 extracts an identifier of identification information from one of the pieces of information for detecting data. contents 4531, 4532, ..., and 4536 which constitute the selected and generated position information 4620, and additionally extracts pieces of partial recast information 4551, 4553, ..., and 4556 including the same identifiers of identifying information as Identification information identifiers "ADID1", "ADID3", ..., and "ADIDc" extracted. Then, the selection unit 4611. generates selection header information 4630 from the parts extracted from partial recast information 4551, 4553, ..., and 4556. Then, the selection unit 4611 sends the selected position information. 4620 generated and the selection header information 4630, and the content key "CK" and encrypted contents 4580 received to the partial content decryption unit 4616. 4. 4. Partial Content Decryption Unit 4616 The partial content decryption unit 4616 receives the position information 4620, selection header information 4630, "CK" content key and selected encrypted contents 4580 from the selection unit 4611. When it receives these information sets, the partial content decryption unit 4616 generates verification contents in. an elaborate prosedimiento somo follows. Figure 49 shows a general outline of a procedure for generating verification contents and a structure of verification contents 4650 generated at this point. The procedure for generating the verification contents is described below with the help of Figure 49. First, the partial contents desensitization unit 4616 extracts the identification information piece "AD1" from the content detection information 4531 which constitutes the Selected position information 4620 received, and also extracts the piece of parsed contents "ECNT1" from the received entries received 4580 based on the piece of identification information "AD1" extracted. The partial content decryption unit 4616 generates the partial content piece "CNT1" by applying the decryption algorithm DI to the extracted partial content piece "ECNT1". Subsequently, the partial contents decryption unit 4616 generates a piece of information of partial verification contents 4651 composed of the identifier of identification information "ADID1" included in the piece of content detection information 4531 and the piece of partial contents "CNT1"generated. The parsing content decryption unit 4616 repeats the same type of resampling for the rest of the pieces of content detection information 4532, ..., and 4536 to generate pieces of partial content information of verification 4652, ..., and 4656. Then, the partial content decryption unit 4616 generates the verification contents 4650 composed of the k generated pieces of information of partial verification contents. When it has generated the verification contents 4650, the partial content decryption unit 4616 sends the generated verification contents 4650, and the generation information 4630, slave of the "CK" and signed entries 4580 received, to the unit of verification 4650. verification of header information 4617. 4. Four . 6 Information Verification Unit of Header 4617 The header information verification unit 4617 receives the verification contents 4650, selection header information 4630, content key "CK" and encrypted contents 4580 of the partial content decryption unit 4616. When it receives these sets of In this case, the verification information verification unit 4617 generates a verification recast value "Hl" when assigning a piece of partial contents "CNTl" 4624 included in the first piece of information of partial verification contents 4651 which are the contents of the 4650 verification received to the recast function. Then, the header information verification unit 4617 extracts an identifier of identification information "ADID1" 4621 included in the piece of information of partial contents of verification 4651.

Then, the header information verification unit 4617 detests a partial recast information piece 4551 that includes the same identifier of identifying information as the identifier of identifying information "ADID1" 4621 extracted from the received information header information 4630, and extracts a parsial reassessment value " HA1"4632 included in the partial recast information detected 4551. Then, the paging information verification unit 4617 sompara the extracted parsial reassessment value" HA1"4632 and the calculated check recast value" H1". The header information verification unit 4617 repeats processing of the same type for the rest of the pieces of information of partial verification checks 4652, ..., and 4656, and takes into account the somparation of a partial recast value with a recast value of verification k times. When even one of the k comparisons a partial recast value and a recast check value are not formed to each other, the unspooling information verification unit 4617 aborts the subsequent prosecution in the execution device 4600. When all the pairs of a partial recast value and a check recast value agree on the k comparisons, the header information verification unit 4617 sends the "CK" and subscript 4580 received key to the execution unit 4618. 4. 5 Operational Behaviors The following describes the operational behaviors of the 4100 distribution device and the 4600 axle drive device. 4. 5. 1 Operational Behavior of the Distribution Device 4100 Figure 50 is a flow chart showing an operational behavior of the distribution device 4100, while Figure 51 shows a flow of the contents of the distribution behavior in the operational behavior of the distribution device. 4100. The operational behavior of the distribution device 4100 is described with the help of FIGS. 50 and 51. The input unit 4101 acquires the contents • (Step S4012), and sends the acquired contents to the content key generation unit. 4102. The content key generation unit 4102 receives the contents, generates a content key in the use of a random number (Step S4013), and sends the received content key and received received stencils to the block generation unit. 4103. When you receive the contents and contents key, the key block generation unit 410 3 generates a block of keys, and sends the generated key block, and the slave of content and contents received to the generation unit of partial contents 4105 - (Step S4014). The partial content generation unit 4105 receives the key block, content key, contents of the slaves block generating unit 4103. Then-, the partial content generation unit 4105 divides the received contents 4119, as shown in figure 51, to generate c partial contents pieces (Step S4016), and places the c partial content pieces generated together to form the divided contents 4120. Thereafter, the partial content generating unit 4105 generates pieces of identification information corresponding respectively to the c generated pieces of parsial pads (Step S4018), and sends the divided generated pads 4120 and the c pieces of identifying information, and the block of keys, content key and files held to the header information generation unit 4107. The header information generation unit 4107 receives the divided contents, c pieces of identification information, slaves block and key of contents of the partial content generation unit 4105, generates information identifiers Identification code corresponding respectively to the received pieces of identification information, and further generates the content position information 4140 which includes identifiers identifying information generated and pieces of identification information. Furthermore, as shown in Fig. 51, the header generation information unit 4107 calculates c partial recast values by individually assigning the c partial content pieces that constitute the divided contents 4120 received to the recast function, and generates the sampled information 4160 which includes the calculated piece of partial recast values • (Step S4019). Then, the header information generation unit 4107 sends the generated position information 4140 and the header information 4160 generated, and the key block and content key received to the signature information generation unit 4108. The signature information generation unit 4108 receives the content location information 4140, header information 4160, key block, and content key of the header information generation unit 4107. As shown in Figure 51, the signature information generation unit 4108 extracts c pieces of parsial recast values included in the received header information, combines the c partial pieces of recast values extracted, and calculates a combined recast value by assigning the combined result to the recast function (Step 'S4021). Then, the signature information generation unit 4108 reads the signature key 1113 of the signature key storage unit 1112 (Step S4022). As shown in Figure 51, the signature information generating unit 4108 generates the signature information 4170 by applying a signature generation algorithm to the combined recast value generated with the use of the signature key 1113 read (Step S4023). Then, the signature information generation unit 4108 sends the generated signature information, and the content position information 4140, header information 4160, divided contents 4120, and content key held to the encryption prosecution unit 4109. 5 The encryption processing unit 4109 receives the signature information, content position information 4140, header information 4160, divided contents 4120 and content key, and generates encrypted contents by encrypting individual pieces of partial contents that constitute the divided contents 4120 with the use of the content key • (Stage S4024). The encryption processing unit 4109 sends the generated encrypted contents, and the signature information, content position information 4140, header information 4160 and block of received keys, to the recording unit 4114. The recording unit 4114 receives the encrypted contents, signature information, content position information 4140, header information 4160 and key block, and write the key block, - content position information 4140, header information 4160, signature information, encrypted contents received on the DVD 4500 (Stage S4026). 4. 5.2 Operational Behavior of the Execution Device 4600 Figures 52 and 53 are flowcharts that show an operational behavior of the execution device 4600. Figure 54 schematically shows information handled by individual components that constitute the execution device 4600. Note that the same Reference stage numbers in Figures 42 to 54 indicate the same processing. Next, the operational behavior of the ejection device 4600 is explained with the help of FIGS. 52 to 54. When it is loaded with the DVD 4500, the acquisition unit 4601 reads the key block 4510, content position information 4530, header information 4550, signature information 4570 and encrypted contents 4580 of the DVD 4500 (Step S4041), and send these read information sets to the content slave acquisition unit 4602. The content key acquisition unit 4602 receives the key block 4510, content position information 4530, header information 4550, signature information 4570, and encrypted contents 4580, and generates the key of contenders by the use of the slaved block 4510, a device identifier and a device key stored by the device key storage unit 1604 (Step S4042). Then, the content key acquisition unit 4602 sends the generated content key, and the content positing information 4530, header information 4550, signature information 4570 and encrypted contents 4580 received, to the information verification unit signature 4606. The signature information verification unit 4606 resides the sonnet slave, 4530 header information, 4550 header information, 4570 signature information and 4580 encrypted contents, combine c partial recast values included in the 4550 received reed information, and generate a signature verifying a combined recast value by assigning the combined result to the recast function (Step S4043). Then, the signature information verification unit 4606 reads the verification key 1613 from the verification key storage unit 1612 (Step S4044), and verifies the received signature information 4570 by using the 1613 verification key read and the combined re-merging value of combined signature verification (Step S4046). If the verification of the signature information 4570 or is successful (Step S4048: NO), the signature information verification unit 4606 aborts the subsequent prosecution in the execution device 4600. If the verification of the signature information 4570 is Successful • (Step S4048: YES), the signature information verification unit 4606 sends the content slave, content position information 4530, header information 4550 and encrypted content 4580 received, to the 4611 selection unit. When it receives the content key, content position information 4530, query information 4550 and encrypted files 4580, selection unit 4611 selects k pieces of the c pieces of content detection information included in the content of the content of content 4530 (Stage S4049). Then, the signaling unit 4611 generates the selected position information 4620 composed of the selected pieces of detentsion information of pads (Step S4051). Then, the selection unit 4611 selects k pieces of partially recast information from the received header information 4550, based on the identification information identifiers included in the k pieces of content detection information constituting the selected position information. 4620 generated (Step S4053), and generates the selection header information 4630 composed of the selected k pieces of partial recast information (Step S4056). Then, the selection unit 4611 sends the selected position information generated 4620 and the selection sampled information 4630, and the content key and encrypted contents 4580 received to the pager unit decryption unit 4616. The content decryption unit partial 4616 receives the selected position information 4620, information, selection header 4630, content key and encrypted contents 4580, and extracts k pieces of encrypted partial contents 4581, 4582, 4583, ..., and 4586 from the contents encrypted 4580 are based on the identifi- cation information pieces inscribed in the selected position information 4620 received as shown in Figure 54 (Step S4057). Then, the partial content decryption unit 4616 generates partial contents pieces by decrypting the k pieces extracted from encrypted partial contents 4581, 4582, 4583, ..., and 4586 (Step S4059). Then, the partial content decryption unit 4616 generates the verification contents 4650 including k pieces of identification information identifiers included in the selected position information 4620 received and the k pieces generated from partial contents (Step S4061). The paging unit desynchronization unit 4616 sends the generated verification contents 4650, and the selection header information 4630, content key and encrypted contents 4650 received to the header information verification unit 4617. The information verification unit of header 4617 receives the contents of verification 4650, header information of selection 4530, content key, and encrypted contents 4580. When receiving these information sets, the verification information verification unit 4617 generates k pieces of verification recast values upon assigning individually. k partial contents pieces 4591, 4592, 4593, ..., and 4596 included in the 4650 verification contents supported to the recast function (Step S4062), and individually compares k pieces of partial recast values included in the information of header received and corresponding generated check recast values (Step S4064: YES). In the comparison of k pairs, each of which is composed of a check recast value and a corresponding partial recast value, when any pair is not formed to each other (Step S4066: NO), the verifisation unit of Header information 4617 aborts the subsequent processing on the 4600 execution device.

In the comparison of k pairs, when all the pairs show agreements (Step S4066: YES), the header information verification unit 4617 sends the content key and encrypted contents 4580 received to the axision unit 2618. The unit of ejecusion 2618 resides the slave of encrypted sonnets and encoders 4580 of the header information verification unit .4617, generates contents composed of c pieces of partial contents by desensitting individual encrypted partial contents that constitute the received encrypted contents 4580 with the use of the content key received (Step S4067), expands the contents generated (Step S4068), and causes the monitor to reproduce the expanded contents (Step S4071). 4. 6 Summary and Appropriate Effects As described, the system of depreciation of unauthorized contents of the fourth embodiment is composed of the distribution device 4100 and ejection device 4600, and the distribution device 4100 generates c parts of partial contents by dividing the content, and also generates header information and verification information with the use of all the c parts of partial contents generated. Execution device 4600 selects k pieces of c pieces of parsial scripts that are the encrypted stencils, and extracts k pieces of partial recast values corresponding to the selected parts of partial contents of c pieces of partial recast values included in the statement information. The execution device 4600 verifies only the selected pieces of partial contents encrypted by using the k pieces extracted from partial recast values. Only when the verification is successful, the 4600 ejection device generates the sounds by decrypting the encrypted contents and playing the decrypted contents. Thus, by limiting, to k pieces, the number of pieces of encrypted partial content used for the verification of whether unauthorized content is included, it is possible to redress the prosessing twig involved in the verification. By selecting a different piece of encrypted partial contents with the use of a random number each time a 4600 execution device performs the verification, it is possible to complement the precision degradation to detect unauthorized content because it is limited, only ak pieces, the number of pieces of encrypted partial content used for verification. In addition, it is difficult to predict which parts of encrypted partial contents are to be used for verification, and therefore it is possible to avoid fraudulent acts that include replacing, between pieces of the encrypted partial contents that constitute the encrypted contents, specifically only pieces of parsial contents that will not be used for verification with unauthorized contents.

. Fifth Mode A detection system for unauthorized sonnets is described below in a fifth embodiment of the present invention. . 1 Unauthorized Content Detection System The non-authorized contents depreciation system of the fifth modality is composed of a distribution device, an execution device and a monitor, as in the first modality. The distribution device acquires contents in accordance with the operations of an operator, and generates contents recorded when recording the acquired contents. In addition, the distribution device generates unit capture information, header information and signature information used in the ejection device to verify the validity of the contents. The distribution device acquires a storage capacity of a writable area on a DVD and data sizes of the different information generated. The device . distribution calculates a filling capacity that is found by subtracting the sum of the data sizes acquired from the different information of acquired storage sapacity, fill contents are generated that have a data size corresponding to the capacity of filled calsulated , and eseribe the fillings generated in the DVD along with the varied information. . 2 Distribution Device 5100 Figure 55 shows a structure of a fifth mode distribution device. As shown in Figure 55, a distribution device 5100 is composed of an input unit 1101, content key generation unit 1102, a key block generation unit 1103, a device information storage unit, execution 1104, a unit generation unit 5105, a encryption processing unit 5106, a header information generation unit 5107, a content filling generation unit 5108, a signature information that refers to unit 5111, a signature key storage unit 1112 and a recording unit 51114. The individual components that make up the distribution device 5100 are described below. Note that, since the input unit 1101 contains key generation unit 1102, the key block generation unit 1103, execution device information storage unit 1104, and signature key storage unit 1112 are the same as in the distribution device 1100 of the first embodiment, and therefore these descriptions have been omitted. . 2. 1 Unit Generation Unit 5105 Since the unit generation unit 1105 described in the first embodiment, unit generation unit 5105 resists are maintained, the suals are composed of c file pieces "CNT1", "CNT2" , "CNT3", ..., and so on, or of the input unit 1101, and generates unit capture information and divided contents with the use of the contents received. The procedures for generating the unit sapure information and the divided contents are the same as those carried out by the unit generation unit 1105 of the first embodiment, and the structures of the unit capture information and divided contents generated here are as shown in figures 6 and 7, respectively, and therefore the descriptions are omitted. . Then, the unit of unit generation 5105 . sends the generated split sondes to the encryption processing unit 5106, while sending the generated unit sampure information to the fill sonde 5108. . 2.2 Encryption Processing Unit 5106 The encryption processing unit 5106 receives the divided sonnets from the unit generation unit 5105, and generates encrypted divided contents and encrypted contents are based on the divided sonnets reeibidos. The efforts to generate these encrypted divided contents and encrypted contents are the same as those carried out by the encryption processing unit 1106 of the first embodiment, and the structures of the generated encrypted sonnets and the encrypted divided contents are here as shown. in Figures 9 and 10, respectively, and therefore the descriptions are omitted. Then, the encryption processing unit 5106 sends the generated encrypted split contents to the header information generation unit 5107, while sending the generated encrypted contents to the recording unit 5114 and filler content generation unit 5118. . 2.3 Filling Content Generation Unit 5108 The Filling Content Generation Unit -5108 pre-stores a key block size "KBSIZE", a • "FISIZE" file information size, a "USIZE" unit recast size, a "FSIZ?" File recast size, an "RT" and a split number "". The unit recast size "USIZE" shows a data size of unit recast information pieces constituting a first recast table generated by the header information generation unit 5107. Speaking specifically, the unit recast information here is the same as the unit recast information generated by the header information generation unit 1107 of the first mode. The "FSIZE" file recast size shows a bit length of pieces of recast information that are a 2nd recast table generated by the header information generation unit 5107. Specifically speaking, recast information of The file here is the same as the file recast information generated by the header information generation unit 1107 of the first mode. The "RT" relationship shows a bit-length relationship between the information A and a signature SignA in the case where the signature information generating unit 5111 generates the SignA signature by applying the signature generation algorithm S to the A. The divided number "j" is the number of units generated by the filling content generation unit 5108 that divides the contents of the filling (as hereinafter described in detail). In addition, the fill content generation unit 5108 is stored with 56-bit length reproduction information impracticability "DAMY" which indicates that the fill contents are not capable of being reproduced. The filling content generation unit 5108 receives the unit capture information of the unit generation unit 5105, while receiving the encrypted contents of the 5106 encryption processing unit. When it receives the unit capture information and encrypted contents, the content generation unit of fill 5108 calculates a fill capacity with the use of the received unit capture information and encrypted contents in the following procedure, generates fill contents based on the calculated fill capacity and updates the unit capture information. A. Detailed descriptions of the filling sausage calender (a), the generation for the fill stents (b), and the update of the unit capture information (c) mentioned above are given below. (a) Calculation of the Fill Capacity The fill capacity indicates free space on a DVD after a block of keys, unit capture information, header information, signature information and encrypted contents have been written on it. At the end of the process, a prosedimiento is developed to generate the filling sapasidad. First, the filling sonde generating unit 5108 measures, by means of the recording unit 5114, a masking saperity of an area that can be read on the wrinkled DVD in the recording unit 5114, and generates a maximum storage capacity "MSIZE "which indicates an available capacity to write information in it. Here, instead of measuring. the capacity of massing a writable area by means of the recording unit 5114, the maximum storage capacity "MSIZE" can be acquired by an input from the operator. Then, the fill content generation unit 5108 measures (?) A data size of the received encrypted contents, and generates a content size "CNTSIZE". Then, the fill content generation unit 5108 counts "c" pieces of information from the arshivo included in the received catch information, and calculates a "UCSIZE" data size of unit capture information after the update (The details will be described in the following description on the update of unit capture information in (c)) using the following esuasión of: UCSIZE = FISIZE x (c + 1). Thereafter, the fill-in-stream generation unit 5108 ects c pieces of unit numbers "Nl", "N2", "N3", ..., and "Nc" included in the received unit sapure information, and salcula the sum "HA1SIZE" of data sizes of (c + 1) pieces of first recast tables (as will be described in more detail hereinafter) generated by the header information generation unit 5107 with the use of the numbers of ected units "Nl", "N2", "N3", ..., and "Nc" and the divided number stored "" using the following equation: HA1SIZE = [Nl + N2 + N3 + ... + Nc + j] x USIZE. Subsequently, the fill content generation unit 5108 generates a "HA2SIZE" data size of a 2nd recast table (as will be described in detail hereinafter) generated by the header information unit 5107 using the following scaffolding : - HA2SIZE = FSIZE x (c + 1), and calculates a "HEADSIZE" data size of the header information generated by the header information generation unit 5107 from the generated sum of data sizes of the first recast tables "HA1SIZE" and the data size of the 2nd recast table "HA2SIZE" using the following equation: HEADSIZE = HAISIZE + HA2SIZE. Then, the fill content generation unit 5108 calculates "SigSIZE" which indicates a size of signature information data generated by the signature information generation unit 5111 are the use of the "RT" relay using the following sequence: SigSIZE '= (UCSIZE + HA2SIZE) x RT. Then, the fill content generation unit 5108 calculates a "FilSIZE" fill capacity using the following equation: FilSIZE = MSIZE - [KBSIZE + UCSIZE + HEADSIZE + SigSIZE]. (b) Generation of Filling Content When you have calculated the filler layering "FilSIZE", the fill content generation unit 5108 generates a random number, and combines the generated random number with the "DAMY" impractical reproduction information for generate fill contents whose data size is "FilSIZE". Then, the padding content generation unit 5108 generates a file identifier "FIDf" to specifically indicate the generated pad contents and the "ADf" file identification information to identify the padding contents generated. Then, the content content generation unit 5108 divides the generated divided contents, based on the stored divided number "j", into j pieces of units "Uf_l", "Uf_2", "Uf_3", ..., and "Uf_J", and generates unit identifiers "UIDf_l", "UIDf_2", "UIDf_3", ..., and "UIDf_j", each of which corresponds to one of the units. Here, a pair of a unit and a corresponding unit identifier is referred to hereafter as "(a piece of) unit information". In addition, the filling contents generation unit 5108 generates divided filling contents composed of j pieces of unit information. Figure 56 shows a structure of the divided filler contents generated at this point. As shown in Figure 56, the divided filler contents 5120 are composed of several pieces of unit information 5121, 5122, 5123, ..., and 5126, and each piece of unit information includes a unit identifier and a unit identifier. unity. For example, the unit information piece 5121 includes the unit identifier "UIDf_l" 5131 and a unit "Uf_l" 5132. A method for generating the contents of divided filler from the contents of the filling is the same as a procedure for generating filler files divided from the filler contents is the same as a procedure for generating files divided from a file, and therefore only a brief description is provided here. Here, a pair of the generated file identifier "FIDf" and the divided filler contents 5120 is referred to as "filler file information". (c) Update of the Unit Capture Information When the filled contents and divided filler contents 5120 have been generated, the fill contents generation unit 5108 generates a piece of file information composed of the generated file identifier "FIDf ", the generated piece of file identification information" ADf ", and a unit number" Nf "indicating the number of units generated, and adds the generated piece of file information to the received unit's sapure information. Figure 57 shows unit capture information 5140 after the generated piece of file information has been added to it. The 5140 unit capture information is composed of (c + 1) pieces of file information 5141, 5142, 5143, ..., 5146, and 5147, and each piece of file information includes a file identifier, a piece of file identification information, and a unit number. Pieces of information from - file 5141, 5142, 5143, ..., and 5146 are generated by unit generation units 5105 are base in contents, and are the same as file information pieces 1201, 1202, 1203, ... , and 1204 which constitute the unit capture information 1200 shown in FIG. 7. The file information piece 5147 is generated by the fill contents generation unit 5108 based on the contents of the filler, and includes an identifier of "FIDf" file 5151 corresponding to the contents of filler, a piece of identification information of 'arshivo "AD1" 5152, and a unit number "Nf" 5153. Then, the unit of generation of fillings 5108 sends: The generated fill contents and the capture information of unit 5140 to the recording unit 5114; the filler file information generated to the header information generation unit 5107 and the unit capture information 5140 to the signature information generation unit 5111. . 2. 4 Information Generation Unit of Header 5107 The header information generation unit 5107 receives the encrypted divided contents of the encryption processing unit 5106, - while it resides the filing file information 5156 which includes the arshive identifier "FIDf" and the content piece of divided filler 5120 of the fill content generation unit 5108. When it receives the filler file information 5156 and encrypted divided contents 5160, the broiler information generation unit 5107 generates broaching information 5190 from the information sets received as shown in Fig. 58. Fig. 58 shows a general outline of a procedure for generating the header information 5190 carried out by the header information generation unit 5107. The generation process of the header information is then disinhibited. the header information 5190 with the help of figure 58. ' The header information generation unit 5107 generates first recast tables "HA1TBL1" 5171, "HA1TBL2" 5172, "HA1TBL3" 5173, ..., and "HAlTBLc" 5176 from the 5160 encrypted divided contents received. The first recast tables "HA1TBL1" 5171, "HA1TBL2" 5172, "HA1TBL3" 5173, ..., and "HAlTBLc" 5176 generated here are the same as the first recast tables "HA1TBL1" 1261, "HA1TBL2" 1262, "HA1TBL3" 1263, ..., and "HAlTBLc" 1264, and the generation procedures are also the same. Therefore, the descriptions of these first recast tables are omitted. Then, the header information generation unit 5107 generates a recast table "HAlTBLf" 5177 based on the filler contents included in the filler arshivo information 5156 resibida. The generation procedure is the same as the procedure for generating a recast table from the encrypted divided file, and therefore the description is left out. Then, the header information generation unit 5107 collects file recast values based on (c + 1) pieces of first recast tables, generates recast pieces of file information, each of which includes one of the (c + 1) pieces of calculated file recast values and a file identifier that corresponds to the file recast value, and also generates a 2nd recast table "HA2TBL" 5180 composed of the parts (c + 1) generated of file information. A specific procedure for generating the 2nd recast table is the same as the generation procedure for the 2nd recast table 1269 in the first mode except that the file identifier "FIDf" 5157 and the divided filler contents 5210 received from the filling contents generation unit 5108, and therefore the detailed explanation is omitted. Figure 59 shows a structure of the 2nd recast table "HATBL" 5180 generated at this point. The 2nd recast table "HA2TBL" 5180 is composed of (c + 1) recast information pieces of file 5181, 5182, 5183, ..., 5186 and 5187. Each piece of file recast information includes a file identifier and a file recast value. The recast information pieces from file 5181 to 5186 are generated from the encrypted divided contents 5160, and they are the same as the file recast information pieces 1301 to 1304 which constitute the 2nd recast table "HA2TBL" 1269 described in the first embodiment. The arshivo 5187 recast information piece is generated based on the filler file information 5156. The header information generation unit 5107 sends the 2nd recast table 5180 generated to the signature information generation unit 5111, while sending the header information 5190 including the (c + 1) pieces generated from the first recast tables and the 2nd recast table "HA2TBL" 5180 to the recording unit 5114. . 2. 5 Signature Information Generation Unit 5111 The signature information generation unit 5111 receives the unit capture information 5140 from the fill content generation unit 5108, while receiving the 2nd recast table "HA2TBL" 5180 from the header information generation unit 5107. When it receives the unit capture information 5140 and 2nd recast table "HA2TBL" 5180, the signature information generation unit 5111 reads the signature key 1113 recorded by the signature key storage unit 1112. Then, the signature information generation unit 5111 generates signature information by aplying the signature generation algorithm S to a combined result formed by combining the (c + 1) pieces of file recast values that make up the 2nd recast table "HAT2TBL" 5180 received and the '(c + 1) file information pieces that constitute the unit capture information 5114 received using the read signature key 1113. Then, the signature information generation unit 5111 sends the generated signature information to the recording unit 5114. . 2. 6 Recording Unit 5114 The recording unit 5114 is serged is a DVD. The recording unit 5114 sends a masking sampler of an area that is capable of being splayed on the DVD in response to an instruction from the padding generation unit 5108. The recording unit 5114 receives: A block of keys of the generation unit of password blog 1103; the encrypted contents of the 5106 encryption processing unit; and the fill contents and unit capture information 5140 of the fill content generation unit 5108. In addition, the recording unit 5114 receives the header information 5190 of the header information generation unit 5107, while receiving the signature information of the signature information generation unit 5111.

When it resides these information sets, the recording unit 5114 writes the key block, encrypted contents, padding contents, unit fetching information 5140, header information 5190 and signature information received on the DVD. . 3 DVD 5500 Figure 60 shows information stored in a DVD of the fifth modality. As shown in FIG. 60, a DVD 5500 stores a key block 5510, unit capture information 5530, cache information 5550, encrypted spreads 5580 and packing contents 5590. These information sets are thus described by the distribution device 5100. The structures of the individual information sets are as indicated above, and therefore the descriptions are omitted here. . 4 Execution Device 5600 As shown in Fig. 61, an execution device 5600 is comprised of an acquisition unit 1601, a content key acquisition unit 1602, a device key storage unit 1604, a memory unit 1604, and execution 5606, a signature information verification unit 5611 and a verification key storage unit 1612.

The following describes individual components that constitute the execution device 5600. Note that, since the acquisition unit 1601, content key acquisition unit 1602 and verification key storage unit 1612 are the same as in the first modality, the descriptions for these components are left out. . 4. 1 Signature Information Verification Unit 5611 The signature information verification unit 5611 receives the unit capture information 5530 and the signature information 5570 from the acquisition unit 1601. When it receives these information sets, the unit Signing Information Verification 5611 verifies the signature information 5570 received with the use of the received 5530 unit capture information as well as the header information 5550, 5580 encrypted content and 5590 filler content stored on the DVD 5500. A specific verification procedure is omitted since it is the same as the verification of signature information carried out by the signature information verification unit 1611 that it constitutes the execution device 1600 of the first mode, except that it uses the contents of fill 5590 in addition to the encrypted contents 5580. . 4.2 Execution Unit 5606 The 5606 axle drive pre-stores the impractical 56-bit length reproduction information "DAMY". The execution unit 5606 receives the content key "CK" from the slave slave acquisition unit 1602. In addition, the execution unit 5606 can receive reproduction prohibition information from the signature information verification unit 5611. When receives the content key "CK", the execution unit 5606 reads, one by one, encrypted files "ECNT1", "ECNT2", "ECNT3", ..., and "ECNTc" which constitutes the 5512 enscript or contents fill 5590 by means of the acquisition unit 1601. Execution unit 5606 compares the first 56 bits of the read encrypted file or the first 56 bits of the filled fill contents with the impractical stored reproduction information "DAMY". When these two do not conform to each other, the information, read is an encrypted and reproducible file, and therefore the execution unit 5606 generates a file by decrypting the read file read with respect to each unit using the content key "CK "received. Then, the 5606 axes unit expands the generated file to generate video and audio data, generates video and audio signals from the generated video and audio data, and reproduces the contents by sending generated video and audio signals to a display. When the first 56 bits and the impracticable information of stored information "DAMY" are formed with each other, the information read is filling contents and is not capable of being reproduced, and therefore the 5606 ejection unit aborts the desyamylation, expansion and reproduced above, and moves to the processing of the next encrypted file. Until the completion of the reading of all the encrypted files and filler contents, the execution unit 5606 repeats the reading, somparasión with the imprastisable information of reprodusción "DAMY", decryption, expansion and reproduction in a similar procedure. If it receives reproducation prohibition information from the signature information display unit 5611 during the previous repetition, the execution unit 5606 aborts the repetition. . 5 Operational Behaviors The operational behavior of the 5100 distribution device and the 5600 axes shake device of the fifth mode are described. . 5.1 Operational Behavior of the 5100 Distribution Device The operational behavior of the 5100 distribution device is described with the help of flowcharts shown in Figures 62 and 63. The input unit 5101 of the 5100 distribution device accepts an input of sonnets • ( Stage S5011), sends the accepted stents to the unit generation unit 5105, and instructs the content key generation unit 1102 to generate a snooze key. The content slave generation unit 1102 generates the content key according to the instruction of the input unit 1101 (Step S5012), and sends the generated content key to the key block generation unit 1103 and the encryption processing 5106. The slaves block generating unit 1103 receives the content key. When receiving the content key, the key block generation unit 1103 reads a device identification table from the execution device information storage unit 1104 (Step S5013), and generates a block of slaves that are base in the content key received and the device identification table read (Step S5016). Then, the key block generating unit 1103 sends the generated key block to the recording unit 5114. When it receives the sonnets, the unit generation unit 5105 divides the file that constitutes the contents received in units to generate divided sonnets. (Step S5017-). When he has generated the divided sonnets, the unit generating unit 5105 generates unit capture information composed of pieces of file information corresponding respectively to the divided files (Step S5018), and sends the unit generated sampura information to the unit's content generation unit. filling 5108 while sending the divided contents to the encryption processing unit 5106. When it resides the content key and divided contents, the encryption processing unit 5106 generates encrypted divided contents by encrypting each unit of the contents included in the divided contents received. with the use of the content key (Step S5019). The encryption processing unit 5106 extracts inscribed units in the generated encrypted split sondes, generates encrypted contents (Step S5021) and sends the generated encrypted contents to the recording unit 5114 and to the content filling generation unit 5108 while sending the encrypted contents. divided encrypted contents generated to the 5107 cache information generation unit. When it receives the unit capture information and encrypted contents, the 5108 fill content generation unit acquires a maximum storage capacity of the DVD 5500 by means of the unit 5114 (Step S5022), and measures a data size of the contents. encrypted received (Step S5023). Then, the padding generator generator unit 5108 outputs a data size of the header information and a data size of the signature information based on the received drive capture information (Step S5026), and also displays a Filling sapsity is based on the maximum storage capacity acquired, size of header information data and signature information, and the like (Step S5028). Then, the fill content generation unit 5108 generates padding contents having a data size of the fill capacity calculated on the basis of impracticable reproducing information and a random number (Step S5029), and generates a file and information identifier of file identification that corresponds to the filling sonnets (Stage S5031).

The fill content generation unit 5108 generates divided fill contents by dividing the fill contents generated in j pieces of units based on the stored divided number "j" (Step S5032). Next, the fill content generation unit 5108 generates file information that includes the generated file identifier and identification information, and a unit number indicating the number of units generated, and adds the generated file information to the information capture of received unit (Step S5033). The fill content generation unit 5108 sends: The generated fill contents and unit capture information 5140 to the recording unit 5114; filler file information 5156 composed of the generated file identifier and divided filler contents 5120 to header information generation unit 5107; and the unit capture information 5140 to the signature information generation unit 5111. When it receives the encrypted divided contents and the filler file information 5156, the 5107 harrow information generation unit generates c pieces of first tables of data. recast from c pieces of encrypted divided files included in the divided encrypted contents received (Step S5034).

Subsequently, the header information generation unit 5107 generates a first recast table from split filler contents included in the received filler information 5156 (Step S5036). The header information generation unit 5107 generates a 2nd recast table based on the (c + 1) pieces generated from the first recast tables (Step S5037), generates header information that includes the (c + 1) pieces of first recast tables and the 2nd recast table (Step S5039), and sends the generated replay information to the recording unit 5114 while sending the 2nd recast table generated to the signature information generating unit 5111. When it receives the unit sampler information 5140 and the 2nd recast table, the signature information generation unit 5111 generates signature information by applying a signature generation algorithm to the received unit capture information and the 2nd recast table (Step S5041 ), and sends the generated signature information to the recording unit 5114. When it receives the key block, encrypted contents, padding contents, unit capture information, header information and signature information, the recording unit 5114 writes the block of keys, encrypted contents, filler contents, unit capture information, header information and signature information received on the DVD 5500 (Step S5042). . 5.2 Operational Behavior of the Execution Device 5600 The operational behavior of the execution device 5600 is described with the help of flowcharts shown in Figures 64 and 65. When it is snapped are the DVD 5500, the Acquisition Unit 1601 reads the block of slaves 5510, unit 5530 capture information and 5570 signature information of the 5500 DVD, and sends the key block 5510 to the content key acquisition unit 1602 while sending the unit 5530 capture information and 5570 signature information to the signature information verification unit 1611 (Step S5061). The signature information verification unit 5611 receives the unit capture information 5530 and the signature information 5570, selects i pieces of various encrypted units included in the encrypted contents 5580 and j pieces of units included in the contents of the 5590 filler with the use of random numbers and the 5530 unit sapure information, and generates i pieces of first recast tables replaced using the selected pieces and the header information (Step S5063). The signature information verification unit 5611 calculates a replacement file remelting value from each of the i generated pieces of recast-replaced tables (Step S5064). Then, the signature information verification unit 5611 reads the 2nd remelting table of the DVD 5500 (Step S5066), and generates a 2nd recast table replaced when replacing, are the replacement recast values, file recast values that correspond to the i generated pieces of replacement file remelting values (Step S5068). The signature information verification unit 5611 verifies the signature information 5570 by using the second generated recast table generated, the received unit capture information 5530, and the verification key 1630 stored in the verification key storage unit 1612 (Step S5069). If the verification of the signature information 5570 is not successful (Step S5071: NO), the signature information verification unit 5611 sends playback prohibition information to the execution unit 5606 (Step S5073). When verification of signature information 5570 is successful (Step S5071: YES), the signature information verification unit 5611, then, sends the verification. The content input acquisition unit 1602 receives the flap block 5510, and reads a device identifier and a device key from the device key storage unit 1604 (Step S5074). The content key acquisition unit 1602 generates the content key "CK" from the read device identifier, device key and key block 5510, and sends the content key "CK" generated to the execution unit 5606 (Step S5076). The transaction unit 5606 receives the contents key of the content key acquisition unit 1602. Here, if reprodusion prohibition information of the signature information verification unit 5611 is received (Step S5077; SI), the 5606 ejection unit notifies the user of the reproducibility impassability of the stenciled stencils on the DVD 5500 (Stage S5079), and aborts subsequent reproduction. If it does not receive playback prohibition information (Step S5077: -NO), the spindle unit 5606 reads one of the c pieces of encrypted files that constitute the encrypted contents and padding contents (Step S5081). The axes unit 5606 compares the read encrypted file or the first 56 bits of the pad contents with the pre-mastered informational information pre-stitched (Step S5082). When these two conform to each other • (Step S5084: YES), execution unit 5606 returns to step S5077. - When these two do not agree (Stage S5084: NO), the arshivo read is an encrypted and reproducible arshivo. Therefore, the execution unit 5606 generates a file by decrypting the encrypted file, using the received content slave (Step S5086), expanding the generated file (Step S5087), and having the monitor reproduce the expanded file ( Step S5089). When you have read all the encrypted files that constitute the encrypted contents and filler contents or have been instructed to terminate the playback by the user (Step S5091: YES), the 5606 ejecus unit is the reprodussion. If you have not finished reading all the encrypted files that constitute the encrypted contents and padding contents, the 5606 axis unit has not received an instruction to terminate the user's playback (Step (S5091: NO), the execution unit 5606 return to step S5077 and repeat the processing of steps 5077 and S5091. . 6 Summary and Appropriate Effects As described, in this modality, the DVD 5500 stores, in addition to various information that includes encrypted contents, filler contents that have a suitable data size so as not to leave a writable storage area in the DVD 5500. In addition, the header information and signature information are generated based not only on the encrypted contents but also on the contents of the filler. The execution unit 5606 which is the execution device 5600 sequentially reads notes written on the DVD 5500, and compares the first 56 bits of the individual read files and the impractical information of the pre-stored information. When these two conform to each other, the executing unit 5606 judges that the file read is the stuffed files, and avoids reprodussing the arshive. When the DVD 5500 has not soured these fillings, two cases can be assumed that include fraudulent acts described below. Figure 65 shows a structure of a DVD 5500b that is created by adding a file containing unauthorized content to a DVD 5500a which has been generated by a legitimate rights owner. The 5500a DVD stores header information, unit capture information, signature information in a 5703 area while storing individual encrypted files that constitute the encrypted files in areas 5704, 5705, ..., and 5707. In addition to these sets of For information, the 5500a DVD also stores a file table and a playback order file in area 5701 and area 5702, respectively. The file table stored in the 5701 area includes arshivo identifiers for all files stored on the DVD 5500, file start addresses, and sector numbers that occupy the individual files on the DVD, associating the arshivo identifiers, initials and the sector numbers of the individual files. For example, a file that has an identifier of 'file' FIDl "is stored in the 70 sectors starting at an address" 0XAA1". The replay order file stored in area 5702 shows a playback order of files stored on the DVD. In an example here, the files that are going to be reproduced in the order from a file that has a file identifier "FIFI" to a file that has a file identifier "FIDc". Also, nothing has been stored in a 5711 area on the 5500a DVD. In this situation, suppose that an unauthorized third party has written a file that includes unauthorized content in the 5711 area of the 5500a DVD, and has generated the 5500b DVD by forging the file table and the playback order file. In area 5701 on the DVD 5500b, a file identifier "FIDx" corresponding to the unauthorized file, an initial definition "OXAAx" of the unauthorized file, and a sector number "200" have been added. In addition, a playback order number stored in the 5702 area has been falsified so that the playback starts with the file that has the file identifier "FIDx". Additionally, it is also considered a case in which a DVD 5500c shown in Figure 66 is generated by adding unauthorized content to the valid file stored on the DVD 5500a. The 5500c DVD stores unauthorized content in the 5711 area, which is immediately after a validly recorded file in a 5707 area. • sector corresponding to the file almasenado in the area 5707 in the table of arshivos has been falsified to "320" the sual was obtained by adding a sestor number in the sual the file was originally stored to a sector number in which the Unauthorized added spreads are stored. The order of reproduction order has been altered so that the reproduction will start with sector 51 in the file that has the file identifier "FIDc", that is, the unauthorized contents added. . Thus, when the unauthorized counterfeiting has been carried out, since the header information, unit capture information, signature information and encrypted files have not been falsified at all, the ejection device reads the unauthorized message and The reproduction is in accordance with the order indicated by the order code once the verification of the signature information has been completed normally. In the present modality, a writable storage area is not left in the DVD 5500 thanks to the presensia of the fillings. In addition, filler contents are also used for the generation of signature information. Therefore, if the filler contents are replaced with an unauthorized file, the verification of the signature information will be unsuccessful in the execution device 5600 and therefore the reproduction will be aborted. 6. Sixth Mode A sixth embodiment of the present invention is described below. 6. 1 Unauthorized Content Detection System The system for detecting unauthorized contents of the sixth modality is composed of a distribution device, an execution device and a monitor, as in the system of depreciation of unauthorized content of the first modality . The distribution device generates, in addition to the key block, '.information of unit cae, encrypted contents, header information and signature information unraveled in the first mode, area information to indicate a storage area on a DVD where information validly written by the distribution device is stored, and write the area information generated on the DVD. The execution device reads the area information of the DVD, and reads only information stored in the storage area indicated by the read area information. 6. 2 Distribution Device 6100 - Figure 67 shows a structure of a distribution device that is the system for detecting unauthorized contents of the sixth mode. As shown in Figure 67, a distribution device 6100 is composed of an input unit 1101, a content key generation unit 1102, a key block generation unit 6103, a device information storage unit. of execution 1104, a unit generation unit 6105, an encryption prosecution unit 6106, a header information generation unit 6107, an allocation generation unit 6108, an area information generation unit 619, a unit for generating signature information 6111, a storage unit for signing key 1112 and a recording unit 611. The individual components that make up the distribution device 1100 are described below. Note that, since the input unit 1101, content key generation unit 1102, ejection device information storage unit 1104 and signature key storage unit 1112 are the same as in the distribution device 1100 of the first modality, the descriptions of these components are left out. Here, instead of the recording unit sending the key block, unit cae information, encrypted contents and header information, the key block generation unit 6103, unit-of, unit generation 6105, unit of unity. encryption processing 6106 and header information generation unit 6107, individually sends its own generated information to the allocation generation unit 6108. In contrast to this, the key block generation unit 6103, unit generation unit 6105 , encryption processing unit 6106 and header information generation unit 6107 are the same as the key block generation unit 1103, unit generation unit 1105, encryption processing unit 1106 and information generation unit of 1107 of the first modality, respectively, and therefore the descriptions of these somponents are omitted . 6. 2.1 Assignment Generation Unit 6108 The assignment generation unit 6108 pre-allocates a maximum data size of signature information generated by the signature information generation unit 6111. In addition, the assignment generation unit 6108 stores a data size of area information generated by the information generation unit of area 6109. The assignment generation unit 6108 receives: A key block of the key block generation unit 6103; unit cae information of unit 6105 generation unit; encrypted contents of the encryption processing unit 6106 and header information of the header information generation unit 6107. When it receives these information sets, the assignment generation unit 6108 generates input write assignment information 6120 as shown in figure 68. The input write assignment information 6120 is created by arranging the received information sets in the same configuration as in the the DVD and writing the available sets of information about the memory. A method for generating the input write assignment information 6120 is described below with the help of FIG. 68. The assignment generation unit 6108 writes: The key block in an area 6121 in the memory; the unit information in an area 6122 and the header information in an area 6123. Next, the allocation generation unit 6108 acquires areas 6124 and 6125 which respec- tively absorb maximum data sizes from the stored area information and firm. Then, the allocation generation unit 6108 writes the encrypted contents in an area 6126 after area 6125. The allocation generation unit 6108 sends the generated write allocation information 6120 to the area information generating unit 6109 and 6114 recording unit. Note that the order of allocation of the information sets shown in Figure 68 is simply an example, and that the present invention is not limited thereto. Here, the allocation generation unit 6108 stores the maximum data size of the signature information. However, the allocation generation unit 6108 may, for example, calculate the data size of the signature information in the same manner as the fill content generation unit 5108 of the fifth mode. 6. 2.2 Area Information Generation Unit 6109 Area information generation unit 6109 resides input write assignment information 6120 from the allocation generation unit 6108.

When it receives the input information from the 6120 entry script, the area information generation unit 6109 generates area information from the received input write assignment information 6120. The area information is information to indicate an area on a DVD in which valid information written by the 6100 distribution device is stored. The area information is, for example, a pair of addresses from the start position (hereinafter, start address) and from the end position (set address) to write the input write assignment information 6120 about a DVD. The area information is not limited to this example, and any information is applicable, such as a pair of start addresses and a sector number in which valid information is stored, as long as the information identifies an area where it is stored. the valid information. The area information generation unit 6109 sends the generated area information to the signature information generation unit 6111 and the recording unit 6114. 6. 2. 3 Signature Information Generation Unit 6111 The signature information generation unit 6111 receives: The capture information of 'unit coming from unit generation unit 6105; the 2nd recast table from the header information generation unit 6107 and the area information from the area information generating unit 6109. When receiving these information sets, the signature information generating unit 6111 reads the signature key 1113 from the signature key storage unit 1112. Then, the signature information generation unit 6111 generates signature information when applying the signature generation algorithm S to a combined result formed by combining c pieces of file recast values included in the 2nd signature recast table, c pieces of file information that constitute the unit capture information, and the information of received area with the use of the signed signature key 1113. Then, the signature information generation unit 6111 sends the generated signature information to the recording unit 6114. 6. 2. 4 Recording Unit 6114 The 6114 recording unit is loaded with a DVD. The recording unit 6114 resides: the entry assignment information 6120 from the assignment generation unit 6108; the area information coming from the information generation unit of area 6109; and the signature information from the signature information generation unit 6111. When it resides these information sets, the recording unit 61114 inserts the received area information in the area 6124 into the input write assignment information 6120 while inserting the signature information in the area 6125. When you have inserted the signature e-information area information into the input write assignment information 6120, the recording unit 6114 writes the 6120 input writing assignment information to a DVD . 6. 3 DVD 6500 Figure 69 shows information stored in a DVD of the sixth modality. As shown in Figure 69, a DVD-6500 masks a block of slaves 6510, unit capture information 6530, header information 6550, area information 6560, signature information 6570 and enscript contents 6580. These have been written by the distributing device 6100, and therefore the shunts are omitted here. 6. 4 Execution Device 6600 Figure 70 'shows a crack of a shafting device of the sixth embodiment. As shown in Figure 70, a shafting device 6600 is comprised of an exciter unit 6620 and a spindle drive 6625. The exiting unit 6620 is comprised of an acquisition unit 6601, an area information masking unit. 6630, a encryption communication unit 6604 and a encryption key storage unit 6605. The content execution unit 6625 is comprised of a content slave purchasing unit 1602, a device key storage unit 1604, a decryption communication unit 6607, a decryption key storage unit 6608, a signature information verification unit 6611, a verification key storage unit 1612 and an execution unit 6606. The individual components constituting the Ejection device 6600 are dessriben to continuasión. Note that, since the content slave acquisition unit 1602, device key storage unit 1604 and verification key storage unit 1612 are the same as in the axes device 1600 of the first embodiment, leave out the descriptions of these somponents. 6. 4. 1 Acquisition Unit 6601 The Acquisition Unit 6601 is loaded is the DVD 6500. When loaded with the DVD 6500, the acquisition unit 6601 first reads the area information 6560, then writes the read area information 6560 to the area information storage unit 6603, and sends the 6560 area information read to the encryption communication unit 6604. Next, the acquisition unit 6601 reads the key block 6510, unit saver information 6530, and signature information 6570 from the DVD 6500, and sends the key block 6510 read to the acquisition unit of content key 1602 while sending the read unit capture information 6530 and signature information 6570 to the signature information verification unit 6611. Further, the acquisition unit 6601 receives requests to read various information sets of the unit of information. Verification of signature information 6611 and axleness unit 1606. When receiving a request of lestura, the unit verifisación de informasi No. 6611 reads the area information from the area information storage unit 6603. When a requested set of information is stored in an area indexed by the area information, the 6601 acquisition unit reads the soli-classified information from the DVD 6500 , and sends the read information to a request source, ie, the signature information verification unit 6611 or the execution unit 1606. When a requested information set is not stored in the area indicated by the read area information , the acquisition unit 6601 sends an error notification signal indicating that the set of information solisitized can not be read. 6. 4. 2 Area Information Storage Unit 6603 The area information storage unit 6603 is, for example, composed of a ROM, and stores area information written by the acquisition unit 6601. 6. 4. 3 Encryption Communication Unit 6604 and Encryption Key Storage Unit 6605 The encryption key storage unit 6605 is, for example, 'composed of a ROM, and stores an encryption key is a length of 56 bits. The dithering somthing unit 6604 resides the area information 6560 from the acquisition unit 6601. When it receives the area information 6560, the encryption communication unit 6604 reads a teach slave from the erythrocyte key storage unit 6605, and generates encrypted area information by applying an E2 encryption algorithm to the encryption key • read. Here, DES (Data Encryption Standard) is used, as an example, for the E2 encryption algorithm. Then, the rebroadcasting unit 6604 sends the generated encrypted area information to the decryption communcation unit 6607. 6. 4. 4 De-encryption Communication Unit 6607 and De-encryption Key Storage Unit 6608 The de-encryption elve storage unit 6608 is, for example, composed of a ROM, and stores a decryption key with a length of 56 bits. Here, the decryption key is the same as the encryption key stored by the key encryption storage unit 6605. The decryption shadowing unit 6607 receives the area information entered from the 6604 embryo somunisation unit. resides the encryption information, the decryption communication unit 6607 reads a decryption key from the decryption key storage unit 6608, and generates area information by applying a D2 decryption algorithm to the encrypted area information received with the use of the decryption key read. Here, the desensitization algorithm D2 is an algorithm used to decrypt encrypted texts generated by using the E2 encryption algorithm. Then, the decryption communication unit 6607 sends the generated area information to the signature information verification unit 6611. The above description is given assuming that the encryption key and the desensitization slave are the same, and that the unit of decryption comunication 6607 use a symmetric slaves cryptosystem. However, the present invention is not limited thereto, and a public key cryptosystem may be used instead. As an alternative, a cryptosystem of public keys and a cryptosystem of symmetric keys can be combined together to generate a different key each time the communication is carried out, and number communication can be carried out with the use of the generated key. In addition, here only the area information is recorded and then sent to the content execution unit 6625, however, all the information sent and received between the executing unit 6625 and the exiting unit 6620 can be recorded. 6. 4. 5 Signature Information Verification Unit 6611 The Signature Information Verification Unit 6611 receives: The unit capture information 6530 and signature information 6570 of the acquisition unit 6601 and the area information from the decryption communication unit 6607. When it receives the unit sapure information 6530 and the signature information 6570, the signature information verification unit 6611 generates a 2nd replaced recast table is based on the received 6530 unit capture information, and the entered contents 6580 and header information 6550 stored in the DVD 6500. A procedure for generating the 2nd recast table is the same as a procedure for generating a second replaced remelting table carried out by the signature information verification unit 1611 of the first mode, and therefore omit the dismemberment. Then, the signature information verification unit 6611 reads the verification key 1613 of the verification key masking unit 1612. Then, the signature information verification unit 6611 generates signature verification information upon aping, with the use of the 1613 verification key read, the signature verification algorithm V to a combined result formed by combining all file recast values and replacing file recast values included in the 2nd replaced recast table generated, all pieces of file information included in the received 6530 unit capture information and area information.

The signature information verification unit 6611 sompara the generated signature verification information and the received signature information 6570. When these two do not conform to each other, the signature information verification unit 6611 judges that the verification of the signature information is not successful, and sends reproduction prohibition information to the execution unit 1606. When the two agree, the signature information verification unit 6611 judges that the verification of the received 6570 signature information is successful, and concludes the verification processing. During the above processing, the signature information verification unit 6611 instructs the acquisition unit 6601 to read part of the encrypted contents and header information. However, at this point, the signature information verification unit 6611 may receive an error notification signal indicating that reading is not possible. When receiving the error notification signal, the signature information verification unit 6611 aborts the verification process of the signature information and sends reprodusion prohibition information to the execution unit 1606. 6. 4. 6 Execution Unit 6606 Execution unit 6606 receives a content key from the content key acquisition unit 1602, and starts reading the repetition, decryption and reproduction of encrypted files, as is the case with the axes unit 1606 that constitutes the execution device 1600 of the first mode. During repetition, the execution unit 6606 may receive reproduction prohibition information from the signature information verification unit 6611. Furthermore, in the repetition, the execution unit 6606 requests the acquisition unit 6601 to read encrypted files constituting the encrypted contents 6580. However, at this point, the translation unit 6606 can receive from the acquisition unit 6601 an error notifisation signal indicating that the reading is not possible. ) When receiving reproduction prohibition information or an error notifying signal, the axis 6606 unit aborts the reproduction processing, and notifies the user of the reproducibility impassability of the loaded DVD. 6. 5 Summary and Appropriate Effects As described, the distribution device 6100 which constitutes the unauthorized content detection system of the present embodiment generates area information indicating an area where information validly written by the distribution device 6100 is stored, and writes the area information generated on a DVD. In addition, the distribution device 6100 generates signature information from the 2nd recast table, unit capture information and area information, and writes them to the DVD. While being loaded is the DVD 6500, the 6601 Acquisition Unit of the 6600 Axle Device reads the area information of the DVD 6500 first, and then reads only information in an area indicated by the area information read while not reading written information. in the other areas. In the present, even when fraudulent acts that include the writing of unauthorized files in the free space on the DVD 6500, as described in the fifth modality, are committed, the unauthorized contents can not be reproduced in. the axes 6600. In addition, the signature information stored in the DVD 6500 is generated are the use of the area information, and the signature information verification unit 6611 of the executing device 6600 uses the information of 'read area of the DVD 6500 to verify in this way the signature information. Therefore, even if an unauthorized third party falsifies the area information together with • the insertion of unauthorized files, the verification of the signature information carried out by the signature information verification unit 6611 will not be successful and therefore the unauthorized contents will not be reproduced. When there is no free space left on the DVD, a fraudulent act can be committed, such as the copy of all the data stored on the valid DVD on another medium that has a storage capacity larger than that of the valid DVD, and adding contents not authorized to free space of the medium. Even in this situation, the execution device 6600 in the unauthorized content detection system of the present embodiment does not read the information in storage areas other than in an area indexed by the area information. In consecuensia, the present modality is sapaz de. Avoid this fraudulent act. 6. 6 Modification of the Sixth Modality In the sixth mode, the area information generated by the 6100 distribution device is information indicating an area where information written in a valid form by the distribution device is stored. Alternatively, the area information may be the total data size of information validly written by the distribution device 6100. In this case, the acquisition unit 6601 of the execution device 660 reads first the total data size of the DVD 6500, and then measures the total data size of the information stored on the DVD 6500. When the measured data size is larger than the size of the read data, the 6601 acquisition unit aborts the reading of the DVD 6500 data and sends a error notification signal to execution unit 6606. 7. Other Modifications Although the present invention has been described as a basis in the above embodiments, it is a common matter that the present invention is not confined to these embodiments. The present invention also includes the following cases. [1] In the first, fifth and sixth modes above, the distribution device calculates unit recast values by assigning encrypted units to a recast function, and generates header information and signature information based on recast values of unit, while the axes device verifies the signature information when using selected pieces of encrypted units. However, the distribution device can calculate unit recast values using units before the rebroadcast, and the runtime device can generate i pieces of units- by decrypting the selected i pieces of encrypted units and verifying the signature information using the i pieces of generated units. [2] - On the other hand, in the second mode, the distribution device outputs partial recast values when assigning parts of partial contents to a consolidation function, and generates header information and signature information based on the values partial remelting process However, the distribution device can calculate partial distribution values by assigning, to the recast function, encrypted partial contents that are generated by encrypting individual pieces of parsial stencils, and generating statement information and signature information are based on the values of calculated partial recast. In this case, the execution device uses the encrypted parsial contents for the verification of the header information. This eliminates the need to equip the desensipción unit of representative partial contents and the unit of decryption of partial sonnets, which leads to a reduction in the size of the circuit of the detection systems. [3] In the second a. fourth modalities, after verifications of the signature information and header information have been successful, the ejection unit initiates the decryption, expansion and reprodussión of the encrypted contents. However, the execution unit may initiate processing that refers to the reproduction in parallel with the verifications. In this case, when the individual checks carried out by the signature information verification unit and the header information verification unit, respectively, are not successful, the signature information verification unit and the verification unit Header information directed to the execution unit to abort the reproduction. [4] In the first, fifth and sixth modalities, the signature information verification unit may have a timer to measure the passage of time, and judge that a verification is not successful if the verification of the signature information is not fulfilled within a predetermined time. In the event that the signature information verification is carried out in parallel with the reproduction, if the contents, signature information or header information have been falsified, the unauthorized contents will be reproduced until the verification is completed. Consequently, the establishment of a time limit for the verification of signature information can counteract fraudulent acts that include extending the time of reproduction of unauthorized content by making the falsification in such a way that • the conclusion of the verification of the information of signature is delayed. In addition, the signature information verification unit and the header information verification unit in Modification [3]. They can have a timer in a similar way. [5] In the first to the sixth previous modalities, the distribution device has a signature key while the execution device has a corresponding verification slave, and these devices generate and verify signature information are the use of a signature generation algorithm such as DSA. In general, many signature generation algorithms are based on cryptosystems of public slaves, as typified by DSA and RSA (Rivest-Shamir-Adleman). However, in the present invention, any signature generation algorithm, such as one based on a symmetric slaves scriptsystem for example, is applicable as long as it is able to prove that the signature information recorded on the DVD is information generated. by a legitimate rights owner. As another example, a unidirectional function can be used with the processing involved. In this case, the distributing device and the shaping device respectively store the same unidirectional function in a storage area that can not be read by external devices. The distribution device generates signature information with the use of the unidirectional function, while the execution device generates signature verification information using the same unidirectional function. [6] The information to the sual is aplimated a signature generation algorithm in the generation of signature information is not limited to those unsettling in the previous modalities. For example, in the first embodiment, the signature generation algorithm is applied to both the 2nd consolidation table and the unit capture information, however, the signature generation algorithm can be apllied only to the 2nd table. recast, or can be applied to the content key "CK" and the data size of the encrypted contents in addition to the 2nd recast table. In the case of the second mode, the signature generation algorithm can be applied to the pieces of own representative partial contents, instead of applying a signature generation algorithm to partial recast values generated from the pieces of partial contents. representative Especially, in the second embodiment, when signature information is generated from the pieces of representative partial contents, k pieces of signature information may be generated by applying respectively the signature generation algorithm to the k representative parsial sonar pieces. In this case, the axle-shaping device generates k pieces of representative parsial stencils are base in the selescionada possion information, and verifies the k pieces of signature information using the k pieces generated from representative partial contents. As an alternative, the distribution device can generate signature information by applying the signature generation algorithm to a combined result formed by shaping the representative pieces of partial contents, while the axing device verifies the signature information using the result sombinado. In this situation, if the verifisation of the signature information is successful, the following two things are confirmed at the same time: The signature information was generated by a legitimate rights owner and the representative partial contents are free of forgery. This eliminates the need to generate header information and write the header information on the DVD, which leads to a reduction in the size of the data on the DVD. [7] In the second and third modes, the executing device can pre-store selected position information and selected encrypted position information can not be recorded on the DVD. Here, the valid information device is capable of carrying out the verification of header information with the use of the pre-stored selected position information. [8] In the third mode, header selection information and x pieces of header groups are written on the DVD. Nevertheless, in the case of Modification [7], the distribution device can select one of the first header ax header groups, extract a header identifier, query information and signature information included in the selected header group, and write them ' on the DVD. The shafting device may prealign x pairs of a selected position information piece and a header identifier, select a piece of information position selected based on a header identifier written on the DVD, and use the selected piece of information from position selected in the sub-sequent processing. [9] The first to seventh modalities-above are described assuming that the execution device is a single device. However, several devices may be employed to satisfy the function of the execution device. [10] In the third mode, the acquisition unit of the ejection device selects one of the x pieces of identifiables of the sacking. However, the present invention is not limited to this, and two or more identifiers may be selected instead, and verifications of signature information and header information may be repeated twice or more. In the present, it is possible to detect unauthorized content more reliably. [11] In the above embodiments and modifications, the slave slave mastering unit of the distribution device and the slave mastering unit of verification of the execution device respectively store a piece of slave information, however, the present invention does not is snorted at this. [11-1] For example, the signature key masking unit may store a signature key and a key identifier corresponding to the signature key, and the recording unit writes the key identifier on the DVD together with the signature information. The verification key storage unit of the execution device stores several verification keys and slave identifiers correspond one by one to the verification keys. The signature information verification unit receives the key identifiers along with the signature information, removes a key identifier that conforms to the received key identifier among various slave identifiers souped by the verifisation slave massaging unit, reads a verification slave that responds to a verification key identifier removed and uses the verification key read to verify the signature information. In the present, the present invention is applicable even if there are a plurality of different distribution devices. [11-2] The execution device may not have the verification key masking unit, and a signature key and a verification key corresponding to the signature key may be stored in the signature key storage unit of the distribution device. In this situation, the recording unit writes the verification key on the DVD along with the signature information. [11-3] The distribution device can store, in addition to the signature slave and verification slave, authentication information of the verification key generated by an imparsial third party. Here, it is assumed that the authentification information is a signature key generated by applying a signature generation algorithm to the verification key with the use of a third party's sesreta key. The recording unit writes the verification key and slave signature on the DVD together with the signature information. The verification key storage unit of the axle device stores slave verification information, instead of the verification slave. The slave verification information is information to verify the slave signature, and it is, in this case, a public key paired with the secret key of the impartial third party that generated the key signature. The verifisation unit of signature information receives the signature of key and verification key, and takes the verifisation of the signature of the key by using the received key and the verification information of the slave before the verification of the signature information. . Only when the verification is successful, the signature information verification unit initiates the verification of signature information as described in the previous modalities. In the present, even when there are several distribution devices, the execution device only has to contain the slave verification information of the third party, and it does not have to have several verification keys. [12] In Modification [11], the axle drive device can store a revocation list that indicates invalidated verification keys. The signature information verification unit judges whether the received key identifier or verification slave has been registered in the checklist, and aborts the verification of the signature information when it has been registered. [13] The execution device can acquire the list of revosasión, dessrita in Modifisasión [12], from an external source. For example, the revolving list may be acquired by means of a recording medium such as DVD, or it may be withdrawn by means of the Internet, transmission and the like. As an alternative, the execution device may periodically acquire an updated revocation list. Here, the present invention is capable of handling a situation in which a verification key that has to be invalidated is found again. [14] The distribution device -distributes various information, such as encrypted content, signature information, to the ejection device via the DVD. However, the present invention is not limited to DVD, and the information may be distributed by means of: An optimal format such as CD-ROM and DVD-ROM; a writable optical disk such as CD-R, DVD-R, and DVD-RAM; a magnetic optical disk and a memory card. As an alternative, a semiconductor memory, such as a volatile memory and a hard disk, can be embedded within the axle drive device. Moreover, the present invention is not limited to these recording means, and the information can be distributed by means of somunication systems such as the Internet, or it can be distributed by transmission. [15] Although the above modalities and modifisations disrupt the assumption that the contents are contained in video composed of images and audio, the contents may be a computer program. For example, it is assumed that the ejection device is a game console; the contents are a computer program stored in a volatile memory incorporated in - the game console. Here, the software program is a software program to judge whether gaming software (such as an optimal device and memory card) in the game console is valid software. In this situation, even if an unauthorized user falsifies the software program in order to allow the execution of unauthorized gaming software, the present invention is capable of detecting the 'falsification' by taking into account the verification of unauthorized content if they are included is the use of signature information and header information, and in this way the execution of the trial program itself is prevented or shortened. In this way, by stopping the execution itself, it is possible to avoid unauthorized operations materialized by the trial program in which the unauthorized counterfeiting has been carried out, in part to prevent the execution of unauthorized gaming software. [16] As described in the previous modification, in case the contents are a program of a memory device stored in a volatile memory loaded in a microcomputer incorporated in the execution device, the fraudulent acts described in. the fifth modality can take place. 'Speaking specifically, first an unauthorized program is added to volatile memory free space without falsifying the valid computer program stored in the implicit volatile memory. Then, a plethora of volatile memory is produced by using kits in the valid host program so that a program start point is skipped at the head of the unauthorized program added, and the execution of the unauthorized program is initiated. Here, the aforementioned fraudulent errors can be prevented by filling the contents of the volatile memory so that no free space is left in the volatile memory, as in the fifth mode, since unauthorized content can not be added. As an alternative, as in the sixth embodiment, area information indicating an area where valid information written by the distribution device is stored may be written into the volatile memory in advance, and the shafting device is designed not to read Information in areas other than an area indicated by the area information. In this way, even when an unauthorized program is added, the execution device does run the unauthorized program. [17] The first six sixth modalities and the modifications describe supposing that the unit of execution is a component that reproduces the contents composed of video and audio, however, the unit of ejecusión can be a component that sends the contents to a external recording medium, or a component having a printing function and printing image data on paper and the like. [18] In the previous modalities, the content key generation unit generates a content key each time a set of contents is entered into the distribution device. However, the content key generation unit can pre-store several content keys, and select and send one of the contents keys stored.

[19] In the above embodiments, the * ejecusion device is designed to initiate verifications of header information, signature information and the like by suing a DVD to be wrung therein, however, the present invention is not confined to this. For example, the execution device may initiate these verifications when directed to perform reproduction according to button operations by a user, or it may lead to tas verifications at regular intervals from the time the DVD is loaded into the device. same. [20] In the second and third modes, it is not essential that header information be written on the DVD. When header information is not written on the DVD, the ejection device extracts k pieces of representative parsial stencils are base in the position information selessionada, and salsula verifisar recast values by assigning respectively the pieces extracted from representative partial contents to a recast function. Then, the axle shaping device generates signature verification information by applying the signature verification algorithm V to a combined result formed by combining the calculated check recast values with the use of the verification key. The execution device verifies the signature information when comparing with the generated signature verification information. In this case, the ejection device no longer requires the unit of verification of information of the sacking, the sual leads to a reduction in size of the circuit of the depreciation system. In addition, the verification of whether unauthorized content is included or can not be completed at the same time by verifying the signature information. [21] In the extended mode, the 4600 axle drive device verifies only k pieces of c partial recast pieces included in the header information after the verification of the signature information carried out by the verification unit of Signature information 4606 has been successful. However, both the signature information and the header information can be verified with an individual verification through the use of k pieces of encrypted partial content and header information. More specifically, the shaping device extracts k pieces of encrypted partial contents from the encrypted contents based on the position information of contents, and generates k pieces of partial contents by decrypting the k pieces extracted from encrypted partial contents. Then, the execution device calculates to replace partial recast values by allocating the k generated parts of partial contents respectively to a recast function. Then, the ejection device replaces, from among c pieces of partial recast values included in the header information, partial recast values corresponding to the k selected parts of partial contents encrypted with the calculated partial replacement recast values. The execution device verifies the signature information using the verification slave and a combined result formed by combining partial replacement remelting values and partial recast values included in the replaced header information. In this case, the execution device no longer requires the header information verification unit, which results in a reduction in the size of the detection system circuit. In addition, verification of whether unauthorized content is included can be confirmed at the same time by verifying the signature information. [22] In the first to sixth modalities above, the DVD is just a set of encrypted content, and a piece each of signature information and header information that correspond to this set of encrypted content. However, a number of different sets of encrypted contents together with pieces of header and signature information respectively corresponding to these sets may be masked in their place. In addition, the DVD can only include a piece of signature information generated based on all pieces of header information. In addition, the DVD may include, apart from these sets of scripts, which are not required to be protected by author, for example, somerciales, an opening screen, a menu screen and the like. These free copyright protection templates can be reproduced while the verification of signature information and header information are carried out. [23] In the first to sixth modalities and modifications, when at least one of the verification of the signature information and the header information check is not successful, the runtime device may store a disk identifier to identify a DVD loaded in the acquisition unit and a pager identifier for identify a set of contents at the point of being reproduced.

When a DVD that has the same disc identifier as the engraving is loaded, the execution device provides the reproduction of the contents. As an alternative, when directed to reproduce a set of contents having the same identifier as the engraving, the ejection device aborts the reproduction of the set of pads. [24] In the above modalities and modifissions, when at least one of the verification of signature information and the verifisation of the sampled information is not successful, the shaping device aborts the reprodusion of the contents, and notifies the user that the contents are not authorized by, for example, the visual presentation of a screen of notifisation of error in the monitor. The operasional behavior taken by the shaping device at the time of the verification failure is not limited to this, and the following cases can also be considered. In addition, the following three modifications can be combined. [24-1] Both the distribution device and the execution device are conditional on the Internet. When at least one of the verification of signature information and the verification of header information is not successful, the execution device notifies the distribution device of the verifisation failure through the Internet. At this point, the execution device also sends a content identifier that indicates the content whose verifisation was not successful. The distribution device pre-stores the content identifier and a date of creation of the contents indicated by the identifier of content, assuming these two with each other. The distribution device receives the notification of verification failure and the content identifier of the translation device via the Internet. The distribution device generates reproduction permission information indicating the permission of the reproduction of the contents or the reproduction prohibition information indicating the prohibition of reproduction according to a creasing date corresponding to the received content identifier. For example, when the content identifier identifies new content less than half a year from the date of creation, the distribution device generates reproduction prohibition information. On the other hand, when the content identifier indicates old contents that have been in existence for more than half a year or more from the date of creation, the distribution device generates reprodussión permission information. Subsequently, the distribution device sends the generated reproduction permission information or reproduction prohibition information to the ejection device via the Internet, and the execution device decrypts and plays encrypted contents stored on the DVD only when it receives the permission information. of reproduction. Suppose the case that respondents have already been in the vicinity for a fixed period of time since the release and a demand for the content has been -satisfied to a certain extent, and therefore it is predicted that future sales of the contents will not to be very significant. In this case, the previous modification allows prioritizing the interests of a user who has purchased the DVD by allowing the user to view the contents. On the other hand, when the contents have been recently published or released, and future sales of the content are expected to be significant, this modification allows prioritizing the rights of a copyright owner by prohibiting reproduction. In particular, the modification is able to adjust the interests of the user and the interests of the owner of the copyright. Note that a means to decide which of the reproduction permission information and reproduction prohibition information is going to be sent is not limited to this., and that the distribution device can store, with respect to each set of contents, permission terms that reflect the intentions of, for example, the owner of the copyright of the established contents and the sales agency. [24-2] As already mentioned, a means of recording the contents is not confined to DVD but can also be an essential recording medium. Here, a memory card equipped as a volatile memory is used as an example. When the verifisation of the signature information or the header information is not successful, the ejection device erases part or all of the information of the encrypted contents recorded on the memory card. Aguí, it is possible to reliably avoid the future use of unauthorized content. - [24-3] In case the content is HD (high definition) video data, the runtime device plays the video data after converting it to SD (standard definition) if the verification is not successful. When the contents are audio data in high fidelity sound (5.1 channel), the playing device plays the audio data after converting it into audio data in standard quality sound (2 channels) if the verification is not successful.

Thus, by allowing reproduction under the condition of degrading the quality of reproduction, it is possible to adjust the user's soundness and the interests of the owner of author's interests up to a point. [25] In the second and third modalities, the ejection device reads the key block, selected encrypted position information, header information signature information, and encoded scripts while the DVD is snapped into it. However, the axing device can read only the information required to agree on the progress of the forwarding of the data by means of the acquisition unit. For example, the executing device in sonsesuencia reads: Only the key block when the DVD is loaded; the selected position information encrypted when the generation of the content key is completed and the signature information and header information when the desensiption of the selected encrypted position information is completed, and then carries out the verification of the signature information . Once verification of the signature information is complete, the execution device reads k pieces of encrypted blocks indicated by the selected position information. In the fourth mode also, only required information can be read as required in a similar way. [26] In the first mode, when the selected pieces of encrypted units are read, the reading speed can be increased by arranging the order of the reading as described below. For ease of description, it is assumed here that i = 4, and the case is considered in which four pieces of encrypted units are to be read. In an optical disc such as a DVD, a region for recording data is divided into portions, and areas in a pattern of three rings are respectively referred to as tracks. Several sectors are included in each track, and the data is read and semitor essritos per sestor. A size of a sestor is, for example, 512 bytes. In this case, pieces of the data identified for reading on the DVD can be identified using track identification numbers, sector identification numbers, or sector sizes. Figure 71 shows a configuration of the DVD 1500 and a structure of the acquisition unit 1601. The concentric areas in the figure are tracks. As shown in Figure 71, the acquisition unit 1601 has a head part (also referred to as a "capture") 1628 and a rotation axis 1629. The DVD 1500 is rotated in a left-hand direction when rotating the axis of rotation 1629. Fleshas are a dashed line in the figure without the rotation direction. By specifying a track identification number, sector identification number or sector size, the acquisition unit 1601 moves the head portion 1628 and acquires a selected piece of data for reading. In general, it is known that moving the head part 1628 to a track where a piece of data selected for its height is massed requires time. In other words, since the distance of movement on the DVD from the inside to the outer sirsunferensia or from the outside to the inner circumference increases, it takes more time to read the data. Here, four encrypted units "EU1_3", "EU3_1", "EU8_7", and "EU9_2" are read targets, and are stored in portions 1591, 1592, 1593 and 1594, respectively, on the DVD 1500. In the DVD 1500, suppose that the head part 1628 is in the location shown in Figure 71. In this case, according to the method described in the first embodiment, the acquisition unit 1601 first moves the head part 1628 to a track 1501 on which the portion 1591 exists, and reads the encrypted unit "EU1_3" recorded in the portion 1591. Then, the acquisition unit 1601 moves the knowledge part 1628 to a track 1504 and reads. the encrypted unit "EU3_1" of the 1592 portion., in a similar manner, the acquisition unit 1601 moves the head portion 1628 to a track 1502 to read the encrypted unit "EU8_7" in the portion 1593, and subsequently a track 1503 to read the unit "EU9_2" in the portion 1594. Thus, when the procedure described in the first embodiment is followed, the movement distance of the knowledge part 1628 becomes long, and as a result, it takes a long time to read all the encrypted units. Aguí, the reading order of the four encrypted units is changed in such a way that the head part 1628 always moves to the nearest track from a track in which it is located at that moment. In part, the acquisition unit 1601 compares a track number indicating a location of the head portion 1628 with sector numbers and track numbers indicating the locations of the portions 1591, 1592, 1593 and 1594 where the four encrypted units are located. stored. Then, the acquisition unit 1601 rearranges the order of the acquired sector numbers and track numbers of the four portions in such a way that the head portion 1628 takes the shortest movement distance for the reading, and has access to each portion in the order redisposed. Here, the time required for reading data can be shortened. In addition, in case the encrypted units to be read are located on the same track or on nearby tracks, the reading order can be changed based on the current location of the head part 1628 and the sector numbers indicating the portions In the suals, individual ensripted units are stored. Note that a means to optimize the order of The lesture depends on the operating attributes of the axis of rotation and the head part of the acquisition unit 1601, and therefore the optimization procedure discussed here is simply an example. For example, the optical disc rotation sonol method includes a constant angular velocity method and a constant linear velocity method, and characteristics of this method can be taken into consideration. In addition, when a hard disk is used instead of an optical disk such as a DVD, the read order can be achieved in a similar way. In the fifth and sixth modes as well, the reading speed can be improved in a similar way. This is also the case with the Modification [20] according to the second to fourth modalities. [27] In the first, fifth and sixth modes, the execution device selects i pieces of files encrypted in a random manner, and also selects an encrypted unit piece from each of the selected encrypted files. However, the selection procedure is not limited to this, and several encrypted units can be selected from an encrypted file at all times and, if the selected pieces are total to i. [28] In the first, fifth and sixth, modalities, pieces "i" of the selected encrypted units, by the execution device can be pre-set in the execution device, or they can be written on the DVD. As the number of encrypted units selected "i" becomes larger, the accuracy of the validation of whether the unauthorized listeners are included or not increased, while the processing load involved in verifying the signature information is also documented. . Thus, the number "i" of assigned units that will be selenced is recorded on the DVD, and then the execution device carries out the verification of the signature information according to "i" acquired from the DVD. Here, it is possible to reflect the intentions of the DVD producer in the verification. In addition, this technique is also applicable to select k pieces of parsial encoded in the long mode.

[29] In the first, fifth and sixth modes, the signature information is generated by applying a signature generation algorithm to a combined result formed by combining c pieces of file recast values. However, the signature information can be generated by calculating a combined recast value by also assigning the combined result to a recast function and applying the signature generation algorithm to the calculated combined recast value. [30] In the first, fifth and sixth modes, the header information is composed of recast values that have a two-layer structure. That is, the two-layer structure is formed of: unit recast values generated from respective encrypted units and file recast values generated from m units of unit recast values generated based on the same arshive. On the other hand, the signature information is stacked with c pieces of file recast values. Instead, the header information may include recast values having a three layer s strut. Speaking specifically, the header information includes i pieces of combined recasting stock. The i pieces of combined file recast values are generated by first dividing c pieces of file recast values into and pieces of groups and by individually assigning combined results, which are formed by combining file recast values with respect to each group , to a recast function. In this case, the signature information is generated using the i pieces of recast arsenic values. Thus, by increasing the number of layers in the structure, it is possible to reduce the information that will be read from the DVD. [31] As described in the fifth mode, it sometimes happens that a playback-order arshivo that shows the playback order of the snoozes is stored on a DVD. In this case, the DVD may include signature information for the playback order file. Here, as described in the fifth mode, even if a third person is unauthorized, it leads to the addition or replacement of unauthorized content and falsifies the order file. of reproduction, the falsification will be detected when verifying the signature information of the reproduction order file, and therefore the unauthorized contents will not be reproduced. [32] In the third embodiment, the total pieces of representative total contents that the selection unit 3105 of the distribution device 3100 selects from a set of sonnets are (k x x) pieces. In this case, it is possible to design and designate that all the pieces of parsial stencils will be seleed at least once as a piece of representative partial contents. Here, in case that part of the contents entered in the DVD replaced, it is possible to increase the detection accuracy of the unauthorized content. [33] In the first, fifth and sixth modes, the distribution device writes the unit capture information on the DVD. Instead, the distribution device can write, on the DVD, encrypted unit capture information generated by encrypting the unit capture information with the use of the content slave. In addition, in the soft mode, the distribution device writes the content position information on the DVD. Instead, the distribution device can write, on the DVD, position information of encrypted contents generated by encrypting the content position information with the use of the content key. [34] In the first to sixth modes and modifications, unit recast values are calculated by assigning respectively encrypted units to a recast function, while partial recast values are calculated by assigning respectively parts of partial contents to the recast function. recast function. However, each of the unit recast values can be calsulated from a result set formed by the name of an identifier that corresponds to an encrypted unit, a piece of identification information and the encrypted unit. In a similar way, each of the parellial recast values can be salted from a combined result formed by combining an identifier that corresponds to a piece of parsial contents, a piece of identifission information and the piece of parsial pads. [35] In the fifth modality, the data size of the fill blanks that will be generated is the same as the fill capacity. However, the data size is not limited to this as long as the data size can make the free space left on the DVD small enough. [36] In the first to sixth modes, the execution device plays the contents by sending the video and audio signals to the external monitor. However, the execution device may have this monitor integrated.

[37] Part or all of the components that constitute the individual devices above can be assembled as a single LSI (Large Scale Integration) system. The LSI system is an ultra-multifunctional LSI produced by integrating several somponents on a ship, and more specifically, it is a computer system composed of a microprocessor, ROM, RAM and the like. A program of somputadora is soured in the RAM. The microprocessor works according to the computer program, and in this way the LSI system achieves its function. As an alternative, a single component can be built into an individual integrated system. Although it is referred to in the present LSI system, it can also be referred to as IC, LSI, super LSI and ultra LSI, depending on the degree of integration. In addition, the method for assembling integrated circuits is not limited to LSI, and a dedicated co-soldering circuit or a general-purpose processor can be used to accomplish this. An FPGA (Programmable Gate Provision by Field), which is programmable after the LSI occurs, or a reconfigurable processor, which allows reconfiguration of connection and establishment of circuit cells within the LSI, can be used. [38] The present invention can be a method to achieve the system of detection of unauthorized content described above. The present invention can be a computer program that achieves the method by means of a computer, or it can be a digital signal representing the computer program. The present invention can also be achieved by a recording medium readable by a computer, such as a flexible disk, a hard disk, a CD-ROM (Compact Disk-Memory Read Only), MO disk (Magneto-Optical), a DVD, a DVD-ROM (Digital Versatile Disk-Read Only Memory), a DVD-RAM (Digital Versatile Disk-Random Access Memory), a BD (Blu-ray Disc), or a semisodrive memory, in the sual the computer program or digital signal mentioned above is recorded. The present invention may also be the computer program or the digital signal recorded on this means of masking. The present invention may also be the program of a digital signal or transmitter that will be transmitted through networks, such as those represented by telecommunications, wireline / wireless communications, and the Internet, or by means of data transmission. The present invention can also be a computer system having a microprocessor and memory, wherein the memory stores the computer program and the microprocessor operates in accordance with the computer program.

The computer program or digital signal can be recorded in the previous storage medium and transferred to a separate computer system, or alternatively, it can be transferred to a separate computer system through the network mentioned above. Afterwards, the independent computer system can execute the computer program or digital signal. [39] The present invention includes a structure in which two or more of the above embodiments and modifisions are combined.

INDUSTRIAL APPLICABILITY The present invention is operatively applicable, continuously and repeatedly, in industries that produce, sell, transfer and use contents, and also in industries that manufacture, sell and use various electronic devices for reprodussing, editing and resurfacing of sonnets. It should be noted that in relation to this date, the best method known by the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention.

Claims (15)

CLAIMS Having described the invention as above, the content of the following claims is claimed as property:

1. A data processing device for using a digital job recorded in a recording medium that also has (i) recorded a plurality of register sompendio values generated from a plurality of data blocks that constitute the digital work and (ii) ) generated record signature data are based on some or all of the plurality of record compendium values therein, characterized in that it comprises: a unit of use that functions to use the digital work; a selection unit operating to randomly select a predetermined number of data blocks from the plurality of data blocks; a calculation unit that works to save a calculation value with respect to one of the selected data blocks; a reading unit that functions to read remaining register digest values, each of which corresponds to one of the unselected data blocks, from among the plurality of register digest values; a signature verification unit that functions to verify whether the digital work is valid using the registration signature data, the calculation digest values and the remaining record digest values; and a use control unit that operates to stop the unit of use from using the digital work no longer when the signature verification unit judges the digital work to be invalid.

The data processing device according to claim 1, characterized in that the plurality of register digest values include a plurality of primary register digest values, each of which is generated for one of the plurality of blocks data, and a plurality of secondary register digest values generated from two or more of the plurality of primary register digest values, and the registration signature data may be generated by carrying out a digital signature in the plurality of secondary record compendium values, the reading unit reads the remaining record compendium values from among the plurality of primary record compendium values, and the signature verification unit verifies the validity of the digital work by calculating one or more secondary calculation compendium values based on de-calculation compendium values and reg compendium values istro remaining, and carrying out a digital signature verification with the use of the registration signature data, the plurality of secondary record compendium values and the secondary cluster compendium values.

3. The device for processing the data is the claim 2, sarasterized because the digital work includes a plurality of arshivos, each of which corresponds to one of the plurality of values of record of secondary record and is replaced by two or more of the plurality of data blocks, one of the plurality of secondary register sompendium values is generated using primary register digest values corresponding one by one to two or more of the plurality of data blocks that constitute a file corresponding to the secondary register digest value, the signature verification unit includes: a primary lesion subunit that operates to read the registration signature data of the recording medium; a calculation subunit that functions to calculate a secondary calculation compendium value, with respect to each file that includes at least one of the selected data blocks, by using primary record digest values corresponding to the data blocks not selected insulated in the file and the values of cluster compendium that correspond to the blocks of selected data; a secondary subunit of lestura that functions to read, with respect to each file that includes none of the selected data blocks, a secondary record compendium value that corresponds to the file; a signature subunit that functions to generate calculation signature data by carrying out the digital signature with the use of the salsulated secondary calculation compendium values and the secondary record digest values read; and a comparison subunit which functions to compare the signature data of the particle and the signature data of the record, and the signature verification unit verifies that the digital work is valid by suing the signature data of the signature and the signature data. of registration are made to each other, and judges that the digital work is not valid when the calculation signature data and the registration signature data are not formed to each other.

4. The data processing device according to claim 3, characterized in that the plurality of register digest values are recast values each generated by a recast function, the calender digest values salched by the calculation unit are values recastings when the recast function is applied to each of the selected data blocks, and the secondary calculation summarization values calcined by the sub-unit of the reagent are calculated recast values when the recast function is appended to the summarization values of primary records that correspond to the unselected data blocks and the calculation digest values.

5. The data processing device according to claim 3, characterized in that the digital work is digital detente, and the use unit uses the digital content when reproducing the digital sondeidos.

6. The device for processing the data of the system is claim 3, characterized in that the digital work is a computer program, and the unit of use uses the computer program by decrypting instruction codes that constitute the program of the computer and operating the computer. according to the decrypted codes.

7. The compliance data processing device is claim 3, characterized in that it comprises, in place of the usage control unit: a warning display unit that functions to present 'visually, when it is judged that digital work it is not valid, a notification of invalidity of digital work.

The data processing device according to claim 1, characterized in that the recording medium further has engravings (i) filling contents having a data size adjusted in such a way that the capacity of free space in the medium of recording becomes a predetermined or lower value, and (ii) signature data. generated on the basis of part or all of the digital work and the filler contents, the data processing device also comprises: a verification unit that works to verify if the digital work and the fillings are valid using the work digital, the fillings and the signature data, and the use sontrol unit works to stop the unit of use from using the digital work no longer using the verification unit to judge that at least one of the digital work and the Stuffed padding is not valid.

9. The device for processing the data of the sonification is claim 1, characterized in that the recording medium also has engravings (i) area information indicating a permitted access area, in the recording medium, that an external device has permission to have access and (ii) signature data generated based on part or all of the digital work and area information, the data processing device also includes: an access prohibition unit that works to prohibit the asseso to areas that are not the permitted access areas based on the area information; and a verification unit that works to verify if the digital work and the area information are valid using the digital work, the area information and the signature data, and the use control unit works to stop the use unit. so that digital work is no longer used when the verification unit judges that at least one of the digital work and the area information is not valid.

10. The data processing device according to claim 1, characterized in that the selection unit, the calculation unit, the reading unit and the signature verification unit are assembled together in a single large-scale integration.

11. An expensive recording medium because it has' recorded in it: a digital work; a plurality of sompendio values generated from a plurality of data blocks that soristituyen digital work; and signature data generated based on the plurality of compendium values.

12. A method of processing data to use a digital work recorded in a recording medium that also has recorded (i) a plurality of register digest values generated from a plurality of data blocks that constitute the digital work and (ii) registration signature data generated based on some or all of the plurality of record compendium values therein, characterized in that it comprises the steps of: (a) using digital work; (b) randomly selecting a predetermined number of data blocks of the plurality of data blocks; (c) calculating a cauldron compendium value with respect to each of the selected data blocks; (d) reading remaining register sompend values, for example one of the supersresponds to one of the unselected data blocks, among the plurality of register digest values; (e) verify if the digital work is valid using the registration signature data, the calculation sompend values and the remaining record digest values; and (f) stopping step (a) when it is judged that the digital work is not valid in step (e).

13. A data processing program for using a digital work recorded on a recording medium which also has recorded (i) a plurality of register digest values generated from a plurality of data blocks constituting the digital work and (ii) registration signature data generated based on some or all of the plurality of register sompend values therein, characterized in that it comprises the steps of: (a) using digital work; (b) randomly selecting a predetermined data block number from the plurality of data blocks; (c) calculating a calculation compendium value with respect to each of the selected data blocks; (d) reading remaining register sompend values, one of the supers corresponds to one of the unselected data blocks, among the plurality of register sompend values; (e) verify if the digital work is valid using the registration signature data, the calculation digest values and the remaining record digest values; and (f) stopping step (a) when it is judged that the digital work is not valid in step (e).

14. The data processing program according to claim 13, characterized in that it is recorded in a computer-readable recording medium. "15. The data processing program in accordance with claim 13, characterized in that it is to be transmitted and supported by means of telecommunications.