CN100388240C - Content playback device and content playback method - Google Patents

Abstract

The present invention provides a content playback device and a content playback method that improve user convenience while protecting the copyright of the content. The content usage information is received from the storage device, the encrypted content data is decoded using the content key included in the received content usage information, the status information indicating the usage status of the content usage information is stored, and the content key is measured using the content key. key, or the elapsed time of reproduction of the encrypted data decoded using the content key, based on the measured elapsed time, the consumption judgment of the content usage information is performed, and the content The determination of the consumption of the usage information is reflected in the state information recorded in the record storage unit.

Description

Content playback device and content playback method

technical field

The present invention relates to content reproducing technology, in particular to a content reproducing device and method for decoding and reproducing encrypted content.

Background technique

As a copyright protection method for protecting content data, it is known to encrypt content data and increase the security of content usage information (hereinafter referred to as "licensed data") including its decryption key (hereinafter referred to as "content key"). A method of concealing and managing (for example, refer to Patent Document 1). In the content data distribution system disclosed in Patent Document 1, three types of devices are listed as a device for processing license data in an unencrypted state: a server device, a memory card as a storage device, and a decoder as a use device. . In addition, an encrypted communication path is established between the server device and the storage device, and between the storage device and the user device, and the license data is transmitted and received through the encrypted communication path. A TRM (Tamper Resistant Module) for processing encrypted license data is provided in the server device, storage device, and user device.

In the construction of this encrypted communication path, first, a device that provides license data (hereinafter referred to as "providing device") transmits a file including a public key to a device that owns license data (hereinafter referred to as "license data sharing device"). certificate. In addition, the license providing device verifies the certificate, and as a result of the verification, if the certificate sent from the license enjoying device is a legitimate certificate and is not invalidated by the certificate deletion list, use the certificate included in the certificate. The public key of the device is exchanged between devices. Then, the license data encrypted with the key transmitted from the license providing device to the license sharing device is sent from the license providing device to the license sharing device. The TRM is a circuit module that physically protects privacy, and is configured to acquire licensed data only through an encrypted communication channel.

Also, when acquiring the license data, the memory card is mounted on a terminal device capable of communicating with the server device, and the license data is received from the server device through the terminal device. In addition, when content is used, the memory card is mounted on a terminal device having a built-in decoder, and the license data is transmitted to the decoder through the terminal device.

Also, in this system, the memory card itself can restrict the output of the licensed data in accordance with the restriction information in the licensed data. For example, the license data includes restriction information indicating the number of times the content data can be reproduced using the license data. At the time of reproduction, the memory card checks the limit information on the number of times of reproduction in the permitted data, and judges whether or not the permitted data can be output. At the time of output, this control information is updated, and after reproduction is repeated, the output of the permission data is finally prohibited.

As described above, in the content distribution service, the content data is encrypted and the license data is concealed, so as to realize the copyright protection related to the content thoroughly. In addition, it can be applied to various service forms by introducing usage restrictions such as reproduction number control. Thus, by achieving thorough protection of the copyright of the content, the rights of the content right holder can be protected, and safe provision of the content can be realized. As a result, the lineup of content subject to the delivery service also increases, and the needs of users who receive content delivery can be met in a wider range.

[Patent Document 1] International Publication No. WO01/43342

As mentioned above, in the existing content distribution system, the license data whose number of times of playback is limited is transmitted from the storage device to the playback device, but if the playback device does not perform playback using the license data, the user loses playback. s right. Even in the case of reproducing part of the content for the purpose of trial listening, the user loses the right to reproduce

Contents of the invention

The present invention is made in view of such a situation, and an object of the present invention is to provide a technique for improving user convenience while protecting the copyright of content.

To solve the above-mentioned problems, the present invention has the following features, respectively.

A content playback device according to an aspect of the present invention decodes the encrypted content data by using content use information including a content key for decoding the encrypted content data recorded in the storage device, and Playback, the content playback device includes: an interface, which controls the exchange of data with the storage device; a content decoding unit, which decodes the encrypted content data through the content key included in the content use information; the content a key output unit that receives the content use information from the storage device, and outputs the content key contained in the received content use information to the content decoding unit; and a record storage unit that stores a state indicating the use state of the content use information information; a determination unit that obtains the elapsed time of decoding encrypted content data using the content key in the content decoding unit, or reproduction of the encrypted content data that was decoded using the content key in the content decoding unit Based on the obtained elapsed time, it is judged whether the content key is recognized as being used, and the judgment result is reflected in the status information recorded in the above-mentioned record storage unit.

According to this aspect, when the elapsed time of playback is short enough to determine that the content key has not been used, since the state information of the case where the content key is not used is reflected in the state information stored as a log, Thereby, user's convenience can be improved, and reproduction rights can be protected.

The above-mentioned elapsed time may also be included and notified to the elapsed time measuring unit of the judging unit. After the content key output unit outputs the content key to the content decoding unit, the elapsed time measurement unit measures the elapsed time from the start of the decoding or playback process, and the above-mentioned judging unit determines that the content key is used if the elapsed time exceeds a predetermined time. content key.

An elapsed time measuring unit that measures elapsed time and notifies it to the judging unit may also be included. The elapsed time measurement unit calculates the elapsed time based on the amount of data decoded by the content decoding unit or the amount of data reproduced from the decoded encrypted content data, and notifies the elapsed time to the judging unit. time, it is assumed that the content key is used.

The predetermined time is included in the content use information, and the content key output unit outputs the predetermined time included in the received content use information to the judgment unit. The specified time may be 45 seconds.

The judging unit further includes a control unit that requests the storage device to return the content usage information recorded in the storage device to a state before receiving the content key when it is judged that the content key is not used.

The control unit may transmit the log information including status information recorded in the log storage unit to the storage device when requesting the storage device to return the content use information to the state before receiving it. The record information can also be used to determine whether the storage device allows restoration.

The control unit may transmit to the storage device a hash value of information including a common key shared between the content playback device and the storage device together with the recording information. The hash value can also be used by the storage device to judge the legitimacy of the content reproduction device.

The record storage unit stores at least a part of the content use information in an original state when receiving the content use information, and the control unit may also store the content use information in the record storage unit when requesting the storage device to restore the content use information to the state before receiving the content use information. The content usage information in the original state is sent to the storage device.

Another aspect of the present invention is a content playback method. This method is a content reproducing method for decoding and reproducing encrypted content data by using content usage information including a content key for decoding encrypted content data recorded in a storage device, wherein the content received from the storage device The content usage information uses the content key included in the received content usage information to decrypt the encrypted content data, stores state information indicating the usage status of the content usage information in the record storage unit, and obtains the content key used. The elapsed time of decryption of the encrypted content data, or the elapsed time of reproduction of the encrypted content data decoded by using the content key, based on the obtained elapsed time, it is judged whether the content key is used, and the judgment result It is reflected in the status information recorded in the log storage unit.

The elapsed time is measured by a timer from the start of decoding or playback processing, and when the elapsed time exceeds a predetermined time, it can be determined that the content key is used. The elapsed time is calculated based on the amount of decoded data or the amount of data reproduced after decoding the encrypted content data, and when the elapsed time exceeds a predetermined time, it is determined that the content key has been used. The predetermined time is included in the content usage information. The specified time may be 45 seconds.

When it is determined that the content key is not used, the storage device is requested to return the content usage information recorded in the storage device to the state before the reception.

When the content reproduction device that decodes and reproduces the encrypted content data requests the storage device to return the content use information to the state before receiving it, it can send the record information including the state information recorded in the record storage unit to the storage device . The storage device may refer to the log information to determine whether restoration of the content use information is permitted, and restore the content use information to its original state when it is determined that restoration is permitted. The storage device may also record state information indicating the use state of the content use information, and the storage device further refers to the state information recorded by itself to determine whether restoration of the content use information is permitted.

A hash value of information including a common key shared between the content playback device and the storage device may be transmitted to the storage device together with the recording information. The storage device may also refer to the hash value to confirm that the content playback device that requested the restoration of the content use information is the device that sent the content use information itself, and restore the content use information to the original state when confirmed.

The storage device may also store at least a part of the content usage information in an original state when transmitting the content usage information to the content playback device, and may use the original The stored content usage information overwrites the content usage information, thereby restoring the original state.

The record storage unit may store at least a part of the content use information in an original state when receiving the content use information, and store the content stored in the record storage unit when requesting the storage device to return the content use information to the state before receiving the content use information. The content usage information in the original state is sent to the storage device. The storage device can also be restored to the original state by overwriting the content usage information with the above-mentioned content usage information in the original state.

According to the description of the embodiments given below, the features and technical significance of the present invention will be more clearly understood. However, the following embodiments are all one embodiment of the present invention, and the present invention and the meanings of the terms of each component are not limited to the forms described in the following embodiments.

According to the present invention, it is possible to provide technology for improving user convenience while protecting the copyright of content.

Description of drawings

FIG. 1 is a diagram showing the configuration of a data management system according to a first embodiment;

Fig. 2 is a diagram showing the configuration of the delivery system of the first embodiment;

FIG. 3 is a diagram showing the configuration of the playback device according to the first embodiment;

4 is a diagram showing the configuration of the storage device according to the first embodiment;

FIG. 5 is a diagram showing the configuration of the encryption engine shown in FIG. 2;

FIG. 6 is a diagram showing the configuration of the encryption engine shown in FIG. 3;

FIG. 7 is a diagram showing the configuration of the encryption engine shown in FIG. 4;

FIG. 8 is a diagram illustrating recording processing of license data;

FIG. 9 is a diagram illustrating recording processing of license data;

FIG. 10 is a diagram illustrating use processing of license data;

FIG. 11 is a diagram illustrating usage processing of license data;

FIG. 12 is a diagram illustrating usage processing of license data;

FIG. 13 is a diagram illustrating usage processing of license data;

Fig. 14 is a diagram showing the configuration of a delivery system according to a second embodiment.

In the figure: 100-distribution server; 150-terminal device; 200-storage device; 300-regeneration device.

Detailed ways

Embodiments of the present invention will be described below with reference to the accompanying drawings. In this embodiment, it is proposed that, in a device that receives content usage information from a storage device, decodes encrypted content data, and reproduces it, when the reproduction process is not performed, or even if the reproduction process is performed, A technique for returning the control information related to reproduction included in the content usage information in the storage device to the state before the output while still within a predetermined time. In the reproduction processing of licensed data with a limit on the number of reproduction times, in partial reproduction for the purpose of changing the number of reproductions for selection or trial listening, the reproduction that is not regarded as a consumption license can protect the user's possession. Right to Reproduction of Content.

(first embodiment)

FIG. 1 shows the overall configuration of a data management system 10 according to the embodiment. The data management system 10 includes: a distribution server 100 that transmits data, a terminal device 150 that records data transmitted from the distribution server 100 in a storage device 200, a reproduction device 300 that reproduces data recorded in the storage device 200, a recording A storage device 200 that holds data.

The storage device 200 of this embodiment is not only a storage medium for storing data, but also a drive-integrated storage device including a controller for controlling input and output of data between it and a host device such as the terminal device 150 or the playback device 300 . device. In this embodiment, the storage device 200 is described by taking a hard disk drive as an example.

A conventional hard disk drive is generally fixedly connected to a host device, but the storage device 200 of this embodiment is configured to be freely attached to and detached from a host device such as the terminal device 150 and the playback device 300 . That is, the storage device 200 of the present embodiment is the same as a CD, DVD, etc., and can be detached and transported from a host device, and can be used in multiple devices such as a terminal device 150, a playback device 300, and a recording and playback device that can perform recording and playback. shared storage between host devices.

In this way, the storage device 200 of this embodiment is premised on being connected to a plurality of host devices, for example, it may be connected to a third party's host device other than the owner, and the recorded data may be read out. Assuming that data that should be concealed, such as content that should be protected by copyrights such as music and images, or confidential information of companies or individuals, should be recorded in the storage device 200, in order not to leak these hidden data to the outside, it is preferable to store them in the storage device 200. A structure set in itself for proper protection of data is sufficiently tamper-resistant.

From such a viewpoint, the storage device 200 of the present embodiment has a configuration for encrypting and exchanging confidential data when inputting and outputting confidential data with a host. In addition, in order to store confidential data, a confidential data storage area different from the normal storage area is provided, and the confidential data storage area is configured so that it cannot be accessed without the encryption engine provided in the storage device 200 . The cryptographic engine performs input and output of encrypted data only with host devices that have been authenticated as having legal authority. Hereinafter, such a data protection function is also referred to as a "secrecy function". With the structure and functions described above, it is possible to properly protect the concealed data recorded in the storage device 200 .

In order to maximize the characteristics of the removable medium of the storage device 200, it is preferable that even a host device that does not support a security function can input and output normal data. Therefore, in the storage device 200 of this embodiment, in order to maintain compatibility with conventional hard disks, it corresponds to ATA (AT Attachment), which is a standard specification of ANSI (American National Standards Institute), and the above-mentioned security function is implemented as ATA. The extended command is implemented.

Next, as an example of the input and output of concealed data, a case of recording and reproducing content data such as images will be described. Although the content data itself can be handled as confidential data, in this embodiment, the content data is encrypted, and the encrypted content data itself is recorded in the storage device 200 as normal data. In addition, a key for decrypting encrypted content data (hereinafter referred to as "content key"), information related to content reproduction control or license use, transfer, and copy control will be included. Data (hereinafter referred to as "permission data") (hereinafter referred to as "usage rules") are used as confidential data, and input/output processing is performed using the above-mentioned security function. Thus, while maintaining a sufficient anti-tampering function, data input and output can be simplified, and processing speed can be increased and power consumption can be reduced.

Here, the license data includes not only a content key or a usage rule but also identification information LicID for specific license data. In addition, control information PC indicating the upper limit of the output frequency of licensed data for the purpose of reproduction is included as a usage rule. Here, the control information PC is a 1-bit unsigned integer whose value indicates the upper limit value of the output count of permitted data, and is decremented by 1 every time the permitted data is output. In addition, PC=255, as an exception, indicates that there is no upper limit setting for the number of reproduction times, and its value does not change with the output of permission data for reproduction. In addition, the setting method and operating method of the control information PC given here are examples of this embodiment, and are not particularly limited.

In addition, in the following, among the commands issued to the storage device 200 by the host devices such as the distribution server 100 and the playback device 300, the extended commands for the security function are also referred to as "secret commands", and the other commands are also referred to as "normal commands". ".

FIG. 2 shows configurations of delivery server 100 and terminal device 150 according to the embodiment. The delivery server 100 and the terminal device 150 are connected via the Internet 120 which is an example of a network via the communication devices 104 and 153, respectively. The distribution server 100 includes: an encryption device 102, an encryption engine 103, a communication device 104, a content database 105, a license database 106, a user database 107, a controller 101 for controlling them, and a data bus 110 for electrically connecting them. The configuration of the delivery server 100 can be realized by a CPU, memory, or other LSI of any computer in terms of hardware, and can be realized by a program loaded in a memory in terms of software, but here, the Function blocks realized by their cooperation are described. Therefore, those skilled in the art can understand that these functional blocks can be implemented in various forms only by hardware, only by software, or by a combination thereof.

The scrambler 102 issues license data LIC including a content key for decoding encrypted content by which the encoded content stored in the content database 105 is encrypted. The encrypted content is sent to the terminal device 150 through the data bus 110 and the communication device 104 and recorded in the storage device 200 .

The cryptographic engine 103 controls encrypted communication with the storage device 200 in order to record the license data LIC provided to the user in the storage device 200 . Encrypted communication is directly performed between the distribution server 100 and the storage device 200 via the data bus 110 and the communication device 104 , the Internet 20 , the communication device 153 of the terminal device 150 , the data bus 160 , the controller 151 and the storage interface 152 .

The communication device 104 exchanges data with other devices via the Internet 20 . Here, data is exchanged with the above-mentioned terminal device 150 . The content database 105 holds content provided to users. The license database 106 holds license data including content keys used to encrypt content. The user database 107 holds information on users to whom content is provided. For example, the user's personal information, the address of the user's terminal device 150, the purchase history of content, fee information, and the like can be held.

The controller 101 of the distribution server 100 reads content data from the content database 105 and reads license data LIC from the license database 106 in response to a user's request. The read content data and the content key in the license data LIC are delivered to the scrambler 102 , and the license data LIC is delivered to the cipher engine 103 . Next, in the scrambler 102 , the content data is encrypted with the content key, and the encrypted content data is transmitted to the terminal device 150 through the communication device 104 . In addition, an encrypted communication line is constructed by the encryption engine 103 , and the license data is transmitted to the terminal device 150 through this. The terminal device 150 records the received license data LIC in the storage device 200 .

When the encrypted content data and license data LIC are recorded in the storage device 200 , it is assumed that the content is provided to the user of the terminal device 150 , and the user database 107 is updated in order to charge the corresponding value of the content provision.

The terminal device 150 includes a storage interface 152, a communication device 153, a controller 151 for controlling them, and a data bus 160 for electrically connecting them. The configuration of the terminal device 150 can be realized by CPU, memory, other LSI, etc. of any computer in terms of hardware, and can be realized by a program having a recording control function loaded into the memory in terms of software, but , and here, the functional blocks realized by their cooperation will be described. Therefore, those skilled in the art can understand that these functional blocks can be implemented in various forms only by hardware, only by software, or by a combination thereof.

The storage interface 152 controls input and output of data with the storage device 200 . The communication device 153 exchanges data with other devices via the Internet 20 . Here, data exchange is performed with the delivery server 100 . The controller 151 of the terminal device 150 transmits the user's content distribution request to the distribution server 100 through the communication device 153 . In response, the encrypted content data and license data supplied from the distribution server 100 are received via the communication device 153 and recorded in the storage device 200 via the storage interface 152 .

FIG. 3 shows the internal configuration of a playback device 300 according to the embodiment. These functional blocks can also be realized in various forms by only hardware, only software, or a combination thereof. The playback device 300 mainly includes a controller 301, a storage interface 302, an encryption engine 303, a decoder 304, a content decoder 305, and a data bus 310 electrically connecting them.

The storage interface 302 controls input and output of data with the storage device 200 . The encryption engine 303 controls encrypted communication with the storage device 200 in order to receive the license data LIC including the content key from the storage device 200 . The decoder 304 decodes the encrypted content read from the storage device 200 using the content key included in the license data LIC received from the storage device 200 . The content decoder 305 decodes the content decoded by the decoder 304 and outputs it. For example, if the content is in MPEG format, the video signal and audio signal are recovered from the content, the video signal is output to a display device not shown in the figure, and the audio signal is output to a speaker not shown in the figure. The controller 301 collectively controls the components of the playback device 300 .

FIG. 4 shows the internal configuration of the storage device 200 according to the embodiment. The storage device 200 mainly includes: a controller 201 , a storage interface 202 , a cryptographic engine 203 , a tamper-resistant storage unit 204 , a common data storage unit 205 and a data bus 210 electrically connecting them.

The storage interface 202 controls input and output of data between the delivery server 100 and the playback device 300 . The encryption engine 203 controls encrypted communication for inputting and outputting confidential data including license data LIC of a content key and the like between the distribution server 100 and the playback device 300 . The normal data storage unit 205 is a normal storage area in which encrypted content, normal data, and the like are recorded. The tamper-resistant storage unit 204 is a confidential data storage area in which confidential data such as license data LIC including a content key is recorded. The normal data storage unit 205 performs data input and output through direct access processing from the outside, but the tamper-resistant storage unit 204 is configured so that data input and output cannot be performed without the encryption engine 203 . The controller 201 collectively controls the components of the storage device 200 .

Here, the key used in this embodiment will be described. In this embodiment, the key is fully expressed as a character string starting with uppercase "K". In addition, when the second character is one of "c", "s", and "r" of lowercase characters, it indicates a symmetric key (common key). Specifically, "c" is a challenge key and indicates a temporary symmetric key generated by the source of the license data. "s" is a session key and represents a temporary symmetric key generated by the sender of the license data. "r" is a recovery key and represents a temporary symmetric key generated by the sender of the license data. In addition, when the second character is an uppercase character "P", it indicates a public key of the public key encryption method. Among these keys, there must always be a corresponding secret key, which is the expression of "P" in which the uppercase character of the second character is removed from the expression of the public key.

In the case where the character string indicating the key includes "d" in lowercase characters, it indicates that the key is provided for each group of devices. In addition, when the character string indicating the key includes a lowercase character "p", it indicates that the key is provided for each device. The public key KPdx provided as a pair of a public key and a secret key is provided for each group as a public key certificate C[KPdx] with an electronic signature.

In addition, the last character described in the character string representing the key, for example, "2" of the public key KPd2 is a symbol for identifying the cryptographic engine that provided the key. In this embodiment, when the object of provision is clear, it is expressed as numbers "1", "2", and "3", and when it is a key provided from other than the encryption engine, the object of provision is unclear or unspecified In the case of , it is expressed by English characters such as "x" and "y". In this embodiment, the identification code "1" is used for the encryption engine 103 of the distribution server 100, the identification code "2" is used for the encryption engine 203 of the storage device 200, and the identification code "3" is used for the encryption engine 303 of the playback device 300. .

FIG. 5 shows the internal configuration of the encryption engine 103 of the delivery server 100 shown in FIG. 2 . The encryption engine 103 includes: a certificate verification unit 120, a first encryption unit 121, a random number generation unit 122, a first decoding unit 123, a second decoding unit 124, a second encryption unit 125, a third encryption unit 126, a certification The book output unit 127, the control unit 128, and the local bus 130 electrically connect at least some of these components.

The certificate verification unit 120 verifies the certificate C[KPd2] obtained from the storage device 200 . This certificate C[KPd2] is composed of plaintext information including the public key KP2 (hereinafter referred to as "certificate body"), and an electronic signature added to the certificate body. This electronic signature is data obtained by encrypting the result of performing a hash function on the certificate body with the root key Ka of a certification authority (not shown in the figure) as a third party organization. operation (hereinafter referred to as "hash operation"). The root key Ka is a private key strictly managed by the certification authority, and is a secret key of the certification authority. The certificate verification unit 120 holds a verification key Kpa paired with the root key Ka. This verification key Kpa is a public key for verifying the legitimacy of the certificate. The verification of the certificate is judged by the legitimacy of the certificate and the validity of the certificate.

Confirmation of the validity of the certificate is a process of comparing the calculation result of the hash function of the certificate body of the certificate to be verified with the result of decoding the electronic signature with the verification key Kpa. When they agree, it is judged to be legal. The certificate verification unit 120 holds a certificate revocation list (Certificate Revocation List: referred to as "CRL") that is a list of invalid certificates, and when a certificate to be verified is not listed in the CRL, it is determined to be valid. In this way, the legality and validity of the certificate are judged, and the process of recognizing a valid certificate is called "verification".

When the verification is successful, the certificate verification unit 120 takes out the public key KPd2 of the storage device 200, passes it to the first encryption unit 121, and notifies the verification result. Outputs a validation error notification in case of a validation failure.

The certificate output unit 127 outputs the certificate C[KPd1] of the delivery server 100 . This certificate is composed of a certificate body including the public key KPd1 of the delivery server 100, and an electronic signature added to the certificate body. Like the certificate of the storage device 200, the electronic signature is encrypted with the root key Ka of the certification authority.

The random number generator 122 generates a challenge key Kc1 that is temporarily used for encrypted communication with the storage device 200 . By generating the challenge key Kc1 from a random number every time encrypted communication is performed, the possibility of cracking the challenge key Kc1 can be suppressed to a minimum. The generated challenge key Kc1 is passed to the first encryption unit 121 and the first decoding unit 123 .

In order to notify the storage device 200 of the challenge key Kc1, the first encryption unit 121 encrypts the challenge key Kc1 with the public key KPd2 of the storage device extracted by the certificate verification unit 120 to generate an encrypted challenge key E(KPd2, Kc1 ). In addition, the encrypted challenge key E(KPd2, Kc1) is combined with the certificate C[KPd1] output from the certificate output unit 127 to form challenge information E(KPd2, Kc1)//C[KPd1].

Here, the symbol "//" indicates the connection of data, and E(KPd2, Kc1)//C[KPd1] indicates the data sequence in which the encrypted challenge key E(KPd2, Kc1) and the certificate C[KPd1] are connected in parallel. . In addition, E represents an encryption function, and E(KPd2, Kc1) represents data obtained by encrypting the challenge key Kc1 with the public key KPd2.

The first decoding unit 123 decodes the data encrypted with the challenge key E. Since the session key s2 issued by the storage device 200 and the public key KPp2 held by the storage device 200 are supplied from the storage device 200 as session information E(Kc1, E(KPd1, Ks2)//KPp2), the first translation The code unit 123 decodes the session information using the challenge key Kc1 generated by the random number generator 122, and extracts the encrypted session key E(KPd1, Ks2) and the public key KPp2. The extracted public key KPp2 is passed to the second encryption unit 125 , and the encrypted session key E ( KPd1 , Ks2 ) is passed to the second decoding unit 124 .

The second decoding unit 124 uses the key Kd1 paired with the public key KPd1 to encrypt the encrypted session key E(KPd1, Ks2 transmitted from the first decoding unit 123 and encrypted by its own public key KPd1). ) to decode and take out the session key Ks2. The extracted session key Ks2 is passed to the third encryption unit 126 .

The second encryption unit 125 acquires the license data LIC including the content key issued when the scrambler 102 encrypts the content, and decodes the license data LIC using the public key KPp2 of the storage device 200 to which the license data is provided, to generate E(KPp2, LIC). Then, the generated E(KPp2, LIC) is passed to the third encryption unit 126 .

The third decryption unit 126 further encrypts the E(KPp2, LIC) delivered from the second encryption unit 125 using the session key Ks2 issued by the storage device 200, and generates encrypted license data E(Ks2, E(KPp2, LIC) ).

The control unit 128 mediates the input and output of data between the control of the internal components of the encryption engine 103 and the external structure according to the instruction of the controller 101 of the distribution server 100 . In addition, in FIG. 5 , the connection lines showing the control of each component inside the control unit 128 are omitted.

As shown in FIG. 5 , in this embodiment, the configuration is such that the encryption engine 103 cannot exchange data with the outside without the use of the control unit 128 . Various forms are conceivable for the form of connecting the respective components, but in this embodiment, the challenge key Kc1 generated by the random number generator 122, the session key Ks2 received from the storage device 200, its own key Kd1, etc. Each key used inside the encryption engine 103 is configured so that it does not directly flow out to the outside of the encryption engine 103 . This prevents each key used inside the encryption engine 103 from being leaked to the outside through other components of the delivery server 100, thereby improving security.

FIG. 6 shows the internal configuration of the encryption engine 303 of the playback device 300 shown in FIG. 3 . The encryption engine 303 includes: a certificate output unit 320, a random number generation unit 321, a certificate verification unit 322, a first decoding unit 323, a first encryption unit 324, a second encryption unit 325, a second decoding unit 326, a second 3 Decoding unit 327, content key output unit 328, elapsed time measurement unit 329, record storage unit 330, fourth decoding unit 331, record signature unit 332, control unit 333, and at least some of these components are electrically connected local bus 340 .

The certificate output unit 320 outputs the certificate C[KPd3] of the playback device 300 . The certificate may be held in the certificate output unit 320, or may be held in a certificate holding unit (not shown in the figure) and read out. The certificate is composed of a certificate body including the public key KPd3 of the playback device 300, and an electronic signature added to the certificate body. Like the certificate of the storage device 200, the electronic signature is encrypted with the root key Ka of the certification authority.

The random number generation unit 321 generates a session key Ks3 temporarily used for encrypted communication with the storage device 200 . The generated session key Ks3 is passed to the first encryption unit 324 , the second encryption unit 326 , and the record storage unit 330 .

The certificate verification unit 322 verifies the certificate C[KPd2] of the storage device 200 . The specific content of verification is as described above.

The first decoding unit 323 decodes the data encrypted with the public key KPd3 using the private key Kd3. At the time of reproduction, since the challenge key Kc2 issued by the storage device 200 is encrypted by the public key KPd3 of the reproduction device 300 and then supplied from the storage device 200, the first decoding unit 323 decrypts it with its own key Kd3. Code, take out the challenge key Kc2. The extracted challenge key Kc2 is passed to the second encryption unit 325 .

The first encryption unit 324 encrypts data using the public key KPd2 extracted from the certificate C[KPd2] of the storage device 200 . In order to notify the storage device 200 of the session key Ks2, the session key Ks3 generated by the random number generator 321 is encrypted to generate an encrypted session key E(KPd2, Ks3). The generated encrypted challenge key E ( KPd2 , Ks3 ) is passed to the second encryption unit 325 .

The second encryption unit 325 encrypts data using the challenge key Kc2 extracted from the first encryption unit 323 . Concatenate the encrypted session key E(KPd2, Ks3) delivered from the first encryption unit 324 with its own public key KPp3, and encrypt it to generate session information E(Kc2, E(KPd2, Ks3)//KPp3 ).

The second encryption unit 326 decodes the data encrypted by the session key Ks3. Since the license data LIC is supplied from the storage device 200 as the encrypted license data E(Ks3, E(KPp3, LIC)) double-encrypted by the public key KPp3 and the session key Ks3, the second encryption unit 326 passes the random number generation unit 321 The generated session key Ks3 is decoded, and the resulting encrypted license data E(KPp3, LIC) is passed to the third decoding unit 327 .

The third decoding unit 327 decodes the data encrypted with the public key KPp3. The encrypted license data E(KPp3, LIC) which is the result of decoding by the second decoding unit 326 is decoded by the secret key Kp3 paired with the public key KPp3, and the license data LIC is extracted.

The content key output unit 328 extracts and holds the content key from the license data LIC extracted by the third decoding unit 327 . In addition, the content key output unit 328 supplies the retained content key to the decoder 304, monitors the decoding process of the content key by the decoder 304, and notifies the status to the elapsed time measurement unit 329. .

The elapsed time measuring unit 329 measures the playback time of the encrypted content decoded using the content key supplied from the content key output unit 328 . The elapsed time measuring unit 329 also functions as a judging unit, which judges that the reproduction time exceeds the predetermined T seconds, and performs content key reproduction processing, that is, consumes one reproduction number of reproduction rights specified by the license data control information PC. Conversely, when playback is stopped before T seconds have elapsed, it is determined that the content key has not been played back, that is, the right to play specified in the license data has not been consumed. In other words, if the elapsed time from the start of playback does not exceed T seconds, the elapsed time measuring unit 329 determines that the content key included in the license data is not used; if it exceeds T seconds, it determines that the content key is used.

There are various formation methods for the configuration of the elapsed time measuring unit 329 , but here, an example of a configuration using a timer to measure the elapsed time after the start of reproduction is given. The elapsed time measurement unit 329 includes a timer. Also, when decoding of the content key supplied to the decoder 304 by the content key output unit 328 starts, the timer is reset and the measurement of the elapsed time starts. Then, when predetermined T seconds have elapsed, it is determined that regeneration has been performed. Here, T represents a boundary time for judging reproduction, ie, consumption of a license, for each content category (music/image, etc.), which is predetermined. Thus, for example, if the content key held by the content key output unit 328 is deleted and the decoding process by the decoder 304 is stopped before T seconds elapse, it is determined that the content key reproduction process is not performed. And, this determination result is reflected in information ST3 stored in the log storage unit 330 described later. In addition, assuming, for example, a trial listening of music, the above-mentioned boundary time T is set to 45 seconds.

The record storage unit 330 stores history information related to communication and consumption of the license data LIC. This history information is information LicID for identifying the license data LIC, information for identifying the communication of the license data LIC, and includes information indicating the status of the session key Ks3 generated by the communication of the license data LIC from communication of the license data to consumption (reproduction). Information ST3. The history information may also include information on the address where the license data is stored, or the original control information PC included in the license data.

The information ST3 is formed of information representing any one of the following three states: a state of generating a session key (hereinafter referred to as "state RP"); a state of receiving license data LIC (hereinafter referred to as "state RL") ; It is determined by the elapsed time measuring unit 329 that it is in the state of starting reproduction (hereinafter referred to as "state CL").

The fourth decoding unit 331 performs decoding processing of the data encrypted by the public key KPp3. The restoration information E(KPp3, Kr2) supplied from the storage device 200 is decrypted using the private key Kp3 paired with the public key KPp3, and the restoration key Kr2 is extracted.

The record signature unit 332 uses the recovery key Kr2 extracted by the fourth decoding unit 331 and the history information stored in the record storage unit 330 to generate status information for understanding the status of reception or consumption of the license data LIC in the playback device 300. LicID//ST3//H(Kr2//Kr3//LicID//ST3). The status information can be verified in the cryptographic engine 203 having Kr2 and Kr3 at the same time. Here, H represents a hash function, and H(Kr2//Kr3//LicID//ST3) represents a hash operation result of data Kr2//Ks3//LicID//ST3.

The control unit 333 performs data input and output processing between the control of the internal components of the encryption engine 303 and the external structure in accordance with instructions from the controller 301 of the playback device 300 . In addition, in FIG. 6 , the connecting lines showing the control of each internal component of the control unit 333 are omitted.

Even in the encryption engine 303 shown in FIG. 6 , various forms have been considered for connecting the various components, but in this embodiment, the configuration is such that the encryption engine 303 cannot communicate with the outside without the use of the control unit 333. Carry out data exchange. This prevents the session key Ks3 generated by the random number generator 321, the keys Kd3 and Kp3 paired with the public key, the session key Ks2 received from the storage device 200, and the recovery key Kr2 from being stored in the encryption engine 303. The key used is leaked to the outside.

FIG. 7 shows the internal configuration of the encryption engine 203 of the storage device 200 shown in FIG. 4 . These functional blocks can also be realized in various forms by only hardware, only software, or a combination thereof. The encryption engine 203 includes: a control unit 220, a random number generation unit 221, a certificate output unit 22, a certificate verification unit 223, a first decoding unit 224, a first encryption unit 225, a second encryption unit 226, and a second decoding unit. 227, the 3rd decoding unit 228, the 3rd encryption unit 229, the 4th decoding unit 230, the 5th decoding unit 231, the 4th encryption unit 232, the 5th encryption unit 233, the record storage unit 234, the 6th password unit 235 , record verification unit 236 , and local bus 240 electrically connecting at least some of these components.

The control unit 220 controls the internal configuration of the encryption engine 203 in accordance with instructions from the controller 201 of the storage device 200, and also performs data input/output processing between it and an external configuration.

The random number generator 221 generates a session key Ks2, a challenge key Kc2, and a recovery key Kr2 temporarily used in encrypted communication between the delivery server 100 and the playback device 300 by random number calculation. Now, the use of each key will be explained.

The certificate output unit 222 outputs the certificate C[KPd2] of the storage device 200 . The certificate may be held in the certificate output unit 222 or stored in a predetermined storage area of the storage device 200, such as the tamper-resistant storage unit 204, and read out. The certificate includes a certificate body having the public key KPd2 of the storage device 200, and an electronic signature added to the certificate body. The electronic signature is encrypted by the root key Ka of the CA.

The certificate verification unit 223 verifies the certificate provided from the outside. Specifically, the certificate C[KPd1] obtained from the delivery server 100 and the certificate C[KPd3] obtained from the playback device 300 are verified by the verification key Kpa. The specific content of the verification is as described above.

The first decoding unit 224 decodes the data encrypted by its own public key KPd2. Specifically, at the time of recording, the query key Kc1 issued by the delivery server 100 is encrypted with the public key KPp2 of the storage device 200, and supplied from the delivery server 100, whereby it is encrypted with its own public key KPd2. The decryption process is performed, and the challenge key Kc1 is taken out. The retrieved challenge key Kc1 is passed to the second encryption unit 226 .

The first encryption unit 225 encrypts the data using the public key KPd1 of the distribution server 100 . Specifically, the session key Ks2 generated by the random number generator 221 is encrypted using the public key KPd1 to generate the encrypted session key E(KPd1, Ks2). The public key KPd1 of the delivery server 100 used here is fetched from the certificate C[KPd1] of the storage device 200 by the control unit 220 and transmitted through the local bus 240 .

The second encryption unit 226 encrypts the data using the challenge key Kc1 issued by the distribution server 100 . Specifically, the encrypted session key K(KPd1, Ks2) received from the first encryption unit 225 is concatenated with its own public key KPp2, encrypted with the challenge key Kc1, and the session key E(Kc1 , E(KPd1, Ks2)//KPp2).

The second decoding unit 227 decodes the data encrypted with the session key Ks2 generated by the random number generating unit 221 . Specifically, from the delivery server 100, the license data LIC is received as E(Ks2, E(KPp2, LIC)) double-encrypted by the public key KPp2 and the session key Ks2, and is encrypted by the session key Ks2. Decoding processing is performed, and the result is passed to the third decoding unit 228 .

The third decoding unit 228 decodes the data encrypted with its own public key KPp2. The license data E(KPp2, LIC) delivered from the second decoding unit 227 is decoded by its own key Kp2 paired with the public key KPp2, and the license data LIC is extracted.

The extracted license data LIC is supplied to the data bus 210 through the local bus 240 and the control unit 220 , and is stored in the tamper-resistant storage unit 204 according to the instructions of the controller 201 .

The third encryption unit 229 encrypts the data using the public key KPp3 of the playback device 300 . Specifically, when the license data LIC is provided to the playback device 300, the public key KPp3 extracted from the certificate C "KPd3" received by the playback device 300 is used for the challenge encryption issued by the random number generator 221. Key Kc2 is encrypted to generate an encrypted challenge key E(KPd3, Kc2). The generated encrypted challenge key E ( KPd3 , Kc2 ) is transmitted to the control unit 220 via the local bus 240 . In the control unit 220, this is concatenated with the own certificate C[KPd2] output from the certificate output unit 222 to generate inquiry information E(KPd3, Kc2)//C[KPd2].

The fourth decryption unit 230 decodes the data encrypted with the challenge key Kc2 issued by the random number generator 221 . Use the challenge key Kc2 generated by the random number generator 221 to decode the session key E(Kc2, E(KPd2, Ks3)//KPp3) received from the reproduction device, and take out the encrypted session key E(KPd2, Ks3 ) and the public key KPp3 of the playback device 300. The extracted encrypted session key E(KPd2, Ks3) is passed to the fifth decryption unit 231, and the public key KPp3 is passed to the fourth encryption unit 232 and the record storage unit 234.

The fifth decoding unit 231 decodes the data encrypted with its own public key KPp2. Specifically, the encrypted session key E(KPd2, Ks3) passed from the fourth decryption unit 230 is decoded using its own key Kd2, and the session key Ks3 is extracted. The extracted session key Ks3 is passed to the fifth encryption unit 233 .

The fourth encryption unit 232 encrypts the data using the public key KPp3 of the playback device 300 . When the license data is provided to the playback device 300 , the license data LIC is encrypted using the public key KPp3 received from the playback device 300 . The license data LIC is read from the anti-tamper storage unit 204 according to the instruction of the controller 201 , and transmitted to the fourth encryption unit 232 through the data bus 210 , the control unit 220 and the local bus 240 . Here, the encrypted license data E(KPp3, LIC) is passed to the fifth encryption unit 233 .

The fifth encryption unit 233 encrypts the data using the session key Ks3 issued by the playback device 300 . Specifically, the license data E(KPp3, LIC) encrypted by the fourth encryption unit 232 is further encrypted with the session key Ks3 to generate encrypted license data E(Ks3, E(KPp3, LIC)).

The record storage section 234 stores history information related to communication and consumption of the license data LIC. History information is information LicID for specifying the license data LIC, information for specifying the communication of the license data LIC, including the session key Ks3 generated by the communication of the license data LIC, indicating the information from the communication of the license data to consumption (reproduction) The state information ST2.

The information ST2 is composed of information indicating any one of the following three states: a state of receiving a session key (hereinafter referred to as "state SP") and a public key KPp3 unique to license transmission. ; For regeneration, send the state of the license data LIC (hereinafter referred to as "state SL"), after the license data LIC is output for the purpose of reproduction, the recorded license data LIC is restored to the state before the output (hereinafter referred to as "Status SR").

The sixth encryption unit 235 encrypts the data using the public key KPp3 stored in the record storage unit 234 . Specifically, when the status information LicID//ST3//H(Kr2//Ks3//LicID//ST3) is received from the playback device 300, the data received from the playback device 300 and stored in the record storage unit 234 The public key KPd3 encrypts the restoration key Kr2 issued by the random number generator 221 to generate restoration information E(KPp3, Kr2).

The record verification unit 236 verifies the legitimacy of the state information LicID//ST3//H (Kr2//Ks3//LicID//ST3) received from the playback device 300 while referring to the history information stored in the record storage unit 234, A judgment is made on whether or not to restore the permission data.

8 and 9 show the procedure until the delivery server 100 records the license data LIC in the storage device 200 . In this recording process, an encrypted communication line is constructed between the encryption engine 103 of the delivery server 100 and the encryption engine 203 of the storage device 200, and the license data LIC is transmitted from the delivery server 100 to the storage device 200 through the encrypted communication line. In the figure, the process is divided into the delivery server 100 (encryption engine 103), the storage device 200 (encryption engine 203), and the terminal device 150 (controller 151) that exchanges data between the delivery server 100 and the storage device 200. .

First, the controller 151 of the terminal device 150 issues a certificate output command to the storage device 200 (S102). If the controller 201 normally accepts the certificate output command (S104), it issues a certificate output command to the encryption engine 203, reads the certificate C[KPd2] from the encryption engine 203, and outputs it to the terminal device 150 The controller 151 (S106). When the controller 151 obtains the certificate C[KPd2] from the storage device 200, it sends it to the delivery server 100 (S108).

When the controller 101 of the delivery server 100 receives the certificate C[KPd2] issued from the storage device 200 (S110), it passes it to the encryption engine 103, and the certificate verification unit 120 verifies the certificate with the authentication key Kpa (S112 ). In the case where the certificate is not approved (NO in S112 ), the certificate verification section 120 transmits an error to the controller 101 . The controller 101 that passed the error transmits an authentication error notification to the terminal device 150 (S190). When the controller 151 of the terminal device 150 receives the error notification (S192), it ends the process abnormally.

When the certificate is approved (Yes in S112), the encryption engine 103 generates a challenge key Kc1 through the random number generator 122, and passes the generated challenge key Kc1 to the first encryption unit 121 and the first translator. Code part 123. The challenge key Kc1 is held inside the first decoding unit 123 (S114). In addition, in the first encryption unit 121, the challenge key Kc1 is encrypted using the public key KPd2 of the storage device 200 extracted from the certificate C[KPd2], and the encrypted challenge key E(KPd2, Kc1) is generated. . Then, the generated encrypted challenge key E(KPd2, Kc1) is combined with the own certificate C[KPd1] output from the certificate output unit 127 to generate the encrypted challenge key E(KPd2, Kc1)//C [KPd1], and pass it to the controller 101. The controller 101 transmits the generated encrypted challenge key E(KPd2, Kc1)//C[KPd1] to the terminal device 150 (S116).

When the controller 151 of the terminal device 150 receives the inquiry information E(KPd2, Kc1)//C[KPd1] from the distribution server 100 (S118), it issues an inquiry information verification command to the storage device 200 (S120). In the storage device 200, when the controller 201 receives the inquiry information verification command, it requests the input of the inquiry information E(KPd2, Kc1)//C[KPd1] to the terminal device 150 (S122). The controller 151 of the terminal device 150 outputs the inquiry information E(KPd2, Kc1)//C[KPd1] to the storage device 200 according to the request (S124).

If the storage device 200 receives the query information E(KPd2, Kc1)//C[KPd1] (S126), in the cryptographic engine 203, the control unit 220 takes out the query information E(KPd2, Kc1)//C[KPd1] The certificate C[KPd1] is passed to the certificate verification unit 223 . The certificate verification unit 223 verifies the passed certificate C[KPd1] using the verification key KPa, and passes the verification result to the control unit 220 (S128).

When the certificate is not approved (NO in S128), the certificate verification unit 223 passes a verification error notification to the control unit 220, and the control unit 220 having received the verification error notification notifies it to the controller 201. Then, the controller 201 transmits the received verification error notification to the controller 151 of the terminal device 150 through the storage interface 202 (S194). When the controller 151 receives the verification error notification (S192), it abnormally ends this process.

When the certificate is approved (Yes in S128), the control unit 220 extracts the public key KPd1 and the encrypted challenge key E(KPd2, Kc1), and pass them to the first encryption unit 225 and the first decoding unit 224, respectively.

The first encryption unit 225 holds the passed public key KPd1. The first decoding unit 224 decodes the transmitted encrypted challenge key E(KPd2, Kc1) using its own key Kd2, and extracts the challenge key Kc1 (S130). The retrieved challenge key Kc1 is transferred and held in the second encryption unit 226 (S132).

On the other hand, when the processing of the inquiry information verification command in the storage device 200 ends, the controller 151 of the terminal device 150 issues a call information generation command to the storage device 200 (S134). In the storage device 200, if the controller 201 receives the call information generation command (S316), then in the encryption engine 203 according to the instruction of the control part 220, the random number generation part 221 generates the call key Ks2, and the generated call key Ks2 is passed to the second decoding unit 227 and the first encryption unit 225 . The second decoding unit 227 holds the transmitted session key Ks2 (S138).

The first encryption unit 225 encrypts the delivered session key Ks2 using the public key KPd1 held in S130, generates an encrypted session key E(KPd1, Ks2), and delivers it to the second encryption unit 226. . The second encryption unit 226 connects the encrypted session key E(KPd1, Ks2) with its own public key KPp2, encrypts it with the challenge key Kc1 held in S132, and generates the session key E(Kc1, E(KPd1, Ks2)//KPp2) (S140).

When the processing of the call information generation command is completed in the storage device 200, the controller 151 of the terminal device 150 issues a call information output command (S142). If the storage device 200 receives the call information output command (S144), the controller 201 reads the call key E(Kc1, E(KPd1, Ks2)//KPp2) from the encryption engine 203, and outputs it to the terminal device 150 The controller 151 (S146). The controller 151 of the terminal device 150, upon receiving the call key E(Kc1, E(KPd1, Ks2)//KPp2) from the storage device 200, transmits it to the delivery server 100 (S148).

When the controller 101 of the distribution server 100 receives the session key E(Kc1, E(KPd1, Ks2)//KPp2) (S150), it passes it to the encryption engine 103. The first decoding part 123 of the encryption engine 103 uses the challenge key Kc1 kept inside it to perform decoding processing on the transmitted session key E(Kc1, E(KPd1, Ks2)//KPp2), and takes out the encrypted session key. The key E ( KPd1 , Ks2 ) and the public key KPp2 of the storage device 200 . The encrypted session key E (KPd1, Ks2) that has been taken out is delivered to the second decoding unit 124, and the second decoding unit 124 uses its own key Kd1 to decode it and extract the session key Ks2 (S152) .

Next, the second encryption unit 125 of the encryption engine 103 encrypts the license data LIC issued by the encryption device 102 using the public key KPp2 of the storage device 200, generates E(KPp2, LIC), and passes it to the third encryption key. Section 126. The third encryption unit 126 uses the session key Ks2 issued by the storage device 200 to further encrypt the delivered E(KPp2, LIC), generate encrypted license data E(Ks2, E(KPp2, LIC)), and deliver it to the controller 101. The controller 101 transmits the transferred encrypted license data E(Ks2, E(KPp2, LIC)) to the terminal device 150 (S154).

The controller 151 of the terminal device 150, upon receiving the encrypted license data E(Ks2, E(KPp2, LIC)) transmitted from the delivery server 100 (S156), issues a license data write command to the storage device 200 (S158). This write permission command is accompanied by an address designating a recording location on the tamper-resistant storage section 204 . The "address" mentioned here means a logical address, and is not an address directly specifying the recording position of the tamper-proof storage unit 204, but is controlled by the controller 201 so that the data recorded after specifying the address is read out by specifying the same address. However, it may also be a physical address indicating a location in the tamper-resistant storage 204 .

If in the storage device 200, the permission writing command issued by the terminal device 150 is received, the controller 151 of the terminal device 150 requests the password permission data (S160), and the controller 151 of the terminal device 150 encrypts the permission data according to the request. E(Ks2, E(KPp2, LIC)) is output to the storage device 200 (S162).

When the storage device 200 receives the encrypted permission data E(Ks2, E(KPp2, LIC)) ( S164 ), it passes it to the second decoding unit 227 in the encryption engine 203 . The second decryption unit 227 decodes the encrypted license data E(Ks2, E(KPp2, LIC)) with the session key Ks2 held inside, and extracts the license data encrypted with its own public key KPp2. E(KPp2, LIC). Then, the fetched license data E(KPp2, LIC) is passed to the third decoding unit 228 . The third decoding unit 228 uses the secret key Kp2 paired with the public key KPp2 to decode the transmitted encrypted license data E (KPp2, LIC), take out the license data LIC (S166), and pass the local area The bus 240 and the control unit 220 output it to the data bus 210 . The controller 201 stores the permission data output to the data bus 210 in the designated address in the tamper-resistant storage unit 204 (S168).

The controller 151 of the terminal device 150 judges whether to continue to record the permission data after the processing of the permission data write command in the storage device 200 is completed (S170). In the case of continuing to record permission data (YES in S170), the process shifts to S134, and the process is repeated from the issuing of the call information generation command. This is an order for the purpose of simplifying the processing by the verification processing of having a certificate in common when recording a plurality of license data. Here, although the license data is recorded successively, it is not necessary to record the next license data immediately after the recording of one license data. If the cryptographic engine 103 of the delivery server 100 and the cryptographic engine 203 of the storage device 200 share the same challenge key Kc1, specifically, the first decoding unit 123 of the cryptographic engine 103 of the delivery server 100 is connected to the storage device 200. The second encryption unit 226 of the encryption engine 203 of the device 200 holds the same challenge key Kc1, which may be at any time. In addition, even if the permission data is recorded next, there is no problem even if the processing is repeated from S102. In the case of discontinuously recording permission data ("No" of S170), the processing is normally ended.

Through the above procedure, the license data LIC necessary for decoding and reproducing the encrypted content is recorded in the storage device 200 . Since the encrypted content is ordinary data and is recorded by ordinary commands in the storage device 200, its description is omitted here.

In addition, it does not matter which one comes first in the order of recording the license data LIC and the encrypted content data. In addition, the license data LIC may be recorded by dividing and issuing a security command during the spare time of recording encrypted content data.

In addition, as shown in FIG. 8 and FIG. 9 , the sequence before the terminal device 150 records the license data LIC transmitted from the delivery server 100 in the storage device 200 is an example of a case where processing is normally performed.

10 to 13 show the sequence of playback processing until the playback device 300 reads the license data LIC from the storage device 200 and deletes the read content key. In this playback process, an encrypted communication line is constructed between the encryption engine 203 of the storage device 200 and the encryption engine 303 of the playback device 300 , and the license data LIC is transmitted from the storage device 200 to the playback device 300 through the encrypted communication line. In addition, the figure shows processing divided into the storage device 200 (encryption engine 203 ), the encryption engine 303 of the playback device 300 , and the controller 301 of the playback device 300 that exchanges data between them.

First, the controller 301 of the playback device 300 requests the encryption engine 303 to output a certificate (S302). When the encryption engine 303 receives the transmission request (S304), the certificate output unit 320 passes the certificate C[KPd3] to the controller 301 (S306). If the certificate C[KPd3] is delivered from the cryptographic engine 303 (S308), the controller 301 issues a certificate verification command to the storage device 200 (S310).

Upon receiving the certificate verification command (S312), the storage device 200 requests the playback device 300 for a certificate. The controller 301 of the playback device 300 outputs the certificate C[KPd3] delivered from the encryption engine 303 to the storage device 200 in response to the request (S314). If the storage device 200 receives the certificate C[KPd3 ( S316 ), it transmits the received certificate C[KPd3 ] to the internal encryption engine 203 . In the encryption engine 203, according to the instruction of the control unit 220, the certificate verification unit 223 verifies the certificate C[KPd3] using the verification key KPa (S318).

In S318, when the certificate is not approved ("No" in S318), the certificate verification unit 223 sends a verification error notification to the controller 301 through the control unit 220, the controller 201, and the storage interface 202 (S490 ). When the controller 301 receives the error notification (S492), this process ends abnormally.

On the other hand, in S318, when the certificate is approved (YES in S318), the control unit 220 of the encryption engine 203 extracts the public key KPd3 from the certificate C[KPd3], and passes it to the third encryption unit 229. The third encryption unit 229 holds the delivered public key KPd3 (S320).

When the certificate C[KPd3] of the encryption engine 303 is approved in the storage device 200, the controller 301 of the playback device 300 issues a challenge information generation command to the storage device 200 (S322). If the storage device 200 receives the challenge information generation command issued by the playback device 300 (S324), in the encryption engine 203, according to the instruction of the control unit 220, the random number generation unit 221 generates a challenge key Kc2, and converts the generated challenge key Kc2 to The key Kc2 is passed to the third encryption unit 229 and the fourth decoding unit 230 .

The fourth decoding unit 230 holds the passed challenge key Kc2 inside (S326). The third encryption unit 229 encrypts the passed challenge key Kc2 using the public key KPd3 held in S320 to generate an encrypted challenge key E(KPd3, Kc2). Next, obtain your own certificate C[KPd2] from the certificate output unit 222, and combine it with the generated encrypted challenge key E(KPd3, Kc2) to generate challenge information E(KPd3, Kc2)//C[KPd2 ] (S328).

In the playback device 300, when the processing of the query information generation command in the storage device 200 ends, the controller 301 issues a query information output command (S330). If the storage device 200 receives the query information generation command issued by the reproduction device 300 (S332), the controller 201 takes out the query information E(KPd3, Kc2)//C[KPd2] from the encryption engine 203, and outputs it to the reproduction device 300 The controller 301 (S334).

In the reproduction device 300, when the controller 301 receives the inquiry information E(KPd3, Kc2)//C[KPd2], it will pass it to the encryption engine 303 (S336). Next, if the encryption engine 303 receives the query information E(KPd3, Kc2)//C[KPd2] (S338), the certificate verification unit 322 in the encryption engine 303 uses the verification key Kpa to verify the delivered certificate (S340 ).

When the certificate is not approved ("No" in S340), the certificate verification section 322 sends a verification error notification to the controller 301 (S394). When the controller 301 receives the error notification (S492), it abnormally ends this process.

On the other hand, when the certificate is approved (Yes in S340), the first decryption unit 323 of the encryption engine 303 uses its own secret key Kd3 to encrypt the challenge key E (KPd3, Kc2). Decipher and take out the challenge key Kc2 (S342). The retrieved challenge key Kc2 is transferred and held in the second encryption unit 325 .

On the other hand, the controller 301 issues a license read command to the storage device 200 (S346). This permission readout command is accompanied by an address designating the readout position of the tamper-resistant storage unit 204 .

If the storage device 200 receives the license read command issued by the playback device 300 (S348), it reads the license data LIC stored at the specified address in the tamper-resistant storage unit 204, and the read license data LIC is stored in the password. in the fourth encryption unit 232 of the engine 203 (S350).

Next, the controller 301 requests call information from the cryptographic engine 303 (S352). When the encryption engine 303 receives the request (S354), the random number generation unit 321 generates the session key Ks3, and passes it to the first encryption unit 324, the second decoding unit 326, and the record storage unit 330. The second decoding unit 326 and the record storage unit 330 hold the passed session key Ks3 inside. At this time, the record storage unit 330 also holds information indicating "status RP" as information ST3 (S355). Also, the first encryption unit 324 encrypts the session key Ks2 using the public key KPd2 of the storage device 200 retrieved from the certificate "KP12" to generate the encrypted session key E(KPd2, Ks3). The generated encrypted session key E(KPd2, Ks3) is passed to the second encryption unit 325. The second encryption unit 325 combines its own public key KPp3 with the transmitted encrypted session key E(KPd2, Ks3), encrypts them with the query key Kc2 held in S344, and generates session information E (Kc2, E(KPd2, Ks3)//KPp3), and send it to the controller 301 (S356).

If the controller 301 receives the call information E(Kc2, E(KPd2, Ks3)//KPp3) from the encryption engine 303 (S358), it issues a call information processing command to the storage device 200 (S360).

If the storage device 200 receives the call information processing command issued from the playback device 300 (S362), it requests the call information from the playback device 300, and the controller 301 of the playback device 300 sends the call information E( Kc2, E(KPd2, Ks3)//KPp3) are output to the storage device 200 (S364).

If the storage device 200 receives the call information E(Kc2, E(KPd2, Ks3)//KPp3) (S366), it will pass it to the fourth decoding unit 230 of the encryption engine 203. The fourth decoding unit 230 decodes the passed communication information E(Kc2, E(KPd2, Ks3)//KPp3) using the challenge key Kc2 held in S326. Next, the encrypted session key E(KPd2, Ks3) and the public key KPp3 of the playback device 300 are taken out, the encrypted session key E(KPd2, Ks3) is passed to the fifth decoding unit 231, and the public key KPp3 The data is passed to the fourth encryption unit 232 and the record storage unit 234 .

Next, the fifth decryption unit 231 decodes the transmitted encrypted session key E(KPd2, Ks3) by using its own secret key Kd2 paired with its own public key KPd2, and extracts the session key Ks3. , and pass it to the fifth encryption unit 233 and the record storage unit 234. The record storage unit 234 holds the transmitted session key Ks3 and public key KPp3. In addition, at this time, information indicating the "status SP" is also held (S368).

The fourth encryption unit 232 encrypts the license data LIC held in S350 using the public key KPp3 of the playback device 300 passed from the fourth decoding unit 230 to generate encrypted license data E(KPp3, LIC), and This is passed to the fifth encryption unit 233 . The fifth encryption unit 233 encrypts the encrypted license data E(KPp3,LIC) generated by the fourth encrypted unit 232 with the session key Ks3 delivered from the fifth decryption unit 231, and generates the encrypted license data E(Ks3,LIC). E(KPp3, LIC)) (S370).

The controller 301 of the playback device 300, when the processing of the call information processing command in the storage device 200 is completed, that is, the encrypted permission data E(Ks3, E(KPp3, LIC), is generated, then the encrypted permission output command ( S372). When the storage device 200 receives the encrypted license output command issued by the playback device 300 (S374), the control unit 220 of the encryption engine 203 confirms the control information PC written in the license data LIC (S376).

When the control information PC is 0 (IV of S376), the control unit 220 judges that there is permission data with a limited number of reproduction times, and the reproduction with the limited number of times has ended, and notifies the reproduction condition error via the controller 201 and the storage interface 202. , and send it to the controller 301 of the playback device 300 (S3901). When the controller 301 of the playback device 300 receives the error notification from the storage device 200 (S392), this process ends abnormally.

In addition, in S376, when the control information PC is within the range of 1 to 254 (C in S376), the control unit 220 changes the control information PC of the permission data stored in the tamper-resistant storage unit 204 to minus 1 to The obtained value (S378).

In addition, in S376, when the control information PC is 255 ("NA" in S376), and after S378, the control unit 220 transfers the encrypted license data E(Ks3, E( KPp3,LIC)) is output to the controller 301 of the playback device 300, and the identification information LicID of the output license data LIC is stored in the record storage unit 234, and the information ST2 is changed to "status SL" (S380).

When the controller 301 of the playback device 300 receives the encrypted license data E(Ks3, E(KPp3, LIC)) from the storage device 200, it sends it to the encryption engine 303 (S382). If the encryption engine 303 receives the encrypted license data E(Ks3, E(KPp3, LIC)) (S384), the second decoding unit 326 uses the session key Ks3 held in S354 to encrypt the encrypted license data E(Ks3, E (KPp3, LIC)) performs decoding processing, and transmits E(KPp3, LIC) of the decoding processing result to the third decoding unit 327 .

The third decoding unit 327 uses its own key Kp3 paired with the public key KPp3 to decode the transmitted E(KPp3, LIC), extract the license data LIC, and identify the extracted license data LIC The information LicID is delivered to the record storage unit 330 , and the content key is delivered to the content key output unit 328 .

The record storage unit 330 holds the transmitted identification information LicID, changes the information ST3 to "status RL" (S386), and the content key output unit 328 starts supplying the transmitted content key to the decoder 304 (S388).

When the controller 301 is in a state where the content key can be provided to the decoder 304, it is confirmed whether the reproduction end should be confirmed, that is, the end of the reproduction due to the completion of the reproduction of the encrypted content data, or the reproduction suspension instruction from the user ( Including an instruction to stop reproduction such as an end operation or a selection operation) the reproduction ends (S390).

In S390, when the reproduction has not ended ("No" in S390), the encrypted content data recorded in the normal data storage unit 205 of the storage device 200 is read out and supplied to the decoder 304 (S392 ). At this time, the controller 301 intermittently supplies the necessary amount of encrypted content data to the decoder 304 so that the content decoder 305 can perform playback processing smoothly. Next, while the supply to the decoder 304 is stopped, the process returns to S390 again, and an end judgment is performed.

On the other hand, if the encryption engine 303 is in a state where the content key can be supplied to the decoder 304, then in parallel with the processing of the controller 301, the decoding by the decoder 304 of the monitoring content key output unit 328 is started. Process monitoring process (S400). The content key output unit 328 checks whether to start reproduction of the provided content key or to end reproduction without using the content key (S402).

If it is confirmed in S402 that the reproduction process has started (YES in S402), the timer of the elapsed time measuring unit 329 is reset, and the measurement of the continuous time of the decoding process is started, and T seconds are waited (S404). Next, when T seconds have elapsed (YES in S404 ), information on the delivery of the consumption license data LIC from the elapsed time measuring unit 329 is passed to the record storage unit 330 . The record storage unit 330 having received this information changes the stored information ST3 to "state CL" (S406), and ends the monitoring process of the encryption engine 303.

In addition, when the end of reproduction is confirmed in S402 or S404 (S in S402 or S in S404), the monitoring process of the encryption engine 303 ends. In this case, the information ST3 stored in the record storage unit 330 is in the state of "state RL".

If in S390, the controller 301 confirms that the regeneration is finished (YES in S390), it confirms whether the regeneration time exceeds T seconds (S394). In this confirmation, for example, it may be confirmed by using a timer provided inside the controller 301, or by referring to the elapsed time measurement unit 329 of the encryption engine 303, or by using the record storage unit 330 of the encryption engine 303. The state of the information ST3 is judged.

In S394, when T seconds have elapsed after reproduction is performed (YES in S394), the controller 301 recognizes that the license data has been consumed, and determines whether to proceed with reproduction processing of the next content (S396). When the reproduction process is not performed next, that is, when other license data has not been read ("No" in S396), this process is normally terminated.

In S396, when it is intended to continue the playback process, that is, to read other license data (YES in S396), the controller 301 may shift to S346 and repeat the process from the issuance of the license read command. This is a flow for the purpose of simplifying the process by sharing the verification process of the certificate in reading a plurality of license data. In addition, although the license data is read out next, it is not necessary to perform the next read immediately after reading out one piece of license data. If the encryption engine 303 and the storage device 200 share the challenge key Kc2, specifically, the second encryption unit 325 of the encryption engine 303 of the playback device 300 and the fourth decoding unit of the encryption engine 203 of the storage device 200 230 maintains the same state of the challenge key Kc2, and may be at any time. Also, even if the permission data is read out next, there is no problem even if the flow starts from step S302. When not reading other license data subsequently ("No" in S386), the controller 301 still normally ends this process.

In addition, in S394, if the reproduction is less than T seconds, or in the case of no reproduction ("No" in S394), the controller 301 determines that the license data has not been consumed, and starts recording the license data LIC in the storage device 200. Resume processing.

The controller 301 of the playback device 300 issues a resume information generation command to the storage device 200 (S410). If the storage device 200 receives the recovery information generation command issued by the playback device 300 (S412), in the encryption engine 203, according to the instruction of the control unit 220, the random number generation unit 221 generates a recovery key Kr2, and converts the generated recovery key Kr2 to Kr2 is passed to the sixth encryption unit 235 and the record verification unit 236 . The record verification unit 236 internally holds the transferred restoration key Kr2 (S414). The sixth encryption unit 235 encrypts the transmitted restoration key Kr2 using the public key KPp3 held in the record storage unit 234 to generate restoration information E(KPp3, Kr2) (S416).

On the other hand, when the resume information generation command processing is completed in the storage device 200, the controller 301 of the playback device 300 issues a resume information output command (S418). If the storage device 200 receives the recovery information output command issued by the playback device 300 (S420), the controller 201 takes out the recovery information E (KPp3, Kr2) from the encryption engine 203, and outputs it to the controller 301 of the playback device 300 (S422 ). When the controller 301 of the playback device 300 receives the recovery information E(KPp3, Kr2) output from the storage device 200, it sends it to the encryption engine 303 (S424).

If the encryption engine 303 receives the recovery information E (KPp, Kr2) (S426), the fourth decryption unit 331 of the encryption engine 303 uses its own key Kp3 to decode the recovery information E (KPp3, Kr2), and take out The key Kr2 is recovered (S428). The retrieved recovery key Kr2 is passed to the record signature unit 332 . The record signature unit 332 takes out the session key Ks3, identification information LicID, and information ST3 from the record storage unit 330, combines them with the recovery key Kr2 delivered from the fourth decoding unit 331, and generates data Kr2//Ks3//LicID //ST3. Next, perform a hash operation to calculate H(Kr2//Ks3//LicID//ST3), and combine the operation result with the identification information LicID and the state information ST3 to generate the state information LicID//ST3//H(Kr2// Ks3//LicID//ST3), and output it to the controller 301 of the playback device 300 (S430).

If the state information LicID//ST3//H(Kr2//Ks3//LicID//ST3) is received from the encryption engine 303 (S432), the controller 301 of the playback device 300 issues a state information processing command to the storage device 200 (S434 ). When the storage device 200 receives the status information processing command issued from the playback device 300 (S436), it requests the playback device 300 for the status information. The controller 301 of the playback device 300 outputs the state information LicID//ST3//H (Kr2//Ks3//LicID//ST3) output from the encryption engine 303 to the storage device 200 according to the request (S438).

If the storage device 200 receives the state information LicID//ST3//H(Kr2//Ks3//LicID//ST3) (S340), it will pass it to the internal encryption engine 203. In the cryptographic engine 203, according to the instructions of the control unit 220, the record verification unit 236 verifies the status information that has been delivered, and decides whether to restore the permission data according to whether the status information is reliable, that is, whether to restore the permission data to the status before output. Judgment of state (S442).

In the verification of the status information in S442, the following two items are confirmed.

1) Is the identification information LicID in the state information consistent with the identification information LicID stored in the record storage unit 234?

2) Combining the identification information LicID in the state information, the state information ST3, the session key Ks3 held in the record storage unit 234, and the recovery key Kr2 held in step S414, and performing a hash function on the combined data Is the operation result H(Kr2//Ks3//LicID//ST3) consistent with the hash value H(Kr2//Ks3//LicID//ST3) in the state information?

In the confirmation of the above-mentioned two items, when neither item matches, it is determined that the state information is unreliable information and is not a target of recovery ("No" in S442). The control unit 220 transmits a recovery error notification to the controller 301 of the playback device 300 via the controller 201 and the storage interface 202 (S450). When the controller 301 of the playback device 300 receives the error notification output from the storage device 200 (S452), it transfers to S396 and continues the present process.

On the other hand, in the confirmation of the above two items, if the two items are consistent, the status information is determined to be reliable data, and the permission is determined based on the information ST3 and the information ST2 stored in the record storage unit 234. Whether or not the data is permitted data to be restored. The reason for this is that the license data to be restored is limited to the case where the license data to be restored is output from the storage device 200 and is not consumed in the playback device 300 from the standpoint of protecting the copyright of the content. Specifically, it is limited to the case where the information ST2 is "state SL" and the information ST3 is "state RP" or "state RL".

If in the above judgment, it is determined that it is the object of recovery ("Yes" in S442), then if the control information PC of the permission data stored in the tamper-resistant storage unit 204 is not 255, the control information PC is changed to A value obtained by adding 1 thereto (S444). Next, the control unit 220 transmits a recovery notification to the controller 301 of the playback device 300 via the controller 201 and the storage interface 202 (S446). When the controller 301 of the playback device 300 receives the error notification output from the storage device 200 (S448), it shifts to S396 and continues the present process.

In addition, the flow shown in FIGS. 10 to 13 in which the playback device 300 utilizes the license data stored in the storage device 200 is an example of a case where processing is normally performed.

In addition, in the measurement of the playback time for judging the consumption of the license data, in this embodiment, the elapsed time of the decoding process of the decoder 304 is measured, but the time elapsed from the decoder 304 to the content decoder 305 may also be measured. Elapsed time for the rendering of decoding results. In addition, it is also possible to measure the elapsed time of decoding processing by the content decoder 305 or the elapsed time of supply of the reproduced signal output from the content decoder 305 .

Also, in this embodiment, for each type of content, such as music, images, etc., the boundary time T for judging that it is not "consumption" of licensed data is predetermined, but the usage rules may also be included in the licensed data LIC. , they can also be used together. For example, when a boundary time is not set as a usage rule, a predetermined boundary time can be used.

In addition, in this embodiment, in the case of measuring the elapsed time after the reproduction start of the consumption judgment of the license data, the elapsed time measurement unit 329 includes a timer, and the time is measured by the timer, with the elapse of the boundary time T seconds. However, it is also possible to determine the consumption of the license by deriving the elapsed time after the start of reproduction based on the amount of processed data (decoding or reproduction). The reason for this is that the playback time can be predicted from the processed data volume of the content data according to the characteristics of the encoding method obtained by encoding the content data. Also, when the content is video content, the consumption of the license may be determined by deriving the elapsed time from the number of frames of decoded or reproduced video data. The elapsed time can also be calculated with reference to a time stamp (stamp) in the stream data, such as a "time code" embedded in the TS of the MPEG data.

In addition, although the judgment of consumption of licensed data is performed based on the playback time, the determination of consumption may be made based on the setting of the boundary data volume of content data set as "consumed" and the measurement of the data volume after playback processing. It is also possible to calculate in advance the amount of data for the amount of time that it is not determined that the right to reproduce has been consumed, and provide this amount of data to the content decoder 305 . It is also possible to ask the user whether to continue the playback process again when it is determined that the playback right has not been consumed or when the playback of the data volume is completed. When the user instructs the end of reproduction, the above-mentioned recovery flow of the license data is executed. When the user instructs to continue the playback, the playback process is continued without restoring the licensed data.

Also, in this embodiment, the challenge key Kc2 and the recovery key Kr2 have been described separately, but the common key generated by the random number generator 221 of the storage device 200 to which the license data is to be transmitted may also be In the case of , make the generation of the recovery key Kr2 an update of the challenge key Kc2. In this case, in the encryption engine 203 of the storage device 200, the recovery key Kr2 generated by the random number generator 221 is also passed to the fourth decoding unit 230, and the fourth decoding unit 230 holds the transmitted recovery key Kr2 instead of the held challenge key Kc2. In addition, in the iterative process from S346, the communication information decoding process is performed using the stored recovery key Kr2 instead of the challenge key Kc2. In the encryption engine 303 of the playback device 300, the recovery key Kr2 extracted by the fourth decoding unit 331 is passed to the second encryption unit 325, and the second encryption unit 325 holds the transmitted recovery key Kr2 instead of the stored Ask for key Kc2. Next, in the iterative process from S346, when generating communication information, instead of the challenge key Kc2, the stored recovery key Kr2 is used.

In the above flow, when restoring the license data to the original state, the control unit 220 of the storage device 200 adds 1 to the control information PC of the license data stored in the anti-tamper storage unit 204, and performs the process of restoring the original state. In another example, when the storage device 200 outputs the license data, the control information PC before the output of the license data can be recorded in the record storage unit 234, and when the recovery of the license data is requested, the PC information stored in the tamper-proof The control information PC of the permission data in the storage unit 204 overwrites the control information PC before output recorded in the record storage unit 234 to return to the original state. Thereby, the control information PC of the license data can be surely restored to the original state.

In yet another example, the control information PC before the output of the license data may be recorded in the record storage unit 330 of the playback device 300, and read from the record storage unit 330 when the playback device 300 requests recovery of the license data. The control information PC before the output of the permission data is sent to the storage device 200 and overwritten on the control information PC of the permission data stored in the tamper-resistant storage unit 204 . In this case, the playback device 300 may encrypt the control information PC and the identification information LicID through a common key shared between it and the storage device 200, such as the call key Ks2, and send it to the storage device. device 200. The control unit 220 of the storage device 200 decodes the encrypted control information PC received from the playback device 300 and overwrites it on the control information PC of the license data stored in the tamper-resistant storage unit 204 .

In the above flow, an example was given in which a one-way encrypted communication line is formed between the license data providing side and the enjoyment side, but in another example, a two-way encrypted communication line may be formed. In this case, it may be a communication protocol in which the storage device 200 operates in a slave mode regardless of the direction in which the permission data is transmitted. For example, when a two-way encrypted communication channel is established between the reproduction device 300 and the storage device 200, the reproduction device 300 on the side receiving the license data may implement the leading function, and the storage device 200 on the side providing the license data may realize Dependent functions. Thus, the structure of the storage device 200 can be simplified. In this communication mode, when the playback device 300 requests the storage device 200 to allow restoration of data, the playback device 300 may output status information to the storage device 200, and the playback device 300 may judge whether the restoration is permitted. Also under the situation of allowing the restoration of the license data, as described above, the playback device 300 sends the original control information PC of the license data to the storage device 200, and the control information PC of the license data stored in the tamper-resistant storage unit 204 Overwrite the control information PC in order to restore to the original state.

(second embodiment)

FIG. 14 shows the configuration of a content distribution system according to the second embodiment. The content delivery system of this embodiment is the same as that of the first embodiment, and includes a delivery server 100 that delivers content, a terminal device 150 that receives content, a storage device 200 that records content provided to the terminal device 150, delivery server 100, and a terminal. The devices 150 are linked via the Internet 20, which is an example of a network, via the communication devices 104, 153, respectively.

The difference from the first embodiment is that the encryption device 102 and the encryption engine 103 of the distribution server 100 are provided in the terminal device 150 .

In addition, in order to ensure the security of the data in the communication between the delivery server 100 and the user's terminal device 150, between the delivery server 100 and the user's terminal device 150, each digital content specified by SSL or the delivery provider Managed, securely protected. Thereby, it functions similarly to 1st Embodiment.

The embodiment of the present invention has been described above, but this embodiment is an example, and the present invention is not limited to this embodiment. Those of ordinary skill in the art can understand that there can be various combinations in these constituent parts or processing procedures. Modifications, In addition, such modification examples are within the scope of the present invention.

For example, in the above-mentioned embodiment, the encryption engine is provided with a functional block for performing encryption processing and a functional block for decoding processing. However, circuits may be shared among these components. Accordingly, the scale of the circuit can be suppressed, contributing to miniaturization and low power consumption.

The embodiments of the present invention can be appropriately modified in various ways within the scope of the technical ideas given in the scope of the technical claims.

Claims (23)

1. content player, wherein utilize be recorded in the memory storage, comprise that the content that is used for content key that encrypted content data is deciphered uses information, encrypted content data is deciphered and is regenerated, it is characterized in that, comprising:

Interface, its and above-mentioned memory storage between the giving and accepting of control data;

Content decoding part, its utilization are contained in the content key in the described content use information, and described encrypted content data is deciphered;

The content key efferent, it receives described content from described memory storage and uses information, and the content key that comprises in the content use information that is received is outputed to described content decoding part;

Recording storage portion, the described content of its storage representation is used the status information of the user mode of information;

Judging part, it obtains the elapsed time of the decoding of the described encrypted content data that utilizes described content key in the described content decoding part, or in described content decoding part, utilize described content key and the elapsed time of the regeneration of decoded described encrypted content data, according to the obtained elapsed time, judge whether to regard as and utilized described content key, and judged result is reflected in the status information that is recorded in the described recording storage portion.

2. content player according to claim 1 is characterized in that,

Also comprise and measure the described elapsed time and it is notified to the elapsed time determination part of described judging part;

Described elapsed time determination part after described content key efferent is exported to content key described content decoding part, the elapsed time when measuring the beginning from decoding or Regeneration Treatment;

Described judging part exceeded schedule time according to the described elapsed time, regarded as and had utilized described content key.

3. content player according to claim 1 is characterized in that,

Also comprise and measure the described elapsed time and it is notified to the elapsed time determination part of described judging part;

The data volume that described elapsed time determination part is deciphered according to described content decoding part, or, calculate the elapsed time to the data volume that the encrypted content data after the decoding is reproduced, and it is notified to described judging part;

Described judging part exceeded schedule time according to the described elapsed time, regarded as and had utilized described content key.

4. according to claim 2 or 3 described content players, it is characterized in that the described stipulated time is contained in the described content use information;

The described stipulated time that described content key efferent will be contained in the content use information that is received is exported to described judging part.

5. according to claim 2 or 3 described content players, it is characterized in that the described stipulated time is 45 seconds.

6. according to claim 2 or 3 described content players, it is characterized in that, described judging part also comprises control part, it is being judged to be under the situation of not utilizing described content key, to described memory storage request the content use information that is recorded in the described memory storage is returned to and receives state before.

7. content player according to claim 6, it is characterized in that, described control part will comprise the recorded information that is recorded in the described status information in the described recording storage portion and send to described memory storage when the state that returns to described memory storage request before receiving described content use information.

8. content player according to claim 7, it is characterized in that described control part will comprise that the hashed value of the information of shared key shared between described content player and the described memory storage sends to described memory storage with described recorded information.

9. content player according to claim 6 is characterized in that, described recording storage portion stores at least a portion that this content is used information with virgin state when having received described content and use information;

Described control part sends to described memory storage with the content use information that is stored in the virgin state in the described recording storage portion when making the state of described content use information before returning to reception to described memory storage request.

10. content reproducing method, wherein utilize be recorded in the memory storage, comprise that the content that is used for content key that encrypted content data is deciphered uses information, encrypted content data is deciphered and is regenerated, it is characterized in that,

Use information from described memory storage received content, utilize the content key that is contained in the content use information that is received, described encrypted content data is deciphered;

Use the status information of the user mode of information to be stored in the recording storage portion the described content of expression;

Acquisition utilizes elapsed time of decoding of the described encrypted content data of described content key, or utilize described content key and the elapsed time of the regeneration of decoded described encrypted content data, according to the elapsed time that is obtained, judge whether to regard as and utilized described content key, and this judged result is reflected in the status information that is recorded in the described recording storage portion.

11. content reproducing method according to claim 10 is characterized in that,

The described elapsed time is measured by timer during from the decoding or the beginning of Regeneration Treatment;

When exceeding schedule time, regard as and utilized described content key in the described elapsed time.

12. content reproducing method according to claim 10 is characterized in that,

The described elapsed time is according to the data volume of being deciphered, or the data volume that the encrypted content data after the decoding is reproduced is calculated;

When exceeding schedule time, regard as and utilized described content key in the described elapsed time.

13., it is characterized in that the described elapsed time is contained in the content use information according to claim 11 or 12 described content reproducing methods.

14., it is characterized in that the described stipulated time is 45 seconds according to claim 11 or 12 described content reproducing methods.

15. according to claim 11 or 12 described content reproducing methods, it is characterized in that, be judged to be under the situation of not utilizing described content key, to described memory storage request the content use information that is recorded in the described memory storage returned to and receive state before.

16. content reproducing method according to claim 15, it is characterized in that, the content player that described encrypted content data is deciphered and regenerated, when the state that returns to described memory storage request before receiving described content use information, will comprise that the recorded information that is recorded in the described status information in the described recording storage portion sends to described memory storage.

17. content reproducing method according to claim 16, it is characterized in that described memory storage judges whether to allow described content to use the recovery of information with reference to described recorded information, when being judged to be the permission recovery, described content use information is returned to virgin state.

18. content reproducing method according to claim 17, it is characterized in that, described memory storage also writes down the status information that the described content of expression is used the user mode of information, described memory storage judges whether to allow described content to use the recovery of information with further reference to the described status information that itself writes down.

19. according to claim 16 or 17 described content reproducing methods, it is characterized in that, with being included in the hashed value of the information of shared key shared between described content player and the described memory storage, send to described memory storage with described recorded information.

20. content reproducing method according to claim 18, it is characterized in that, described memory storage is with reference to described hashed value, confirm that it is that itself sends the device that this content is used information that the described content of request is used the content player of the recovery of information, when having confirmed, described content use information is returned to virgin state.

21. content reproducing method according to claim 15, it is characterized in that, described memory storage is when sending to described content player with described content use information, store at least a portion that this content is used information with virgin state, when making this content use information return to virgin state from this content player request, override content by content use information and use information, thereby return to virgin state in order to the virgin state storage.

22. content reproducing method according to claim 15 is characterized in that,

Described recording storage portion stores at least a portion that this content is used information with virgin state when having received described content and use information;

When the state that returns to described memory storage request before receiving described content use information, the content use information that is stored in the virgin state in the described recording storage portion is sent to described memory storage.

23. content reproducing method according to claim 22 is characterized in that, described memory storage overrides content by the content use information with described virgin state and uses information, thereby returns to virgin state.

Images