WO2005109747A1 - 情報処理装置 - Google Patents

情報処理装置 Download PDF

Info

Publication number
WO2005109747A1
WO2005109747A1 PCT/JP2005/007855 JP2005007855W WO2005109747A1 WO 2005109747 A1 WO2005109747 A1 WO 2005109747A1 JP 2005007855 W JP2005007855 W JP 2005007855W WO 2005109747 A1 WO2005109747 A1 WO 2005109747A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
aic
data
authentication
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2005/007855
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Satoshi Kitani
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Priority to US11/596,006 priority Critical patent/US7984499B2/en
Publication of WO2005109747A1 publication Critical patent/WO2005109747A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00166Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software
    • G11B20/00173Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software wherein the origin of the content is checked, e.g. determining whether the content has originally been retrieved from a legal disc copy or another trusted source
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/0042Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the copy protection scheme being related to a specific access protection standard
    • G11B20/00449Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the copy protection scheme being related to a specific access protection standard content scrambling system [CSS]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00731Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
    • G11B20/00746Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number
    • G11B20/00753Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific number wherein the usage restriction limits the number of copies that can be made, e.g. CGMS, SCMS, or CCI flags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to an information processing device, an information processing method, and a computer program. More particularly, the present invention relates to an information processing apparatus, an information processing method, and a computer program for preventing unauthorized use of content.
  • a drive that drives an information recording medium (disc) and a device that integrates a reproduction Z recording processing function are used.
  • a content 'scramble system (CSS: Content Scramble System) is adopted.
  • CCS Content Scramble System
  • video data, audio data, and the like are encrypted and recorded on a recording medium, for example, a DVD-ROM (Read Only Memory), and a key used for decrypting the encrypted data.
  • a recording medium for example, a DVD-ROM (Read Only Memory)
  • a key used for decrypting the encrypted data to the licensed player only. Licenses are granted only to players that are designed to comply with prescribed operating rules, such as not copying illegally. Therefore, the licensed player can reproduce images and sounds by decrypting the encrypted data recorded on the information recording medium using the given key.
  • the content scramble system provides a system that allows only a player having a valid license to use the content.
  • this content 'scramble system has a problem in that it is not possible to reliably eliminate illegal use of content.
  • illegal use of contents can be performed in a process of outputting the content to an information processing device such as a PC and reproducing the content even with a drive card equipped with an information recording medium.
  • FIG. 1 shows an example of data stored on an information recording medium storing content employing a content scramble system (CSS), and a process of a playback device (player).
  • CSS content scramble system
  • player a playback device
  • the information recording medium 10 shown in FIG. 1 is, for example, a DVD video disk.
  • the information recording medium 10 has an encrypted disc key (Secured Disc Key) 11 and a title corresponding to the content stored in the information recording medium 10. And encrypted scrambled MPEG data 13 as scrambled content based on the CSS method.
  • a decryption process is performed on the encrypted Secured Disc Key 11 to obtain a disk key, and the encrypted key is obtained from the information recording medium 10 by applying the disk key obtained in step S12.
  • step S12 Execute the MPEG decoding process to reproduce the audio Z video data 25.
  • steps S31 and S41 shown between the drive 30 on which the information recording medium is mounted and the player application 40 on the host side mutual authentication and key sharing (AKE: Authentication and Key Exchange) are performed.
  • the mutual authentication process is executed according to, for example, an algorithm according to a public key cryptosystem.
  • a session key is generated, and the drive 30 and the player application 40 on the PC side share the session key.
  • step S32 the drive 30 executes re-encryption of the encrypted disk key 11 obtained by applying the session key to the information recording medium 10 and transmits the re-encrypted disk key 11 to the player application 40.
  • step S33 the encrypted title key 12 obtained by applying the session key to the information recording medium is re-encrypted and transmitted to the player application 40.
  • the drive 30 and a PC as an execution device of the player application 40 are connected by a connection bus, for example, an ATAPI-BUS, and the encrypted key information is transmitted via the connection bus to the player application 40 of the host (PC). Sent to.
  • the drive 30 obtains the information recording medium power, and transfers scrambled MPEG data 13 which is scrambled content based on the CSS method to the connection between the drive and the PC. Output to the PC via the connection bus.
  • step S42 the player application 40 on the PC side decrypts the re-encrypted data with the session key of the encrypted disk key 11 received from the drive 30 using the session key to generate the encrypted disk key 11.
  • step S43 the re-encrypted data using the session key of the encrypted title key 12 received from the drive 30 is decrypted to obtain the encrypted title key 12 in step S43.
  • steps S51 to S55 are the same as the processes (Sll to S14) described above with reference to FIG.
  • FIG. 3 is a flowchart showing processing on the drive side in the processing shown in FIG. 2. If it is determined in step S61 that the information recording medium (disk) has been inserted, in step S62, mutual authentication and key sharing (ARE: Authentication and Key sharing) with the host, ie, the PC executing the player application 40 shown in FIG. Exchange).
  • ARE Authentication and Key sharing
  • Step S63 If the mutual authentication and key sharing (AKE) succeed (Step S63: Yes), the state is shifted to a state in which the output of the CSS scramble data, which is the storage content of the information recording medium attached to the drive, is permitted. The output permission state of the scrambled data is continued until the information recording medium is ejected or the power is turned off.
  • the drive is set to a state in which CSS scramble data output is not permitted, and mutual authentication with the content output destination device is not performed.
  • the state in which the output of the CSS scramble data is permitted is set, and this output permitted state is continued until the information recording medium is ejected or the power is turned off.
  • Unauthorized use of the content shown in FIG. 4 may occur due to such an allowable state of content output from the drive.
  • FIG. 4 (1) shows an example of a bypass use of content by switching an application on the host side such as a PC which is a destination of content output from the drive.
  • step S71 the regular player abso- lution between the drive 50 on which the information recording medium is mounted and the host (PC) 60 is performed. Perform mutual authentication between the cases. With the establishment of this mutual certification, drive 50
  • step S72 drive 50-power audio Z-video including CSS scramble data
  • step S73 the application is switched and CSS descrambling software is applied to execute descrambling processing of the CSS scramble data stored in the hard disk.
  • Such processing enables descrambling, and the descrambled plaintext content can be used without any restriction.
  • the process shown in FIG. 4 (2) is performed by a connection bus between the host (PC) and the drive, for example, an ATAPI-BU
  • step S81 the mutual connection between the drive 50 on which the information recording medium is mounted and the regular player application of the host (PC) 60 is established. Perform authentication, and acquire and play back content.
  • the content is input as CSS scramble data via a connection bus between the host (PC) and the drive, for example, an ATAPI-BUS.
  • step S82 the host 60 executes monitoring of the connection bus between the host (PC) and the drive, and stores the data obtained by the monitoring, that is, the CSS scramble data on the node disk.
  • step S63 CSS descrambling processing is performed on the CSS scrambled data stored in the hard disk by applying CSS descrambling software.
  • the descrambled contents can be obtained by such processing, and the descrambled plaintext contents can be used without any restriction.
  • the current content scramble system cannot reliably eliminate illegal use of content.
  • there is a problem that illegal use of content is likely to occur when outputting content to a data processing device such as a PC and playing it back, as described above. I do.
  • the present invention has been made in view of the above-described problems, and in a process of reproducing or recording content accompanied by data transfer between two different devices such as a drive and a host, a device that performs data transfer is used. It is an object of the present invention to provide an information processing apparatus, an information processing method, and a computer program that enable elimination of illegal use of content by strictly determining the validity of a public key certificate applied to mutual authentication. The purpose.
  • the first aspect of the present invention provides:
  • An information processing device An information processing device,
  • a certificate storage unit for storing an authorized device certificate
  • An authentication execution unit that executes a device authentication process and executes a process in which the certified device certificate is applied in the authentication process;
  • a force value storage unit that counts the number of times of authentication performed via the authentication execution unit and stores the count value
  • the authentication execution unit determines that the authentication number count value has reached a preset authentication number upper limit value.
  • the information processing apparatus is characterized in that the authentication processing is executed on condition that the authentication processing is performed.
  • the information processing apparatus further includes an authentication count value stored in the count value storage unit being set to a preset authentication count upper limit value. Reach! In the case where the authentication device certificate is obtained, the update device is configured to execute an update process of the authorized device certificate stored in the certificate storage unit by acquiring the authorized device certificate via the communication unit. I do.
  • the information processing apparatus performs the authentication count count value of the count value storage unit in accordance with the update processing of the authorized device certificate by the update execution unit. Characterized in that the reset processing is executed.
  • the information processing apparatus executes the acquisition of the authorized device certificate by the update execution unit as a process of acquiring a server connected via a network. Characterized in that
  • the update execution unit executes a validity confirmation process on the authorized device certificate acquired from an external device, and And an update execution unit for executing an update process of the certified device certificate stored in the certificate storage unit when the authenticity is confirmed.
  • the information processing apparatus may be configured such that when the count of the number of authentications reaches a preset upper limit of the number of authentications, Is configured to execute a notification process for.
  • the information processing device is characterized in that the information processing device transmits at least a part of certificate data of a certificate acquired by the update execution unit to an external force. It is characterized in that it is configured to output to the drive as certificate data to be stored in the drive as the authentication processing partner.
  • the information processing apparatus is characterized in that the certificate data stored in the drive is a certificate including data to be applied to the comparison of an old and new certified device certificate.
  • the information processing apparatus The data to be applied to the comparison between the old and new certified device certificates is the sequence number recorded in the certified device certificate, the number of registered devices, or the number of invalid (revoked) devices. I do.
  • a second aspect of the present invention provides:
  • An information processing method comprising:
  • the information processing method further includes a process of increasing the authentication count value stored in the storage unit with completion of the authentication step. Is performed.
  • the information processing method further includes the step of setting the authentication count value stored in the count value storage unit to a predetermined authentication count upper limit value. Reach! In this case, the method has a renewal step of executing a process of acquiring a certified device certificate via the communication unit and performing a process of updating a certified device certificate stored in the certificate storage unit. .
  • the authentication number count value of the count value storage unit is updated.
  • a reset process is performed.
  • the acquisition of the authorized device certificate in the updating step is performed as an acquisition process from a server connected to a network.
  • the updating step executes a validity confirmation process of an authorized device certificate acquired from outside, and when the validity is confirmed, the certification is performed. And updating the authorized device certificate stored in the certificate storage unit.
  • the information processing method may further include a step of providing the user with an authentication number count value when the authentication number count value reaches a preset authentication number upper limit value. A notification process is performed.
  • the information processing method may further include, in the updating step, authenticating at least a part of the certificate data of the certificate that has also been acquired by an external force. Outputting the certificate data to the drive as certificate data to be stored in the drive as the processing partner.
  • the certificate data stored in the drive is a certificate including data to be applied to comparison of new and old certified device certificates.
  • the data applied to the comparison between the new and old certified device certificates is a sequence number recorded in the certified device certificate, the number of registered devices, or invalid. (Revoked) It is characterized by any data of the number of devices.
  • a third aspect of the present invention provides:
  • the computer program of the present invention is, for example, a recording medium or a communication medium provided in a computer-readable format to a computer system capable of executing various program code, such as a CD or FD. It is a computer program that can be provided by a recording medium such as an MO or a communication medium such as a network. By providing such a program in a computer-readable format, processing according to the program is realized on the computer system.
  • system refers to a logical set of a plurality of devices, and is not limited to a device in which each component is located in the same housing.
  • the configuration of the present invention is applied to the mutual authentication of the public key cryptosystem executed when the content is transferred from the source (source) device to the receiving (sink) device between the connected devices.
  • Apply a certified device group certificate to judge the validity of the public key certificate of each device.
  • the number of registered devices in the certified device group list (registration list), which is set as a set of certified device group certificates, indicates whether the number of devices is invalid (revoke).
  • the ADGL information certificate (AIC) that sets the registration data as the registration data is applied, and the registration with a large number of registered devices is regarded as new, or the number of invalid devices is large!
  • an authorized device group list stored in the information processing device as appropriate. Configuration to execute the update process Therefore, it is possible to update the storage list of the information processing device that executes the recording process at any time when the content is reproduced.
  • FIG. 1 is a diagram illustrating a conventional playback sequence of content stored on an information recording medium.
  • FIG. 2 is a diagram illustrating a playback sequence of drive output content in a conventional information processing apparatus.
  • FIG. 3 is a flowchart illustrating a content output sequence from a drive.
  • FIG. 4 is a diagram illustrating an example of illegal use of content in a conventional processing configuration involving content transfer between host drives.
  • FIG. 5 is a diagram illustrating data stored in an information recording medium of the present invention.
  • FIG. 6 is a diagram illustrating a configuration of data stored in an information recording medium of the present invention.
  • FIG. 7 is a diagram illustrating the configuration of sector data and sector header as storage data of the information recording medium of the present invention.
  • FIG. 8 is a diagram illustrating details of output control information recorded in a sector header of the information recording medium of the present invention.
  • FIG. 9 is a diagram illustrating a processing sequence of a playback device that reads and plays back content stored in an information recording medium.
  • FIG. 10 is a diagram for explaining a key generation process according to an AES encryption algorithm executed in reproducing content stored on an information recording medium.
  • FIG. 11 is a diagram illustrating a data decryption process in accordance with an AES encryption algorithm, which is executed in reproducing the content stored on the information recording medium.
  • FIG. 12 is a diagram for describing data stored in an information recording medium, a drive, and an information processing device.
  • FIG. 13 is a diagram illustrating the data structure and type of a certificate.
  • FIG. 14 is a diagram for describing a data configuration of a public key certificate.
  • FIG. 15 is a diagram illustrating the data structure of an authorized device group certificate (ADGC) and an authorized group list (ADGL).
  • ADGC authorized device group certificate
  • ADGL authorized group list
  • FIG. 16 is a diagram illustrating a data structure of an ADGL information certificate (AIC).
  • FIG. 17 is a diagram illustrating certificates stored in an information recording medium, a drive, and an information processing device.
  • FIG. 18 is a diagram illustrating a registration information update process based on an ADGL sequence number.
  • FIG. 21 is a diagram illustrating a detailed sequence of a registration information update process based on AIC data.
  • FIG. 22 is a diagram illustrating a detailed sequence of a registration information update process based on AIC data.
  • FIG. 23 is a diagram illustrating a communication sequence between an information recording medium, a drive, and an information processing device in a process of updating registration information based on AIC data.
  • FIG. 24 is a diagram illustrating registration information update processing, mutual authentication, and a content playback sequence in content playback involving content transfer between a drive and an information processing device.
  • FIG. 26 is a diagram illustrating an encryption / decryption processing configuration based on a content bus key: Kbus executed by the drive.
  • FIG. 27 is a diagram illustrating a decryption processing configuration based on a content bus key: Kbus executed by the information processing device.
  • FIG. 28 is a flowchart illustrating a processing sequence executed by a drive in a reproduction process involving content transfer to a host.
  • FIG. 29 is a flowchart illustrating a processing sequence executed by the host in a reproduction process involving content transfer to the host.
  • FIG. 33 is a diagram illustrating a count process of the number of authentication processes in a host and an ADGL acquisition process based on the count value.
  • FIG. 34 is a flowchart illustrating a process of counting the number of authentication processes performed by a host and a process of acquiring an ADGL based on the counter value.
  • FIG. 35 is a flowchart illustrating a count process of the number of authentication processes in a host and an ADGL acquisition process based on the count value.
  • FIG. 36 is a flowchart illustrating a count process of the number of authentication processes in the host and an ADGL acquisition process based on the counter value.
  • FIG. 37 is a diagram showing a configuration example of an information processing device as a host of the present invention.
  • FIG. 38 is a diagram showing a configuration example of an information processing device as a drive according to the present invention.
  • FIG. 5 shows an example of an information recording medium storing contents.
  • This disc is, for example, an information recording medium such as a Blu-ray disc, DVD, etc., and has a legitimate content copyright or distribution right.
  • a disk-type medium will be described as an example of the information recording medium, but the present invention can be applied to various aspects of the information recording medium.
  • the information recording medium 100 includes a data storage area 101 for storing data such as content, additional information corresponding to a disc and stored content, key information applied to content decryption processing,
  • the device has a lead-in area 102 for storing devices for executing content reproduction and recording processing, that is, for storing registration information of hosts such as drives and PCs, host applications, and the like.
  • the data storage area 101 includes an encrypted (scrambled) content 111 and a unit key that is a recording seed (REC SEED) as information necessary for generating a key applied to a process of decrypting the encrypted content.
  • Generation information Vul 12 is stored. Note that the scramble process is an aspect of the encryption process, and in this specification, the expression “encryption content” is used as a superordinate concept of the scramble content.
  • the encrypted content 111 is stored in the data storage area 101 of the information recording medium 100 in a state where the encrypted content 111 is divided into predetermined unit units and encrypted by applying a unit key associated with the unit.
  • Unit key generation Information: Vull2 is information applied to the generation of each of these unit keys, and is called seed information.
  • ROM mark Vel 14 is also called a physical index and is fixed information that cannot be rewritten.
  • encryption key information 120 is further stored.
  • the encryption key information 120 is applied to the decryption processing of the encrypted content 111 stored in the data storage area 101 of the information recording medium, similarly to the above-described unit key generation information: Vul12 and ROM mark: Vel14. It consists of key information (key generation information) for generating a key.
  • a media key set as a key corresponding to the content stored on the information recording medium an encryption key required to acquire Km
  • An RKB (Renewal Key Block) 121 which is a block
  • a disk key: Kd as a key applied to the decryption processing of the encrypted content 111
  • a media key: Km an encrypted disk key EKm ( Kd) 122.
  • EKa (b) indicates data obtained by encrypting data: b with a key: Ka.
  • An RKB (Renewal Key Block) 121 is an encryption key block generated based on a tree-structured key distribution method known as one mode of the broadcast encryption method, and is used for information recording. Content playback using medium Z Holds a valid license to execute recording.
  • Media key An encryption key block that can acquire Km by decryption processing using a device key distributed to an information processing device as a user device. is there. By changing the configuration data of the encryption key block: RK B, it becomes possible to select the user devices that can acquire the media key: Km.
  • the management center determines that the device (user equipment or playback abbreviation) that executes content playback Z recording is unauthorized, it changes the configuration of the RKB and changes the media key: Km of the unauthorized device. It becomes possible to make acquisition impossible.
  • a device determined to be unauthorized is registered in the management center as a revoked (invalid) device.
  • the management center holds the device registration information and updates it as appropriate.
  • registration information 130 is stored.
  • the registration information 130 is a device that executes content reproduction or recording processing, that is, information for determining the validity of a public key certificate such as a host such as a drive or a PC or a host application, that is, a device.
  • ADGC Authorized Device Group Certificate
  • ADGC Authorized Device Group Certificate
  • AIC ADGL Information Certificate
  • ADGL information certificate AIC
  • ADGL authorized device group list
  • ROM mark Vel4
  • the encryption key information 120 may be stored in the data area 101, which is not necessarily stored in the lead-in area 102.
  • the registration information of the authorized device group certificate is used to determine the validity of this public key certificate.
  • the Authorized Device Group Certificate will be updated as needed as device registration information changes, and new versions will be issued as needed.
  • the invalid device is invalidated based on the false recognition that the already invalidated (revoked) device is a valid device. In such a case, a situation occurs in which the content is output to the user.
  • ADGC newer certified device group certificate
  • AIC ADGL information certificate
  • FIG. 6A shows a data recording configuration stored in the information recording medium.
  • 18 bytes of user control data (UCD: User Control Data) and 2048 bytes of user data (User Data) including actual AV content data are configured as one sector data.
  • UCD User Control Data
  • User Data User Data
  • data of 6144 bytes for three sectors of user data is set as one unit (1AU: Aligned Unit) as one block cipher processing unit, that is, as a block.
  • 6144 bytes of data are equivalent to a 32TS (Transport Stream) packet.
  • the setting unit of the block is not limited to the method of using 6144 bytes of data for 3 sectors, but various settings are possible, such as the method of setting 2048 bytes of data for 1 sector as one encryption processing unit, that is, a block. It is.
  • copy control information CCI Copy Control Information
  • the 18-byte user control data (User Control Data) is removed from the encryption target, and only the user data is encrypted and recorded.
  • FIG. 7 shows a configuration of one sector data.
  • One sector data consists of 18 bytes of user control data (UCD) and 2048 bytes of user data (User).
  • User control data (UCD: User Control Data) is also called a sector header, and output control information (Output Control Information) 151 for each sector is recorded in a part of the header.
  • the output control information 151 is transfer control information of the corresponding sector data (user data), for example, a bus which is output control information to an information processing apparatus such as a drive power host (PC) mounted with an information recording medium. This is set as information including the protection flag (Bus Protection Flag).
  • FIG. 8 shows a detailed configuration of output control information 151 recorded in user control data (UCD: User Control Data).
  • the output control information 151 is recorded in 1-byte (8-bit) data of user control data (UCD: User Control Data).
  • Bits 6 to 0 are a reserved area
  • One bit of bit 7 is set as a bus protection flag.
  • Bus Protection Flag 0: No output limit
  • bus encryption is an encryption process executed at the time of content transfer between the drive and the host, and will be described later in detail.
  • the first mode is a mode in which a device that mounts an information recording medium and executes data reading of the information recording medium itself performs a reproducing process
  • the second mode is a mode in which data is read from the information recording medium.
  • the drive that executes the playback and the playback processing device such as the host (PC) that executes the playback process are configured as separate devices, and the drive device and the playback processing device are connected by a data transfer bus, and are connected via a connection bus.
  • the reproduction process is performed by executing the transferred data.
  • the drive / playback apparatus 300 is an information recording medium 200 storing the encrypted content 206. And perform various encryption processes such as data reading, key generation, and content decryption, and output the content.
  • the information recording medium 200 is applied to the various types of information described above with reference to Fig. 5, that is, the mutual authentication and key exchange processing (AKE: Authentication and Key Exchange) according to the public key encryption method.
  • Information 201 as a registered device list for performing encryption, a media key: RKB202 as an encryption key block storing Km, a disk key: Kd, an encryption disk key encrypted with a media key: Km: EKm (Kd) 203, ROM mark: Ve204, unit key generation information: Vu205, and encrypted content 206 are stored.
  • step S101 the drive / playback apparatus 300 executes decryption processing of the RKB202 as an encryption key block by applying the device key: Kdev301 stored in the apparatus in advance, and obtains the media key: Km from the RKB202 power.
  • the media key: Km can be obtained from the RKB 202 only by a device authorized to use the content, and the device key of the device revoked as an unauthorized device cannot decrypt the RKB as described above.
  • Media Key Can't get Km.
  • step S101 If the media key: Km is successfully obtained in step S101, then, in step S102, the obtained media key: Km is applied, and the encrypted disk key obtained from the information recording medium 200: EKm (Kd ) Execute the decryption process of 203 and obtain the disk key: Kd.
  • step S103 a key generation process based on the obtained disk key: Kd and the ROM mark: Ve204 obtained from the information recording medium 200, for example, a key generation process according to the AES encryption algorithm, is executed.
  • Bedded Key Generate Ke.
  • an AES encryption process is performed by applying an encryption key to an input value in an AES encryption processing block 311. This is a process to output the exclusive OR (XOR) operation result.
  • XOR exclusive OR
  • step S103 of FIG. 9 a key generation process is performed in which the input value is the ROM mark acquired from the information recording medium 200: Ve204, and the applicable key is the disk key: Kd, and the key value is output.
  • Embedded Key Get Ke.
  • step S104 a key generation process based on the obtained embedded key: Ke and the unit key generation information: Vu205 obtained from the information recording medium 200 is executed to generate a utkey key: Ku. I do.
  • This key generation process is also executed as a key generation process according to the AES encryption algorithm described with reference to FIG. Vu205 has the ability to define individual values for individual units of multiple units via the file "Unit-Key-Gen-Value, inf". The description of one of the units will be continued here.
  • step S105 the decryption processing of the encrypted content 206 to which the generated unit key Ku is applied is executed, and the content is output.
  • the encrypted content 206 is stored in the information recording medium 200 after being encrypted in block units of a predetermined data unit. As shown in FIG. 11, for example, sector data of 6144 bytes is encrypted for each 16-byte block.
  • the procedure of the decoding process will be described. First, the leading 16-byte data of the 6144-byte sector data is obtained, and the AES key generation processing block [AES-G] 321 executes the key generation processing according to the AES encryption algorithm. This is similar to the processing described above with reference to FIG.
  • the output of the AES key generation processing block 321 is set as a block key: Kb, and the next 16-byte data is decrypted in the AES decryption processing block [AES-D] 322 by applying the block key: Kb.
  • a block key: Kb is applied using an exclusive OR (XOR) result of the second 16-byte data of the sector data and the initial value: IVa as an input.
  • the same process is repeatedly executed to obtain the decoded sector data 323.
  • the initial value: IVa is a preset constant. IVa may be set, for example, as a value that can be obtained from user control data or user data corresponding to sector data.
  • the unit key: Ku is applied to execute the decryption process in block units, and the decrypted content is output.
  • the configuration of the present invention realizes secure data transfer even in a configuration in which content input / output is performed between a drive in which such an information recording medium is mounted and a host device such as a PC connected via a bus. It is possible to prevent illegal use of contents.
  • Each of the drive 400 and the host 500 stores a public key certificate (PKC: Public Key Certificate) storing a public key according to a public key cryptosystem and a secret key (KS).
  • PKC Public Key Certificate
  • the drive 400 holds a public key certificate (PKC-D) 403 and a private key (KS-D) 402 of the drive
  • the host 500 holds a public key certificate (PKC-H) corresponding to the host. ) 503, holding the private key (KS-H) 502.
  • the information recording medium 200, the drive 400, and the host 500 are provided with an ADGL information list (AIC: ADGL Information List) as a device count data certificate. )have. That is, the information recording medium 200 has AIC-DISC251, the drive 400 has AIC-D411, and the host 500 has AIC-H511.
  • the information held in the information recording medium is shown as (one DISC), the information held in the drive is shown as (-D), and the information held in the host is shown as (-H).
  • the information recording medium 200 and the host 500 are further certified as a set of certified device certificates.
  • Stores a fixed device group list (ADGL: Authorized Device Groop List). That is, the information recording medium 200 stores ADGL-DISC252, and the host 500 holds ADGL512.
  • the Authorized Device Group List (ADGL) is a collective list of multiple Authorized Device Group Certificates (ADGCs).
  • the data shown in FIG. 12 is held in the information recording medium as recording data in a data recording area or a lead-in area, and the drive 400 and the host 500 are held in nonvolatile memory.
  • PLC Public key certificate
  • ADGC Certified Device Group Certificate
  • ADG U Certified Device Group List
  • FIG. 13 (a) shows the common configuration of each certificate
  • FIG. 13 (b) is a diagram for explaining the correspondence between the type information set for each certificate and the certificate.
  • Each data is stored.
  • PLC Public key certificate
  • the certificate data includes public key certificate (PKC), authorized device group certificate (ADGC), and ADGL information certificate (AIC) data corresponding to each certificate. Is stored.
  • Electronic signature is an electronic signature of the management center as an issuing entity of each certificate, that is, signature data generated by applying the private key of the management center. This is signature data generated by applying the secret key of the management center to the type (Certificate Type) and (b) the certificate data (Certificate Data).
  • falsification verification and validity confirmation of the certificate can be performed. That is, by applying the public key of the management center that has been made public, falsification verification and validity confirmation of the certificate can be performed.
  • FIG. 14A shows an example of certificate data of a public key certificate (PKC).
  • FIG. 14 (b) shows a data configuration example of a public key certificate (PKC) to which elliptical encryption is applied!
  • certificate data of a public key certificate includes a certificate, a public key, and other information.
  • the drive also receives a public key certificate (PKC-D) storing a public key corresponding to the drive, and the drive stores and holds the certificate in a nonvolatile memory such as a flash memory.
  • PLC-D public key certificate
  • KS-D private key
  • a pair of a public key certificate (PKC) and a private key is also provided to the host, and is stored in a non-volatile memory such as a hard disk or a flash memory in the host.
  • the public key certificate is data that is permitted to be disclosed, and is output, for example, in response to a request from another device.
  • the device that has received the public key certificate of the other device performs the falsification verification of the public key certificate based on the signature of the management center added to the received public key certificate, and checks the validity of the received public key certificate. After confirming, obtain the public key certificate public key.
  • the tampering verification of the public key certificate based on the signature of the management center is executed by applying the public key of the management center.
  • the public key of the management center is also public data, for example, It is possible to use those stored in a drive, the nonvolatile memory of the host, or the like in advance, or to receive the data via a network or a recording medium.
  • a private key is provided to the drive and the host together with the public key certificate.
  • the drive and host are provided with a public key certificate (PKC) and private key pair, respectively, and are stored in their respective memories.
  • PLC public key certificate
  • the public key certificate that stores the public key is data that is permitted to be released.
  • the private key is held securely in each device so that it is not leaked to the outside.
  • FIG. 14B shows an example of the data configuration of a public key certificate (PKC) to which elliptical encryption is applied.
  • PLC public key certificate
  • An electronic signature (Signature) generated by applying the secret key of the management center corresponding to these stored data is set.
  • Figure 15 shows (a) Certified device group certificate (ADGC) data, (b) Example of certified device group certificate (ADGC) data using elliptical encryption, (c) Certified device group list (ADGL) Show each data structure of! / As described above, (c) the authorized device group list (ADGL) is set as a list that stores information on multiple authorized device group certificates (ADGC).
  • ADGC authorized device group certificate
  • A Authorized device group certificate (ADGC) data includes [Authorized device group certificate (ADGC) data length], [Authorized device group list (ADGL) sequence number], and [First to last published in ADGC] Key certificate ID] and [certified public key certificate information].
  • the authorized device group certificate stores information indicating whether the public key certificate (PKC) issued to the drive or host as the content using device is valid or invalid (revoked). It is a certified device certificate. In other words, it is applied to confirm whether the device is a legitimate device recognized by the management center that is the content management entity.
  • the ID of the public key certificate of the authentication partner received from the authentication partner is registered as a valid ID in the authorized device group certificate (ADGC). In this case, it is determined that the authentication partner holds a valid public key certificate. If the ID of the public key certificate received from the authentication partner is registered as an invalid ID in the Authorized Device Group Certificate (ADGC), the public key certificate of the authentication partner is invalidated. Therefore, it can be determined that the device is unauthorized. In this case, processing such as input / output of contents is not performed.
  • ADGC authorized device group certificate
  • the authorized device group certificate is added with an electronic signature of the management center and is set as a certificate that is difficult to falsify.
  • An Authorized Device Group Certificate is, for example, an Authorized Device Group Certificate (ADGC) for a drive, an Authorized Device Group Certificate (ADGC) for an application, or an Authorized Device Group Certificate for a manufacturer A device. (ADGC) is set for each group.
  • the authorized device group certificate (ADGC) data shown in Fig. 15 (a) is certificate data corresponding to one group, and the device or application as a certificate issuing destination belonging to the group.
  • the public key certificate ID (PKC-ID) of each device is stored. This is the [first to last public key certificate ID] in the certificate data in FIG. 15 (a).
  • [certified public key certificate information] corresponding to the device belonging to the group is stored.
  • [Authorized public key certificate information] is information that can confirm the validity of the public key certificate provided to devices belonging to the group. It is information that can confirm the validity and invalidity of each of the first to final public key certificate IDs.
  • the public key certificate of the other party can be obtained, and the validity of the public key certificate of the other party can be confirmed based on the [certified public key certificate information]. You.
  • the authorized device group certificate (ADGC) is appropriately updated in the management center when there is a change in the number of registered devices as well as changes in the validity / invalidity registration information as members in the group. And a new Certified Device Group Certificate (ADGC) will be issued.
  • ADGC Certified Device Group Certificate
  • [Approved device group certificate (ADGC) sequence number] is a different number set for each update. For example, a sequence number with an increased value is set for each update process.
  • the AIC data is further stored in the authorized device group certificate (ADGC).
  • the AI C data is the same information as the information stored in the ADGL information certificate (AIC) described with reference to Fig. 16, and is a certified device group that is a set of multiple certified device group certificates (ADGC). This is data of at least one of the total number of registered devices registered in the list (ADGL) and the number of revoked devices. That is, AIC data is
  • the certified device group list (ADGL) in Fig. 15 (c) is a registration list set as a set of a plurality of certified device group certificates (ADGC).
  • the list data length, AIC data described above, Stores the number of registered authorized device group certificates (ADGC) and information on authorized device group certificates (ADGC).
  • Fig. 15 (b) shows an example of an authorized device group certificate (ADGC) data to which elliptical encryption is applied.
  • An electronic signature (Sig nature) generated by applying the secret key of the center is set.
  • the (a) Certified Device Group Certificate (ADGC) and the (C) Certified Device Group List (HADGL) are used by the management center in response to a change in a registered device or a change process such as enabling or disabling a registered device. Is updated at any time.
  • ADGL sequence number is a different number set for each update.
  • FIG. 16 shows an ADGL information certificate functioning as a device count data certificate.
  • FIG. 3 is a diagram for explaining (AIC).
  • Fig. 16 (a) shows the data structure of the ADGL information certificate (AIC) certificate
  • Fig. 16 (b) shows the data structure example of the ADGL information certificate (AIC) to which elliptical encryption is applied! Puru.
  • [0135] As shown in Fig. 16 (a), [ADGL sequence number] and [AIC data] are stored in the certificate data of the ADGL information certificate (AIC).
  • the ADGL sequence number is a sequence number corresponding to the latest certified device group list (ADGL) issued at that time.
  • the sequence number is a number that is incremented and set, for example, by one each time an authorized device global list (ADGL) is issued.
  • AIC data corresponds to the latest certified device group list (ADGL) issued at that time.
  • the authorized device group certificate (ADGC) and the authorized device group list HADGL) are updated at any time in response to a change in the registered device or a change process such as enabling or disabling the registered device. Therefore, if the validity determination process using the old ADGC is performed, a situation may occur in which content is output to a device that has already been invalidated.
  • the new and old ADGL and ADGC using [!] Or [!] In [Approved device group list (ADGL) sequence number] or [AIC data] are used. A determination is made and an update process is performed as necessary. Furthermore, mutual authentication is performed by applying the certified device group certificate (ADGC) included in the updated certified device group list (ADGL).
  • ADGC certified device group certificate
  • FIG. 17 shows the storage status of each certificate in the information recording medium, drive, and host.
  • the information storage medium records an authorized device group list (ADGL) including one or more authorized device group certificates (ADGC) and an ADGL information certificate (AIC) in a read-in area.
  • ADGL authorized device group list
  • ADGC authorized device group certificates
  • AIC ADGL information certificate
  • the drive stores the public key certificate (PKC) in the non-volatile memory.
  • the authorized device group list (ADGL) is read from the information storage medium and transferred to the host.
  • the host inputs an authorized device group certificate (ADGC) containing the host's public key certificate (PKC-H) registration information, and the host's public key certificate (PKC-H). ), That is, the validity of the host.
  • the drive stores the ADGL information certificate (AIC) in the non-volatile memory, and performs update processing as necessary. The update process is executed based on the old / new determination according to the ADGL information certificate (AIC) input from the information recording medium or the host.
  • the host stores the public key certificate (PKC), authorized device group list (ADGL), and ADGL information certificate (AIC) in the non-volatile memory, and updates the ADG L and AIC as necessary. Perform processing.
  • the update process is executed based on the information recording medium power also via the drive or based on the input from Sano connected to the host.
  • ADGL Certified Device Group List
  • the Certified Device Group List contains one or more Certified Device Group Certificates (ADGC).
  • AIC data update processing based on the number of invalid (revoked) devices
  • FIG. 18 shows that when the content 253 stored in the information recording medium 200 is output to the host 500 via the drive 400 and reproduced, the ADGL information certificate (AIC) and the authorized device group list (ADGL) are used.
  • FIG. 21 is a diagram for explaining a process of updating based on an ADGL sequence number and performing mutual authentication and key exchange (AKE) between a drive 400 and a host 500 based on update information.
  • the source of the content is the source, and the destination of the content is the sink.
  • drive 400 is the source and host 500 is the sink.
  • the drive 400 reads the ADGL information certificate (AIC-DISC) 251 stored in the information recording medium 200, and in step S121! /, Reads the ADGL information certificate (AIC-DISC) stored in its own memory.
  • the information certificate (AIC-D) 411 compares the ADGL sequence number.
  • a new number (for example, 1 increment) is assigned to the ADGL sequence number for each update, and the ADGL information certificate (AIC—DISC) 251 read from the information recording medium 200 by comparing the sequence numbers.
  • the old and new ADGL information certificate (AIC-D) 411 stored in its own memory. For example,
  • AIC-DISC determines that it is newer than AIC-D, in this case, it reads the ADGL information certificate (AIC-D) 411 stored in its own memory from the information recording medium 200. Perform the update process to replace the certificate (AIC—DISC) 251.
  • the drive 400 first verifies the signature attached to the ADGL information certificate (AIC-DISC) 251 read from the information recording medium 200, and checks the ADGL information certificate. Verify that (AIC—DISC) is a legitimate certificate that has not been tampered with. After this confirmation, compare and update Execute.
  • AIC-DISC ADGL information certificate
  • Step SI22 is a comparison update process executed in the host 500.
  • the host 500 inputs the ADGL information certificate (AIC-D) 411 stored in the memory of the drive 400 to the drive 400 and confirms that the certificate is falsified by signature verification. Executes the ADGL sequence number comparison processing with the ADGL information certificate (AIC-H) 511 stored in the.
  • the ADGL information certificate (AIC-H) 511 stored in its memory is input to the drive 400 and the ADGL information certificate is input. Execute the update process to replace the certificate (AIC-D) 411.
  • the host also updates the authorized device group list (ADGL-H) stored in the memory.
  • This updating process involves storing the information recording medium 200 via the drive 400 and replacing it with an authorized device group list (ADGL—DISC), or acquiring the latest authorized device group list (ADGL) via a network. And update it.
  • step S123 the drive 400 inputs the ADGL information certificate (AIC-H) 511 held in the memory of the host 500, and inputs the ADGL information certificate (AIC-H) stored in its own memory.
  • AIC—D Compare with 411 ADGL sequence number.
  • AIC-H determines that AIC-H is newer than AIC-D
  • the ADGL information certificate (AIC-D) 411 stored in its own memory is input from the host 500 in this case.
  • AIC-H Perform update processing to replace with 511.
  • the drive 400 is also provided with the ADGL information certificate (AIC-H) 511 to which the host 500 has also input the signature! And verify that it is a legitimate certificate that has not been tampered with. After this confirmation, compare and update.
  • AIC-H ADGL information certificate
  • the drive 400 further obtains the certification in which the host 500 and the registration information of the host included in the certification device group list (ADGL-H) 512 stored in the memory of the host 500 are stored. After acquiring the device group certificate (ADGC-H) and verifying the signature, the ADGL sequence number set in the authorized device group certificate (ADGC-H) and the ADGL information certificate ( AIC—D) Perform a comparison with the 411 ADGL sequence number. If ADGC—H sequence No. ⁇ AIC—D sequence No.
  • the drive determines that the old Purge-on's certified device group certificate does not correspond to the AIC-D sequence number. Stop processing.
  • step S123 the drive 400
  • step S124 mutual authentication and key exchange (AKE) processing is performed between the drive 400 and the host 500, and a session key Ks is generated in this processing. Further, the drive 400 generates a bus key (Kbus) as an encryption key of the content, decrypts the content 253 with the bus key (Kbus) (step S125), and outputs it to the host 500. Further, the bus key is encrypted with the session key Ks (step S126) and output to the host 500.
  • Kbus bus key
  • step S127 the host 500 executes decryption processing using the session key Ks to obtain a bus key (Kbus), and in step S128, obtains content by decryption processing using the bus key. I do. It should be noted that the mutual authentication and the content transfer processing from step S124 will be described in detail later.
  • ADGL sequence number assigned to the ADGL information certificate (AIC) and the authorized device group certificate (ADGC) it is determined whether each certificate is new or old. If a newer ADGL Information Certificate (AIC) or Authorized Device Group Certificate (ADGC) is found than the certificate held by the device, Since the update is performed and the validity of the device is determined based on the updated Certified Device Group Certificate (ADGC), authentication based on the old Certified Device Group Certificate (ADGC) is prevented. In addition, it is possible to eliminate unauthorized use of contents.
  • AIC data update processing based on the number of registered devices
  • FIG. 19 shows that when the content 253 stored in the information recording medium 200 is output to the host 500 via the drive 400 for playback, the ADGL information certificate (AIC) and the authorized device group list (ADGL) are used.
  • FIG. 9 is a diagram for explaining a process of updating based on AIC data (the number of registered devices) and executing a mutual authentication and a key exchange (AKE) between the drive 400 and the host 500 based on the update information.
  • the output source of the content is the source
  • the input destination of the content is the sink.
  • the drive 400 is the source and the host 500 is the sink.
  • step S131 the drive 400 reads the A DGL information certificate (AIC-DISC) 251 stored in the information recording medium 200, and stores the AIC data (the number of registered devices) in its own memory. Performs a comparison with the stored ADGL information certificate (AIC-D) 411 AIC data (number of registered devices).
  • AIC-DISC A DGL information certificate
  • AIC-D ADGL information certificate
  • the AIC data (the number of registered devices) is basically a setting that increases with each update, and the data with the larger value of the AIC data (the number of registered devices) is determined to be the latest one. For example
  • AIC data of AIC-D AIC data of AIC-DISC
  • the drive 400 determines that the drive is newer than the AIC-DISC force AIC-D, and reads the ADGL information certificate (AIC-D) 411 stored in its own memory from the information recording medium 200. Perform the update process to replace the certificate (AIC—DISC) 251.
  • the drive 400 first verifies the signature attached to the ADGL information certificate (AIC-DISC) 251 read from the information recording medium 200, and checks the ADGL information certificate. (AIC—DISC) Confirm that the certificate is valid and not falsified. After this confirmation, compare and update.
  • AIC-DISC ADGL information certificate
  • Step S132 is a comparison update process executed in the host 500.
  • the host 500 inputs the ADGL information certificate (AIC-D) 411 stored in the memory of the drive 400 to the drive 400 and confirms that the certificate is falsified by signature verification. Executes the comparison process with the ADGL information certificate (AIC-H) 511 AIC data (the number of registered devices) stored in.
  • the host 500 inputs the ADGL information certificate (AIC-H) 511 stored in its own memory from the drive 400. Execute the update process to replace the ADGL information certificate (AIC-D) 411 with the new one.
  • the host also updates the authorized device group list (ADGL-H) stored in the memory.
  • This updating process involves storing the information recording medium 200 via the drive 400 and replacing it with an authorized device group list (ADGL—DISC), or acquiring the latest authorized device group list (ADGL) via a network. And update it.
  • the drive 400 inputs the ADGL information certificate (AIC-H) 511 held in the memory of the host 500 in step S133, and inputs the ADGL information certificate (AIC-H) stored in its own memory.
  • AIC data number of registered devices.
  • AIC-H determines that AIC-H is newer than AIC-D
  • the ADGL information certificate (AIC-D) 411 stored in its memory is input from the host 500 in this case.
  • AIC-H Perform update processing to replace with 511.
  • the drive 400 retains the host 500 in the comparison update process in step S133. Verifies the signature attached to the input ADGL information certificate (AIC-H) 511 and verifies that it is a legitimate certificate that has not been tampered with. After this confirmation, compare and update.
  • AIC-H ADGL information certificate
  • the drive 400 further acquires the certified device group information (ADGL-H) 512 registered in the certified device group list (ADGL-H) 512 stored in the memory of the host 500.
  • ADGL-H certified device group information
  • AIC-D ADGL information stored in its own memory Certificate
  • the drive determines that the old version of the certified device group certificate does not support the AIC-D AIC-D Stop processing.
  • step S133 the drive 400
  • steps S134 to S138 mutual authentication and key exchange (AKE) processing between the drive 400 and the host 500, content and bus key transmission processing on the drive 400 side, and data reception and decryption processing on the host 500 side are executed.
  • AKE mutual authentication and key exchange
  • the number of devices registered as AIC data attached to the ADGL information certificate (AIC) and the authorized device group certificate (ADGC) is applied to the new / old judgment of each certificate. are doing.
  • the number of registered devices as AIC data is increased by certificate renewal or is not changed.In most cases, the number of registered devices is increased.If only invalidated (revoked) invalid devices are updated, It is immutable. No need to renew in the event of a change.
  • the number of rewrites of flash memory used as nonvolatile memory for storing certificates of drive 400 or host 500 can be reduced.
  • the In the case of the new / old determination based on the sequence number described above even if the number of registered devices is unchanged, when the sequence number is changed, all updates are performed, and the use frequency of the flash memory increases.
  • the AIC data that is, the new / old certificate determination based on the number of registered devices
  • the number of registered devices remains unchanged. If this setting is made, the update process will not be performed on the drive or host, so if the invalidation (revoke) device increases tl, it is necessary to manage the operation to increase the number of registered devices. Even if the number of registered devices does not actually increase when the number of invalidated (revoked) devices increases, it can be operated by updating the registered number by processing such as setting a dummy registered device. .
  • AIC data update processing based on the number of invalid (revoked) devices
  • FIG. 20 shows that when the content 253 stored in the information recording medium 200 is output to the host 500 via the drive 400 and reproduced, the ADGL information certificate (AIC), the authorized device group list (ADGL), FIG. 11 is a diagram for explaining a process of updating the information based on AIC data (the number of invalid devices), and executing mutual authentication and key exchange (AKE) between the drive 400 and the host 500 based on the updated information.
  • the source of the content is the source, and the destination of the content is the sink.
  • the drive 400 is the source and the host 500 is the sink.
  • step S141 the drive 400 reads the A DGL information certificate (AIC-DISC) 251 stored in the information recording medium 200, and reads the AIC data (the number of invalid devices) with the AIC data (AIC-DISC) 251. Performs a comparison with the ADGL information certificate (AIC-D) 411 AIC data (number of invalid devices) stored in its own memory.
  • AIC-DISC A DGL information certificate
  • the AIC data (number of invalid devices) is basically a setting that increases with each update, and data having a large value of the AIC data (number of invalid devices) is determined to be the latest one.
  • AIC data of AIC-D AIC data of AIC-DISC
  • the AIC-DISC determines that the AIC-D is newer than the AIC-D, and in this case, the drive 400 transmits the ADGL information certificate (AIC-D) 411 stored in its memory to the information recording medium 200. Execute the update process to replace the read ADGL information certificate (AIC-DISC) 251.
  • the drive 400 first verifies the signature attached to the ADGL information certificate (AIC-DISC) 251 read from the information recording medium 200, and checks the ADGL information certificate. Verify that (AIC—DISC) is a legitimate certificate that has not been tampered with. After this confirmation, compare and update.
  • AIC-DISC ADGL information certificate
  • Step S142 is a comparison update process executed in the host 500.
  • the host 500 inputs the ADGL information certificate (AIC-D) 411 stored in the memory of the drive 400 to the drive 400 and confirms that the certificate is falsified by signature verification. Executes AIC data (number of invalid devices) comparison with ADGL information certificate (AIC-H) 511 stored in
  • the host 500 determines that AIC-D is newer than AIC-H, and in this case, the ADGL information certificate (AIC-H) 511 stored in its memory is input from the drive 400 to the ADGL. Perform the update process to replace the information certificate (AIC-D) 411.
  • the host also updates the authorized device group list (ADGL-H) stored in the memory.
  • This updating process involves storing the information recording medium 200 via the drive 400 and replacing it with an authorized device group list (ADGL—DISC), or acquiring the latest authorized device group list (ADGL) via a network. And update it.
  • the drive 400 inputs the ADGL information certificate (AIC-H) 511 held in the memory of the host 500 in step S143, and stores the AGL stored in its own memory.
  • DGL information certificate (AIC-D) Compares with 411 AIC data (number of invalid devices).
  • AIC-H is newer than AIC-D, and then inputs the ADGL information certificate (AIC-D) 411 stored in its own memory from the host 500. Execute the update process to replace the ADGL information certificate (AIC-H) 511 with the new one.
  • the drive 400 verifies the signature attached to the ADGL information certificate (AIC-H) 511 to which the host 500 has also input in the comparison and update process in step S143, and verifies that the signature has not been tampered with. Confirm that the certificate is valid. After this confirmation, compare and update.
  • the drive 400 further acquires the certification that the host 500 and the registration information of the host included in the certification device group list (ADGL-H) 512 stored in the memory of the host 500 are stored.
  • ADGL-H certification device group list
  • the AIC data number of invalid devices
  • AIC-D ADGL information stored in its own memory Certificate
  • step S143 the drive 400
  • steps S144 to S148 mutual authentication and key exchange (AKE) processing between the drive 400 and the host 500, content and bus key transmission processing on the drive 400 side, data reception and decryption processing on the host 500 side are executed. These processes are the same as those in FIG. Details will be described later.
  • AKE mutual authentication and key exchange
  • the number of invalid devices as AIC data given to the ADGL information certificate (AIC) and the authorized device group certificate (ADGC) is applied to the new / old judgment of each certificate. are doing.
  • the number of invalid devices as AIC data increases or remains unchanged due to certificate renewal. In most cases, the number of registered devices only increases, and the number of invalid devices remains unchanged and is revoked. Increased when a disabled device is updated. In the case of no change, it is not necessary to update.
  • the number of times of rewriting of the flash memory used as the nonvolatile memory for storing the certificate of the drive 400 or the host 500 can be reduced. In the case of the new / old determination based on the sequence number described above, even if the number of invalid devices is unchanged, when the sequence number is changed, all the data is updated, and the frequency of using the flash memory increases.
  • FIG. 21 (a) is a flowchart showing the comparison and update processing 1 executed by the drive 400, that is, the processing sequence of step S131 shown in FIG. 19 and step S141 shown in FIG.
  • the drive reads the ADGL information certificate (AIC-DISC) at step S151, and executes the signature verification of the ADGL information certificate (AIC-DISC) at step S152. If the validity of the certificate is not confirmed by signature verification (S153: No), the subsequent processing is stopped. In this case, the content transfer processing is not performed.
  • step S154 the ADGL information certificate (AI C DISC) acquired from the information recording medium is entered. Compares the AIC data (number of registered or invalid devices) of the AGL with the AIC data (number of registered or invalid devices) of the ADGL information certificate (AIC-D) stored in its own memory.
  • AIC data of AIC-D AIC data of AIC-DISC
  • AIC-DISC force AIC-D is determined to be newer, proceed to step S155, and The live performs update processing to replace the ADGL information certificate (AIC-D) stored in its own memory with the ADGL information certificate (AIC-DISC) read from the information recording medium.
  • AIC data of AIC-D AIC data of AIC-DISC
  • ADGL information certificate AIC-D
  • AI C DISC ADGL information certificate
  • step S162 After receiving the transfer request of the ADGL information certificate (AIC-H) from the host in step S161, the drive receives the ADGL information certificate (AIC-H) from the host in step S162. .
  • step S163 the signature verification of the ADGL information certificate (AIC-H) is executed. If the validity of the certificate is not confirmed by the signature verification (S164: No), the subsequent processing is stopped. In this case, the content transfer processing is not executed.
  • step S165 the AIC data of the ADGL information certificate (AIC-H) obtained from the host (the number of registered devices) Or the number of invalid devices) and the AIC data (number of registered or invalid devices) of the A DGL information certificate (AIC-D) stored in its own memory.
  • AIC-H determines that AIC-H is newer than AIC-D
  • the process proceeds to step S166, and the drive obtains the ADGL information certificate (AIC-D) stored in its own memory and also acquires the ADGL information certificate obtained by the host. Execute the update process to replace the certificate (AIC-H).
  • ADGL information certificate stored in its own memory Judge that it is not necessary to update the certificate (AIC-D) with the ADGL information certificate (AIC-H) obtained from the host, and do not perform the update process.
  • step S167 after confirming receipt of the authorized device group certificate (ADGC-H) from the host, in step S168, the AIC set in the authorized device group certificate (ADGC-H) is set. Compares the data (number of registered or invalid devices) with the AIC data (number of registered or invalid devices) in the ADGL information certificate (AIC-D) stored in its own memory. If
  • the drive determines that the old version of the certified device group certificate does not support the AIC data of AIC-D and retains the certificate, stops the process, and does not proceed to the mutual authentication process (AKE). I do.
  • step S171 the host issues a transfer request of the ADGL information certificate (AIC-D) to the drive, and in step S172, confirms receipt of the ADGL information certificate (AIC-D) from the drive.
  • step S173 signature verification of the ADGL information certificate (AIC-D) is executed. If the validity of the certificate is not confirmed by signature verification (S174: No), the subsequent processing is stopped. In this case, the content transfer processing is not executed.
  • step S173 if the validity of the ADGL information certificate (AIC-D) is confirmed by signature verification of the ADGL information certificate (A174: Yes), the ADGL information certificate stored in the host memory is stored in step S175. AIC data (the number of registered devices or the number of invalid devices) is compared with the certificate (AIC-H).
  • step S176 If it is determined that AIC-D is newer than AIC-H, the process proceeds to step S176, and the ADGL information certificate (AIC-H) stored in its own memory is Drive strength Replace the entered ADGL information certificate (AIC-D) 411 Execute the update process.
  • the host also updates the authorized device group list (ADGL-H) stored in the memory.
  • the information recording medium is stored via a drive and replaced with an authorized device group list (ADGL—DISC), or the latest authorized device group list (ADGL) is acquired via a network and updated. It is executed as a process such as doing.
  • comparison update processing 1 to 3 executed in the drive and the host
  • step S181 the drive detects the information recording medium (disk), and when the information recording medium is detected, in step S182, the ADGL information certificate is read from the lead-in area of the information recording medium (disk).
  • step S183 a comparison update process 1 (FIG. 19—S131, FIG. 20—S141) is executed. This comparison update process 1
  • AIC data of AIC DISC ⁇ AIC-D Includes confirmation of AIC data of D and update processing based on the confirmation.
  • step S184 when the host also acquires the disk detection information and the drive strength, in step S185, the host requests the drive for an ADGL information certificate (AIC-D), and in step S186, The host receives the ADGL information certificate (AIC-D) from the drive.
  • step S187 comparison update processing 3 (FIG. 19, S132, FIG. 20—S142) is executed. This comparison update process 3
  • AIC-D AIC data> AIC-H AIC data confirmation and updates based on the confirmation are included.
  • a request to send the Authorized Device Group List (ADGL—DISC) to the drive to obtain the Authorized Device Group List (ADGL—DISC) from the disk Then, in step S189, the drive reads the authorized device group list (ADGL-DISC) from the disk, and in step S190, sends the host.
  • step S191 the host executes an update process of replacing the authorized device group list (ADGL-H) stored in the memory with the authorized device group list (ADGL-DISC). This process
  • ADGL latest certified device group list
  • AIC data of AIC-D AIC data of AIC-H
  • step S192 the host obtains the ADGL information certificate (AIC-H) stored in the memory in step S192, and transmits the certificate to the drive in step S193.
  • AIC-H ADGL information certificate
  • step S194 the drive executes comparison / update processing 2 (FIG. 19—S133, FIG. 20—S143). This comparison update process 2
  • step S195 the drive receives the authorized device group certificate (ADGC-H) storing the registration information of the host included in the authorized device group list (ADGL-H) from the host, and in step S196 At
  • ADGC-H old authorized device group certificate
  • Fig. 24 shows an information recording medium 200, a drive 400 that sets the information recording medium 200, and executes data reading of the information recording medium 200, and transfers other data from the drive 400 via the connection bus.
  • 5 shows the processing of the host 500 for executing the content reproduction processing according to the application program.
  • the bus connecting the drive 400 and the host 500 is, for example, a connection bus constituted by ATAPI-BUS. In addition, it may be used as a USB B or other connection bus.
  • Authen- registration information 201 as a registered device list to be applied in the Tication and Key Exchange
  • media key RKB202 as an encryption key block storing Km
  • disk key Kd
  • ROM mark Ve204
  • unit key generation information Vu205
  • encrypted content 206 206
  • the registration information 201 includes an ADGL information certificate (AIC-DISC) and an authorized device group list (ADGL-DISC).
  • the drive 400 has a public key [Kp-kic] 401 of the management center according to the public key cryptosystem, a private key [Ks-drive] 402 corresponding to the drive according to the public key cryptosystem, and a public key cryptosystem.
  • a public key certificate [Cert—drive] 403 and a device key [Kdev] 404 storing a public key corresponding to the drive according to the formula, and an ADGL information certificate (AIC-D) 411 are stored.
  • the host 500 has a management center public key [Kp-kic] 501, a host secret key [Ks-host] 502, and a host public key certificate storing the host public key in accordance with the public key cryptosystem. Certificate [Cert host] 503 and ADGL Information Certificate (AIC-host) 511 Device group list (ADGL-host) 512 is stored.
  • steps S201 and S301 Registration information updating and mutual authentication and key exchange (AKE: Authentication and Key Exchange) processing are performed between the drive 400 and the host 500.
  • AKE Authentication and Key Exchange
  • the update of the registration information is the processing described above with reference to Figs. 18 to 23.
  • the update processing capability of the ADGL information certificate (AIC) and the authorized device group list (ADGL) is updated.
  • AIC data update processing based on the number of invalid (revoked) devices
  • step S401 the host transmits challenge data [C-host] generated by random number generation processing and a public key certificate [Cert_host] to the drive.
  • the public key certificate [Cert_host] is the public key certificate shown in Fig. 14 (b).
  • the drive that receives this data verifies the validity of the public key certificate [Cert-host] by performing signature verification processing of the public key certificate [Cert-host].
  • the signature verification process is executed by applying the management center's public key [Kp-kic] 401 (see FIG. 24) held by the drive.
  • the public key certificate [Cert—host] If the validity of the public key certificate [Cert—host] is verified, the public key certificate [Cert—ho [st] Cara public key certificate ID is acquired, and the public key certificate ID of the host is referred by referring to the authorized public key certificate information of the authorized device drop certificate (ADGC) storing the registration information of the host. Is invalidated (revoked), and it is confirmed whether the ID is valid or not.
  • the approved device group certificate (ADGC) applied here is a certificate that has been updated by performing a comparison of new and old certificates in the previous registration information update process.
  • the public key certificate [Cert—host] has not been validated, or the host is not registered or registered based on the Certified Device Group Certificate (ADGC). If it is found that the message has been invalidated (revoked), an error message is notified and the processing is terminated. Subsequent content, output, and playback processing is stopped.
  • step S402 the drive transmits the challenge data [C_drive] generated by the random number generation process and the public key certificate [Cert_drive] of the drive to the host.
  • the host performs the signature verification on the drive side public key certificate of [Cert_dri V e].
  • the signature verification process is executed by applying the management center's public key [Kp-kic] 501 (see FIG. 24) held on the host side.
  • the public key certificate [Cert_drive] obtains the public key certificate ID, and the certified device group that stores the drive registration information. Refer to the authorized public key certificate information of the certificate (ADGC) and confirm whether the drive's public key certificate ID is registered and is valid and has not been revoked.
  • the Approved Device Group Certificate (ADGC) applied here is a certificate that has been updated by comparing new and old certificates in the previous registration information update process.
  • the drive is not registered or registered based on a certificate that has not been validated for the public key certificate [Cert—drive] or based on the Certified Device Group Certificate (ADGC). Error message if it turns out that it has been revoked Is executed, and the process ends. Subsequent content, output, and playback processing is stopped.
  • the host executes an operation based on the challenge data [C—drive] that also received the drive power, and executes the parameter [A—host]. Is calculated and transmitted to the drive together with the newly generated random number [R-host] (step S403).
  • the drive executes an operation based on the challenge data [C-host] received from the host, calculates a parameter [A_drive], and transmits the parameter [A_drive] to the host together with the newly generated random number [R_drive] (step S404). ).
  • both the drive and the host can use the random numbers [R_host], [R—drive], and parameters.
  • [A-host] and [A-drive] are shared, and both the drive and the host application generate a common session key Ks based on the shared data (step S405).
  • step S406 the drive further checks the falsification of the concatenated data with [Kbus
  • the process of step S406 corresponds to the bus key generation process (Genarate-Kbus) of step S206 and the bus key encryption process (AES-E) of step S207 using the session key: Ks in FIG.
  • Bus key Kbus is a key used as an encryption key in the process of transferring encrypted content from the drive to the host via the connection bus, and is generated in the drive based on a random number. For example, a bus key is generated at the first mutual authentication after detecting the insertion of a disk, and the same value is used until the disk is ejected or the power is turned off.For example, a different key is used for each mutual authentication. May switch. In each of these mutual authentications, a sequence number corresponding to each bus key transfer is associated for the purpose of preventing a bus key from being replaced. [0221] Returning to Fig. 24, the description of the processing sequence in which the drive 400 transfers the data such as the content whose information recording medium power is also acquired to the host 500 via the connection bus and reproduces the data will be continued.
  • the drive 400 applies the device key: Kdev404 held in the drive, and reads out from the information recording medium 200 in step S202.
  • a decryption process of the RKB 202 as an encryption key block is executed to obtain a media key: Km from the RKB 202.
  • the media key: Km can be obtained from the RKB 202 only by a device that is authorized to use the content.
  • the device key of a device revoked as an unauthorized device cannot decrypt the RKB.
  • Media key: I can't get Km! / ,.
  • step S203 If the media key: Km is successfully acquired in step S202, then, in step S203, the acquired media key: Km is applied, and the encrypted disc key acquired from the information recording medium 200: EKm (Kd ) Execute the decryption process of 203 and obtain the disk key: Kd.
  • step S204 a key generation process based on the obtained disk key: Kd and the ROM mark: Ve204 obtained from the information recording medium 200, for example, a key generation process according to the AES encryption algorithm is performed. Run to generate embedded key: Ke.
  • the key generation processing according to the AES encryption algorithm is as described above with reference to FIG.
  • step S205 the drive encrypts the embedded key: Ke in the previous mutual authentication and key exchange processing (AKE) with the generated session key: Ks and hosts Sent to connection 500 via connection bus.
  • AKE mutual authentication and key exchange processing
  • step S206 and step S207 corresponds to the processing in step S406 of the mutual authentication and key exchange processing (AKE) described above with reference to Fig. 25, and is based on a random number.
  • AKE mutual authentication and key exchange processing
  • the transmission data includes a bus key: Kbus generated based on a random number and a connection data with the bus key sequence number: SEQ: [Kbus II SEQ] Data for falsification verification Data obtained by encrypting the hash value [hash (Kbus II SEQ)] calculated using the session key: Ks: EKs [(Kbus II SEQ), hash (Kbus
  • step S208 the drive 400 outputs the output control information included in the user control data (UCD) of the encrypted content 206 read from the information recording medium 200 and the mutual authentication and key exchange processing (AKE) processing.
  • step S209 output control is performed based on the host public key certificate data acquired from the host 500, and the encrypted content 206 is transmitted using the bus key: Kbus according to the control mode in step S209.
  • the encrypted data is output to the host 500 via the connection bus.
  • the encrypted content 206 read from the information recording medium 200 is, for example, scrambled encrypted data, and the drive re-encrypts the scrambled data by applying a bus key: Kbus. Output to host side.
  • Kbus bus key
  • Kbus the bus key
  • the authenticated host holding the bus key: Kbus can perform decryption using the bus key: Kbus.
  • the content 350 can be obtained.
  • the PC (host) that inputs the content obtains the detour of the content by switching the application, and transfers the transfer data of the connection bus between the drive and the host.
  • the content obtained is data encrypted with a bus key: Kbus, and Noski: owns Kbus! / Only the specific host application that has been established, and the input content cannot be decrypted unless the specific host application is applied.
  • the data encrypted by the bus key: Kbus cannot be decrypted, and illegal use of the content can be prevented.
  • the devices such as the drive and the host of the present invention can use the public key certificate acquired from the device to be authenticated in accordance with the new / approved device group certificate selected based on the above-mentioned new / old judgment.
  • it performs mutual authentication and key exchange (AKE) with the device to be authenticated, and establishes a content communication channel and a key communication channel to be used for content encryption processing on condition that mutual authentication is established.
  • AKE mutual authentication and key exchange
  • An encryption processing mode of the encrypted content 206 to which the bus key: Kbus is applied will be described with reference to FIG.
  • the encryption process of the encrypted content 206 to which the bus key: Kbus is applied is executed by, for example, a block cipher application process to which the AES-CBC mode is applied, as shown in FIG.
  • the drive 400 applies the bus key: Kbus generated by the drive to the encrypted content read from the information recording medium 200, and encrypts the content in predetermined data block units (16 bytes). Execute the processing to be performed.
  • the leading 16-byte data is obtained from the 2048-byte sector data 550, which is the constituent data of the encrypted content read from the information recording medium 200, and the initial value: Exclusive OR (XOR) with IVb
  • the result is input to the AES encryption processing unit [AES-E] 551, and encryption processing is performed according to an AES encryption algorithm to which a bus key: Kbus is applied, thereby generating encrypted data of 16-byte block data.
  • Initial value: IVb is a preset constant.
  • the IVb may, for example, also obtain a user control data (UCD) force corresponding to the sector data 550.
  • UCD user control data
  • this generated data is applied as an input value applied to the encryption of the next block.
  • exclusive OR (XOR) and AES encryption processing are similarly repeated for each 16-byte block data to generate encrypted sector data 552 using a bus key, and this data is stored in ATAPI-BUS or the like.
  • the host 500 decrypts the input encrypted data and performs a reproducing process.
  • the host 500 executes mutual authentication and key exchange (AKE) with the drive 400 in step S301, and obtains a session key: Ks.
  • AKE mutual authentication and key exchange
  • step S302 the session key input through the drive connection bus: the embedded key encrypted by Ks: Ke, that is, the session key: [EKs (Ke)], Performs decryption processing using Ks to obtain embedded key: Ke.
  • step S303 the unit key generation information input via the drive power connection bus: AES key generation processing in which an embedded key: Ke is applied to Vu (Fig. 10 Run) to generate a unit key: Ku.
  • step S304 the session key: Ks, which is also encrypted by the session key: Ks, which is also input via the connection bus, and the drive power is decrypted by applying the session key: Ks to [EKs (Kbus)]. Execute the process and get the bus key: Kbus.
  • the data including the bus key: Kbus to which the driving force is also transmitted includes the bus key: Kbus and the sequence number of the bus key: SEQ Data: [Kbus II SEQ] and a hash value [hash (Kbus II SEQ)] calculated as data for falsification verification of the concatenated data, using a session key: Ks to encrypt: E Ks [(Kbus II SEQ), hash (Kbus
  • step S304 the application of the host 500 decrypts the data: EKs [(Kbus
  • step S305 a hash value of the concatenated data: [Kbus
  • step S306 decryption processing of the encrypted content re-encrypted by the bus key: Kbus input from the drive 400 is executed.
  • Bus key The details of the decryption processing of the encrypted content re-encrypted by Kbus will be described with reference to Fig. 27.
  • Bus key Decryption processing of encrypted content using Kbus is executed by block decryption processing using AES-CBC mode, for example, as shown in FIG.
  • the application of the host 500 decrypts the encrypted content input from the drive 400 via the connection bus using the bus key: Kbus to which the drive power is also input, and decrypts the data in predetermined data block units (16 bytes). Execute the process. [0245] First, the leading 16-byte data is obtained from the 2048-byte sector data 570, which is the constituent data of the encrypted content input from the drive 400 via the connection bus, and the AES decryption processing unit [AES-D] Input to 571, perform decoding processing according to AES ⁇ algorithm applying bus key: Kbus, and execute exclusive OR (XOR) operation with initial value: IVb to obtain decoding result.
  • Initial value: IVb is a preset constant. The IVb may also obtain, for example, a user control data (UCD) force corresponding to the sector data 570.
  • UCD user control data
  • the decoding result data in 16-byte units is applied as an input value applied to the decoding processing of the next block.
  • AES decryption processing and exclusive OR (XOR) are similarly repeated repeatedly for each 16-byte block data, and sector data decrypted by the bus key, that is, data stored in the information recording medium 200.
  • the encrypted (scrambled) sector data 572 as the state is obtained.
  • step S307 shown in FIG. 24 the host 500 applies a unit key: Ku to execute decryption processing of the encrypted content as a data state stored in the information recording medium 200. .
  • This decoding process is executed as the same process as described above with reference to FIG.
  • the host 500 acquires the decrypted content 520, performs an output process on an output unit such as a speaker and a display, and executes content reproduction.
  • the scrambled data read from the information recording medium is re-encrypted by applying the bus key: Kbus. Since the configuration is such that the bus key is output to the host side, the bus key: Kbus is retained, and the decryption using the bus key: Kbus becomes possible only in the host side application, that is, the host application that has been mutually authenticated with the drive. The use of encrypted content by processing becomes possible.
  • step S511 insertion of an information recording medium (disk) into a drive is detected, and in step S512, activation of a host application that executes content playback processing on the host connected to the bus is detected. On condition that these are detected, the process proceeds to step S513, waits for a mutual authentication request from the host side, and upon receiving the mutual authentication request, in step S514, the registration information updating process and the public key Performs mutual authentication and key exchange (AKE) processing according to the encryption method. Note that the registration information updating process may be executed before the mutual authentication request is received from the host.
  • AKE mutual authentication and key exchange
  • step S515 when the completion of the mutual authentication and key exchange (AKE) process is confirmed, the process proceeds to step S516, and the drive executes a process of generating a random number R corresponding to " ⁇ Ski: Kb".
  • the generated random number R be a bus key: Kb.
  • This process corresponds to the process of step S206 in FIG.
  • the bus key Kb is associated with a sequence number to prevent the bus key from being replaced.
  • step S517 upon receiving a bus key transfer request from the host, in step S518, the bus key: Kb is transferred to the host.
  • This processing corresponds to the processing in step S207 in FIG.
  • This bus key transfer is a process corresponding to the final step S406 of the mutual authentication and key exchange (AKE) process in FIG. 25, and the drive uses a bus key: Kbus and a bus key sequence number: SEQ linked data: [ Kbus
  • Ks EKs [(Kbus II SEQ) , hash (Kbus II SEQ)]
  • step S519 it is confirmed that there is no new mutual authentication request.
  • step S520 it is confirmed that the information recording medium is not ejected. It waits until the host obtains a content acquisition request, that is, a sector data read request.
  • step S519 If a new mutual authentication request is made in step S519, the flow returns to step S514 to perform mutual authentication and key exchange (AKE) processing, to generate a new session key and transmit a no key.
  • AKE mutual authentication and key exchange
  • the bus key generated at this time is the bus key of sequence number: 2, which is the same bus key as the previously generated bus key (sequence number 1).
  • step S520 if it is determined that the disc has been ejected from the drive, the process returns to step S511, where the initial state is set and all of the generated bus key, session key, etc. The data is reset, ie, erased.
  • step S521 when there is a request to read sector data from the host, the drive reads output control information from the sector header (user control data) corresponding to the sector data to be read in step S522, Determine the value of the bus protection flag: BPF]. This process corresponds to the process of step S208 in FIG.
  • No protection flag The BPF, as described earlier with reference to FIG.
  • step S522 when it is determined that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [1], Proceeding to step S523, the sector data read from the information recording medium is encrypted with the bus key: Kbus and output to the host in step S524. Note that the encryption processing of the sector data in step S523 is executed, for example, as encryption processing applying the AES-CBC mode described above with reference to FIG.
  • step S522 when it is determined that the bus protection flag: BPF in the output control information of the sector header (user control data) corresponding to the sector data to be read is set to [0], Skip step S523 and read from the information recording medium.
  • step S524 without executing the encryption process using the sector data bus key: Kbus, the read content of the information recording medium is directly output to the host.
  • the read content is, for example, a playlist or file system information.
  • the drive determines the bus key based on whether the bus protection flag: BPF is [0] or [1] in the output control information of the sector header (user control data) corresponding to the sector data to be read. Then, if the data needs to be encrypted with the bus key, the data is output by executing the encryption with the bus key of the output content.
  • step S551 the playback application program is started, and in step S552, when the notification that the disc has been inserted into the drive is received, the registration information updating process, the mutual authentication with the drive, and the session key sharing process are executed. I do.
  • step S554 when the completion of the mutual authentication and key exchange (AKE) process is confirmed, the process proceeds to step S555, and the host requests an embedded key: Ke from the drive.
  • Embedded key: Ke is the key generated by the drive by the key generation process based on the disk key: Kd and the ROM mark obtained from the information recording medium: Ve, for example, the key generation process according to the AES encryption algorithm. Yes, encrypted by the session key Ks and sent to the host.
  • step S556 when the encrypted embedded key: Ke is received as a driving force, in step S557, decryption is performed by applying the session key Ks to obtain the embedded key: Ke. I do. Further, in step S558, the host requests the drive to transfer unit key generation information: Vu which is a recording seed (REC SEE D) as information necessary for generating a key applied to the decryption processing of the encrypted content,
  • unit key generation information: Vu is received in step S559
  • a unit key: Ku is generated in step S560 based on the embedded key: Ke and the unit key generation information: Vu. This process corresponds to the process of step S303 in FIG.
  • step S561 the host outputs a request to transmit the bus key: Kbus to the drive.
  • step S562 the host obtains the bus key: Kbus encrypted with the session key: Ks input via the connection bus.
  • step S563 the session key : Decryption processing using Ks is executed to obtain bus key: Kbus. This process corresponds to the process of step S305 in FIG.
  • the drive power also receives sector data (S568), and if the data is encrypted data (S5).
  • Bus key The decryption process of the encrypted content encrypted by the Kbus is executed by, for example, the block decryption process applying the AES-CBC mode, as described above with reference to Fig. 27.
  • step S571 the host applies the unit key: Ku to perform decryption processing of the encrypted content.
  • This decoding process is executed as the same process as described above with reference to FIG. With the above processing, the host acquires the decrypted content and executes the content reproduction.
  • the data reproduction processing of the information recording medium has been mainly described.
  • the drive may be used.
  • the host perform mutual authentication.
  • the above-described update of the registration information that is, the update processing of the ADGL information certificate (AIC) and the authorized device group list (ADGL) is executed.
  • AIC ADGL information certificate
  • ADGL authorized device group list
  • AIC data update processing based on the number of invalid (revoked) devices
  • FIG. 30 shows that when the content 253 is input from the host 500 via the drive 400 and recorded on the information recording medium 200, an ADGL information certificate (AIC) and an authorized device group list (ADGL information) are displayed. ) Is updated based on the AIC data (number of invalid devices), and the mutual authentication and key exchange (AKE) between drive 400 and host 500 is performed based on the updated information.
  • AIC ADGL information certificate
  • ADGL information authorized device group list
  • AKE mutual authentication and key exchange
  • step S601 the drive 400 reads the ADGL information certificate (AIC-DISC) 251 stored in the data writable information recording medium 200, and reads the AIC data (number of invalid devices). Performs comparison with the ADGL information certificate (AIC-D) 411 AIC data (number of invalid devices) stored in its own memory
  • AIC data of AIC-D AIC data of AIC-DISC
  • the AIC-DISC determines that the AIC-D is newer than the AIC-D, and in this case, the drive 400 transmits the ADGL information certificate (AIC-D) 411 stored in its memory to the information recording medium 200. Execute the update process to replace the read ADGL information certificate (AIC-DISC) 251.
  • step S601 the drive 400 first verifies the signature attached to the ADGL information certificate (AIC-DISC) 251 read from the information recording medium 200, Verify that the information certificate (AIC—DISC) is a legitimate certificate that has not been tampered with. After this confirmation, compare and update.
  • AIC-DISC ADGL information certificate
  • Step S602 is a comparison update process executed in the host 500.
  • the host 500 inputs the ADGL information certificate (AIC-D) 411 stored in the memory of the drive 400 to the drive 400 and confirms that the certificate is falsified by signature verification. Executes AIC data (number of invalid devices) comparison with ADGL information certificate (AIC-H) 511 stored in
  • the host also updates the authorized device group list (ADGL-H) stored in the memory.
  • This updating process involves storing the information recording medium 200 via the drive 400 and replacing it with an authorized device group list (ADGL—DISC), or acquiring the latest authorized device group list (ADGL) via a network. And update it.
  • the drive 400 inputs the ADGL information certificate (AIC-H) 511 held in the memory of the host 500 in step S603, and inputs the ADGL information certificate (AIC-D) stored in its own memory. Compare 411 AIC data (number of invalid devices)
  • AIC-H determines that AIC-H is newer than AIC-D
  • the ADGL information certificate (AIC-D) 411 stored in its own memory is input from the host 500 in this case.
  • AIC-H Perform update processing to replace with 511.
  • the drive 400 verifies the signature attached to the ADGL information certificate (AIC-H) 511 to which the host 500 has also been input in the comparison and update processing in step S603, and verifies that the signature has not been tampered with. Confirm that the certificate is valid. After this confirmation, compare and update.
  • the drive 400 acquires the certification that the host 500 stores the registration information of the host included in the certification device group list (ADGL-H) 512 stored in the memory of the host 500.
  • the AIC data number of invalid devices
  • the AIC-D performs comparison with 411 AIC data (number of invalid devices). If the AIC data of ADGC H and the AIC data of AIC-D
  • the drive determines that the old version of the certified device group certificate does not support the AIC-D AIC-D Stop processing.
  • step S603 the drive 400
  • S604 Mutual authentication and key exchange (AKE) processing between the drive 400 and the host 500.
  • S605 Bus key generated on the drive 400 side !: Kbus session key: encryption and transmission by Ks.
  • Session key on host 500 Bus key by decryption processing with Ks: Kbus acquisition
  • Bus key on host 500 Encrypted transmission processing of content by Kbus
  • Bus key in drive 400 Decryption and recording of content using Kbus
  • step S621 the drive 400 reads the A DGL information certificate (AIC-DISC) 251 stored in the information recording medium 200, verifies the signature, and checks the ADG L information certificate. After confirming that the (AIC-DISC) has been tampered with, and that it is a valid certificate, the AIC data (the number of invalid devices) and the A DGL information certificate (AIC-D ) Compare with 411 AIC data (number of invalid devices).
  • AIC data of AIC-D AIC data of AIC-DISC
  • the AIC-DISC determines that the AIC-D is newer than the AIC-D, and in this case, the drive 400 transmits the ADGL information certificate (AIC-D) 411 stored in its memory to the information recording medium 200. Execute the update process to replace the read ADGL information certificate (AIC-DISC) 251.
  • step S622 enter the ADGL information certificate (AIC-D) 411 stored in the memory of the drive 400, the drive 400, and the drive 500 in step S622, and verify the signature. After confirming that the certificate has not been tampered with, it executes AIC data (number of invalid devices) comparison processing with the ADDL information certificate (AIC-II) 511 stored in the memory of the host 500.
  • AIC data number of invalid devices
  • AIC-D is judged to be newer than AIC- ⁇ , in this case, the ADGL information certificate (AIC-H) 511 stored in its own memory is driven 400 times. Execute the update process to replace the certificate (AIC-D) 411.
  • the AIC data of AIC-H and the AIC data of AIC-D If, the host also updates the authorized device group list (ADGL-H) stored in the memory. This updating process involves storing the information recording medium 200 via the drive 400 and replacing it with an authorized device group list (ADGL—DISC), or acquiring the latest authorized device group list (ADGL) via a network. And update it.
  • ADGL—DISC authorized device group list
  • step S623 the drive 400 inputs the ADGL information certificate (AIC-H) 511 held in the memory of the host 500, checks the signature, and then checks the ADGL information certificate (AIC-H) stored in its own memory.
  • AIC—D Compare 411 AIC data (number of invalid devices).
  • AIC-H determines that AIC-H is newer than AIC-D
  • the ADGL information certificate (AIC-D) 411 stored in its own memory is input from the host 500 in this case.
  • AIC-H Perform update processing to replace with 511.
  • the drive 400 determines that the host 500 has registered the host device registration information included in the authorized device group list (ADGL-H) 512 stored in the memory of the host 500. After acquiring the device group certificate (ADGC-H) and verifying the signature, the AIC data (number of invalid devices) set in the authorized device group certificate (ADGC-H) and the ADGL information stored in its own memory Certificate (AIC-D) Performs comparison with 411 AIC data (number of invalid devices). In this comparison process,
  • the drive determines that the old version of the Certified Device Group Certificate that does not support the AIC-D AIC-D data must be retained and that the host has a new Certified Device Group Certificate.
  • Request and transmission of the data (ADGC-H), and increment the value of the counter 412 by one.
  • ADGC H certified device group certificate
  • the maximum number of repetitions is set. For example, when the maximum number of repetitions is 5, the reacquisition request is made until the value of the counter 412 reaches 5. Within this allowed number The Certified Device Group Certificate (ADGC—H) entered from the host
  • ADGC-H Authorized device group certificate
  • steps S624 to S628, that is, the mutual authentication and key exchange (AKE) processing between the drive 400 and the host 500, the bus key of the drive 400, the transmission of the content, the host 500 Is decrypted.
  • AKE mutual authentication and key exchange
  • step S623 in Fig. 31 executed by drive 400, that is, the renewal of the authorized device group list (ADGL-H) including the authorized device group certificate (ADGC-H) on the host side is performed.
  • the details of the process for prompting the acquisition will be described.
  • the drive receives the transfer request of the ADGL information certificate (AIC-H) from the host in step S701, and then receives the ADGL information certificate (AIC-H) from the host in step S702.
  • the signature of the ADGL information certificate (AIC-H) is verified. If the validity of the certificate is not confirmed by the signature verification (S704: No), the subsequent processing is stopped. In this case, the content transfer processing is not executed.
  • step S705 If the validity of the certificate is confirmed by signature verification (S704: Yes), in step S705, the AIC data (AIC-H) of the ADGL information certificate (AIC-H) acquired from the host ) And the AIC data (number of invalid devices) of the ADGL information certificate (AIC-D) stored in its own memory.
  • step S706 the drive sends the ADGL information certificate (AIC—D) stored in its own memory to the host. Execute the update process to replace the acquired ADGL information certificate (AIC-H).
  • ADGL information certificate (AIC-D) stored in its own memory is newer than the ADGL information certificate (AIC-H) obtained from the host, and the update process is not performed.
  • step S707 after confirming receipt of the authorized device group certificate (ADGC-H) from the host, in step S708, the AIC set in the authorized device group certificate (ADGC-H) is set.
  • the data number of invalid devices
  • AIC data number of invalid devices
  • step S711 After execution, the comparison / update processing is completed, and the processing shifts to the next processing, that is, the mutual authentication processing.
  • the host determines that the host holds only the old version of the certified device group certificate that does not correspond to the AIC data of AIC-D, and proceeds to step S709. Is determined.
  • step S710 If the counter is equal to or less than the allowable number of reacquisitions, the counter is incremented by one in step S710, and the certified device group certificate (ADGC-
  • step S709 when the counter has reached the allowable number of reacquisitions, the processing that does not proceed to the mutual authentication processing (AKE) is stopped.
  • the host acquires its own certified device group list (ADGL).
  • ADGL ADGL
  • the processing described with reference to Fig. 31 is an update processing based on the ADGL sequence number, which is an update processing when the number of AIC data invalid (revoked) devices is used.
  • the update process based on the reacquisition process can be executed as a process that allows the reacquisition process.
  • the host in order for the host to access the information recording medium via the drive, the host outputs a certified device group certificate to the drive, and the drive inputs the certificate from the host.
  • the AIC data set in the certified device group certificate to be verified is compared with the AIC data of the ADGL information certificate (AIC-D) held by the drive, and the certified device group certificate (ADGC-H Mutual authentication must be performed on condition that the AIC data of ()) is not older than the ADGL information certificate (AIC-D) held by the drive, and the authentication must be established.
  • the host is required to perform a process for obtaining a newer and more certified device group certificate.
  • the drive is a device that can be attached to and detached from a device such as a PC as a host
  • the drive is connected to various hosts (PCs).
  • the drive can acquire new L and AIC data from the attached information recording medium, and the host (PC) connected to the drive when acquiring the new and AIC data from the information recording medium
  • An authorized device group certificate corresponding to the new version can be obtained and stored.
  • the host for example, PC
  • the host counts the number of times of mutual authentication with the drive, and after reaching a certain number of times, establishes a network connection with the server and updates the registration list.
  • the disc power may also update the registration list.
  • Fig. 33 shows a drive 400 on which the information recording medium 200 can be mounted, and a host 500 such as a PC for executing access to the information recording medium 200 via the drive 400!
  • the host 500 can be connected to an external server 632 via the communication unit 627.
  • the server 632 obtains and manages an authorized device group list (ADGL) and an ADGL information certificate (AIC) storing the latest authorized device group certificate (ADGC) via the management center 631, and manages these certificates. Is distributed over a network.
  • ADGL authorized device group list
  • AIC ADGL information certificate
  • ADGC latest authorized device group certificate
  • the host 500 executes a mutual authentication process as necessary.
  • the authentication processing of the host 500 is performed by the authentication execution unit 622 of the host 500 and the drive 400. It is executed between the authentication execution units 612 via both communication units 611 and 612.
  • the public key certificate (PKC) stored in both memories 615 and 626 is applied as described above with reference to the sequence diagram of FIG.
  • the host 500 has an authentication counter memory 623 that also has a nonvolatile memory (NV-RAM).
  • the authentication number counter memory 523 is a memory for recording the number of authentications counted up based on the completion of the execution of the authentication process with the drive.
  • the initial value of the authentication number counter memo U623 is 0.
  • the host 500 reads out the authentication count value stored in the authentication count counter memory 623 in the comparison unit 624, and compares the authentication count value with the preset upper limit value. Execute
  • authentication processing with the drive 400 is performed. If the authentication count value stored in the authentication counter memory 623 has reached the upper limit, the execution of the authentication process with the drive 400 is stopped. In this case, a process of notifying the user that the authentication count value has reached the upper limit value through a display or the like is executed.
  • the process of acquiring and updating the certificate from the server 632 is executed based on the user's instruction. It should be noted that, on condition that the authentication count value has reached the upper limit, acquisition and update processing of the certificate from the server 632 may be automatically executed.
  • the update execution unit 625 of the host 500 accesses the server 632 and obtains, from the server 632, an authorized device group list (ADGL) containing an authorized device group certificate (ADGC) and an ADGL information certificate (AIC). And saves 626 bytes of memory (NV-RAM).
  • ADGL authorized device group list
  • ADGC authorized device group certificate
  • AIC ADGL information certificate
  • the authentication execution unit 622 executes authentication processing with the drive 400, and can access the information recording medium 200 on condition that the authentication is established.
  • the host 500 outputs the ADGL information certificate (AIC) obtained from the server 632 to the drive 400 by the host 500 via the interface between the host 500 and the drive 400 by the authentication process.
  • the drive 400 obtains the latest ADGL information certificate (AIC-H) via the communication unit 611. At this point, since it is the A DGL information certificate held by the host 500, it is shown as AIC-H.
  • the drive 400 uses the ADGL information certificate (AIC-H) obtained from the host 500 and the ADGL information certificate (AIC-D) stored in its own memory 615 in the comparison unit 613. If the ADGL information certificate (AIC-H) obtained from the host 500 is determined to be newer, the update execution unit 614 determines whether the stored data in the memory 615 is newer than the ADGL obtained from the host 500. Execute the update process to replace the information certificate (AI CH). The comparison in the comparing unit 613 is performed based on the number of registered devices, the number of invalid devices, the number of sequence numbers, or the like recorded in each certificate.
  • both the host and the drive can be updated to the latest certificate.
  • an upper limit is set for the number of times of authentication processing with the drive executed by the host, and when the limit is reached, the ability to notify the user that the certificate needs to be updated, or execute the update processing.
  • step S801 in Fig. 34 the host activates a reproduction application program corresponding to the content placed on the disc.
  • drive strength disk information is acquired in step S803.
  • the host can use the data obtained by issuing the [READ DVD STRUCTURE command] to the drive to confirm whether or not the disc is a disc on which encryption recording has been performed. This command is used for SCSI (Small Computer System) Interface) Command standard INCITS T10, Multimedia Commands-4
  • MMC-4 As another determination method, a configuration may be adopted in which a file system applied to disk recording is interpreted and a directory obtained from information obtained by interpreting the information is determined.
  • step S804 based on the disk information obtained in step S803, it is determined whether or not the disk set in the drive is a recording disk for encrypted data. I do. If the disc is not an encrypted disc, the process proceeds to step G in FIG. 35 to execute a normal data reproducing process. That is, in step S829, after confirming that the disc is not ejected (S830), a user instruction or the like is performed. If it is determined that the sector data is to be read (S831: Yes), a sector data transfer request is output to the drive in step S832, and the data is reproduced until the sector data is determined to be completed in step S833. Do.
  • step S804 if it is determined in step S804 that the disc is a recording disk for encrypted data, it is determined in step S805 whether the count value of the authentication counter (SAC counter) has reached a predetermined upper limit. Is determined. This processing corresponds to the processing in the comparison unit 624 of the authentication counter memory 623 in FIG. The initial value of the host authentication counter memory 623 is 0.
  • step S805 If the count value of the authentication counter (SAC counter) has reached the predetermined upper limit in step S805, the process proceeds to step I in FIG. This process corresponds to a process for acquiring an update certificate from the server.
  • step S841 it is determined whether or not the host is connected to a network. If the host is not connected to the network, the device registration list needs to be updated for disc playback. Therefore, a message is displayed on the screen indicating that the device registration list cannot be updated, and the process ends. Based on the screen display, the user knows that the playback of the disc mounted on the drive requires acquisition of the Certified Device Group List (ADGL) containing the updated Certified Device Group Certificate (ADGC) .
  • ADGL Certified Device Group List
  • ADGC Certified Device Group Certificate
  • step S841 If it is determined in step S841 that the host is connected to the network, the process proceeds to step SS843 to update the authorized device group list (ADGL) storing the authorized device group certificate (ADGC). Display chest on screen, step S844 In step 2, a connection is made with a server specified by an application running on the host.
  • the application running on the host (content playback application) records the URL of the server to be connected when updating the authorized device group list (ADGL), and connects to the server using this URL.
  • step S845 the completion of the server connection is confirmed. If the connection fails, the process proceeds to step S846. Since the specified URL cannot be found, the update of the device registration list has failed. A message indicating that the disc cannot be played is displayed on the screen and the process ends.
  • step S847 If the connection is successful, proceed to step S847, and download the authorized device group list (ADGL) containing the latest authorized device group certificate (ADGC) from the connection server. For example, download processing based on HTTP or FTP is executed. As shown in the lower right part of Fig. 36, the certified device group list (ADGL) has a falsification verification value (digital signature, MAC, etc.) added to the certified device group list (ADGL), and a falsification prevention configuration is provided. Has been taken. In this processing flow, an example of download processing of only the authorized device group list (ADGL) is shown! /, But as described above, the download of the ADGL information certificate (AIC) is also performed. Is preferred.
  • step S848 completion of download is confirmed. If the download cannot be completed, the process advances to step S849 to display a screen indicating that the download of the device registration list from the server has failed and cannot be updated, and that the disc cannot be played without updating, and ends.
  • step S850 a verification process is performed based on the verification value assigned to the ADGL file, and it is confirmed that there is no tampering. If the confirmation process is completed and it is not possible to confirm that there is no tampering, proceed to step S852. If the download of the device registration list from the server failed and it could not be updated, and if it was not updated, the disc was played. If not, display the message on the screen and exit.
  • step S861 If it is confirmed that there is no tampering, the flow advances to step S861 to obtain an authorized device group list (ADGL) from the downloaded A DGL file, and the flow advances to step S862. Display the completion notice of the certified device group list (ADGL) on the screen. Further, in step S863, a process of resetting the count value of the authentication count counter (SAC counter) memory to 0 is executed. As described with reference to FIG. 33, as described above, if the download processing of the ADGL information certificate (AIC) is also performed at S847, the ADGL information certificate at S850 The integrity of the certificate (AIC) is verified by signature verification, and the storage of the ADGL information certificate (AIC) in S861 is executed. At that time, output processing to the drive via the interface is executed.
  • ADGL authorized device group list
  • step SAC counter authentication count counter
  • step S806 mutual authentication with the drive and session key sharing processing are executed.
  • step S807 When the completion of the mutual authentication and key exchange (AKE) processing is confirmed in step S807, the count value of the authentication counter (SAC counter) memory is incremented by one in step S808.
  • step S808 the host requests the embedded key: Ke from the drive.
  • Embedded key: Ke is the disk key: Kd and the key generated by the drive by key generation processing based on the ROM mark: Ve obtained from the information recording medium, for example, key generation processing according to the AES encryption algorithm. Yes, it is encrypted by the session key Ks and sent to the host.
  • step S810 when the encrypted embedding key: Ke is also received as the driving force, in step S811, the decryption is performed by applying the session key Ks to obtain the embedding key: Ke. I do. Further, in step S812, the host requests the drive to transfer unit key generation information: Vu which is a recording seed (REC SEE D) as information necessary for generating a key applied to the decryption processing of the encrypted content,
  • unit key generation information: Vu is received in step S813
  • a unit key: Ku is generated in step S814 based on the embedded key: Ke and the unit key generation information: Vu.
  • This process corresponds to, for example, the process of step S303 in FIG.
  • step S815 the host outputs a request to transmit the bus key: Kbus to the drive.
  • step S816 the host obtains the bus key: Kbus encrypted by the session key: Ks input via the connection bus.
  • step S817 the session key : Decryption processing using Ks is executed to obtain a bus key: Kbus. This process corresponds to, for example, the process of step S305 in FIG.
  • step S821 When it is determined that the reading of the sector data is to be performed by a user instruction after confirming that the reproduction software of the PC has not been completed (S821) and the disc has not been ejected (S822) (S823: Yes) Outputs a sector data transfer request to the drive in step S824.
  • Bus key The decryption process of the encrypted content encrypted by Kbus is executed by, for example, the block decryption process applying the AES-CBC mode, as described above with reference to Fig. 27.
  • step S828 the host applies the unit key: Ku to execute decryption processing of the encrypted content.
  • This decoding process is executed as the same process as described above with reference to FIG. With the above processing, the host acquires the decrypted content and executes the content reproduction.
  • AIC data update processing based on the number of invalid (revoked) devices
  • the information processing device 800 includes a CPU 809 that executes data processing according to various programs such as an OS, a content reproduction or recording application program, a mutual authentication processing program, a ROM 808 as a storage area for programs and parameters, a memory 810, Digital signal input / output IZF802, analog signal input / output IZF804 with A / D, DZA converter 805, MPEG codec 803 for encoding and decoding MPEG data, TS (Transport Stream )-TS (Program Stream) processing TS 'PS processing means 806, mutual authentication, encryption processing means 807 for executing various encryption processing such as decryption of encrypted content, recording medium 812 such as hard disk, recording medium A drive 811 for driving the 812 and inputting / outputting a data recording / reproducing signal is provided. Each block is connected to a bus 8001.
  • the information processing device (host) 800 is connected to the drive by a connection bus such as ATAPI-BUS, and the content encrypted by the above-described bus key is input from the digital signal input / output IZF802, and
  • the decryption processing means 807 executes decryption processing in, for example, the AES-CBC mode.
  • a program for executing content reproduction or recording processing is stored in, for example, the ROM 808.
  • the memory 810 is used as a parameter, data storage, and a work area as needed.
  • the public key of the management center the private key for the host, the public key certificate for the host described with reference to FIG. H), the registration information of the ADGL information certificate (AIC-H) is stored.
  • an information processing apparatus as a drive that reads and records content stored in an information recording medium and transfers data to and from a host.
  • the drive 850 executes data processing according to various programs such as content reading, content recording, transfer processing programs, and mutual authentication processing programs.
  • ROM855 as a storage area for programs, parameters, etc.
  • memory 856 input / output IZF853 for input / output of digital signals
  • cryptographic processing means for executing various cryptographic processes such as mutual authentication, bus key generation, and output data encryption 854
  • a recording medium IZ F857 for driving an information recording medium 858 such as a DVD or a Blu-ray disc and inputting / outputting a data recording / reproducing signal.
  • Each block is connected to a bus 851!
  • the drive 850 is connected to the host by a connection bus such as ATAPI-BUS.
  • a connection bus such as ATAPI-BUS.
  • the drive 850 re-encrypts the scrambled content stored in the information recording medium 858 using a bus key: K bus and inputs / outputs it.
  • Bus key: Content encryption using Kbus is performed by the encryption processing means 854, for example, in AES-CBC mode.
  • the ROM 855 or the memory 856 contains the public key of the management center, the private key corresponding to the drive, the public key certificate corresponding to the drive, and the encryption key block described with reference to FIG. Device key to be applied to RKB processing: Kdev, and ADGL information certificate (AIC-D) are stored. In addition, a program for executing content reading, acquisition, and mutual authentication processing is stored.
  • the series of processes described in the specification can be executed by hardware, software, or a combined configuration of both.
  • the program that records the processing sequence can be installed and executed in the memory of a computer embedded in dedicated hardware, or the program can be executed on a general-purpose computer that can execute various processing. Can be installed and run.
  • the program is stored on a hard disk or ROM (Read Only Memory
  • the program is a flexible device Disk, CD-ROM (Compact Disc Read Only Memory), MO (Magneto optical) disk, DVD (Digital Versatile Disc), magnetic disk, semiconductor disk, etc. Temporarily or permanently stored in a removable recording medium (recording) You can keep. Such a removable recording medium can be provided as so-called package software.
  • the program can be installed on a removable storage medium such as the one described above, besides being installed on the computer, wirelessly transferred from a download site to the computer, or transmitted to the computer via a network such as a LAN (Local Area Network) or the Internet.
  • the program can be transferred by wire, and the computer can receive the transferred program and install it on a recording medium such as a built-in hard disk.
  • a device that executes data transfer in a content reproduction or recording process involving data transfer between two different devices such as a drive and a host, a device that executes data transfer is used.
  • mutual authentication the number of authentications is counted, and when the number of authentications reaches a predetermined upper limit, the authentication process is stopped and the certificate applied for authentication must be updated.
  • the present invention is applied to the mutual authentication of the public key cryptosystem executed when the content is transferred from the source device (source) device to the receiving device (sink) of the connected devices.
  • Apply a certified device group certificate to judge the validity of the public key certificate of each device.
  • the number of registered devices in the certified device group list (registration list), which is set as a set of certified device group certificates, indicates whether the number of devices is invalid (revoke).
  • the device number data certificate (AIC) that sets the number of registered devices as the registered data is applied.
  • a new ⁇ certified device group is configured to judge the up-to-dateness of the certified device group certificate based on the status of registration information registration or change in the number of invalid devices, such as many!
  • the certificate is applied to determine the validity of the device's public key certificate, and mutual authentication is performed. The number of authentications is counted, and when the number of authentications reaches a predetermined upper limit, authentication processing is performed. Since the setting was made to stop and update the certificate applied for authentication is required, authentication processing using an old certified device certificate, illegal content acquisition is prevented, and illegal use of content is eliminated.
  • an appropriate device group list (registered list)
  • the storage list of the information processing device that executes the content reproduction or recording process can be updated at any time.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
PCT/JP2005/007855 2004-05-10 2005-04-25 情報処理装置 Ceased WO2005109747A1 (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/596,006 US7984499B2 (en) 2004-05-10 2005-04-25 Processing device and associated methodology for authorized device certificate updating

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2004-140210 2004-05-10
JP2004140210 2004-05-10
JP2004-168489 2004-06-07
JP2004168489A JP2005352523A (ja) 2004-05-10 2004-06-07 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム

Publications (1)

Publication Number Publication Date
WO2005109747A1 true WO2005109747A1 (ja) 2005-11-17

Family

ID=35320554

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/007855 Ceased WO2005109747A1 (ja) 2004-05-10 2005-04-25 情報処理装置

Country Status (4)

Country Link
US (1) US7984499B2 (https=)
JP (1) JP2005352523A (https=)
TW (1) TW200606861A (https=)
WO (1) WO2005109747A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112367173A (zh) * 2020-10-27 2021-02-12 北京数码视讯科技股份有限公司 信息处理方法、装置、芯片、终端及电子设备

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005013272A1 (en) * 2003-08-01 2005-02-10 Koninklijke Philips Electronics N.V. Record carrier comprising encryption indication information
JP4692003B2 (ja) * 2005-02-10 2011-06-01 ソニー株式会社 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
JP4537940B2 (ja) * 2005-11-21 2010-09-08 株式会社ソニー・コンピュータエンタテインメント 情報処理装置、及びプログラム実行制御方法
TW200828934A (en) * 2006-12-21 2008-07-01 Realtek Semiconductor Corp Audio data transmission method for transmitting encrypted audio data and audio processing system and computer system thereof
KR101310232B1 (ko) * 2007-04-24 2013-09-24 삼성전자주식회사 버스 키 공유 방법 및 그 장치
US8423789B1 (en) 2007-05-22 2013-04-16 Marvell International Ltd. Key generation techniques
US8490206B1 (en) * 2007-09-28 2013-07-16 Time Warner, Inc. Apparatuses, methods and systems for reputation/content tracking and management
JP5140888B2 (ja) * 2007-11-05 2013-02-13 Kddi株式会社 デジタルデータ再生装置
US20100027790A1 (en) * 2007-12-20 2010-02-04 Balaji Vembu Methods for authenticating a hardware device and providing a secure channel to deliver data
US8752193B2 (en) * 2009-11-16 2014-06-10 Sandisk Technologies Inc. Content binding at first access
JP5815525B2 (ja) 2010-07-23 2015-11-17 パナソニック株式会社 情報処理装置、コントローラ、鍵発行局、無効化リスト有効性判定方法および鍵発行方法
GB2489672A (en) * 2011-03-28 2012-10-10 Sony Corp Authentication certificate distribution to set top boxes
US8832715B2 (en) * 2012-03-29 2014-09-09 Unisys Corporation Limiting execution of event-responses with use of policies
EP3160078A1 (en) * 2015-10-21 2017-04-26 Thomson Licensing Network, method and certificate for providing a secured communication between devices, and respective device
CN109379179B (zh) * 2018-12-19 2022-11-18 北京百度网讯科技有限公司 用于更新数字证书的方法和装置
US12495042B2 (en) * 2021-08-16 2025-12-09 Capital One Services, Llc Systems and methods for resetting an authentication counter

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004007328A (ja) * 2002-04-09 2004-01-08 Sony Corp データ転送装置及びデータ転送方法
JP2004080174A (ja) * 2002-08-13 2004-03-11 Ntt Data Corp Ic、データ処理システム及びコンピュータプログラム

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748740A (en) * 1995-09-29 1998-05-05 Dallas Semiconductor Corporation Method, apparatus, system and firmware for secure transactions
JP4654498B2 (ja) * 2000-08-31 2011-03-23 ソニー株式会社 個人認証システム、個人認証方法、および情報処理装置、並びにプログラム提供媒体
US7287282B2 (en) * 2000-09-29 2007-10-23 Matsushita Electric Industrial Co., Ltd. Copyright protection system, transmitter, receiver, bridge device, copyright protective method, medium, and program
JP2003150735A (ja) * 2001-11-13 2003-05-23 Hitachi Ltd 電子証明書システム
WO2004023759A1 (en) * 2002-08-28 2004-03-18 Matsushita Electric Industrial Co., Ltd. Content duplication management system and networked apparatus
US7366906B2 (en) * 2003-03-19 2008-04-29 Ricoh Company, Ltd. Digital certificate management system, digital certificate management apparatus, digital certificate management method, program and computer readable information recording medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004007328A (ja) * 2002-04-09 2004-01-08 Sony Corp データ転送装置及びデータ転送方法
JP2004080174A (ja) * 2002-08-13 2004-03-11 Ntt Data Corp Ic、データ処理システム及びコンピュータプログラム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112367173A (zh) * 2020-10-27 2021-02-12 北京数码视讯科技股份有限公司 信息处理方法、装置、芯片、终端及电子设备

Also Published As

Publication number Publication date
TW200606861A (en) 2006-02-16
US7984499B2 (en) 2011-07-19
TWI304576B (https=) 2008-12-21
JP2005352523A (ja) 2005-12-22
US20070209077A1 (en) 2007-09-06

Similar Documents

Publication Publication Date Title
JP4576853B2 (ja) 情報処理装置、および認証処理方法、並びにコンピュータ・プログラム
JP4884535B2 (ja) 装置間でのデータオブジェクトの転送
JP4144573B2 (ja) 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
KR20090016709A (ko) 컨텐츠 기록을 위한 장치, 방법 및 컴퓨터 판독가능한 기록 매체
US20090202071A1 (en) Recording apparatus, reproducing apparatus, and computer program product for recording and reproducing
US20080219451A1 (en) Method and system for mutual authentication between mobile and host devices
WO2005109747A1 (ja) 情報処理装置
WO2001078298A1 (en) Information processing system and method
JP5573489B2 (ja) 情報処理装置、および情報処理方法、並びにプログラム
WO2004064317A1 (ja) 相互認証方法、再生装置及び情報処理装置
KR20050118156A (ko) 기록장치 및 콘텐츠 보호 시스템
JP4239741B2 (ja) 情報記録媒体製造管理システム、情報処理装置、および方法、並びにコンピュータ・プログラム
JP5983727B2 (ja) 情報処理装置、情報記憶装置、情報処理システム、および情報処理方法、並びにプログラム
JP2007505347A (ja) コンテンツプロテクト方法及びシステム
JP5644467B2 (ja) 情報処理装置、および情報処理方法、並びにプログラム
JP4367166B2 (ja) ドライブ装置、再生処理装置、情報記録媒体、およびデータ処理方法、並びにコンピュータ・プログラム
JP4752198B2 (ja) ドライブ装置、再生処理装置、情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
JP2005352522A (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
JP4547880B2 (ja) 情報処理装置、情報記録媒体再生装置、コンテンツ利用制御システム、および方法、並びにコンピュータ・プログラム
CN103583014A (zh) 终端装置、内容记录系统、标题密钥记录方法及计算机程序
JP4806847B2 (ja) 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム記録媒体
JP2013150179A (ja) 情報処理装置、情報記憶装置、情報処理システム、および情報処理方法、並びにプログラム
JP5975098B2 (ja) 情報処理装置、情報記憶装置、情報処理システム、および情報処理方法、並びにプログラム
JP2007025913A (ja) 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP3988385B2 (ja) 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム記録媒体

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 11596006

Country of ref document: US

Ref document number: 2007209077

Country of ref document: US

122 Ep: pct application non-entry in european phase
WWP Wipo information: published in national office

Ref document number: 11596006

Country of ref document: US