WO2017022386A1 - Dispositif de traitement d'informations, dispositif de stockage d'informations, procédé de traitement d'informations, et programme - Google Patents

Dispositif de traitement d'informations, dispositif de stockage d'informations, procédé de traitement d'informations, et programme Download PDF

Info

Publication number
WO2017022386A1
WO2017022386A1 PCT/JP2016/069751 JP2016069751W WO2017022386A1 WO 2017022386 A1 WO2017022386 A1 WO 2017022386A1 JP 2016069751 W JP2016069751 W JP 2016069751W WO 2017022386 A1 WO2017022386 A1 WO 2017022386A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
medium
recorded
copy
information processing
Prior art date
Application number
PCT/JP2016/069751
Other languages
English (en)
Japanese (ja)
Inventor
義行 小林
Original Assignee
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ソニー株式会社 filed Critical ソニー株式会社
Publication of WO2017022386A1 publication Critical patent/WO2017022386A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor

Definitions

  • the present disclosure relates to an information processing device, an information storage device, an information processing method, and a program. More specifically, when the recorded content of the first medium (information recording medium) such as a disc is copied to the second medium, the content usage control in the copy source medium is inherited in the copy destination medium and the same usage control is performed.
  • the present invention relates to an information processing device, an information storage device, an information processing method, and a program.
  • information recording media such as DVD (Digital Versatile Disc), BD (Blu-ray (registered trademark) Disc), and flash memory are used as information recording media (media) for various contents such as movies and music. Yes. Many contents such as music data and image data recorded on these information recording media have copyrights and distribution rights by their creators and distributors. Therefore, even a user who has purchased a disc has certain restrictions on the use of disc recorded content. For example, it is not allowed to copy the disc recording content to other media without limitation.
  • a copy permissible configuration is known on condition that the copy management information is received from the management server. Specifically, for example, processing is performed in the following sequence.
  • a user attaches a first medium serving as a copy source, such as a content storage disk, to a user device such as a PC or a recording / playback device, and the user device connects to the management server via a network. Thereafter, the user device transmits predetermined information such as a disc identifier (ID) of the first medium to the server. After confirming the validity of the received information, the server transmits copy management information in which copy permission data is recorded to the user device. The user device can confirm the copy permission data recorded in the copy management information from the server, read the copy permission data from the first medium, and copy to the second medium as the copy destination. .
  • a first medium serving as a copy source such as a content storage disk
  • Such a copy management configuration is called managed copy (MC), and details thereof are described in, for example, Patent Document 1 (Japanese Patent Laid-Open No. 2008-98765).
  • BD Blu-ray (registered trademark) Disc
  • MC managed copy
  • BD Blu-ray (registered trademark) Disc
  • Encrypted content conforming to the AACS (Advanced Access Content System) standard which is a standard related to content copyright protection technology, is classified into units and recorded as encrypted data to which different encryption keys are applied for each unit.
  • AACS Advanced Access Content System
  • Encrypted content conforming to the AACS (Advanced Access Content System) standard is classified into units and recorded as encrypted data to which different encryption keys are applied for each unit.
  • the current AACS standard is mainly a standard for use control for recorded contents of BD (Blu-ray (registered trademark) Disc), and is sufficient for use control of contents recorded in a flash memory such as a memory card.
  • BD Blu-ray (registered trademark) Disc
  • flash memory such as a memory card.
  • Strict usage control is required.
  • the present disclosure has been made in view of, for example, the above-described problems.
  • the first aspect of the present disclosure is: A data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the data processing unit In the recording data of the first medium, a first medium identifier that can be read from the first medium by applying a dedicated protocol is recorded in a protected area in which access restriction of the storage unit of the second medium is set,
  • the encrypted content is recorded in a general-purpose area in which the access restriction of the storage unit of the second medium is not set.
  • the second aspect of the present disclosure is: A protected area in which access restrictions are set, and a storage unit having a general-purpose area in which access restrictions are not set, A data processing unit,
  • the general-purpose area of the storage unit records the encrypted content copied from the copy source medium
  • the protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium
  • the data processing unit It is determined whether the information processing apparatus that has output the read request for the first media identifier has an access right to the protection area, When it is confirmed that the user has an access right, the information storage device obtains the first media identifier recorded in the protection area and outputs the first media identifier to the information processing device.
  • the third aspect of the present disclosure is: An information processing method executed in an information processing apparatus,
  • the information processing apparatus includes: A data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the data processing unit is In the recording data of the first medium, a first medium identifier that can be read from the first medium by applying a dedicated protocol is recorded in a protected area in which access restriction of the storage unit of the second medium is set,
  • the encrypted content is recorded in a general-purpose area in which the access restriction of the storage unit of the second medium is not set.
  • the fourth aspect of the present disclosure is: An information processing method executed in an information storage device,
  • the information storage device includes: A protected area in which access restrictions are set, and a storage unit having a general-purpose area in which access restrictions are not set,
  • a data processing unit The general-purpose area of the storage unit records the encrypted content copied from the copy source medium
  • the protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium
  • the data processing unit is It is determined whether the information processing apparatus that has output the read request for the first media identifier has an access right to the protection area, In the information processing method of acquiring the first media identifier recorded in the protection area and outputting the first media identifier to the information processing apparatus when it is confirmed that the user has an access right.
  • the fifth aspect of the present disclosure is: A program for executing information processing in an information processing apparatus;
  • the information processing apparatus includes: A data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the program is stored in the data processing unit.
  • the sixth aspect of the present disclosure is: A program for causing an information storage device to execute information processing;
  • the information storage device includes: A protected area in which access restrictions are set, and a storage unit having a general-purpose area in which access restrictions are not set, A data processing unit,
  • the general-purpose area of the storage unit records the encrypted content copied from the copy source medium,
  • the protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium,
  • the program is stored in the data processing unit.
  • the program of the present disclosure is a program that can be provided by, for example, a storage medium or a communication medium provided in a computer-readable format to an information processing apparatus or a computer system that can execute various program codes.
  • a program in a computer-readable format, processing corresponding to the program is realized on the information processing apparatus or the computer system.
  • system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.
  • the data processing unit that executes a copy process for recording the recording data of the first medium onto the second medium can read from the first medium by applying a dedicated protocol in the recording data of the first medium.
  • the first media identifier (volume ID, PMSN) is recorded in the protection area where the access restriction of the storage unit of the second medium is set, and the BDMV format data such as the encrypted content and the AACS management data are stored in the second medium. Recorded in a general-purpose area where no access restrictions are set.
  • Each data is associated with an index (i) set in the directory or recording data.
  • the protected area recording data is also recorded with the MAC value to realize a configuration in which tampering is prevented.
  • the media binding is realized by recording the value to which the media ID is applied in the protection area.
  • MC Managed Copy
  • summary of a managed copy (MC: Managed Copy) system. It is a figure explaining the structure of a content management unit (CPS unit), and a unit key management table. It is a figure explaining the recording data of the 1st medium which is a copy origin medium. It is a figure explaining the example of a directory structure of a medium, and the data stored in a data part. It is a figure explaining the AACS management data recorded on a medium. It is a figure explaining the structure data of the copy control management file (MCMF: Managed Copy Manifest File) which is the recording information of the 1st medium. It is a figure explaining the sequence of the volume ID read protocol (Protocol for Transfer Volume_ID) according to AACS regulation.
  • CPS unit content management unit
  • AACS unit key management table It is a figure explaining the recording data of the 1st medium which is a copy origin medium. It is a figure explaining the example of a directory structure of a medium, and the data stored in a data part. It is
  • FIG. 6 is a diagram illustrating an example of copy data and a copy destination in the data copy processing of the present disclosure.
  • FIG. 6 is a diagram illustrating an example of copy data and a copy destination in the data copy processing of the present disclosure.
  • FIG. 11 is a diagram for describing a configuration example of an information processing apparatus that executes data copy processing and the like. It is a figure explaining the hardware structural example of the information storage device (memory card
  • FIG. 1 is a diagram for explaining an outline of a managed copy (MC) system as an example.
  • the information processing apparatus 20 is a user's PC, recorder (recording / playback apparatus), and the like, and can play back the first medium 10 on which a movie or the like, which is a copyright management target content, is recorded.
  • the information processing apparatus 20 can perform processing for copying the content recorded on the first medium 10 to the second medium 30 which is another medium.
  • the second medium 30 is a medium that can be recorded in the information processing apparatus 20, and is a medium such as a hard disk (HDD), a flash memory, or a data recordable disk (BD, DVD, etc.).
  • the information processing apparatus 20 which is a user apparatus executes content copying
  • the information processing apparatus 20 is connected to the management server 50 and receives copy permission information from the management server 50.
  • this copy permission information for example, procedures such as confirmation of the validity of the first medium possessed by the user and payment of a predetermined fee are required.
  • the information processing apparatus 20 which is a user apparatus, can receive the copy permission information from the management server 50 and perform content copying on condition that the copy permission information is received by performing this predetermined procedure.
  • This is an outline of managed copy (MC).
  • BD Blu-ray (registered trademark) Disc
  • Encrypted content that complies with the AACS (Advanced Access Content System) standard which is a standard related to content copyright protection technology, is divided into units as described above, and is recorded as encrypted data using a different encryption key for each unit. Is done.
  • AACS Advanced Access Content System
  • the unit-by-unit encryption configuration it is possible to perform unit-based usage control, and strict and diverse content usage control is realized.
  • a unit that is a content division unit is called a content management unit or a CPS unit
  • an encryption key corresponding to each CPS unit is called a CPS unit key, a unit key, or a title key.
  • An example of the correspondence between the unit classification of the content recorded on the disc and the encryption key (unit key) is shown in FIG.
  • FIG. 2 is an example of a unit key management table showing a correspondence relationship between a unit (CPS unit) constituting content recorded on a certain medium, for example, one disc, and a CPS unit key which is an encryption key.
  • This unit key management table is recorded on the medium (BD etc.) together with the encrypted content.
  • CPS units which are content configuration data, are divided into CPS units 1 to n.
  • Each CPS unit 1 to n is associated with a CPS unit key which is a unique encryption key.
  • CPS unit 1 For example, when playing back CPS unit 1 (CPS1), decryption is performed using CPS unit key 1 (Ku1).
  • CPS unit 2 When reproducing the CPS unit 2 (CPS2), it is necessary to perform decryption by applying the CPS unit key 2 (Ku2).
  • title As an index corresponding to each CPS unit and CPS unit key, for example, “title” is used. “Title” is an index set corresponding to each CPS unit, and the CPS unit and the CPS unit key can be specified by specifying the title.
  • FIG. 3 is a diagram illustrating an example of recorded data of the first medium 10 when the first medium 10 is a ROM-type Blu-ray (registered trademark) Disc.
  • the following data is recorded on the first medium.
  • (A) Volume ID (Volume ID) 11 is an identifier recorded on a disc storing content of the same title, for example.
  • (B) Media ID [PMSN (Prerecorded Media Serial Number)] 12 is, for example, an identification number of a medium recorded on a medium (disk) by a physical recording process that is difficult to rewrite.
  • (A) Volume ID (Volume ID) 11 and (B) Media ID [PMSN (Prerecorded Media Serial Number)] 12 are different from other normal recording data in that they perform reading processing using a specific dedicated protocol. Data that can be read only when it is executed. For example, these data can be read only when a dedicated read processing program stored only in an information processing apparatus defined by AACS is executed.
  • KCD (Key Conversion Data) 13 is data applied to generation (conversion) of an encryption key at the time of content reproduction.
  • the KCD may not be stored depending on the media.
  • the AACS management data 14 is composed of various management data such as key data applied to decryption of encrypted content and a content certificate 16 that verifies the validity of the content.
  • the BDMV format data 15 is composed of encrypted content that is reproduction target data, a reproduction control program, a playlist, and the like, control information applied to reproduction target data and reproduction processing, a control program, and the like.
  • FIG. 4 shows a directory structure in the case where the first medium 10 is a ROM type Blu-ray (registered trademark) Disc, and shows a directory structure corresponding to recording data of the BD (Blu-ray (registered trademark) Disc). Yes.
  • the directory is separated into a management information setting unit 51 (AACS directory) and a data unit 52 (BDMV directory).
  • the management information setting unit 51 (AACS directory) is a directory in which the AACS management data 14 shown in FIG. 3 is recorded
  • the data unit 52 is a directory in which the BDMV format data 15 shown in FIG. 3 is recorded.
  • the index file stores title information as index information to be applied to playback processing. This title is the same as the title registered in the unit key management table described above with reference to FIG. 2, and is data associated with the CPS unit.
  • the playlist file is a file that defines the playback order of content in accordance with the program information of the playback program specified by the title, and has playback position information and teacher information for clip information.
  • the clip information file is a file specified by the playlist file, and has reproduction position information of the clip AV stream file and the like.
  • the clip AV stream file is a file storing AV stream data to be reproduced.
  • the BDJO file is a file that stores execution control information of a file that stores JAVA (registered trademark) programs, commands, and the like.
  • the sequence in which the information processing apparatus reproduces the content recorded on the information recording medium is as follows. First, a specific title is specified from the index file by the playback application. A playback program associated with the specified title is selected. A playlist that defines the playback order of the contents is selected according to the program information of the selected playback program. The AV stream or the command as the actual content data is read out by the clip information defined in the selected playlist, and the AV stream is reproduced and the command is executed.
  • the unit and unit key described above with reference to FIG. 2 can be discriminated according to the selected title, and the unit key corresponding to the unit to be reproduced is obtained to obtain the unit unit.
  • the decoding process is performed.
  • the copy process described with reference to FIG. 1 the copy process is executed by specifying the copy target data with reference to the information received from the management server 50.
  • management information setting unit 51 AACS directory
  • various management data such as key information and usage control information applied to decryption of the encrypted content recorded in the data unit 52 are recorded. Specifically, for example, the following data is recorded.
  • AACS Advanced Access Content System
  • AACS management data the following data is key data applied to decryption of encrypted content.
  • MKB Media key block
  • SKB Sequence key block
  • SKB Unified media key block
  • D Segment key
  • j CPS unit key
  • the MKB is an encryption key block generated based on a tree-structured key distribution method known as one aspect of the broadcast encryption method.
  • the MKB can acquire the media key [Km], which is a key necessary for decrypting the content, only by processing (decryption) based on the device key [Kd] stored in the information processing apparatus of the user having a valid license.
  • This is a key information block.
  • This is an application of an information distribution method according to a so-called hierarchical tree structure, and only when the user device (information processing apparatus) has a valid license, the media key [Km] can be acquired and invalidated. In the revoked user device, the media key [Km] cannot be acquired.
  • a device key [Kd] is stored in the memory of the information processing apparatus that executes content reproduction.
  • (E) Copy control management file [Managed Copy Manifest File (MCMF)] This is a file applied when executing a copy process of content recorded on a medium, and is, for example, XML description data including data shown in FIG.
  • the copy control management file (MCMF: Managed Copy Manifest File) 111 includes the following data, for example.
  • Management server URL Access information of a management server that provides copy permission information.
  • Copy data information (deal manifest) (2-1) Playlist file name: The file name of the playlist to be copied.
  • CPS unit key information CPS unit key identification information applied to the decryption process of the content to be copied.
  • Copy unit identifier Unit identification information of a copy unit (MC unit) indicating a copy unit of management copy (MC).
  • Content ID an identifier of the content to be copied. For example, an ISAN (International Standard Audio Number) number is used as content code information.
  • MC managed copy
  • a user attaches a first medium serving as a copy source, such as a content storage disk, to a user device such as a PC or a recording / playback device, and the user device connects to the management server via a network. Thereafter, the user device transmits predetermined information such as a disc identifier (ID) of the first medium to the server. After confirming the validity of the received information, the server transmits copy management information in which copy permission data is recorded to the user device. The user device can confirm the copy permission data recorded in the copy management information from the server, read the copy permission data from the first medium, and copy to the second medium as the copy destination. .
  • a first medium serving as a copy source such as a content storage disk
  • Usage control information This is a file in which information such as content usage permission information, such as reproduction permission information and copy permission information, is recorded.
  • the playback device can use the content within the allowable range recorded in the usage control information.
  • G Content Revocation List
  • CRL Content Revocation List
  • (H) Content Certificate This is a certificate that proves the validity of the content, and is a certificate that is prevented from being tampered with the content manager signature issued by a predetermined content manager.
  • the playback device performs playback processing on the condition that the content to be played back is confirmed to be valid content by the content certificate.
  • Content Hash Table (Content Hash Table) This is a table storing the hash value of the content. It has a configuration in which tampering with a content manager signature issued by a predetermined content manager is prevented.
  • the playback device compares the hash value recorded in the content hash table with the hash value generated from the content scheduled to be played back, and confirms that the content is legitimate content that has not been tampered with. Playback processing is performed as a condition.
  • volume ID (Volume ID) and PMSN read processing As described above with reference to FIG. 3, in FIG. 3, the volume ID (Volume ID) 11 shown as the recording data of the first medium 10 and (B) the media ID [PMSN (Prerecorded Media Serial Number)] 12 Unlike other normal recording data, is data that can be read only when a reading process using a specific dedicated protocol is executed. For example, these data can be read only when a dedicated read processing program stored only in an information processing apparatus defined by AACS is executed.
  • the volume ID can be read by applying a volume ID reading protocol (Protocol for Transfer Volume Identifier) in accordance with AACS regulations.
  • the PMSN is data that can be read by applying a PMSN read protocol (Protocol for Transferring Pre-recorded Media Serial Number) according to the AACS standard.
  • volume ID read protocol Protocol for Transfer Volume Identifier
  • FIG. On the left side, a drive device that executes data read processing from a BD-ROM disc that is the first medium 10; On the right side, a host device that outputs a data read request from the disk to the drive device and receives read data from the drive device is shown.
  • These are all components of the information processing apparatus 20 in FIG. 1, for example.
  • Step S11 First, in step S11, authentication processing and session key (BK (also called bus key)) sharing processing are executed between the host and the drive device.
  • the authentication process is executed as an authentication process according to, for example, a public key cryptosystem.
  • the process after step S12 is executed. If the authentication is not established, the processing after step S12 is stopped.
  • Step S12 When the authentication process in step S11 is established, in step S12, the host outputs a volume ID read request to the drive device.
  • step S14 the drive device outputs the volume ID read from the disk, the verification value based on the volume ID, and the calculated MAC value (Dm) to the host.
  • Step S15 When the host receives the volume ID and the MAC value (Dm), which is a verification value based on the volume ID, from the drive device, in step S15, the host executes a process for confirming the validity of the received volume ID.
  • the host executes the following process, for example, a process of copying read data from the first medium 10 to a memory card as the second medium.
  • the PMSN is data that can be read by applying a PMSN read protocol (Protocol for Transferring Pre-recorded Media Serial Number) according to the AACS standard.
  • PMSN read protocol Protocol for Transferring Pre-recorded Media Serial Number
  • FIG. On the left side, a drive device that executes data read processing from a BD-ROM disc that is the first medium 10; On the right side, a host device that outputs a data read request from the disk to the drive device and receives read data from the drive device is shown.
  • These are all components of the information processing apparatus 20 in FIG. 1, for example.
  • Step S16 First, in step S16, authentication processing and session key (BK (also called bus key)) sharing processing are executed between the host and the drive device.
  • the authentication process is executed as an authentication process according to, for example, a public key cryptosystem. If the authentication process is established and the reliability of both is confirmed, the process from step S17 is executed. If the authentication is not established, the processes after step S17 are stopped.
  • BK also called bus key
  • Step S17 When the authentication process in step S16 is established, in step S17, the host outputs a PMSN read request to the drive device.
  • step S19 the drive device outputs the PMSN read from the disk, the verification value based on the PMSN, and the calculated MAC value (Dm) to the host.
  • Step S20 When receiving the PMSN and the MAC value (Dm), which is a verification value based on the PMSN, from the drive device, the host executes a process for confirming the validity of the received PMSN in step S20.
  • the host executes the following process, for example, a process of copying read data from the first medium 10 to a memory card as the second medium.
  • the reproduction processing example shown in FIG. 9 is one reproduction processing example.
  • the data applied to the reproduction process varies depending on the reproduction processing mode.
  • the reproduction processing example shown in FIG. 9 is a diagram illustrating a reproduction processing example to which the following data recorded on the first medium 10 is applied. MKB71, KCD72, Volume ID 73, CPS unit key file 74, Usage control information 75, Encrypted content 76, A reproduction processing example to which these data are applied will be described.
  • the first medium 10 is attached to the information processing apparatus 20 as a user device, and content generation is performed by executing key generation and content decryption processing according to a predetermined sequence. Processing of the information processing apparatus 20 will be described.
  • the information processing apparatus 20 is an AACS compatible apparatus and stores a device key [Kd] 81 in a memory.
  • the information processing apparatus 20 reads the MKB 71 and KCD 72 stored in the first medium 10, and in steps S21 and S22, the MKB process and the encryption process (AES) using the device key 81 stored in the memory of the own apparatus are applied. Execute G) to obtain the media key [Km].
  • the KCD may not be stored depending on the media. In this case, the process using KCD is omitted.
  • step S23 the volume ID 73 stored in the first medium 10 is read, and encryption processing (AES-G) using the media key [Km] is executed to generate a volume unique key [KVu].
  • AES-G encryption processing
  • step S24 the CPS unit key file 74 stored in the first medium 10 is read, and a CPS unit key (title key) [Kt] is generated by decryption processing using the volume unique key [KVu].
  • step S25 the usage control information 75 stored in the first medium 10 is read, and a verification process (such as signature verification) of the usage control information 75 is executed by applying the AACS public key held in the memory by the playback device. Then, it is determined whether the usage control information is valid. The content is allowed to be used according to the description of the usage control information determined to be valid.
  • step S26 the encrypted content 76 stored in the medium 10 is decrypted by applying the CPS unit key (title key) [Kt], and the content 83 is reproduced.
  • the information processing apparatus 20 needs to execute key generation and content decryption according to the AACS rules when using the media storage content.
  • the structure is prevented.
  • the information processing apparatus 100 that executes the copy process reads out the recording data of the first medium 10 described with reference to FIGS. 3 to 5 and is a copy destination medium (second medium).
  • a process of copying to an information storage device having a flash memory, that is, the memory card 200 is performed.
  • the copy target data includes the following data.
  • D KCD (key conversion data) 114,
  • the BDMV format data 111 includes encrypted content that is usage control content. This is the recording data of the BDMV directory described above with reference to FIG.
  • the encrypted content has a usage management configuration in units of content management units (CPS units), and a different unit key (CPS unit key) is applied in units of CPS units.
  • CPS unit key a different unit key
  • the AACS management data 112 includes a copy control management file (MCMF or the like). This is the recording data of the AACS directory described above with reference to FIG.
  • MCMF copy control management file
  • Data (volume ID, PMSN, etc.) 113 that can be read by a dedicated protocol is data that can be read only by a read process using a specific dedicated protocol. For example, these data can be read by executing a dedicated read processing program stored in an information processing apparatus defined by AACS.
  • the volume ID can be read by applying a volume ID reading protocol (Protocol for Transfer Volume Identifier) in accordance with AACS regulations.
  • the PMSN is data that can be read by applying a PMSN read protocol (Protocol for Transferring Pre-recorded Media Serial Number) according to the AACS standard.
  • KCD (key conversion data) 114 is data applied to generation (conversion) of an encryption key at the time of content reproduction.
  • the KCD may not be stored depending on the medium, and in this case, the KCD copy process is omitted.
  • a configuration example of a memory card 200 that is an information storage device having a flash memory that is a copy destination medium will be described with reference to FIG.
  • the memory card 200 is mounted on the information processing apparatus (host) 20, accessed from the information processing apparatus 100, and read / write data.
  • the memory card 200 as an information storage device A controller (data processing unit) 210, a storage unit 220, a communication IF 240, and a media ID storage unit 250 are included.
  • a controller (data processing unit) 210 for example, communication with an information processing apparatus (host) or the like is performed via the communication IF 240.
  • the controller (data processing unit) 210 includes a CPU 211 having a program execution function, a RAM 212, and the like.
  • the RAM 212 is used as a recording area for data processing programs executed by the CPU, various parameters, controller-specific ID information, key information, and the like.
  • the storage unit 220 is divided into a protected area (secure area (Protected Area)) 221 where free access is not allowed and a general-purpose area (user data area (General Purpose Area)) 222 where free access is allowed.
  • the protected area 221 can be accessed only by an information processing apparatus (host) that is determined to have access rights in the memory card 200.
  • the protection area (Protected Area) 221 has a plurality of division areas (Protected Areas # 0 to # 3), and the access right can be set for each division area.
  • Access rights that allow both data recording and data reading, Permission to only read data, These various types of access rights can be set. These access rights are recorded in a host certificate held by the information processing apparatus (host).
  • the media ID storage unit 250 is an area in which the identifier of the memory card 200 is recorded.
  • Gamma media ID 251, EMID (Enhanced Media ID) 252 These IDs are recorded.
  • the plurality of IDs are IDs generated individually corresponding to, for example, components of the memory card 200, for example, a storage unit or a data processing unit. Either can be used as an identifier unique to the flash memory or an identifier of a specific lot.
  • the memory card 200 refers to the record information of the host certificate received from the information processing apparatus (host) and determines whether or not the information processing apparatus (host) has an access right. Details of the host certificate and details of the access determination process will be described later.
  • FIG. 12 is a diagram illustrating a managed copy (MC) sequence, which is an example of content copy processing based on server management.
  • a first medium 10 such as a ROM disk on which content such as a movie is recorded;
  • An information processing apparatus 100 as a user apparatus that reads data such as content from the first medium 10 and performs a copy process;
  • a second medium flash memory 200
  • a management server (MC server) 300 that executes processing for providing content copy permission information and the like;
  • the information processing apparatus 100 is configured by, for example, a PC, a recording / playback apparatus, and the like, and inputs data read from the first medium 10 and records data on a second medium (memory card 200) as a copy destination medium, that is, Execute content copy processing.
  • the first medium 10 is, for example, a ROM type Blu-ray (registered trademark) Disc, a DVD disk, or the like.
  • the second medium (memory card 200) has a flash memory in which data can be written. As described with reference to FIG. 11, the second medium (memory card 200) has a protection area that is a data recording area in which access restrictions are set. Media.
  • the first medium 10 constituted by a ROM disk or the like, as shown in the figure, (A) BDMV format data 111, (B) AACS management data 112, (C) Data (volume ID, PMSN, etc.) 113 readable by a dedicated protocol, These data are recorded.
  • the BDMV format data 111 includes encrypted content that is usage control content.
  • the encrypted content has a usage management configuration in units of content management units (CPS units), and a different unit key (CPS unit key) is applied in units of CPS units.
  • Encrypted content that has been encrypted. That is, in order to realize different usage control for each unit of division data, encryption is performed with a different key (called a CPS unit key, unit key, or title key) for each unit.
  • the AACS management data 112 includes a copy control management file (MCMF or the like) 115.
  • data (volume ID, PMSN, etc.) 113 that can be read by a dedicated protocol is data that can be read only when a read process using a specific dedicated protocol is executed. For example, these data can be read only by executing a dedicated read processing program stored only in the information processing apparatus defined by AACS.
  • step S51 the information processing apparatus 100 applies server information (such as a URI) recorded in the copy control management file (MCMF) 113 recorded in the first medium 10 and executes a copy to the management server 300.
  • server information such as a URI
  • MCMF copy control management file
  • Send a request (Offer Request).
  • a content ID corresponding to the content to be copied is transmitted to the management server 300.
  • the copy execution request includes, for example, the following data.
  • D) The random number is generated in the information processing apparatus 100.
  • (E) As the language code a language code recorded in advance in the memory of the information processing apparatus 100 is acquired and transmitted. The language code is used to determine the language of the offer detail information included in the response provided by the management server 300.
  • step S52 the management server 300 executes verification processing of the validity of the received information such as the content ID received from the information processing apparatus 100, and if it is confirmed that there is no problem, the server response information (Offer List) 131 is generated and transmitted to the information processing apparatus 100.
  • the basic information of the server response information (Offer List) 131 includes the following information.
  • Offer detailed information (1a) Title / abstract / description (title / abstract / description): Information on title, summary, and description corresponding to copy-permitted content.
  • Copy unit identifier MCU: An identifier for identifying a copy unit as a copy unit.
  • Price information (price): Copy price information.
  • Price auxiliary information (priceInfo): Price auxiliary information.
  • Payment server URL final HTML URL): Access information of a server that performs copy fee payment processing.
  • Copy destination information (mcotInfo): Information indicating the type of media allowed as a copy destination device. For example, media types such as HDD / flash memory are recorded.
  • Pieces of information are basic information included in server response information (Offer List) 131 provided by the management server 300 to the information processing apparatus 100. These pieces of information are set for each copy unit (MCU) as a copy processing unit. For example, even for the same content A, the copy unit is set according to the copy destination medium. That is, Copy unit 0001 of content A for hard disk Copy unit 0002 of content A for flash memory This is the setting.
  • the server response information (Offer List) 131 shown in FIG. 14 the same information as the recording information of the copy control management file (MCMF) recorded on the first medium 10 described above with reference to FIG. included.
  • MCMF copy control management file
  • deal manifest Copy data information
  • step S52 the management server 300 executes verification processing of the validity of the received information such as the content ID received from the information processing apparatus 100, and if it is confirmed that there is no problem, the server response information (Offer List) 131 is generated and transmitted to the information processing apparatus 100.
  • the information processing apparatus 100 that has received the server response information (Offer List) 131 applies the response information (Offer List) 131 received from the management server 300 to process the copy-permitted content list (copy-permitted list 131).
  • the information is displayed on the display unit of the device 100. In this list, for example, a price (price) when copying for each content is set.
  • step S53 the user executes content selection for designating content to be copied from the copy allowable content list.
  • step S ⁇ b> 54 the information processing apparatus 100 executes a settlement process associated with the copy process with the management server 300. Specifically, a transfer process for the settlement data 132 is performed between the information processing apparatus 100 and the management server 300.
  • the server that executes the payment process may be a payment server different from the management server. Further, in the case of executing copying of content for which copy processing is set to free, the payment processing is omitted.
  • the information processing apparatus 100 transmits a request for copy permission information to the management server 300 in step S55.
  • the management server 300 confirms that payment has been made in response to a request for copy permission information from the information processing apparatus 100, generates copy permission information 122, and transmits it to the information processing apparatus 100.
  • the information processing apparatus 100 executes an authentication process with the second medium (memory card 200) as a copy destination and a copy process in step S57 on condition that the copy permission information 122 is received from the management server 300.
  • the memory card 200 receives a host certificate from the information processing apparatus (host) 100 in the authentication process, and the information processing apparatus (host) 100 has an access right to the protection area (an access right that allows the data recording process). Make sure to keep. The copy process is started on the condition that the access right is confirmed.
  • the first medium 10 has (A) BDMV format data 111, (B) AACS management data 112, (C) Data (volume ID, PMSN, etc.) 113 readable by a dedicated protocol, (D) KCD114 These data are recorded.
  • the memory card 200 as a copy destination medium
  • A Protected Area (Protected Area) 221,
  • B General Purpose Area 222, Have
  • a protected area 221 is an access-restricted data recording area, and the memory card 200 has access rights to the information processing apparatus based on the host certificate received from the information processing apparatus (host) 100. Access (data recording) by the information processing apparatus 100 is allowed only when the information is confirmed.
  • a general purpose area 222 is a data recording area that can be accessed without performing such access right confirmation processing.
  • BDMV format data 111 As shown in FIG. (A) BDMV format data 111, (B) AACS management data 112, Each of these data is recorded in a general purpose area (General Purpose Area) 222.
  • General Purpose Area General Purpose Area
  • the information processing apparatus 100 first performs mutual authentication processing with the memory card 200 in the authentication processing & copy processing in step S57 of FIG. Thereafter, the copy process is started when mutual authentication is established and when the memory card 200 confirms the access right to the protected area 221 of the information processing apparatus (host) 100.
  • C Data (volume ID, PMSN, etc.) 113 readable by a dedicated protocol
  • D KCD (key conversion data) 114, Is recorded in the protected area 221.
  • (C) Data (volume ID, PMSN, etc.) 113 readable by a dedicated protocol is Although it is data recorded on the first medium 10, unlike normal recording data recorded on the first medium 10, the data can be read only by a data reading process according to a specific protocol. Data that can be read only by data reading processing according to this specific protocol is recorded in the protection area 221 instead of the general-purpose area 222. When data reading from the protection area 221 is performed, access right confirmation processing by the memory card 200 is also executed. That is, only the information processing apparatus having an access right that is permitted to read data from the protection area 221 can read the volume ID and PMSN.
  • KCD key conversion data
  • the same usage control as that for the data reproduction process from the first medium 10 can be performed in the data reproduction from the memory card 200 as the copy destination medium. That is, like the data reproduction process from the first medium 10, only the information processing apparatus having a specific access right can execute the content reproduction process from the memory card 200.
  • FIG. 16 is a sequence diagram illustrating a sequence of processing executed between the information processing apparatus (host) 100 and the memory card 200 that is a copy destination medium (second medium). Hereinafter, processing of each step will be described.
  • Step S81 First, in step S81, authentication processing and session key (BK (also referred to as bus key)) sharing processing are executed between the information processing apparatus (host) 100 and the memory card 200 as the copy destination medium (second medium). Is done.
  • the authentication process is executed as an authentication process according to, for example, a public key cryptosystem. In this authentication process, the information processing apparatus (host) 100 and the memory card 200 provide the other apparatus with public key certificates stored in the own apparatus.
  • the host certificate is a public key certificate that stores a public key provided to the information processing apparatus (host) 100 by the certificate authority.
  • the host certificate is configured as data in which a signature is set by a CA private key and is prevented from being falsified.
  • the host certificate includes the following data as shown in FIG. (1) Type information (2) Host ID (Host ID) (3) Host public key (Public Key) (4) Read / write restriction information (PAD Read / PAD Write) in block units in the protected area of the media (memory card) (5) Other information (6) Signature (Signature)
  • Type information is information indicating the type of certificate.
  • data indicating that the certificate is a host certificate, host type, for example, a reproduction-only device, reproduction and recording, and the like.
  • Information indicating the type of device such as a device performing the recording is recorded.
  • Host ID is an area for recording a host ID as a host identifier.
  • Host public key (Public Key)
  • the host public key is a public key of the host.
  • a key pair according to the public key cryptosystem is configured together with a secret key provided to each device.
  • the read / write restriction information (PAD Read / PAD Write) with respect to the medium is a block unit in a protected area (Protected Area) 221 set in the storage unit of the medium for recording the content, for example, the memory card 200 shown in FIG. Is recorded.
  • the blocks in the protected area 221 are also called PAD blocks.
  • the memory card 200 having the flash memory type storage unit refers to this recording field of the host certificate shown in FIG. 17 received at the stage of the authentication process with the information processing apparatus (host) 100, for example, for example, in FIG.
  • Write / read permission determination processing is performed in units of blocks in the protection area (Protected Area) 221 shown, and only execution of processing permitted in the permitted section area is permitted.
  • the information processing apparatus (host) that makes an access request to the protected area of the memory card 200 holds a host certificate that records read / write restriction information (PAD Read / PAD Write) for the medium shown in FIG.
  • the host certificate is presented to the memory card 200 and the access right confirmation determination is received.
  • the memory card 200 verifies the signature of the certificate presented by the access requesting device, confirms the validity of the certificate, and then records the read / write restriction information (PAD Read / PAD Write) in the certificate.
  • PID Read / PAD Write the read / write restriction information
  • write / read permission judgment processing is performed in block units that are partitioned areas in the protected area 221 shown in FIG. 11, and only the processing permitted in the permitted block area is allowed to be executed. .
  • the read / write restriction information (PAD Read / PAD Write) for the memory card 200 is set, for example, in units of devices to be accessed, for example, information processing devices (hosts). These pieces of information are recorded in a host certificate (Host Cert) corresponding to each device.
  • hosts information processing devices
  • the memory card 200 verifies the recorded data of the host certificate (Host Cert) in accordance with a prescribed program stored in advance in the memory card 200, and performs a process of permitting access only to an area for which access is permitted.
  • FIG. 18 shows a PC 151 and a CE (Consumer Electronics) device 152 such as a recorder or a player as host devices that execute recording of data to the memory card 200 and reading of data recorded on the memory card 200.
  • CE Consumer Electronics
  • the protected area (Protected Area) 221 of the memory card 200 shown in FIG. 18 has the following divided areas. Partition area # 1 (Protected Area # 1) 231, Partition area # 2 (Protected Area # 2) 232, With these partitioned areas.
  • the host certificate (Host Cert) held by the CE device 152 is Type: CE Read allowable area: # 1, 2 Write (Write) allowable area: # 1, 2 This is a certificate with these settings.
  • the PC 151 is only allowed to write data and write data to the partitioned area # 1 (Protected Area # 1) 231.
  • the PC 151 is not permitted to write (Write) and read (Read) data in the partitioned area # 2 (Protected Area # 2) 232.
  • the CE device 152 is only allowed to write data (Write) and read data (Read) with respect to the segmented area # 1 (Protected Area # 1) 231. In addition, data writing (Write) and reading (Read) to the partitioned area # 2 (Protected Area # 2) 232 are permitted.
  • the type information of the host certificate includes information for identifying whether it is a PC or a CE device, and the data processing unit of the memory card 200 stores access control information recorded in the device certificate, that is, Readable area information (PAD Read), Write allowable area information (PAD Write), Based on these pieces of information, it may be determined whether or not access (read / write) of the nuclear division area is possible, but based on the type information (Type), it is possible to determine whether to allow access for each division area of the protection area. Also good.
  • PID Read Read
  • PAD Write Write allowable area information
  • Step S82 In step S81 described above, an authentication process and a session key (BK) sharing process are executed between the information processing apparatus (host) 100 and the memory card 200 as the copy destination medium (second medium).
  • the authentication process is executed as an authentication process according to, for example, a public key cryptosystem.
  • the information processing apparatus (host) 100 and the memory card 200 provide the other apparatus with public key certificates stored in the own apparatus.
  • the memory card 200 receives the host certificate described with reference to FIG. 17 from the information processing apparatus (host) 100.
  • the memory card 200 is recorded in the host certificate.
  • PAD Read / PAD Write Read / write restriction information
  • step S81 mutual authentication in step S81 is established, and in step S82, the information processing apparatus (host) 100 grants the right to access the protected area 221 (data write (write) processing right). If it is confirmed that it has, the processing from the next step S83 is executed.
  • step S83 is performed. The following processing is not executed.
  • Steps S83 to S84 the information processing apparatus (host) 100 reads the BDMV format data 111 from the first medium 10 that is the copy source medium, and outputs it to the memory card 200 that is the copy destination medium (second medium).
  • the format data 111 is recorded in the general purpose area (General Purpose Area) of the memory card 200.
  • the BDMV format data 111 is data under the BDMV directory described with reference to FIG. 4, that is, data in the data section 52 shown in FIG. Index files, Playlist files, Clip information file, Clip AV stream file, BDJO file, For example, these files.
  • the encrypted content is stored in a clip AV stream file.
  • the information processing apparatus (host) 100 outputs each data constituting the BDMV format data 111 to the memory card 200 as it is, that is, without executing the decryption process or the re-encryption process. Recorded in the general purpose area of the memory card 200. As described above, by executing the copy recording process without performing the decoding process, the possibility of data leakage can be significantly reduced.
  • Steps S85 to S86 the information processing apparatus (host) 100 reads the AACS management data 112 from the first medium 10 that is the copy source medium and outputs it to the memory card 200 that is the copy destination medium (second medium). Then, the AACS management data 112 is recorded in the general purpose area (General Purpose Area) of the memory card 200.
  • the AACS management data 112 is data below the AACS directory described with reference to FIG. 5, that is, data recorded in the management information setting unit 51 (AACS directory) shown in FIG.
  • the information processing apparatus (host) 100 outputs the AACS management data 112 to the memory card 200 as it is, that is, without executing decryption processing or re-encryption processing, and the BDMV format data 111 is stored in the general-purpose memory card 200. Record in the area (General Purpose Area). As described above, by executing the copy recording process without performing the decoding process, the possibility of data leakage can be significantly reduced.
  • Steps S87 to S88 the information processing apparatus (host) 100 receives data such as a volume ID (Volume ID) and a media ID [PMSN (Precoded Media Serial Number)] from the first medium 10 that is a copy source medium. That is, the readable data 113 and the KCD 114 are read by a dedicated protocol, and these data are recorded in a protected area (Protected Area) of the memory card 200.
  • the KCD may not be stored depending on the medium. In this case, the copy recording process of the KCD is omitted.
  • (A) Volume ID (Volume ID) 11 is an identifier recorded on a disc storing content of the same title, for example.
  • (B) Media ID [PMSN (Prerecorded Media Serial Number)] 12 is, for example, an identification number of a medium recorded on a medium (disk) by a physical recording process that is difficult to rewrite.
  • These (A) Volume ID (Volume ID) 11 and (B) Media ID [PMSN (Prerecorded Media Serial Number)] 12 are different from other normal recording data in that they perform a reading process using a specific dedicated protocol. Data that can be read only when it is executed. For example, these data can be read only by executing a dedicated read processing program stored only in the information processing apparatus defined by AACS.
  • Data that can be read only by this specific protocol is recorded in the protected area of the memory card 200.
  • the access right confirmation process by the memory card 200 is also executed. That is, only the information processing apparatus having an access right that is allowed to read data from the protected area can read the volume ID and PMSN.
  • the same usage control as that for the data reproduction process from the first medium 10 can be performed in the data reproduction from the memory card 200 as the copy destination medium. That is, like the data reproduction process from the first medium 10, only the information processing apparatus having a specific access right can execute the content reproduction process from the memory card 200.
  • the recording data for the protection area of the memory card 200 has been described as the volume ID, data that can be read only by a dedicated protocol such as PMSN, and KCD. Also, other data with high confidentiality may be recorded in the protection area.
  • a specific example of recording copy data to a memory card having a flash memory will be described with reference to FIG.
  • the first medium 10 as the copy source medium is a BD-ROM having a BDMV directory
  • one movie title is recorded for each disc. It is expected that contents of various different titles are copied from various disks and recorded on the memory card 200 as a copy destination medium. Therefore, a naming rule for a directory for storing copy data in the memory card 200 is determined in order to clearly distinguish the plurality of copy contents.
  • a plurality of directories can coexist.
  • BDMV00, BDMV01, ... BDMV99 Set up multiple directories as described above.
  • BDMV00, BDMV01, ... A configuration for realizing the use control and protection function of the encrypted content recorded in each of these BDMV directories will be described.
  • the BDMV directory and the AACS directory exist under the root directory of the first medium 10 (BD-ROM) that is the copy source medium.
  • BDMV directory encrypted content, a playlist and clip information file as reproduction control information applied to the reproduction, a movie object file as a reproduction program, an index file as index data, and the like are stored.
  • AACS management data including information and key data necessary for content protection and usage control is recorded under the AACS directory.
  • BDMV33 When BDMV33 is set as a BDMV directory in which a certain encrypted content A is recorded, The AACS management data corresponding to the encrypted content A is recorded in the directory AACS33 and below.
  • BDMV 67 When BDMV 67 is set as the BDMV directory in which the encrypted content B is recorded, AACS management data corresponding to the encrypted content B is recorded in the directory AACS 67 and below.
  • the AACS management data corresponding to the BDMV directory nn in which the encrypted content is recorded is recorded under the AACS directory (AACSnn) having the same identification number (nn).
  • the AACS management data related file recorded in the AACS directory of the first medium 10 as the copy source medium is copied and recorded as it is.
  • a plurality of divided areas can be set in the protected area (Protected Area) set in the storage unit of the memory card 200 that is the copy destination medium.
  • protected areas # 1 to # 3 (Protected Areas # 1 to # 3) shown in FIG.
  • the protection area # 1 is secured as a copy data recording area.
  • An example of recorded data for a protected area (Protected Area) of the memory card 200 will be described.
  • An example of recorded data in the protected area (Protected Area) shown in FIG. 19 includes BDMV00 to BDMV99 as BDMV directories in which a plurality of different encrypted contents are recorded in the general purpose area (General Purpose Area) of the flash memory type storage unit of the memory card 200. It is an example of recorded data when it is assumed that each directory is set.
  • the following data is recorded at the head of the protected area (Protected Area) of the flash memory type storage unit of the memory card 200.
  • Head header
  • text information and version information indicating that it is a copy data recording area are recorded.
  • the header area is set to 48 bytes, for example.
  • AACS management data set in the AACS directory (AACS00 to 99) corresponding to the BDMV directory (BDMV00 to 99) recorded in the general-purpose area is repeatedly recorded.
  • An example of specific recording data will be described.
  • i represents an index and is an integer from 0 to 99.
  • the size of the header section is 48 bytes, so from the beginning of the protected area, It is only necessary to seek for 48+ (16 ⁇ 9 ⁇ i) bytes.
  • This seek destination is an AACS directory (in which AACS management data corresponding to the encrypted content recorded in the BDMV directory (BDVi) set in the general-purpose area (General Purpose Area) of the flash memory type storage unit of the memory card 200 is recorded) This corresponds to the head position of the recording data (AACSi).
  • i is an integer from 0 to 99
  • FIG. 1 The structure of one data set recorded in the protection area is shown in FIG.
  • the set of AACS management data is as follows, as shown in FIG. (1) [Effectiveness presentation flag: Validity [i]] (2) [Session Key: Session Key [i]] (3) [Media ID MAC: Media ID MAC [i]] (4) [Verification key: Verification Key [i]] (5) [Volume ID: Volume ID [i]] (6) [Volume ID MAC: Volume ID MAC [i]] (7) [KCD [i]] (8) [PMSN [i]] (9) [PMSN MAC [i]]
  • Validity [i] is recorded in the validity presentation flag: Validity [i] as a flag indicating the validity of these eight data elements. 0: Invalid 1: Valid
  • Session key Session Key [i]
  • a 128-bit session key value is recorded in the recording area.
  • the session key may be generated by a pseudo-random number generator or the like, or during the authentication process executed between the host and the drive in the volume ID or PMSN read process described above with reference to FIGS. You may record using the produced
  • the session key (BK) is applied to encryption of content recorded in a general purpose area (General Purpose Area) of the storage unit of the memory card 200. That is, the content encrypted with the CPS unit key defined in AACS is further encrypted with the session key.
  • the encryption method is equivalent to AACS.
  • the Content (C) recorded on the first medium 10 as the copy source medium is a content (Ce) encrypted according to the AACS Content Encryption method as described below by using a title key (CPS unit key) defined in AACS. ) Is recorded.
  • Ce AES-128CBCE (Kt, C)
  • the data processing unit of the information processing apparatus 100 re-encrypts the encrypted content (Ce) by using the session key (Ks) according to the AACS Bus Encryption method as follows.
  • Cee AES-128CBCE (Ks, Ce)
  • the data processing unit of the information processing apparatus 100 records the double encrypted content (Cee) under the BDMV directory in the general purpose area (General Purpose Area) of the storage unit.
  • This re-encryption process is optional, and the encrypted content (Ce) recorded in the second medium 10 without performing the re-encryption process is used as it is, and the BDMV directory in the general-purpose area (General Purpose Area) of the storage unit It is good also as a structure recorded below. In this case, 0 (zero) is recorded in the [session key: Session Key [i]] field of the protection area.
  • AACS management data such as key data such as MKB used for content decryption processing is recorded under the AACS directory set in the general-purpose area (General Purpose Area) of the memory card 200.
  • Media ID MAC Media ID MAC [i]
  • Media ID MAC In the Media ID MAC [i] recording area, a message authentication code (MAC) of a session key and a media identifier (Media ID) is recorded.
  • MAC message authentication code
  • Dm CMAC (Session Key, Media ID)
  • Dm MAC (Session Key, Media ID)
  • the media ID is the ID of the copy destination medium, that is, the memory card 200, and is preferably set to have a length of 64 bits or more.
  • the media ID storage unit 250 of the memory card 200 includes, for example, Gamma media ID 251, EMID (Enhanced Media ID) 252 These IDs are recorded.
  • the plurality of IDs are IDs generated individually corresponding to, for example, components of the memory card 200, for example, a storage unit or a data processing unit. Either can be used as an identifier unique to a memory card or an identifier of a specific lot.
  • the value of the verification key may be generated by a pseudo random number generator or the like,
  • the volume ID and PMSN transfer protocol Protocol for Transfer Volume Identifier, and Protocol for Transfer Pre-recorded Media Serial Number
  • the volume ID and PMSN transfer protocol used in the AACS specification may be recorded.
  • Volume ID MAC Volume ID MAC [i]
  • Volume ID MAC In the Volume ID MAC [i] recording area, a message authentication code (MAC) calculated from the verification key (Verification Key) and the volume ID (Volume ID) is recorded.
  • MAC message authentication code
  • Dm CMAC (Verification Key, Volume ID)
  • Dm CMAC (Verification Key, Volume ID)
  • the volume ID MAC (Volume ID) acquired according to the volume ID transfer protocol (Protocol for Transfer Volume Identifier) according to the AACS standard. Record the value of MAC).
  • KCD [i] In the KCD [i] recording area, a value of KCD (Key Conversion Data (key conversion data)) recorded in the first medium 10 as a copy source medium is recorded.
  • PMSN [i] In the PMSN [i] recording area, a prerecorded media serial number (PMSN) read in accordance with the AACS protocol from the first medium 10 as a copy source medium is recorded.
  • the volume ID, PMSN, and the like recorded on the first medium 10 that is the copy source medium are data that can be read by a read process using a dedicated read protocol (AACS protocol).
  • MAC message authentication code
  • the PMSN MAC acquired in accordance with the AACS PMSN transfer protocol (Protocol for Transfer Pre-recorded Media Serial Number) is recorded. If no PMSN is recorded on the copy source medium, 0 (zero) is recorded.
  • a configuration for realizing control equivalent to content usage control in the copy source medium for copy content recorded in such a copy destination medium will be described below. The following items will be described sequentially.
  • volume ID is an AACS standard protocol (Protocol for Transfer Volume Identifier).
  • the message authentication code (MAC) is assigned to the read volume ID, and the originality (that has not been tampered with) can be confirmed at the time of read processing according to this dedicated protocol. .
  • the following data is recorded in a protected area (Protected Area) in the storage unit of the memory card 200 that is a copy destination medium.
  • A The value of the volume ID (Volume ID) read in accordance with the protocol (Protocol for Transfer Volume Identifier) stipulated by AACS
  • B Message authentication code (MAC) of volume ID (Volume ID)
  • PMSN Pre-recorded Media Serial Number
  • the following data is recorded in a protected area (Protected Area) in the storage unit of the memory card 200 that is a copy destination medium.
  • PMSN PMSN
  • PMSN MAC PMSN MAC
  • the following data is recorded in a protected area (Protected Area) in the storage unit of the memory card 200 that is a copy destination medium.
  • A MAC value based on session key and media ID, that is, [Media ID MAC: Media ID MAC [i]]
  • This data is recorded in a protected area (Protected Area) in the storage unit of the memory card 200 as a copy destination medium.
  • the session key is a key shared between the information processing apparatus 100 and the memory card 200 during the copy process.
  • the media ID (media identifier) is the ID of the copy destination medium, that is, the memory card 200.
  • the media ID storage unit 250 of the memory card 200 includes, for example, Gamma media ID 251, EMID (Enhanced Media ID) 252 These IDs are recorded. Data including any one of these IDs or both is used as the media ID. With this configuration, media binding of copy data in the copy destination medium is realized.
  • the data processing unit of the non-information processing apparatus 100 in which the memory card 200 is mounted executes AACS online API mapping. Specifically, for example, the data processing unit executes the following processing. "GetVolumeID () method” As the return value of A process of returning the value of the volume ID (Volume ID) element recorded in the protected area of the memory card 200 as it is is executed. Also, if the MAC verification (the collation process between the MAC value calculated from the volume ID and the session key and the volume ID MAC) fails, a null value is returned.
  • GetVolumeID () method As the return value of A process of returning the value of the volume ID (Volume ID) element recorded in the protected area of the memory card 200 as it is is executed. Also, if the MAC verification (the collation process between the MAC value calculated from the volume ID and the session key and the volume ID MAC) fails, a null value is returned.
  • the data processing unit of the information processing apparatus 100 with the memory card 200 attached is "GetPMSN () method" As the return value of A process of returning the value of the PMSN element recorded in the protection area as it is is executed. If the MAC verification (verification between the PM value calculated from the PMSN and the session key and the PMSN MAC) fails, a null value is returned.
  • the data processing unit of the information processing apparatus 100 with the memory card 200 is configured to execute the above processing. With this configuration, even when the copy content is recorded on the copy destination medium, processing using the AACS online API is possible.
  • the media ID (volume ID, PMSN) of the first medium 10 that is the copy source medium and the media ID of the memory card 200 that is the copy destination medium are not mapped, but the copy source medium.
  • the media ID (volume ID, PMSN) of the first media is recorded in the protected area with a tamper-proof configuration (MAC value is set).
  • MAC value is set.
  • the encrypted file in the copy destination medium should not be browsed from an execution application such as a PC.
  • double encryption AACS encryption + AACS bus encryption
  • the end user can view the state of only AACS encryption, which is not preferable. Therefore, data is recorded on the copy destination medium in a double-encrypted state (AACS encryption + AACS bus encryption).
  • the session key is recorded in the protected area (Protected Area) of the storage unit of the memory card 200.
  • the session key data generated by a pseudo-random number generator or the like, or a session key (BK: bus key) generated in the authentication process of step S81 described above with reference to FIG.
  • the session key (BK) is applied to encryption of content recorded in a general purpose area (General Purpose Area) of the storage unit of the memory card 200. That is, the content encrypted with the CPS unit key defined in AACS is further encrypted with the session key.
  • the encryption method is equivalent to AACS.
  • the Content (C) recorded on the first medium 10 as the copy source medium is a content (Ce) encrypted according to the AACS Content Encryption method as described below by using a title key (CPS unit key) defined in AACS. ) Is recorded.
  • Ce AES-128CBCE (Kt, C)
  • the data processing unit of the information processing apparatus 100 to which the memory card 200 is attached records the double encrypted content (Cee) under the BDMV directory in the general purpose area (General Purpose Area) of the storage unit. By recording data on the copy destination medium in a double-encrypted state, individualization for each end user can also be performed.
  • the copy destination medium is configured to perform double encryption on the content and record it in the general-purpose area.
  • the data processing unit of the information processing apparatus 100 in which the memory card 200 is mounted reads double-encrypted content from the copy destination medium, and decrypts the second encryption (AACS bus encryption (Bus Encryption)). Then, the content hash is calculated and the presence / absence of falsification by hash verification is determined.
  • AACS bus encryption Bus Encryption
  • This hash verification process is executed on the encrypted content (Ce) obtained by decrypting the second encryption of the double encrypted content (Cee).
  • the memory card 200 provides the encrypted content (Ce) to a playback device such as a PC on the condition that it is confirmed that the encrypted content (Ce) has not been tampered with by this verification process.
  • a playback device such as a PC on the condition that it is confirmed that the encrypted content (Ce) has not been tampered with by this verification process.
  • the AACS management data identified by the index [i] is recorded in the protected area (Protected Area) of the storage unit of the memory card 200 as the copy destination medium as described above with reference to FIGS.
  • Case 1 and Case 4 are so-called normal systems.
  • the copying apparatus is expected to process all the contents on the recording medium so as to maintain either the case 1 or the case 4.
  • Case 2 and Case 3 are abnormal, so that content reproduction is not performed correctly, and the copy apparatus is expected to avoid all the contents on the recording medium.
  • An abnormal system can occur in the following situation.
  • A For example, when a removable hard disk drive connected via USB is disconnected during content copying.
  • B The end user has moved under the “BDMVnn directory” to another directory on the same medium.
  • volume ID Volume ID
  • Illegal duplication is, for example, content copying without consuming copy rights by intentionally interrupting the processing during content copying when the procedures for copying and moving are not compulsory. Can also be completed.
  • Step S101 First, in step S101, the data processing unit of the information processing apparatus 100 in which the memory card 200 is mounted sets 0 (invalid) to the index validity presentation flag (Validity) corresponding to the copy destination directory of the protection area.
  • step S102 the data processing unit generates the copy destination media BDMVnn, AACSnn directory, and necessary lower directories below these directories.
  • step S103 the data processing unit copies and records the files under the AACS directory on the copy source medium under the AACSnn directory generated at step S102.
  • Step S104 the data processing unit copies and records the content (including metadata) protected by AACS under the BDMVnn directory generated in step S102.
  • the Bus Key session key
  • Step S105 the data processing unit confirms the completion of the copy process, and then writes the data element in the index corresponding to the copy destination directory in the protected area.
  • the following data shown in FIG. (2) [Session Key: Session Key [i]] (3) [Media ID MAC: Media ID MAC [i]] (4) [Verification key: Verification Key [i]] (5) [Volume ID: Volume ID [i]] (6) [Volume ID MAC: Volume ID MAC [i]] (7) [KCD [i]] (8) [PMSN [i]] (9) [PMSN MAC [i]] Record these data.
  • Step S106 Next, in step S106, after confirming the completion of writing, the data processing unit sets 1 (valid) to the validity presentation flag (Validity).
  • the data processing unit of the information processing apparatus 100 in which the memory card 200 is mounted executes a copy process for recording the recording data of the first medium on the memory card 200 as the second medium.
  • the data processor In the recording data of the first medium the first medium identifier that can be read from the first medium by applying a dedicated protocol, that is, the data such as the volume ID and PMSN is set with the access restriction of the storage unit of the memory card 200.
  • the data such as encrypted content (BDMV format data, AACS management data) is recorded in the general-purpose area.
  • the data processing unit of the information processing apparatus 100 sets the index (i) when copying the BDMV format data recorded on the first medium and the AACS management data corresponding to the BDMV format data to the memory card 200. Execute the process.
  • the BDMV format data to be recorded in the general-purpose area and the AACS management data are set to a directory having the same index (i), BDMV-i, and AACS-i, and a copy of the BDMV format data is set in each set directory.
  • Data and copy data of AACS management data corresponding to the BDMV format data are recorded.
  • a data set such as a first media identifier (volume ID, PMSN) recorded in the protected area, which is the same index (i) as the BDMV-i directory in which copy data of the BDMV format data is recorded, that is, FIG. Also set in the data set described with reference to FIG.
  • Step S201 First, in step S201, the data processing unit of the information processing apparatus 100 in which the memory card 200 is mounted acquires the index [aa] of the BDMV directory (BDMVaa) to be migrated, and the protection area that matches the index (aa).
  • the validity presentation flag (Validity) of the data storage element set [aa] is set to 0 (invalid).
  • Step S202 the data processing unit copies and records the data elements of the migration source directory (BDMVaa, AACSaa) to an index corresponding to the migration destination directory (temporary directory name: BDMVxx, AACSxx).
  • step S203 the data processing unit changes the name of the destination directory such as the content from the original directory name: BDMVxx to a new directory name: BDMVbb.
  • step S204 the data processing unit changes the name of the destination directory of the management data from the original directory name: AACSxx to a new directory name: AACSbb.
  • step S205 the data processing unit sets the validity presentation flag (Validity) of the data set (data set having the index bb) in the protection area corresponding to the data recorded in the destination directory to 1 (valid). Set.
  • step S206 the data processing unit sets the validity presentation flag (Validity) of the data set (data set having the index aa) in the protection area corresponding to the data recorded in the migration source directory to 0 (invalid). ) And data (all 0 etc.) is overwritten in the data recording area other than the validity presentation flag (Validity) in the data set.
  • the data processing unit of the information processing apparatus 100 in which the memory card 200 is mounted executes the following processing, for example, when executing the copy content movement processing, for example, when executing the directory change processing regarding the copy content. To do.
  • An index consistency adjustment process is executed in which the index value set in the data set including the first media identifier (volume Nishi, PMSN) recorded in the protected area is set as the index value (i) of the directory after the copy content is changed. To do.
  • the data processing unit sets the value of the validity presentation flag (Validity) indicating the validity of the data set including the first media identifier recorded in the protected area to invalid.
  • the value of the validity presentation flag (Validity) is set to a value indicating validity. To do.
  • FIG. 24 illustrates a hardware configuration example of an information processing apparatus that executes data copy processing.
  • CPU 701 functions as a data processing unit that executes various processes according to a program stored in ROM (Read Only Memory) 702 or storage unit 708. For example, the above-described data copy process is executed.
  • a RAM (Random Access Memory) 703 stores programs executed by the CPU 701, data, and the like.
  • the CPU 701, ROM 702, and RAM 703 are connected to each other via a bus 704.
  • the CPU 701 is connected to an input / output interface 705 via a bus 704.
  • the input / output interface 705 is connected to an input unit 706 including various switches, a keyboard, a mouse, and a microphone, and an output unit 707 including a display and a speaker. Yes.
  • the CPU 701 executes various processes in response to a command input from the input unit 706, and outputs a processing result to the output unit 707, for example.
  • the storage unit 708 connected to the input / output interface 705 includes, for example, a hard disk, and stores programs executed by the CPU 701 and various data.
  • a drive 710 connected to the input / output interface 705 drives a removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory such as a memory card, and records various data such as recorded contents and key information. To get. For example, using the acquired content and key data, the content is decrypted and played back according to the playback program executed by the CPU.
  • a removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory such as a memory card
  • FIG. 25 illustrates a hardware configuration example of a memory card that is an information storage device.
  • a CPU (Central Processing Unit) 801 functions as a data processing unit that executes various processes according to a program stored in a ROM (Read Only Memory) 802 or a storage unit 807. For example, the communication processing with the server or host device described in each of the above-described embodiments, the processing such as writing and reading of the data in the storage unit 807, the access permission determination processing for each divided area of the protection area 811 of the storage unit 807, and the like.
  • a RAM (Random Access Memory) 803 appropriately stores programs executed by the CPU 801, data, and the like. These CPU 801, ROM 802, and RAM 803 are connected to each other by a bus 804.
  • the CPU 801 is connected to an input / output interface 805 via a bus 804, and a communication unit 806 and a storage unit 807 are connected to the input / output interface 805.
  • the communication unit 804 connected to the input / output interface 805 executes communication with, for example, a server or a host.
  • the storage unit 807 is a data storage area, and includes a protection area 811 with access restrictions as described above and a general-purpose area 812 that allows free data recording and reading.
  • the technology disclosed in this specification can take the following configurations. (1) having a data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the data processing unit In the recording data of the first medium, a first medium identifier that can be read from the first medium by applying a dedicated protocol is recorded in a protected area in which access restriction of the storage unit of the second medium is set,
  • the first medium is BDMV (Blu-ray (registered trademark) disc movie) format data having encrypted content and data including a playback control information file as constituent elements;
  • a medium in which AACS (Advanced Access Content System) management data including a key information file applied to decryption of the encrypted content and data including data for checking the validity of the encrypted content is recorded;
  • the data processing unit The information processing apparatus according to (1), wherein the BDMV format data and the AACS management data are recorded in the general-purpose area.
  • the data processing unit When copying the BDMV format data recorded on the first medium and the AACS management data corresponding to the BDMV format data to the second medium, A directory having the same index (i), BDMV-i, and AACS-i are set in the BDMV format data to be recorded in the general-purpose area and the AACS management data, and copy data of the BDMV format data is set in each set directory. And an information processing apparatus according to (2), wherein copy data of AACS management data corresponding to the BDMV format data is recorded.
  • the data processing unit The same index (i) as the BDMV-i directory in which copy data of the BDMV format data of the first medium is recorded,
  • the information processing apparatus according to (3) which is also set to a first media identifier recorded in the protection area.
  • the data processing unit In the protected area of the second media, The information processing apparatus according to any one of (1) to (4), wherein a volume ID (Volume ID) recorded on the first medium and a pre-recorded serial number (PMSN) are recorded.
  • a volume ID Volume ID
  • PMSN pre-recorded serial number
  • MAC message authentication code
  • the data processing unit The information processing apparatus according to (5), wherein a message authentication code (MAC) for the PMSN is recorded in the protection area together with the PMSN.
  • MAC message authentication code
  • the data processing unit The information processing apparatus according to any one of (1) to (7), wherein a message authentication code (MAC) generated based on a media ID of the second medium and a session key generated during copy processing is recorded in the protection area.
  • MAC message authentication code
  • the data processing unit The information processing apparatus according to any one of (1) to (8), wherein after the data recording to the protection area is completed, a value of a validity presentation flag (Validity) indicating validity of the recorded data is set to a value indicating validity.
  • a validity presentation flag (Validity) indicating validity of the recorded data
  • the data processing unit As a response process to the execution of the API requesting the reading process of the first media identifier, the reading process of the first media identifier recorded in the protection area of the second medium is executed (1) to (9) The information processing apparatus described.
  • the data processing unit When executing a directory change process related to copy content recorded on the second medium, An index consistency adjustment process is executed in which the index value set in the data set including the first media identifier recorded in the protected area is set as the index value (i) of the directory after the change of the copy content (1) ) To (10).
  • the data processing unit When starting the directory change process for the copy content, the value of the validity presentation flag (Validity) indicating the validity of the data set including the first media identifier recorded in the protected area is set to a value indicating invalidity. After completion of the directory change process and the change process of the index value set in the data set including the first media identifier, the value of the validity presentation flag (Validity) is set to a value indicating validity (11).
  • the general-purpose area of the storage unit records the encrypted content copied from the copy source medium
  • the protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium,
  • the data processing unit It is determined whether the information processing apparatus that has output the read request for the first media identifier has an access right to the protection area, An information storage device that obtains the first media identifier recorded in the protection area and outputs the first media identifier to the information processing device when it is confirmed that the user has an access right.
  • the copy source medium is: BDMV (Blu-ray (registered trademark) disc movie) format data having encrypted content and data including a playback control information file as constituent elements; A medium in which AACS (Advanced Access Content System) management data including a key information file applied to decryption of the encrypted content and data including data for checking the validity of the encrypted content is recorded; The data processing unit The information storage device according to (13), wherein the BDMV format data and copy data of the AACS management data are recorded in the general-purpose area.
  • BDMV Blu-ray (registered trademark) disc movie
  • a medium in which AACS (Advanced Access Content System) management data including a key information file applied to decryption of the encrypted content and data including data for checking the validity of the encrypted content is recorded
  • the data processing unit The information storage device according to (13), wherein the BDMV format data and copy data of the AACS management data are recorded in the general-purpose area.
  • the general-purpose area of the storage unit is The copy data of the BDMV format data and the copy data of the AACS management data corresponding to the BDMV format data are recorded in the directory having the same index (i), the BDMV-i, and the AACS-i ( 14) The information storage device described in 14).
  • the protection area of the storage unit is: (15) The information storage device according to (15), wherein a first media identifier in which the same index (i) as the BDMV-i directory in which copy data of the BDMV format data of the first medium is recorded is recorded.
  • An information processing method executed in the information processing apparatus includes: A data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the data processing unit is In the recording data of the first medium, a first medium identifier that can be read from the first medium by applying a dedicated protocol is recorded in a protected area in which access restriction of the storage unit of the second medium is set, An information processing method for recording encrypted content in a general-purpose area in which access restriction of the storage unit of the second medium is not set.
  • An information processing method executed in an information storage device includes: A protected area in which access restrictions are set, and a storage unit having a general-purpose area in which access restrictions are not set, A data processing unit, The general-purpose area of the storage unit records the encrypted content copied from the copy source medium, The protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium, The data processing unit is It is determined whether the information processing apparatus that has output the read request for the first media identifier has an access right to the protection area, An information processing method for acquiring a first media identifier recorded in the protection area and outputting the first media identifier to the information processing apparatus when it is confirmed that the user has an access right.
  • a program for executing information processing in an information processing device includes: A data processing unit for executing a copy process for recording the recording data of the first medium on the second medium;
  • the program is stored in the data processing unit.
  • a program for causing an information storage device to execute information processing includes: A protected area in which access restrictions are set, and a storage unit having a general-purpose area in which access restrictions are not set, A data processing unit, The general-purpose area of the storage unit records the encrypted content copied from the copy source medium, The protected area of the storage unit is configured to record a first media identifier that can be read from the first medium by applying a dedicated protocol in the recording data of the copy source medium, The program is stored in the data processing unit.
  • the series of processes described in the specification can be executed by hardware, software, or a combined configuration of both.
  • the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and run.
  • the program can be recorded in advance on a recording medium.
  • the program can be received via a network such as a LAN (Local Area Network) or the Internet and installed on a recording medium such as a built-in hard disk.
  • the various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually according to the processing capability of the apparatus that executes the processes or as necessary.
  • the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.
  • the data processing unit that executes a copy process for recording the recording data of the first medium onto the second medium can read from the first medium by applying a dedicated protocol in the recording data of the first medium.
  • the first media identifier (volume ID, PMSN) is recorded in the protection area where the access restriction of the storage unit of the second medium is set, and the BDMV format data such as the encrypted content and the AACS management data are stored in the second medium. Recorded in a general-purpose area where no access restrictions are set.
  • Each data is associated with an index (i) set in the directory or recording data.
  • the protected area recording data is also recorded with the MAC value to realize a configuration in which tampering is prevented.
  • the media binding is realized by recording the value to which the media ID is applied in the protection area.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Television Signal Processing For Recording (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

La présente invention met en œuvre une configuration dans laquelle la même commande d'utilisation de contenu dans un support source pour le contenu à copier peut être réalisée au niveau de la destination pour le contenu copié. Une unité de traitement de données, qui copie sur un second support les données d'enregistrement enregistrées sur un premier support, utilise un protocole dédié pour enregistrer un identifiant de premier support (ID de volume, PMSN) lisible depuis l'intérieur des données enregistrées sur le premier support dans une région de protection dans l'unité de stockage du second support à laquelle l'accès est restreint, et enregistre des données de format BDMV telles qu'un contenu chiffré et des données de commande AACS dans une région d'usage général dans l'unité de stockage du second support à laquelle l'accès n'est pas restreint. Chaque donnée est associée à l'aide d'un répertoire ou d'un indice (i) fourni pour les données d'enregistrement.
PCT/JP2016/069751 2015-08-04 2016-07-04 Dispositif de traitement d'informations, dispositif de stockage d'informations, procédé de traitement d'informations, et programme WO2017022386A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-154514 2015-08-04
JP2015154514 2015-08-04

Publications (1)

Publication Number Publication Date
WO2017022386A1 true WO2017022386A1 (fr) 2017-02-09

Family

ID=57942819

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/069751 WO2017022386A1 (fr) 2015-08-04 2016-07-04 Dispositif de traitement d'informations, dispositif de stockage d'informations, procédé de traitement d'informations, et programme

Country Status (1)

Country Link
WO (1) WO2017022386A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11995798B2 (en) 2020-09-25 2024-05-28 Samsung Electronics Co., Ltd. Electronic device and method for managing non-destructive editing contents

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000311114A (ja) * 1999-04-28 2000-11-07 Toshiba Corp コンピュータシステムおよびコンテンツ保護方法
JP2001166996A (ja) * 1999-11-08 2001-06-22 Matsushita Electric Ind Co Ltd 記憶媒体、リボケーション情報更新方法及び装置
JP2003114830A (ja) * 2001-07-09 2003-04-18 Matsushita Electric Ind Co Ltd コンテンツ管理システムおよび情報記録媒体
JP2005502975A (ja) * 2000-12-28 2005-01-27 インテル・コーポレーション 媒体のカッティング領域に妥当性検査データを格納することによるメディア・キー・ブロックの保全性の検証
JP2009147545A (ja) * 2007-12-12 2009-07-02 Hitachi Ltd 記憶装置、暗号化コンテンツの有効化方法及び端末装置
JP2010044839A (ja) * 2008-08-18 2010-02-25 Sony Corp 情報処理装置、およびデータ処理方法、並びにプログラム
JP2012018672A (ja) * 2010-06-10 2012-01-26 Panasonic Corp 再生装置、記録媒体、再生方法、プログラム
JP2012044577A (ja) * 2010-08-23 2012-03-01 Sony Corp 情報処理装置、および情報処理方法、並びにプログラム
JP2014041580A (ja) * 2012-07-26 2014-03-06 Toshiba Corp ストレージシステム

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000311114A (ja) * 1999-04-28 2000-11-07 Toshiba Corp コンピュータシステムおよびコンテンツ保護方法
JP2001166996A (ja) * 1999-11-08 2001-06-22 Matsushita Electric Ind Co Ltd 記憶媒体、リボケーション情報更新方法及び装置
JP2005502975A (ja) * 2000-12-28 2005-01-27 インテル・コーポレーション 媒体のカッティング領域に妥当性検査データを格納することによるメディア・キー・ブロックの保全性の検証
JP2003114830A (ja) * 2001-07-09 2003-04-18 Matsushita Electric Ind Co Ltd コンテンツ管理システムおよび情報記録媒体
JP2009147545A (ja) * 2007-12-12 2009-07-02 Hitachi Ltd 記憶装置、暗号化コンテンツの有効化方法及び端末装置
JP2010044839A (ja) * 2008-08-18 2010-02-25 Sony Corp 情報処理装置、およびデータ処理方法、並びにプログラム
JP2012018672A (ja) * 2010-06-10 2012-01-26 Panasonic Corp 再生装置、記録媒体、再生方法、プログラム
JP2012044577A (ja) * 2010-08-23 2012-03-01 Sony Corp 情報処理装置、および情報処理方法、並びにプログラム
JP2014041580A (ja) * 2012-07-26 2014-03-06 Toshiba Corp ストレージシステム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11995798B2 (en) 2020-09-25 2024-05-28 Samsung Electronics Co., Ltd. Electronic device and method for managing non-destructive editing contents

Similar Documents

Publication Publication Date Title
US8700917B2 (en) Information processing apparatus, information recording medium manufacturing apparatus, and information recording medium
JP4655951B2 (ja) 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP4901164B2 (ja) 情報処理装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP4882636B2 (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
JP4899442B2 (ja) 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP4979312B2 (ja) 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
JP5678804B2 (ja) 情報処理装置、および情報処理方法、並びにプログラム
JP2007150587A (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
JP4569228B2 (ja) データ処理方法、情報記録媒体製造管理システム、記録データ生成装置、および方法、並びにコンピュータ・プログラム
JP5573489B2 (ja) 情報処理装置、および情報処理方法、並びにプログラム
JP4059185B2 (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
JP4683092B2 (ja) 情報処理装置、およびデータ処理方法、並びにプログラム
JP4140624B2 (ja) 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP2005050176A (ja) 情報記録媒体製造管理システム、情報処理装置、および方法、並びにコンピュータ・プログラム
WO2017022386A1 (fr) Dispositif de traitement d'informations, dispositif de stockage d'informations, procédé de traitement d'informations, et programme
JP2007025913A (ja) 情報処理装置、情報記録媒体製造装置、情報記録媒体、および方法、並びにコンピュータ・プログラム
JP4144471B2 (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム
WO2017038493A1 (fr) Appareil de traitement d'informations, procédé de traitement d'informations, et programme
JP6927041B2 (ja) 情報処理装置、および情報処理方法、並びにプログラム
JP4941611B2 (ja) 情報処理装置、および方法、並びにコンピュータ・プログラム
JP5252060B2 (ja) 情報処理装置、情報記録媒体、および情報処理方法、並びにコンピュータ・プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16832665

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 16832665

Country of ref document: EP

Kind code of ref document: A1