JP2001351323A - Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, and program providing medium - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To provide an information recording / reproducing apparatus which can selectively execute an encryption process in a setting with a reproduction device restriction and a setting without a reproduction device restriction. SOLUTION: When data is recorded, a device unique key is applied to an encryption key of data in a setting with a playback device limitation that enables playback only by the device, and in a setting without a playback device limitation, a device ID is assigned to an encryption key. To generate an encryption key. Further, the device ID of the recorded device,
The mode information (reproduction device restriction flag) having no reproduction device restriction is recorded on the recording medium. According to this configuration, at the time of data reproduction, only the data recording device storing the device unique key can be decrypted if there is a reproduction device restriction, and if there is no reproduction device restriction, any device can acquire a device ID and acquire data. Decoding, that is, reproduction becomes possible.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information recording apparatus, an information reproducing apparatus, an information recording method, an information reproducing method, and a program providing medium, and more particularly to data writing and data reproducing processing on a data recording / reproducing recording medium. Information that enables data recording with settings with device restrictions that allow playback only on the device that recorded data, and settings that allow playback on devices other than the device that recorded data. The present invention relates to a recording device, an information reproducing device, an information recording method, an information reproducing method, and a program providing medium.

[0002]

2. Description of the Related Art With the progress and development of digital signal processing technology, in recent years, recording apparatuses and recording media for digitally recording information have become widespread. According to such a digital recording apparatus and recording medium, recording and reproduction can be repeated without deteriorating images and sounds, for example. In this way, digital data can be copied over and over again while maintaining image quality and sound quality. Therefore, when a recording medium on which copying is illegally enters the market, various contents such as music, movies, etc. The interests of the copyright holder or legitimate sales right holder will be harmed. Recently, various mechanisms (systems) for preventing illegal copying have been introduced into digital recording devices and recording media in order to prevent such illegal copying of digital data.

For example, in an MD (Mini Disc) (MD is a trademark) device, SCMS (Serial Copy Management System) is employed as a method for preventing illegal copying. The SCMS outputs an SCMS signal together with audio data from a digital interface (DIF) on the data reproducing side, and controls recording of audio data from the reproducing side on the data recording side based on the SCMS signal from the reproducing side. This is a system that prevents illegal copying.

[0004] Specifically, the SCMS signal is a copy free (co
This signal indicates whether the data is “py free” data, data that is permitted to be copied only once (copy once allowed), or data that is prohibited from being copied (copy prohibited). On the data recording side, DI
When audio data is received from F, an SCMS signal transmitted together with the audio data is detected. If the SCMS signal is copy free, the audio data is recorded on the mini-disc together with the SCMS signal. If the SCMS signal permits copying once (copy once allowed), the SCMS signal is prohibited from being copied (copy p.
rohibited), along with the audio data,
Record on a mini-disc. Further, when the SCMS signal is copy prohibited,
Does not record audio data. Such SCM
By performing control using S, in the mini disc device, the copyrighted audio data is prevented from being illegally copied by the SCMS.

[0005] However, SCMS, as described above,
Since it is premised that the device that records data itself has a configuration for controlling recording of audio data from the playback side based on the CMS signal, a mini-disc device that does not have a configuration for performing control of SCMS is available. If manufactured, it will be difficult to deal with. So, for example, DVD
The player employs a content scramble system to prevent illegal copying of copyrighted data.

In the content scramble system,
Video data, audio data and the like are encrypted and recorded on a DVD-ROM (Read Only Memory), and a key (decryption key) used to decrypt the encrypted data is a licensed DVD. Given to the player. The license is given to a DVD player designed to comply with a prescribed operation rule such as not to perform unauthorized copying. Therefore, the licensed DVD player decrypts the encrypted data recorded on the DVD-ROM by using the given key, thereby obtaining the DVD.
-Images and sounds can be reproduced from the ROM.

[0007] On the other hand, a DVD player without a license does not have a key for decrypting encrypted data, and therefore cannot decrypt encrypted data recorded on a DVD-ROM. Thus, in the content scramble system configuration, a DVD player that does not satisfy the conditions required at the time of licensing is:
Since the DVD-ROM on which digital data is recorded cannot be reproduced, illegal copying is prevented.

However, the content scramble system adopted in DVD-ROM is intended for a recording medium on which data cannot be written by a user (hereinafter referred to as ROM media as appropriate). No consideration is given to application to a possible recording medium (hereinafter, appropriately referred to as a RAM medium).

That is, even if the data recorded on the ROM medium is encrypted, if the entire encrypted data is directly copied to the RAM medium, the data can be reproduced by a valid licensed device. You can create so-called pirated copies.

Accordingly, the present applicant has filed an earlier patent application, Japanese Patent Application Laid-Open No. H11-224461 (Japanese Patent Application No. 10-25310).
), Information for identifying each recording medium (hereinafter, referred to as medium identification information) is recorded on the recording medium together with other data, and it is determined that the device is a device licensed with this medium identification information. As a condition, a configuration has been proposed in which access to the medium identification information of a recording medium is possible only when the condition is satisfied.

In this method, the data on the recording medium is encrypted with the medium identification information and a secret key (master key) obtained by receiving a license, and an unlicensed device can use the encrypted data. Is read, meaningful data cannot be obtained. When a device receives a license, its operation is specified so that unauthorized duplication (illegal copying) cannot be performed.

An unlicensed device cannot access the medium identification information, and the medium identification information has an individual value for each medium. Even if all of the recorded and encrypted data is copied to a new recording medium, the data recorded on the recording medium created in this manner is, of course, unlicensed, as well as the unlicensed device. Even the receiving apparatus cannot correctly decode the data, so that illegal copying is substantially prevented.

[0013]

In the above arrangement, the master key stored in the licensed device is generally common to all devices. Storing a common master key for a plurality of devices in this way is a condition necessary to enable a medium recorded on one device to be played back on another device (to ensure interoperability). Because there is. Between recording / reproducing devices having a common master key, data recorded in a certain recording / reproducing device can be reproduced by all devices having the same master key. However, there may be a case where it is desired that the data can be reproduced only by a device that records certain data. This configuration does not solve this problem.

SUMMARY OF THE INVENTION An object of the present invention is to solve the above-mentioned problem, and to set a playback device with a playback device limitation that enables playback only on a device on which data is recorded and disables playback on other devices. An information recording device, an information reproducing device, and a device that can selectively execute a setting without a reproduction device restriction that can be reproduced not only by a device that has recorded data but also by other devices.
It is another object of the present invention to provide an information recording method, an information reproducing method, and a program providing medium.

[0015]

SUMMARY OF THE INVENTION A first aspect of the present invention is as follows.
An information recording device for recording information on a recording medium, comprising encryption processing means for executing encryption processing of data stored in the recording medium, wherein the encryption processing means includes a first encryption key built in the information recording device. Generating a first encryption key of data stored on the recording medium based on the data for generation and executing an encryption process on the stored data based on the first encryption key; A data encryption process for storing the encryption key generation data on the recording medium without restriction on the reproduction device; and a second encryption key generation data stored in the recording medium based on the second encryption key generation data built in the information recording device. And an encryption key based on the second encryption key, and performing an encryption processing based on the second encryption key on the stored data. An information recording apparatus comprising:

Further, in one embodiment of the information recording apparatus of the present invention, the first encryption key generation data is a device ID which is an identifier of the information recording apparatus, and the second encryption key generation data is a device ID. The data is a device unique key which is a unique key of the information recording apparatus.

Further, in one embodiment of the information recording apparatus of the present invention, in the encryption processing without restriction on the reproduction device, the encryption processing means includes: a master key stored in the information recording apparatus; A disc ID as an identifier, a title key unique to data to be recorded on the recording medium, and a device I as an identifier of the information recording apparatus.
D, generating a title unique key based on the D and generating the first encryption key based on the title unique key;
In the encryption processing with the playback device restriction, a master key stored in an information recording device, a disk ID which is a recording medium identifier unique to a recording medium, a title key unique to data to be recorded on the recording medium, and information recording The apparatus is characterized in that a title unique key is generated based on a device unique key that is an apparatus unique key, and the second encryption key is generated based on the title unique key.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing executed by the encryption processing means is the data encryption processing without restriction on the reproduction device or the data encryption processing with restriction on the reproduction device. It is characterized in that a flag indicating whether there is any data is recorded on the recording medium in correspondence with data stored in the recording medium.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing means stores a disc ID as a recording medium identifier unique to a recording medium and a title key unique to data to be recorded on the recording medium. It is characterized in that it has a configuration for executing processing for generating and storing it in the recording medium.

Further, in one embodiment of the information recording apparatus of the present invention, a transport stream processing means for adding reception time information (ATS) to each packet constituting a transport stream composed of intermittent transport packets is provided. The encryption processing means has a configuration for generating a block key as an encryption key for block data composed of one or more packets to which the reception time information (ATS) is added, and In the encryption processing, a first encryption key is generated based on data including the first encryption key generation data and a block seed that is additional information unique to block data including the reception time information (ATS). A first block key is generated, and in the data encryption processing with the playback device restriction, the second encryption key is generated. Based on data including encryption key generation data and a block seed which is additional information unique to block data including the reception time information (ATS).
Characterized in that a second block key as an encryption key is generated.

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing means includes reception time information (AT) added to a first transport packet of a plurality of transport packets constituting the block data.
A block key for encrypting the block data is generated based on a block seed which is additional information unique to the block data including S).

Further, in one embodiment of the information recording apparatus of the present invention, the block seed is data including copy control information in addition to the reception time information (ATS).

Further, in one embodiment of the information recording apparatus of the present invention, the encryption processing means is configured to execute encryption processing of data stored in the recording medium according to a DES algorithm.

Further, in one embodiment of the information recording apparatus of the present invention, the information recording apparatus has interface means for receiving information to be recorded on a recording medium, and the interface means has a transformer for forming data. It is characterized by having a configuration in which copy control information added to each packet included in the port stream is identified, and whether or not recording on a recording medium can be executed is controlled based on the copy control information.

Further, in one embodiment of the information recording apparatus of the present invention, the information recording apparatus has an interface unit for receiving information to be recorded on a recording medium, and the interface unit controls copying. 2-bit EMI (Encryptio
n Mode Indicator), and controls whether or not recording can be performed on a recording medium based on the EMI.

Further, a second aspect of the present invention is an information reproducing apparatus for reproducing information stored on a recording medium, comprising encryption processing means for executing decryption processing of encrypted data stored on the recording medium, The encryption processing means generates a first decryption key for encrypted data stored in the recording medium based on the first decryption key generation data stored in the recording medium, and generates the first decryption key for the first decryption key. A data decryption process that performs no decryption device-based decryption process on the encrypted data, and decrypts encrypted data stored in the recording medium based on second decryption key generation data built in the information recording device. A data decryption process with playback device restriction for generating a second decryption key and performing a decryption process based on the second decryption key on the encrypted data. In the information reproducing apparatus characterized by.

Further, in one embodiment of the information reproducing apparatus of the present invention, the first decryption key generation data is a device ID which is an identifier of the information recording apparatus which records the encrypted data stored in the recording medium. The second decryption key generation data is a device unique key which is a unique key of the information recording apparatus which records the encrypted data stored in the recording medium.

Further, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means acquires the master key stored in the information recording apparatus in the decryption processing without restriction of the reproducing apparatus, and acquires the master key from the recording medium. And a disc ID that is a recording medium identifier unique to the recording medium, a title key that is unique to the data to be decrypted, and a device ID that is an identifier of the information recording device that has recorded the encrypted data. Generating a title-specific key based on the master key, the disc ID, the title key, and the device ID; generating the first decryption key based on the title-specific key; In the process, the master key stored in the information recording device and the unique key of the information recording device stored in the information recording device are used. Obtains the device-specific key is, from a recording medium, a disc ID which is a recording medium unique recording medium identifier, acquires a specific title key to the decryption target data, the master key, the disk I
D, a title key, and a device unique key, wherein a title unique key is generated, and the second decryption key is generated based on the title unique key.

Further, in one embodiment of the information reproducing apparatus of the present invention, whether the encrypted data stored in the recording medium is the encrypted data without the restriction on the reproduction device or the encrypted data with the restriction on the reproduction device. Is acquired from a recording medium to determine whether or not reproduction processing is possible.

Further, in one embodiment of the information reproducing apparatus of the present invention, based on reception time information (ATS) added to each of a plurality of transport packets constituting the block data decrypted by the encryption processing means. A transport stream processing unit for performing data output control, wherein the encryption processing unit generates a block key as a decryption key for block data including one or more packets to which the reception time information (ATS) is added; In the data decryption processing without restriction on the playback device, data including the first decryption key generation data and a block seed that is additional information unique to block data including the reception time information (ATS) is provided. Generates a first block key as a first decryption key based on the In the data decryption processing, the second decryption key generation data and the reception time information (AT
It is characterized in that a second block key as a second decryption key is generated based on data including a block seed which is additional information unique to block data including S).

Further, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means includes reception time information (AT) added to a first transport packet of a plurality of transport packets constituting the block data.
A block key for decryption processing on the block data is generated based on a block seed which is additional information unique to the block data including S).

Further, in one embodiment of the information reproducing apparatus of the present invention, the block seed is data including copy control information in addition to the reception time information (ATS).

Further, in one embodiment of the information reproducing apparatus of the present invention, the encryption processing means is configured to execute a decryption process of the encrypted data stored in the recording medium according to a DES algorithm.

Further, in one embodiment of the information reproducing apparatus of the present invention, the information reproducing apparatus further comprises interface means for receiving information to be recorded on a recording medium, wherein the interface means comprises an interface for receiving information included in a transport stream constituting data. It is characterized in that it has a configuration in which copy control information added to a packet is identified, and whether or not reproduction from a recording medium can be executed is controlled based on the copy control information.

Further, in one embodiment of the information reproducing apparatus of the present invention, the information reproducing apparatus further comprises interface means for receiving information to be recorded on a recording medium, wherein the interface means is provided as copy control information for controlling copying. It is characterized in that it has a configuration for identifying 2-bit EMI (Encryption Mode Indicator) and controlling whether or not reproduction from a recording medium can be executed based on the EMI.

Further, a third aspect of the present invention relates to an information recording method for recording information on a recording medium, wherein the data stored in the recording medium is stored on the basis of the first encryption key generation data built in the information recording apparatus. Generating a first encryption key and executing encryption processing based on the first encryption key on the storage data, and storing the first encryption key generation data in the recording medium. Generating a second encryption key of data stored in the recording medium based on data encryption processing without restriction on a reproduction device to be performed and data for generating a second encryption key built in the information recording apparatus, and An information recording method comprising the steps of: selectively performing encryption processing based on an encryption key for the stored data, and data encryption processing with a playback device restriction. It is in.

Further, in one embodiment of the information recording method of the present invention, in the encrypting step, the first
Wherein the data for generating an encryption key is a device ID which is an identifier of the information recording device, and the data for generating the second encryption key is a device unique key which is a unique key of the information recording device. I do.

Further, in one embodiment of the information recording method of the present invention, in the encryption processing step, in the encryption processing without restriction on the reproduction device, a master key stored in the information recording device and a recording medium specific to the recording medium are used. A title unique key is generated based on a disc ID as an identifier, a title key unique to data to be recorded on the recording medium, and a device ID as an identifier of the information recording apparatus, and the title unique key is generated based on the title unique key. A first encryption key is generated, and in the encryption processing with the playback device restriction, a master key stored in an information recording device, a disk ID that is a recording medium identifier unique to a recording medium, and a recording medium are recorded on the recording medium. A title key unique to the data to be generated, and a title unique key based on a device unique key that is a unique key of the information recording apparatus, Based on the title unique key, and generates the second encryption key.

Further, in one embodiment of the information recording method of the present invention, the flag indicating whether the encryption process is the data encryption process without the restriction on the reproduction device or the data encryption process with the restriction on the reproduction device is set to the flag. The data is recorded on the recording medium in correspondence with the data stored in the recording medium.

Further, in one embodiment of the information recording method of the present invention, in the encrypting step, a disc ID which is a recording medium identifier unique to a recording medium and a title key unique to data to be recorded on the recording medium are included. It is characterized in that it has a configuration for executing processing for generating and storing it in the recording medium.

Further, in one embodiment of the information recording method of the present invention, a transport stream processing step for adding reception time information (ATS) to each packet constituting a transport stream composed of intermittent transport packets is provided. The encryption processing step includes a step of generating a block key as an encryption key for block data composed of one or more packets to which the reception time information (ATS) is added, and In the encryption process, a first encryption key as a first encryption key is generated based on data including the first encryption key generation data and a block seed that is additional information unique to block data including the reception time information (ATS). In the data encryption processing with the playback device restriction, the second encryption key is generated. Based on data including encryption key generation data and a block seed which is additional information unique to block data including the reception time information (ATS).
And generating a second block key as an encryption key.

Further, in one embodiment of the information recording method of the present invention, the encryption processing step includes receiving time information (A) added to a first transport packet of a plurality of transport packets constituting the block data.
And generating a block key for encryption processing on the block data based on a block seed which is additional information unique to the block data including the TS.

Further, in one embodiment of the information recording method of the present invention, the encryption processing step performs an encryption processing of data stored in the recording medium according to a DES algorithm.

Further, in one embodiment of the information recording method of the present invention, the copy control information added to each packet included in the transport stream constituting the data is identified, and the copy control information for the recording medium is identified based on the copy control information. A copy control step of controlling whether recording can be performed or not.

The information recording method further includes a 2-bit EMI as copy control information for controlling copying.
(Encryption Mode Indicator) and a copy control step of controlling whether or not to execute recording on a recording medium based on the EMI.

Further, a fourth aspect of the present invention, in an information reproducing method for reproducing information stored on a recording medium, includes a decryption processing step for performing a decryption processing of encrypted data stored on the recording medium, The decryption processing step includes a step of decrypting the encrypted data stored in the recording medium based on the first decryption key generation data stored in the recording medium.
A data decryption process without reproducing device restriction for generating the one decryption key and performing a decryption process based on the first decryption key on the encrypted data; and a second decryption device built in the information recording device.
A reproduction device restriction for generating a second decryption key for the encrypted data stored in the recording medium based on the decryption key generation data and performing a decryption process based on the second decryption key for the encrypted data An information reproducing method characterized by selectively performing a certain data decoding process.

Further, in one embodiment of the information reproducing method of the present invention, in the decoding processing step, the first
Is a device ID that is an identifier of an information recording device that has recorded the encrypted data stored on the recording medium, and the second decryption key generation data is the encrypted data stored on the recording medium. Is a device unique key that is a unique key of the information recording apparatus that records the information.

Further, in one embodiment of the information reproducing method of the present invention, in the decrypting processing step, in the decrypting processing without the restriction of the reproducing device, a master key stored in the information recording device is obtained and the information is recorded from the recording medium. And a disc ID that is a recording medium identifier unique to the recording medium, a title key that is unique to the data to be decrypted, and a device ID that is an identifier of the information recording device that has recorded the encrypted data. And the master key, disc ID, title key, device I
D, a title unique key is generated based on the title unique key, the first decryption key is generated based on the title unique key, and in the decryption processing with the playback device restriction, a master key stored in the information recording device is used. And a device unique key, which is a unique key of the information recording apparatus, stored in the information recording apparatus, and obtains, from the recording medium, a disc ID, which is a recording medium identifier unique to the recording medium, and a title key, which is unique to the data to be decoded. And generating a title unique key based on the master key, the disc ID, the title key, and the device unique key, and generating the second decryption key based on the title unique key. I do.

Further, in one embodiment of the information reproducing method of the present invention, whether the encrypted data stored in the recording medium is the encrypted data without the restriction on the reproduction device or the encrypted data with the restriction on the reproduction device. Is obtained from a recording medium to determine whether reproduction processing is possible or not.

Further, in one embodiment of the information reproducing method of the present invention, based on the reception time information (ATS) added to each of the plurality of transport packets constituting the block data decoded in the decoding processing step. A transport stream processing unit for performing data output control, wherein the decryption processing step generates a block key as a decryption key for block data composed of one or more packets to which the reception time information (ATS) is added; In the data decryption processing without restriction on the playback device, data including the first decryption key generation data and a block seed that is additional information unique to block data including the reception time information (ATS) is provided. Generating a first block key as a first decryption key based on In a data decryption process with a device restriction, a second decryption is performed based on data including the second decryption key generation data and a block seed which is additional information unique to the block data including the reception time information (ATS). A second block key is generated as a key.

Further, in one embodiment of the information reproducing method of the present invention, the decoding processing step includes receiving time information (A) added to a leading transport packet of a plurality of transport packets constituting the block data.
A step of generating a block key for decryption processing on the block data based on a block seed that is additional information unique to the block data including the TS.

Further, in one embodiment of the information reproducing method of the present invention, the decryption processing step is characterized in that the decryption processing of the encrypted data stored in the recording medium is executed according to a DES algorithm.

Further, in one embodiment of the information reproducing method of the present invention, the copy control information added to each packet included in the transport stream constituting the data is identified, and the copy control information is read from the recording medium based on the copy control information. Is characterized by controlling whether or not reproduction can be executed.

Further, in one embodiment of the information reproducing method of the present invention, a 2-bit EMI (Encryption Mode Indicator) as copy control information added to each packet included in a transport stream constituting data.
And controlling whether or not reproduction from a recording medium can be executed based on the EMI.

Further, a fifth aspect of the present invention is a program providing medium for providing a computer program for causing an information recording process of recording information on a recording medium to be executed on a computer system, wherein the computer program comprises: Generating a first encryption key of data stored on the recording medium based on first encryption key generation data built in the information recording device, and performing an encryption process based on the first encryption key. A data encryption process that is performed on stored data and that stores the first encryption key generation data in the recording medium without restriction on a reproduction device; and a second encryption key generation built in the information recording device. Generating a second encryption key of the storage data for the recording medium based on the storage data, and performing an encryption process based on the second encryption key. And a data encryption process with a limited playback device to be performed on the data, and an encryption process step for selectively executing the data encryption process.

Furthermore, a sixth aspect of the present invention is a program providing medium for providing a computer program for causing a computer system to execute an information reproducing process for reproducing information stored in a recording medium, The program has a decryption processing step of performing decryption processing of the encrypted data stored on the recording medium, and the decryption processing step is based on the first decryption key generation data stored on the recording medium. Generating a first decryption key for the encrypted data stored in the recording medium;
A decryption process based on a decryption key based on a decryption key for the encrypted data, and a data decryption process without restriction on a reproduction device, and a second decryption key generation data stored in the information recording device. Generating a second decryption key for the encrypted data and performing a decryption process based on the second decryption key on the encrypted data. A program providing medium characterized by being constituted.

[0057]

In the configuration of the present invention, the recording / reproducing apparatus is provided with a device ID as unique device identification information (information that may be disclosed) and a device unique key as a unique and secret device unique key. Then, when recording data, if the data is to be reproduced only by the device (reproduction device is restricted), the data is encrypted using the device unique key which is a device unique key, otherwise (reproduction device is not restricted). Is encrypted using a device ID that is device identification information. Further, the device identification information (device ID) of the recorded device and information (reproduction device restriction flag) indicating in which mode the reproduction device is restricted or not is recorded on the recording medium. With this configuration, when the data is played back, if the playback device is restricted, the device unique key (device unique key) is stored, that is, only the device that has recorded the data can decrypt the data. If the playback device is not restricted, reading the device ID from the recording medium enables any device to generate a data decryption key, thereby enabling playback.

As one aspect of the present invention, the format of the content to be recorded on the recording medium is an MPEG2 TS packet (packet), and this packet is recorded with the ATS, which is the time information received by the recording device, added. .
ATS is 24- to 32-bit data and has a certain degree of randomness. Here, ATS is Arrival TimeSt
An abbreviation for amp (arrival time stamp). In one block (sector) of the recording medium, X TS packets to which ATS is added are recorded, and a block for encrypting the data of the block using the ATS added to the first TS packet. Generate a key.

In this manner, each block can be encrypted using a unique key for each block, and a special area for storing the key is not required, and data other than the main data portion can be used during recording and reproduction. There is no need to access.

Further, not only the ATS but also copy control information (CCI: Copy Control Information) may be added to the TS packet and recorded, and a block key may be generated using the ATS and the CCI.

The program providing medium according to the fifth and sixth aspects of the present invention includes, for example, various programs
A medium for providing a computer program in a computer-readable format to a general-purpose computer system capable of executing code. The form of the medium is not particularly limited, such as a recording medium such as a CD, an FD, and an MO, and a transmission medium such as a network.

Such a program providing medium defines a structural or functional cooperative relationship between the computer program and the providing medium for realizing the functions of a predetermined computer program on a computer system. Things. In other words, by installing the computer program into the computer system via the providing medium, a cooperative operation is exerted on the computer system, and the same operation and effect as the other aspects of the present invention can be obtained. You can do it.

[0063] Still other objects, features and advantages of the present invention are:
It will become apparent from the following more detailed description based on the embodiments of the present invention and the accompanying drawings.

[0064]

DESCRIPTION OF THE PREFERRED EMBODIMENTS [System Configuration] FIG. 1 is a block diagram showing the configuration of an embodiment of a recording / reproducing apparatus 100 to which the present invention is applied. The recording / reproducing apparatus 100 includes an input / output I / F (Interface) 120 and an MPEG (Moving Picture E).
xperts Group) codec 130, input / output I / F (Interface) 14 including A / D, D / A converter 141
0, encryption processing means 150, ROM (Read Only Memory)
160, CPU (Central Processing Unit) 170, memory 180, drive 190 of recording medium 195, and transport stream processing means (TS processing means)
300, which are interconnected by a bus 110.

The input / output I / F 120 receives digital signals constituting various contents such as images, sounds, and programs supplied from the outside, outputs the digital signals on the bus 110, and receives the digital signals on the bus 110. Output to the outside. The MPEG codec 130 is connected to the bus 110
MPEG-encoded data supplied via
PEG is decoded and output to the input / output I / F 140, and the digital signal supplied from the input / output I / F 140 is MPEG-encoded and output to the bus 110.
The input / output I / F 140 is an A / D, D / A converter 14
1 is built in. The input / output I / F 140 receives an analog signal as content supplied from the outside, and
A / D (Analog Digita)
l) By performing the conversion, the digital signal is output to the MPEG codec 130 as a digital signal, and the digital signal from the MPEG codec 130 is D / A (Digital Analog) converted by the A / D and D / A converter 141, Output as an analog signal to the outside.

The encryption processing means 150 is composed of, for example, a one-chip LSI (Large Scale Integrated Circuit), and encrypts or decrypts a digital signal as a content supplied via the bus 110.
Has a configuration to output to the top. Note that the encryption processing means 150 is not limited to a one-chip LSI, and can be realized by a configuration combining various software or hardware. The configuration as the processing means by the software configuration will be described later.

The ROM 160 stores, for example, a device key unique to each recording / reproducing device or unique to each group of a plurality of recording / reproducing devices. CPU17
0 executes the program stored in the memory 180, thereby executing the MPEG codec 130 and the encryption processing unit 15.
Control 0 etc. The memory 180 is, for example, a non-volatile memory.
The data necessary for the operation of 170 is stored. Drive 19
0 is a recording medium 195 capable of recording and reproducing digital data.
, The digital data is read (reproduced) from the recording medium 195 and output on the bus 110, and the digital data supplied via the bus 110 is supplied to the recording medium 195 for recording. In addition,
The program is stored in the ROM 160 and the device key is stored in the memory 1
Alternatively, the data may be stored in the memory 80.

The recording medium 195 is, for example, a DVD or a CD.
Optical disk, such as optical disk, magneto-optical disk, magnetic disk, magnetic tape, or a medium that can store digital data such as a semiconductor memory such as RAM, in this embodiment,
It is assumed that the configuration is such that it is detachable from the drive 190.
However, the recording medium 195 may be configured to be built in the recording / reproducing apparatus 100.

The transport stream processing means (T
The S processing means) 300 will be described later in detail with reference to FIG. 6 and the like. For example, a transport packet corresponding to a specific program (content) from a transport stream in which a plurality of TV programs (contents) are multiplexed Then, data processing for storing the appearance timing information of the extracted transport stream together with each packet in the recording medium 195 and appearance timing control processing during reproduction processing from the recording medium 195 are performed.

The transport stream contains ATS as appearance timing information of each transport packet.
(Arrival Time Stamp) is set, and this timing is determined by T-STD (Transpo) which is a virtual decoder defined by MPEG2 Systems.
(rt stream System Target Decoder) is determined at the time of encoding so as not to break down, and at the time of transport stream reproduction, the appearance timing is controlled by the ATS added to each transport packet. Transport stream processing means (TS processing means) 300
These controls are executed. For example, when a transport packet is recorded on a recording medium, it is recorded as a source packet with the interval of each packet shortened. By storing the appearance timing of each transport packet on the recording medium together, The output timing of the packet can be controlled. When data is recorded on a recording medium 195 such as a DVD, the transport stream processing means (TS processing means) 300 transmits an ATS (ArrivalTime) indicating the input timing of each transport packet.
(Stamp: arrival time stamp).

The recording / reproducing apparatus 100 of the present invention uses the A
For the content constituted by the transport stream to which the TS has been added, the encryption processing unit 150 executes encryption processing, and stores the encrypted content in the recording medium 195. Further, the encryption processing means 150 executes a decryption process of the encrypted content stored in the recording medium 195. Details of these processes will be described later.

The encryption processing means 150, T shown in FIG.
Although the S processing means 300 is shown as a separate block for easy understanding, it may be configured as one one-chip LSI that executes both functions, or the two functions may be implemented by combining software or hardware. A configuration realized by a configuration may be adopted.

As a configuration example of the recording / reproducing apparatus of the present invention, a configuration shown in FIG. 2 in addition to the configuration shown in FIG. FIG.
In the recording / reproducing device 200 shown in FIG. 1, the recording medium 205 is a recording medium interface (I / F) 2 as a drive device.
10, the recording medium 205 can be read and written even when the recording medium 205 is attached to another recording / reproducing apparatus. Thus, the recording medium 1
In the recording / reproducing apparatus as shown in FIG. 2 in which 95 has a configuration usable in a plurality of recording / reproducing apparatuses, a key common to a plurality of recording / reproducing apparatuses, that is, a key common to a plurality of recording / reproducing apparatuses, A key common to the entire system is stored in the memory 180.

[Data Recording Processing and Data Reproduction Processing]
Next, a process of recording data on a recording medium and a process of reproducing data from a recording medium in the recording / reproducing apparatus of FIG. 1 or 2 will be described with reference to flowcharts of FIGS. When recording the content of an external digital signal on the recording medium 195, a recording process is performed according to the flowchart of FIG. That is, the contents of digital signals (digital contents) are, for example, IEEE (Institute of Electric)
al and Electronics Engineers) When supplied to the input / output I / F 120 via a 1394 serial bus or the like, in step S301, the input / output I / F 120 receives the supplied digital content and
Output to the TS processing means 300.

The TS processing means 300 determines in step S302
Generates block data in which an ATS is added to each of the transport packets constituting the transport stream, and transmits the block data to the
Output to

The encryption processing means 150 determines in step S303
In step, an encryption process is performed on the received digital content, and the resulting encrypted content is output to the drive 190 or the recording medium I / F 210 via the bus 110. Encrypted content is
The data is recorded on the recording medium 195 via the drive 190 or the recording medium I / F 210 (S304), and the recording process ends. The encryption processing in the encryption processing means 150 will be described later.

As a standard for protecting digital contents when digital contents are transmitted between devices connected via an IEEE1394 serial bus, five companies including Sony Corporation, the assignee of the present patent, set forth the following standards. , 5CDTCP (Five Company Digital Transmissi
on Content Protection) (hereinafter referred to as DTCP as appropriate). In this DTCP, when digital content that is not copy-free is transmitted between devices, the transmitting side and the receiving side must copy data before transmitting data. Mutual authentication is performed to determine whether or not copy control information for controlling the digital content can be correctly handled. Thereafter, the transmitting side encrypts and transmits the digital content, and the receiving side encrypts the digital content (encrypted content). ) Is decrypted.

In the data transmission / reception based on the DTCP standard, the input / output I / F 120 on the data receiving side receives the encrypted content via the IEEE1394 serial bus in step S301, and transmits the encrypted content to the DT.
The content is decrypted according to the CP standard, and is output to the encryption processing unit 150 as plaintext content.

Digital content encryption by DTCP generates a time-varying key, and is performed using the key. The encrypted digital content, including the key used for the encryption, is transmitted on the IEEE1394 serial bus, and the receiving side decrypts the encrypted digital content using the key contained therein.

According to DTCP, to be precise, the encrypted content includes the initial value of the key and the flag indicating the change timing of the key used for encrypting the digital content. Then, on the receiving side, the key used for encryption is generated by changing the initial value of the key included in the encrypted content again at the timing of the flag included in the encrypted content, The encrypted content is decrypted. However, in this case, it can be considered that the encrypted content includes a key for decrypting the encrypted content, which is equivalent. Therefore, the following description is made as such. Here, for DTCP, for example, the URL of http://www.dtcp.com (Uniform Resou
rce Locator), the informational version (Informational Version)
Can be obtained.

Next, processing for recording the content of an analog signal from the outside on the recording medium 195 will be described.
This will be described with reference to the flowchart of FIG. When the content of the analog signal (analog content) is supplied to the input / output I / F 140, the input / output I / F 140
In step S321, the analog content is received, and the process proceeds to step S322, where the built-in A / D, D
A / D conversion is performed by the / A converter 141 to obtain digital signal contents (digital contents).

This digital content is supplied to the MPEG codec 130, and is subjected to MPEG encoding, that is, encoding processing by MPEG compression in step S 323, and is supplied to the encryption processing means 150 via the bus 110.

Hereinafter, steps SS324, S325, S
At 326, steps S302 and S3 in FIG.
03 is performed. That is,
The ATS is added to the transport packet by the TS processing means 300, and the encryption processing in the encryption processing means 150 is executed.
Recording is performed on the recording medium 195, and the recording process ends.

Next, the process of reproducing the content recorded on the recording medium 195 and outputting it as digital content or analog content will be described with reference to the flow of FIG. The process of outputting digital contents to the outside is executed as a reproduction process according to the flowchart of FIG. That is, first, in step S401, the encrypted content recorded on the recording medium 195 is read by the drive 190 or the recording medium I / F 210, and is read via the bus 110.
It is output to the encryption processing means 150.

In the encryption processing means 150, step S40
2, the drive 190 or the recording medium I / F 21
The encrypted content supplied from 0 is decrypted, and the decrypted data is output to the TS processing means 300 via the bus 110.

The TS processing means 300 determines in step S403
In, the output timing is determined from the ATS of each transport packet constituting the transport stream, control is performed according to the ATS, and the transport packet is supplied to the input / output I / F 120 via the bus 110. Input / output I / F12
0 outputs the digital content from the TS processing means 300 to the outside and ends the reproduction processing. The processing of the TS processing means 300 and the decryption processing of the digital content by the encryption processing means 150 will be described later.

It should be noted that the input / output I / F 120 is used in step S
In step 404, when digital content is output via an IEEE1394 serial bus, mutual authentication is performed with the partner device in accordance with the DTCP standard as described above, and then the digital content is encrypted. And transmit it.

When the content recorded on the recording medium 195 is reproduced and output to the outside as analog content, a reproduction process according to the flowchart of FIG. 4B is performed.

That is, steps S421, S422, S4
23, steps S401 and S40 of FIG.
2. The same processing as in S403 is performed, whereby the decrypted digital content obtained by the encryption processing means 150 is supplied to the MPEG codec 130 via the bus 110.

In step S424, the MPEG codec 130 performs MPEG decoding of the digital contents, that is, decompression processing, and the input / output I / F 1
40. The input / output I / F 140 performs step S
At 424, the MPEG codec 130
A / D
D / A conversion by D / D / A converter 141 (S425)
And make it analog content. And step S
Proceeding to 426, the input / output I / F 140 outputs the analog content to the outside, and ends the reproduction process.

[Data Format] Next, a data format on a recording medium according to the present invention will be described with reference to FIG. The minimum unit for reading and writing data on a recording medium in the present invention is called a block. 1
The block is 192 * X (X) bytes (for example, X
= 32).

In the present invention, an AT (Transport Stream) packet (188 bytes) of MPEG2
S is added to make 192 bytes, and X are collected and 1
Block data. The ATS is 24- to 32-bit data indicating the arrival time, and is an abbreviation of Arrival Time Stamp (arrival time stamp) as described above. The ATS is configured as data having randomness according to the arrival time of each packet. In one block (sector) of the recording medium, X TS (Transport Stream) packets to which ATS is added are recorded. In the configuration of the present invention, the ATS added to the first TS packet of each block constituting the transport stream
Is used to generate a block key for encrypting the data of the block (sector).

By generating a block key for encryption using a random ATS, a unique key different for each block is generated. The encryption processing for each block is executed using the generated block unique key. Also,
With the configuration in which the block key is generated using the ATS, an area on the recording medium for storing the encryption key for each block becomes unnecessary, and the main data area can be used effectively. Further, there is no need to access data other than the main data portion when recording and reproducing data, and the processing becomes more efficient.

The block seed (Bloc) shown in FIG.
k Seed) is additional information including the ATS. block·
The seed further includes not only ATS but also copy restriction information (C
CI (Copy Control Information) may be added. In this case, a configuration in which a block key is generated using ATS and CCI can be adopted.

In the structure of the present invention, when data is stored on a recording medium such as a DVD, most of the data of the content is encrypted. However, as shown in the lowermost part of FIG. M at the beginning (for example, m = 8 or 1
6) Unencrypted data with unencrypted bytes
The data is recorded as it is, and the remaining data (m + 1 bytes and thereafter) is encrypted. This is because the encryption process is a process in units of 8 bytes, so the encrypted data length (Encrypted data)
This is because restrictions are imposed on If the encryption process is 8
If the processing can be performed in byte units instead of byte units, for example, m = 4 and all parts other than the block seed may be encrypted.

[Processing in TS processing means] Here, A
The function of the TS will be described in detail. The ATS is an arrival time stamp added to save the appearance timing of each transport packet in the input transport stream as described above.

That is, for example, when one or several TV programs (contents) are extracted from a transport stream in which a plurality of TV programs (contents) are multiplexed, the transports constituting the extracted transport streams are extracted. Port packets appear at irregular intervals (see FIG. 7A). The transport stream has an important meaning in the appearance timing of each transport packet, and this timing is based on MPEG2.
T-STD (Transport stream Sy), which is a virtual decoder defined by Systems (ISO / IEC 13818-1)
It is determined at the time of encoding so that the stem target decoder does not break down.

When reproducing the transport stream,
The appearance timing is controlled by the ATS added to each transport packet. Therefore, when recording a transport packet on a recording medium, it is necessary to preserve the input timing of the transport packet. When recording the transport packet on a recording medium such as a DVD, the input timing of each transport packet must be preserved. The ATS is added and recorded.

FIG. 6 is a block diagram for explaining processing executed by the TS processing means 300 when a transport stream input via a digital interface is recorded on a storage medium such as a DVD. From the terminal 600, a transport stream is input as digital data such as digital broadcast. 1 or 2, a transport stream is input from the terminal 600 via the input / output I / F 120 or via the input / output I / F 140 and the MPEG codec 130.

The transport stream is input to a bit stream parser 602. The bit stream parser 602 detects a PCR (Program Clock Reference) packet from the input transport stream. Here, the PCR packet is an MPEG packet.
This is a packet in which a PCR defined by 2 Systems is encoded. PCR packet is 100msec
Are encoded within the time interval of The PCR sets the time at which the transport packet arrives at the receiving side to 27 MHz.
Expressed with the precision of

Then, in the 27 MHz PLL 603, the 27 MHz clock of the recording / reproducing device is locked to the PCR of the transport stream. The time stamp generation circuit 604 generates a time stamp based on the count value of the 27 MHz clock. Then, the block seed adding circuit 605 adds the time stamp at the time when the first byte of the transport packet is input to the smoothing buffer 606 as the ATS, and adds the ATS to the transport packet.

The transport packet to which the ATS has been added passes through the smoothing buffer 606 and is supplied to the terminal 60.
7 is output to the encryption processing means 150, and after the encryption processing described later is executed, the drive 190 (FIG. 1),
The data is recorded on a recording medium 195 which is a storage medium via a recording medium I / F 210 (FIG. 2).

FIG. 7 shows an example of processing when an input transport stream is recorded on a recording medium. FIG. 7 (a)
Indicates an input of a transport packet constituting a specific program (content). Here, the horizontal axis is a time axis indicating the time on the stream. In this example, the input of the transport packet appears at irregular timing as shown in FIG.

FIG. 7B shows a block seed (Block
Seed) shows the output of the additional circuit 605. The block seed adding circuit 605 provides, for each transport packet, A indicating the time on the stream of the packet.
The source packet is output by adding a block seed (Block Seed) including the TS. FIG. 7C shows a source packet recorded on a recording medium. The source packets are recorded on the recording medium at shorter intervals as shown in FIG. By recording at shorter intervals in this manner, the recording area of the recording medium can be used effectively.

FIG. 8 shows the TS processing means 3 for reproducing the transport stream recorded on the recording medium 195.
00 shows a block diagram of the processing configuration of 00. From the terminal 800, the transport packet with the ATS decrypted by the encryption processing means described later is input to the block seed separation circuit 801 and the ATS
And the transport packet are separated. The timing generation circuit 804 has a 27 MHz clock 80 of the regenerator.
Calculate the time based on the clock counter value of 5.

At the start of reproduction, the first ATS is set in the timing generation circuit 804 as an initial value. The comparator 803 compares the ATS with the current time input from the timing generation circuit 804. The time generated by the timing generation circuit 804 and the ATS
Are equal, the output control circuit 802 outputs the transport packet to the MPEG codec 130 or the digital input / output I / F 120.

FIG. 9 shows an example in which the input AV signal
2 shows a configuration in which the MPEG codec 130 performs MPEG encoding and the TS processing means 300 encodes a transport stream. Therefore, FIG.
Is the MPEG codec 130 in FIG. 1 or FIG.
FIG. 3 is a block diagram showing both processing configurations of a TS processing unit and a TS processing unit; From the terminal 901, a video signal is input, which is input to the MPEG video encoder 902.

[0108] The MPEG video encoder 902 encodes the input video signal into an MPEG video stream and outputs it to the buffer video stream buffer 903. In addition, the MPEG video encoder 902
The access unit information on the G video stream is output to the multiplexing scheduler 908. The access unit of the video stream is a picture, and the access unit information is a picture type, a coded bit amount, and a decode time stamp of each picture. here,
The picture type is information of an I / P / B picture. The decode time stamp is
This is information defined by G2 Systems.

An audio signal is input from a terminal 904, which is an MPEG audio encoder 90.
5 is input. MPEG audio encoder 905
Encodes the input audio signal into an MPEG audio stream and outputs it to the buffer 906. In addition, the MPEG audio encoder 905 uses the MPEG
The access unit information about the audio stream is output to the multiplexing scheduler 908. The access unit of the audio stream is an audio frame, and the access unit information is a coded bit amount and a decode time stamp of each audio frame.

A multiplexing scheduler 908 receives video and audio access unit information. The multiplexing scheduler 908 controls a method for encoding the video stream and the audio stream into transport packets based on the access unit information. The multiplexing scheduler 908 internally has a clock for generating a reference time of 27 MHz accuracy, and has a T-ST which is a virtual decoder model defined by MPEG2.
The packet encoding control information of the transport packet is determined so as to satisfy D. The packet encoding control information is the type of stream to be packetized and the length of the stream.

When the packet coding control information is a video packet, the switch 976 is set to the position a, and the video data of the payload data length indicated by the packet coding control information is read from the video stream buffer 903, and the transport packet It is input to the encoder 909.

When the packet encoding control information is an audio packet, the switch 976 is set to the b side, and the audio data of the designated payload data length is read from the audio stream buffer 906 and input to the transport packet encoder 909. Is done.

If the packet encoding control information is a PCR packet, the transport packet encoder 909 takes in the PCR input from the multiplexing scheduler 908 and outputs the PCR packet. If the packet encoding control information indicates that the packet is not encoded, nothing is input to the transport packet encoder 909.

Transport packet encoder 909
Does not output a transport packet when the packet encoding control information indicates that the packet is not encoded. Otherwise, a transport packet is generated based on the packet encoding control information and output. Therefore, transport packet encoder 909 outputs a transport packet intermittently. Arrival (Arri
val) time stamp calculating means 910
Calculates the ATS indicating the time when the first byte of the transport packet arrives at the receiving side based on the PCR input from the multiplexing scheduler 908.

The PCR input from the multiplexing scheduler 908 indicates the time of arrival of the 10th byte of the transport packet specified by MPEG2 on the receiving side.
The value of the ATS is the time at which the byte 10 bytes before the time of the PCR arrives.

The block seed adding circuit 911 adds an ATS to the transport packet output from the transport packet encoder 909. The transport packet with the ATS output from the block seed adding circuit 911 is
Through the smoothing buffer 912, the encryption processing unit 1
The data is input to the storage medium 50, and after encryption processing described later is executed, it is stored in the recording medium 195 which is a storage medium.

The transport packet with the ATS stored in the recording medium 195 is input at a reduced interval as shown in FIG. 7C before being encrypted by the encryption processing means 150, and then recorded. It is stored in the medium 195. Even if transport packets are recorded at short intervals, A
By referring to the TS, the input time of the transport packet to the receiving side can be controlled.

The size of the ATS is not limited to 32 bits, but may be 24 bits to 31 bits. The longer the bit length of the ATS, the longer the cycle in which the ATS time counter goes around. For example, A
When the TS is a binary counter with a precision of 27 MHz, the time required for a 24-bit ATS to make one round is about 0.6.
Seconds. This time interval is sufficiently large for a general transport stream. This is because the packet interval of the transport stream is determined at a maximum of 0.1 second according to MPEG2 regulations. However, the ATS may be set to 24-bit or more with a sufficient margin.

As described above, when the bit length of the ATS is set to various lengths, several configurations are possible as the configuration of the block seed which is additional data of the block data.
FIG. 10 shows a configuration example of the block seed. Example 1 in FIG. 10 is an example in which ATS is used for 32 bits. FIG.
Example 2 is an example in which the ATS is 30 bits and the copy control information (CCI) is used for 2 bits. The copy control information is information indicating a copy control state of data to which the copy control information is added, and is SCMS: Serial Copy Management Sys.
tems and CGMS: Copy Generation Management System are famous. In these pieces of copy control information, data to which the information is added is copy free (Copy Free), which indicates that copying is permitted without restriction, and one generation copy permission (One Generation Copy A), which permits copying of only one generation.
llowed), Copy Prohibition (Copy Prohibition)
ted).

Example 3 shown in FIG. 10 is an example in which ATS has 24 bits, CCI uses 2 bits, and further information uses 6 bits. As other information, for example, when this data is output in analog form, Macrovision (Macrovisio), which is a copy control mechanism for analog video data, is used.
Various information such as information indicating on / off of n) can be used.

[Encryption processing accompanying data recording processing in a system that requires compatibility of recording data] Next, a system that requires compatibility of recording data, that is, a recording medium recorded in a certain recording / reproducing device is replaced with another recording medium An encryption process accompanying a data recording process in a system that is required to be reproducible in a regenerator will be described. A system that requires the compatibility of the recording data is, for example, a recording / reproducing apparatus 200 as shown in FIG. 2, and there is a request that the recording medium 195 can be used in another recording / reproducing device.

The encryption processing in the data recording processing in such a system will be described with reference to the processing block diagrams of FIGS. 11 and 12, and the flowchart of FIG. Here, an optical disk is taken as an example of the recording medium. In this embodiment, similarly to the configuration described in Japanese Patent Application Laid-Open No. 11-224461 (Japanese Patent Application No. 10-25310), it is necessary that data recorded by one recording and reproducing apparatus can be reproduced by another recording and reproducing apparatus. That is, the system requires compatibility of the recording data. Then, in order to prevent bit-by-bit copying of data on the recording medium, a disc ID (Disc ID) as identification information unique to the recording medium is made to act on a key for encrypting the data.

The outline of data encryption processing executed by the encryption processing means 150 will be described with reference to the processing block diagrams of FIGS.

The recording / reproducing apparatus 1100 has its own memory 18
The master key 1101 stored at 0 (see FIG. 2) is read. The master key 1101 is a secret key stored in the licensed recording / reproducing device, and is a key common to a plurality of recording / reproducing devices, that is, a key common to the entire system. The recording / reproducing apparatus 1100 checks whether or not a disc ID (Disc ID) 1103 as identification information is already recorded on a recording medium 1120 such as an optical disc. If recorded, disc ID (Disc
ID) 1103 (corresponding to FIG. 11), and if not recorded, the encryption processing means 150 randomly selects
Alternatively, a disc ID (Disc ID) 1201 is generated by a predetermined method such as random number generation and recorded on the disc (corresponding to FIG. 12). Disc ID (Disc I
D) Since there is only one need for 1103 on the disc,
It can also be stored in a lead-in area or the like.

The recording / reproducing device 1100 next uses the master key and the disc ID to disc-specific keys (Disc Universe).
que Key). Disk-specific key (Dis
c Unique Key)
The data generated by bit concatenation of the master key and the disc ID (Disc ID) is input to the hash function SHA-1 defined by FIPS 180-1, and only the required data length is output from the 160-bit output. Disc-specific key (Disc
There is a method of using the result obtained by inputting a master key and a disc ID (Disc ID) to a hash function using a block cipher function.

Next, a title key (Title Key), which is a unique key for each recording, is generated 1104 in the encryption processing means 150 at random or by a predetermined method such as generation of a random number, and is recorded on the disk 1120. On the disc, there is a data management file storing information as to what data constitutes what title, and a title key can be stored in this file.

Next, the disc unique key (Disc Unique Ke)
y) and a title key (Title Key) to generate a title unique key (Title Unique Key). As described above, there are several specific methods for this generation, such as a method using SHA-1 and a method using a hash function based on a block cipher.

In the above description, the master key (Ma
A disc unique key (Disc Unique Key) is generated from the ster key and the disc ID (Disc ID), and the title unique key (Title Uniqu
e Key) is generated, but the disc unique key (Disc Unique Key) is unnecessary, and the title unique key (Title Key) is directly obtained from the master key (Master Key), disc ID (Disc ID), and title key (Title Key). Tit
le Unique Key), and a master key (Master Key) without using a title key.
A key equivalent to a title unique key (Title Unique Key) may be generated from y) and the disc ID (Disc ID).

By the way, for example, when one of the transmission formats specified in the above 5CDTCP is used,
Data may be transmitted in MPEG2 TS packets. For example, a set top box (STB) that has received a satellite broadcast transmits this broadcast to a recorder.
When transmitting using the CDTCP, the STB converts the MPEG2 TS packet transmitted through the satellite broadcasting channel into IEEE.
Transmission over 1394 is desirable without the need for data conversion.

The recording / reproducing apparatus 1100 receives the content data to be recorded in the form of this TS packet, and adds, in the above-mentioned TS processing means 300, an ATS which is time information when each TS packet was received. As described above, the block seed added to the block data may be composed of a value obtained by combining ATS, copy control information, and other information.

By arranging X (for example, X = 32) TS packets to which the ATS has been added, one block data is formed (see the upper part of FIG. 5). As shown in the lower part of FIGS. The first to fourth bytes at the head of block data input as encrypted data are separated (selector 1).
108), the block seed (Block Seed) including the 32-bit ATS and the previously generated title unique key (Title Unique Key) are used as a block key (Key) for encrypting the data of the block. Block Key)
Is generated 1107.

FIG. 14 shows an example of a method of generating a block key. FIG. 14 shows two examples of generating a 64-bit block key (Block Key) from a 32-bit block seed (Block Seed) and a 64-bit title unique key (Title Unique Key). I have.

In Example 1 shown in the upper part, a cryptographic function having a key length of 64 bits and input and output of 64 bits is used. A title unique key (Title Unique Key) is used as a key of this cryptographic function, and a value obtained by concatenating a block seed (Block Seed) and a 32-bit constant (constant) is input as a block key (Block Key). I have.

Example 2 shows a hash function SHA-1 of FIPS 180-1.
This is an example using. Title Unique K
ey) and the value obtained by concatenating the block seed (Block Seed)
The block key is input to the HA-1, and the 160-bit output is reduced to 64 bits, for example, using only the lower 64 bits, and is used as a block key.

In the above description, the disc unique key (Disc U)
nique key), Title Unique Ke
y), an example of generating a block key has been described. For example, a disc unique key (Disc Uni
Queue Key) and Title Unique Key (Title Unique Key) without generating a master key (Master Key), disc ID (Disc ID), title key (Title Key), and block seed (Block Seed) for each block. May be used to generate a block key.

When the block key is generated, the block data is encrypted using the generated block key. As shown in the lower part of FIGS. 11 and 12, the first to m-th bytes (for example, m = 8 bytes) of the block data including the block seed (Block Seed) are separated (selector 1108) and are not subjected to encryption. Encryption 1109 is performed from the (m + 1) th byte to the last data. Note that m bytes that are not encrypted include the first to fourth bytes as block seeds. The block data after the (m + 1) th byte separated by the selector 1108 is encrypted 1109 in accordance with an encryption algorithm preset in the encryption processing means 150. As the encryption algorithm, for example, DES (Data En
encryption Standard) can be used.

Here, when the block length (input / output data size) of the encryption algorithm to be used is 8 bytes like DES, X is set to, for example, 32 and m is set to a multiple of 8, for example, so that there is no fraction. The entire block data after the (m + 1) th byte can be encrypted.

That is, when the number of TS packets stored in one block is X, the input / output data size of the encryption algorithm is L bytes, and n is an arbitrary natural number, 192 * X = m + n * L holds. X, m,
By defining L, the fraction processing becomes unnecessary.

The encrypted block data of the (m + 1) th and subsequent bytes are combined with the unencrypted first to m-th byte data by the selector 1110 and stored as encrypted content 1112 in the recording medium 1120.

By the above processing, the content is encrypted with the block key generated based on the block seed including the ATS in block units, and stored in the recording medium. As described above, the ATS is data having a high randomness unique to a block. Therefore, the block keys based on the ATS set for each block are different keys. That is, the encryption key is changed for each block, so that the strength against the cryptanalysis can be increased. In addition, by using the block seed as the encryption key generation data, it is not necessary to store the encryption key for each block separately from the data, so that a storage area for the encryption key is not required and the storage area can be saved. Also, since the block seed is data that is written and read together with the content data, unlike the conventional configuration in which the encryption key is stored in a separate area, the encryption key data is written or read during recording and reproduction. Processing can be omitted and efficient processing can be performed.

Next, according to the flowchart shown in FIG. 13, the ATS addition processing and the encryption processing means 1 in the TS processing means 300 which are executed along with the data recording processing.
The flow of the encryption process at 50 will be described. FIG.
In S1301, the recording / reproducing apparatus starts its own memory 1
The master key stored in 80 is read.

At S1302, it is checked whether or not a disc ID (Disc ID) as identification information has already been recorded on the recording medium. If it is recorded, this disc ID is read in S1303, and if it is not recorded, S1
At 304, a disk ID is generated at random or by a predetermined method and recorded on the disk. Next, in S1305, a disk unique key is generated using the master key and the disk ID. As described above, the disk unique key is obtained by applying, for example, a method using a hash function SHA-1 defined in FIPS 180-1 or a method using a hash function based on a block cipher.

The flow advances to step S1306 to generate a title key (Title Key) as a unique key for each one-time recording and to record the title key on the disc. Next, in S1307, a title unique key is generated from the disc unique key and the title key. For the key generation, a method using SHA-1 or a method using a hash function based on a block cipher is applied.

In step S1308, the recording / reproducing apparatus receives the encrypted data of the content data to be recorded in the form of a TS packet. In S1309, the TS processing means 300
ATS, which is time information when each TS packet is received, is added. Alternatively, a value obtained by combining the copy control information CCI, the ATS, and other information is added. Next, S131
0, the TS packets to which ATS is added are sequentially received, and 1
It is determined whether, for example, X = 32 forming a block has been reached, or whether identification data indicating the end of a packet has been received. If any of the conditions is satisfied, step S1
Proceeding to 311, X packets or packets up to the end of the packet are arranged to form one block of data.

Next, the encryption processing means 150 determines in S1312
Then, a block key, which is a key for encrypting the data of the block, is generated from the first 32 bits of the block data (the block seed including the ATS) and the title unique key generated in S1307.

In S1313, S is executed using the block key.
The block data formed in step 1311 is encrypted. As described above, the encryption target is
It is from the (m + 1) th byte of the block data to the last data. As the encryption algorithm, for example, DES (Data Encryption Standard) specified in FIPS 46-2 is applied.

In step S1314, the encrypted block data is recorded on a recording medium. In S1315, it is determined whether all the data has been recorded. If all data has been recorded, the recording process ends, and if not all data has been recorded, S1308.
Return to and execute the processing of the remaining data.

[Encryption processing accompanying data reproduction processing in a system that requires compatibility of recorded data] Next, processing for decrypting and reproducing the encrypted content recorded on the recording medium as described above will be described with reference to FIG. Processing block diagram,
This will be described with reference to the flowchart of FIG.

First, a description will be given with reference to the processing block diagram shown in FIG. The recording / reproducing device 1500 has a disk 1520
, And the master key 1501 from its own memory. As is apparent from the above description of the recording process, the disc ID is a disc-specific identifier recorded on the disc or, if not recorded, generated by the recording / reproducing device and recorded on the disc. The master key 1501 is a secret key stored in the licensed recording / reproducing device.

Next, the recording / reproducing apparatus 1500 generates a disc unique key (Disc Unique Key) using the disc ID (Disc ID) and the master key (Master Key).
3 In this key generation method, for example, data generated by bit concatenation of a master key and a disc ID (Disc ID) is input to a hash function SHA-1 defined in FIPS 180-1, and 160 bits of the data are input. Only the required data length from the output is disc unique key (Disc Unique Key)
Or a hash key using a block cipher function and a master key and a disk ID.
(Disc ID) and using the result obtained.

Next, a title key (Title Key) 150 corresponding to data to be read from the disk is recorded.
4 is read, and a title unique key (Title Unique Key) is generated 1505 from a title key (Title Key) 1504 and a disc unique key (Disc Unique Key). This generation method can also apply a hash function using a hash function SHA-1 or a block cipher function.

In the above description, the master key (Ma
A disc unique key (Disc Unique Key) is generated from the ster key and the disc ID (Disc ID), and the title unique key (Title Uniqu
e Key) is generated, but the disc unique key (Disc Unique Key) is unnecessary, and the title unique key (Title Key) is directly obtained from the master key (Master Key), disc ID (Disc ID), and title key (Title Key). Tit
le Unique Key), and a master key (Master Key) without using a title key.
A key equivalent to a title unique key (Title Unique Key) may be generated from y) and the disc ID (Disc ID).

Next, block data (Block Data) is sequentially stored from the encrypted content 1507 stored on the disk.
Is read, and the leading 4 of the block data (Block Data) is read.
A block seed (Block Seed) constituting a byte is separated by a selector 1508, and a block key (Block Key) is generated by mutual processing with a title unique key (Title Unique Key).

As a method for generating a block key, a configuration shown in FIG. 14 described above can be applied. That is, a 32-bit block seed (Block
Seed) and a 64-bit title unique key (Title Uniq
ue Key) and 64-bit block key (Block Ke)
The configuration that generates y) is applicable.

In the above description, the disc unique key (Disc U)
nique key), Title Unique Ke
y), an example of generating a block key has been described. For example, a disc unique key (Disc Uni
Queue Key) and Title Unique Key (Title Unique Key) without generating a master key (Master Key), disc ID (Disc ID), title key (Title Key), and block seed (Block Seed) for each block. May be used to generate a block key.

When the block key is generated, the encrypted block data is decrypted 1509 using the block key (Block Key), and output as decrypted data via the selector 1510. It should be noted that ATS is added to each transport packet constituting the transport stream in the decoded data, and the TS processing means 300 described above executes stream processing based on the ATS. The data can then be used, for example, displaying images or playing music.

As described above, the encrypted content encrypted in units of blocks and stored in the recording medium can be reproduced by being decrypted in units of blocks with the block key generated based on the block seed including the ATS. Becomes

Next, the flow of the decoding process and the reproduction process will be described with reference to the flowchart shown in FIG. In S1601 of FIG. 16, the recording / reproducing apparatus reads a disk ID from a disk and a master key from its own memory. In step S1602, a disk unique key is generated using the disk ID and the master key.

Next, in S1603, the title key of the data to be read from the disc is read, and in S1604, a title unique key is generated from the title key and the disc unique key. Next, in step S1605, the encrypted block data is read from the disk. S1606
Then, a block key is generated using the block seed (Block Seed) of the first 4 bytes of the block data and the title unique key generated in S1604.

Next, in step S1607, the encrypted block data is decrypted using the block key.
In step 8, it is determined whether all data has been read. If all data has been read, the process ends. If not, the process returns to step S1605 to read the remaining data.

[Encryption processing accompanying data recording processing in a system that does not require compatibility of recorded data]
A system that does not require compatibility of recorded data, that is, a system in which it is not required that a recording medium recorded in one recording / reproducing device can be reproduced in another recording / reproducing device, that is, recording data is only available in a device that has recorded the data. FIG. 17 is a processing block diagram showing encryption processing accompanying data recording processing in a system that only needs to be able to read data.
This will be described with reference to the flowchart of FIG.

Referring to the processing block diagram of FIG.
Description will be made sequentially according to the processing procedure of the flowchart in FIG.

First, in S1801 of FIG. 18, the recording / reproducing apparatus 1700 (see FIG. 17) generates a device unique key (Device Unique Key) which is a key unique to the apparatus.

As shown in FIG. 17, a device unique key (De
The vice unique key is generated based on one of an LSI key, a device key, a media key, and a drive key, or any combination of these. LS
The I key is a key stored in the LSI constituting the encryption processing means 150 (see FIG. 1) when the LSI is manufactured. The device key is a key set in correspondence with a device stored in a storage element such as a flash memory or an EEPROM, that is, a recording / reproducing device when the recording / reproducing device is manufactured. The media key is a key set for a recording medium for storing contents and stored on the recording medium. The drive key is a key given to a drive device for a recording medium such as a DVD drive.

In this embodiment, a device unique key (Device
Unique Key) is generated based on any one of an LSI key, a device key, a media key, a drive key, or any combination of these.

For example, a process of generating a device unique key using an LSI key and a device key will be described with reference to FIG. FIG. 19 shows, for example, the encryption processing means I5 of FIG.
Encryption processing means LSI 1900 in which 0 is configured as an LSI
3 shows an example of the processing.

The LSI key storage unit 1901 stores an LSI key common to a plurality of cryptographic processing means LSI (accordingly, common to a plurality of recording / reproducing devices). Specifically, for example, a uniform key is stored for each lot when the LSI is manufactured. Also, an LSI common to all cryptographic processing means LSIs
The configuration may be such that keys are stored, or a common LSI key may be stored for each group of several cryptographic processing means LSI. The number of cryptographic processing means LSIs to use an LSI key in common can be determined, for example, by using the cryptographic processing means LS
I can be determined in relation to the manufacturing cost.

The key generation section of the encryption processing means LSI 1900 reads out the LSI key stored in the key storage section 1901 and is stored in, for example, a ROM of a recording / reproducing device as a storage element external to the encryption processing means LSI 1900. A device key 1910 is obtained by reading out via a bus, and a function for generating a key (key generation function) is applied to the LSI key and the device key to obtain a device unique key (Device Unique Key). Is generated 1902.

The key generation function includes a device unique key (Device Uniform Key) from the LSI key and the device key.
que Key) is easy to calculate, but conversely,
From Device Unique Key to LSI
One-way functions that cannot calculate keys or device keys can be used. Specifically, for example, the device-specific key generation unit 1902 gives, as an input, a concatenation of an LSI key and a device key to a one-way function such as a SHA-1 hash function of FIPS180-1, By calculating the hash function, a device unique key (Device UniqueKey) is generated. The device unique key is, for example, FIPS46-2, FIPS46-
Using a one-way function using DES, Triple-DES, etc. of 3,
It may be obtained by encrypting a device key with an LSI key.

[0170] A block key is generated using the device unique key (Device Unique Key) obtained in this way and a block seed set as additional data of the content data, and encryption is performed based on the generated block key. Execute processing or decryption processing to encrypt content 1
906 on the recording medium 1920 or the reproduction processing of the encrypted content 1906 from the recording medium 1920 is executed.

[0171] The contents are encrypted and decrypted by, for example, the data and data methods described in FIPS46-2.
Encryption Standard (Data Encryption Sta
ndard) and others can be used.

FIG. 19 is an example in which a device unique key (Device Unique Key) is generated from an LSI key and a device key. For example, when a media key as a unique value is assigned to a recording medium, If a drive key is assigned as a unique value for the drive of the recording medium, a device unique key
It is also possible to use the media key and the drive key to generate the unique key.

Device Unique Key
FIG. 20 shows an example of a processing configuration in which is generated using all of the media key and the drive key in addition to the LSI key and the device key. FIG. 20 shows the data integrity mechanism (DI
An example of a processing configuration for generating a device unique key (Device Unique Key) by M: Data Ingegrity Mechanism) is shown.

The encryption unit 2001 encrypts the LSI key with the device key and outputs the result to the arithmetic unit 2004. The arithmetic unit 2004 performs an exclusive OR operation on the output of the encryption unit 2001 and the media key, and supplies the result to the encryption unit 2002.
The encryption unit 2002 uses the LSI key as a key and
04 is encrypted and output to the arithmetic unit 2005. Arithmetic unit 2005 performs an exclusive OR operation on the output of encryption unit 2002 and the drive key, and outputs the result to encryption unit 2003. The encryption unit 2003 uses the LSI key as a key, encrypts the output of the arithmetic unit 2005, and outputs the encryption result as a device unique key (Device Unique Key).

Returning to FIG. 18, the description of the data recording processing step will be continued. In step S1801, as described above, a device unique key is generated based on one of an LSI key, a device key, a media key, a drive key, or any combination of these.

In step S1802, the recording / reproducing apparatus receives the encrypted data of the content data to be recorded in the form of a TS packet. In step S1803, the TS processing unit 300
ATS, which is time information when each TS packet is received, is added. Alternatively, a value obtained by combining the copy control information CCI, the ATS, and other information is added. Next, S180
In step 4, TS packets to which ATS is added are sequentially received.
It is determined whether, for example, X = 32 forming a block has been reached, or whether identification data indicating the end of a packet has been received. If any of the conditions is satisfied, step S1
Proceeding to 805, X packets or packets up to the end of the packet are arranged to form one block data.

Next, in S1806, the encryption processing means 150
Generates a block key, which is a key for encrypting data of the block, from the first 32 bits of the block data (block seed including ATS) and the device unique key generated in S1801.

In S1807, S is executed by using the block key.
The block data formed in 1805 is encrypted. As described above, the encryption target is
It is from the (m + 1) th byte of the block data to the last data. As the encryption algorithm, for example, DES (Data Encryption Standard) specified in FIPS 46-2 is applied.

At S1808, the encrypted block data is recorded on the recording medium. In step S1809, it is determined whether all data has been recorded. If all data has been recorded, the recording process ends, and if not all data has been recorded, S1802
Return to and execute the processing of the remaining data.

[Encryption processing accompanying data reproduction processing in a system that does not require compatibility of recorded data]
Regarding the reproduction process of the data recorded in this way,
This will be described with reference to the processing block diagram of FIG. 21 and the flowchart of FIG.

Referring to the processing block diagram of FIG.
The description will be made sequentially according to the processing procedure of the flowchart of FIG.

First, in S2201 of FIG. 22, the recording / reproducing device 2100 (see FIG. 21) generates a device unique key (Device Unique Key) which is a key unique to the device.

As shown in FIG. 21, a device unique key (De
The vice unique key is generated 2101 based on one of an LSI key, a device key, a media key, and a drive key, or any combination of these. Here, as described above, each key is an LSI key.
LS constituting cryptographic processing means 150 (see FIGS. 1 and 2)
For I, the key and device key stored at the time of manufacturing the LSI are a flash memory, EE
A key and a media key set corresponding to a device stored in a storage element such as a PROM are keys set for a recording medium for storing content and stored on the recording medium.
The drive key is a key given to a drive device for a recording medium such as a DVD drive.

Next, in step S2202, the encrypted block data is read from the disk. S220
In step 3, a block key is generated using the block seed (Block Seed) of the first 4 bytes of the block data and the device unique key generated in step S2201 (210 in FIG. 21).
2) Do it.

Next, in S2204, the encrypted block data is decrypted using the block key (2 in FIG. 21).
105) Then, in S2205, it is determined whether or not all the data has been read out. If all the data has been read out, the process ends. If not, the process returns to S2202 to read out the remaining data.

In this process, the recording medium 212
In the encrypted content 2103 stored at 0, the first to fourth byte block seeds of the block data are separated by the selector 2104, and the unencrypted first to m-th byte data are not subjected to decryption processing. , Selector 2106 and output. ATS (Ar) representing the input timing for each packet is included in the decoded data.
rival Time Stamp: arrival time stamp), and normal reproduction can be performed by the above-described processing in the TS processing means.

As described above, in the configuration of the present invention, the content is encrypted with the block key that changes based on the ATS that changes according to the reception time of the first TS packet of the block data. Leakage of the block key used for encryption does not affect the protection of other contents. If a single encryption key is used to encrypt all content as in a conventional system, the content is always encrypted with a fixed data key. When a set of ciphertext contents encrypted with a key is obtained by a person who intends to make an illegal copy, the data key is decrypted using a cryptographic attack method such as a so-called linear attack or differential attack, whereby the data key is decrypted. However, all of the encrypted contents encrypted by the data key may be decrypted and illegally copied. However, in the configuration of the present invention, since the encryption key is different in each block unit, such a generation may occur. There is little sex.

In the configuration of the present invention, since the amount of data encrypted with one encryption key is one block, which is an extremely small amount of data, the key is encrypted using a so-called linear attack or differential attack. It becomes very difficult to ask.

Further, in the configuration of the present invention, since the encryption key is generated based on the ATS set as the additional information of the original data, the encryption key may be changed for each block. Since there is no need to newly record data in the sector header of the data sector on the recording medium,
No extra recording capacity is consumed, and there is no need to perform processing such as reading and writing of an encryption key for each block during recording and reproduction.

[Data encryption and recording processing in a system capable of setting device restrictions for recorded data reproduction] The above configuration is such that a block key can be generated by a master key, and a common master key is used. In the recording / reproducing device having the above, reproduction becomes possible. However, there is a case where it is desired that certain data can be reproduced only by the recording / reproducing device that has performed data recording. In the following, a configuration for executing such a device restriction setting will be described.

In this embodiment, for example, the recording medium 195 is removable in the recording / reproducing apparatus shown in FIGS.
This is an effective system in a configuration in which the recording medium 195 can be mounted on another recording / reproducing device. That is, the recording medium 1
When data is recorded on the recording medium 95, it is possible to set whether the recording medium on which the recording data is recorded can be reproduced or cannot be reproduced when the recording medium is mounted on another recording / reproducing device.

The encryption processing in the data recording processing in such a system will be described with reference to the processing block diagrams of FIGS. 23 and 24 and the flowchart of FIG. Here, an optical disk is taken as an example of the recording medium. In this embodiment, the bit-by-bit
In order to prevent copying, a disc ID (Disc ID) as identification information unique to a recording medium is made to act on a key for encrypting data.

An outline of the data encryption processing executed by the encryption processing means 150 will be described with reference to the processing block diagrams of FIGS.

The recording / reproducing apparatus 2300 has its own memory 18
Master key 230 stored at 0 (see FIGS. 1 and 2)
1. Read device ID 2331 and device unique key 2332 as device identifiers. Master key 23
Reference numeral 01 denotes a secret key stored in the licensed recording / reproducing apparatus, which is a key common to a plurality of recording / reproducing apparatuses, that is, a key common to the entire system. Device ID
Is an identifier of the recording / reproducing device 2300, which is an identifier such as a serial number stored in the recording / reproducing device in advance. This device ID may be made public. The device unique key is a secret key unique to the recording / reproducing device 2300, and is a key that is previously set so as to be different depending on each recording / reproducing device and stored. These are stored in the memory of the recording / reproducing device 2300 in advance.

The recording / reproducing apparatus 2300 stores a disc I as identification information on a recording medium 2320 such as an optical disc.
It is checked whether D (Disc ID) 2303 has already been recorded. If recorded, disc ID (Disc I
D) 2303 is read (corresponding to FIG. 23), and if it is not recorded, the encryption processing means 150 generates a disc ID (Disc ID) 2401 randomly or by a predetermined method such as random number generation. (Corresponding to FIG. 24). Disc ID (Disc I
D) Since there is only one 2303 on that disc,
It can also be stored in a lead-in area or the like.

The recording / reproducing device 2300 next uses the master key and the disc ID to disc-specific keys (Disc Universe).
que Key) is generated 2302. Disk-specific key (Dis
As a specific method of generating the unique key, as shown in FIG. 26, a master key (Master Key) and a disc ID (Disc ID) are added to a hash function using a block cipher function.
Example 1 using the result obtained by inputting
The data generated by the bit concatenation of the master key and the disc ID (Disc ID) is input to the hash function SHA-1 defined in 80-1, and only the necessary data length is output from the 160-bit output to the disc. Unique key (Disc U
The method of Example 2 used as a unique key can be applied.

Next, a title key (Title Key), which is a unique key for each recording, is generated 2304 in the encryption processing means 150 randomly or by a predetermined method such as random number generation, and is recorded on the disk 2320.

Further, the title (data) can be reproduced only by the recording / reproducing apparatus which has executed the data recording (device limitation) or can be reproduced by other devices (reproduction device limitation). A flag indicating whether there is
That is, the playback device restriction flag (Player Restriction Flame)
g) is set 2333 and recorded on the disk 2320 2
335. Further, the device ID as the device identification information is taken out 2331 and recorded on the disk 2320 23
34.

On the disc, there is a data management file in which information as to which data constitutes what title is stored.
5, playback device restriction flag 2335, device ID 233
4 can be stored.

Next, a disc unique key (Disc Unique Ke)
y), a title key (Title Key), and a device ID, or a disc unique key (Disc Unique Key), a title key (Title Key), and a device unique key.
y).

That is, when the playback device is not restricted, a title unique key (Title Unique Key) is generated from the disc unique key (Disc Unique Key), the title key (Title Key), and the device ID, and the playback device restriction is set. In this case, a title unique key (Title Unique Key) is generated from a disc unique key, a title key (Title Key), and a device unique key.

The title unique key (Title Unique Ke)
y) As shown in FIG. 28, a specific method of generation is to add a title key (Ti
tle Key) and a Disc Unique Key,
The method of Example 1 using a result obtained by inputting a device ID (when the playback device is not restricted) or a device unique key (when the playback device is restricted), or a hash function SHA defined by FIPS 180-1 -1 is input with data generated by bit concatenation of a master key, a disc ID (Disc ID) and a device ID (in the case of not restricting the playback device) or a device unique key (in the case of limiting the playback device). The method of Example 2 in which only the necessary data length from the 160-bit output is used as the title unique key (Title Unique Key) can be applied.

In the above description, the master key (Ma
A disc unique key (Disc Unique Key) is generated from the ster key and the disc ID (Disc ID), and is generated from the title key (Title Key) and the device ID, or the title key (Title Key) and the device unique key from the title unique key. (Title Unique Key) is generated, but the disc unique key (Disc Unique Key) is not required and the master key (Master Key) and disc ID
The title unique key (Title Unique Key) may be directly generated from the (Disc ID), the title key (Title Key), and the device ID or the device unique key, or the master may be generated without using the title key. Key (Mas
ter Key), disc ID (Disc ID), and device ID
A key equivalent to a title unique key (Title Unique Key) may be generated from the (unlimited playback device) or device-unique key (unlimited playback device).

For example, when one of the transmission formats specified in the above 5CDTCP is used, the data
In some cases, the packet is transmitted as a PEG2 TS packet. For example, a set-top box (ST
B: Set Top Box) puts this broadcast on a recorder 5CDTCP
When transmitting using STB, it is preferable that the STB also transmits the MPEG2 TS packet transmitted on the satellite broadcasting communication channel over IEEE1394 without data conversion.

The recording / reproducing apparatus 2300 receives the content data to be recorded in the form of this TS packet, and adds, in the above-mentioned TS processing means 300, an ATS which is time information when each TS packet was received. As described above, a configuration may be adopted in which a value obtained by combining ATS, copy control information, and other information is added as a block seed as additional information to block data.

By arranging X (for example, X = 32) TS packets to which the ATS has been added, one block data is formed (see the upper part of FIG. 5). As shown in the lower part of FIGS. The first to fourth bytes at the head of block data input as encrypted data are separated (selector 1).
108), the block seed (Block Seed) including the 32-bit ATS and the previously generated title unique key (Title Unique Key) are used as a block key (Key) for encrypting the data of the block. Block Key)
Is generated 2307. Block Key
Can be applied to the method shown in FIG. 14 described above.

In the above description, the disc unique key (Disc U)
nique key), Title Unique Ke
y), an example of generating a block key has been described. For example, a disc unique key (Disc Uni
Queue Key) and Title Unique Key (Title Unique Key) without generating a master key (Master Key), disc ID (Disc ID), title key (Title Key), and block seed (Block Seed) for each block.
Alternatively, a block key (BlockKey) may be generated using the device ID (in the case where the playback device is not restricted) or the device unique key (in the case where the playback device is restricted).

When a block key is generated, block data is encrypted using the generated block key. As shown in the lower part of FIGS. 23 and 24, the first to m-th bytes (for example, m = 8 bytes) of the block data including the block seed (Block Seed) are separated (selector 2308) and are not subjected to encryption. Encrypt 2309 from the (m + 1) th byte to the last data. Note that m bytes that are not encrypted include the first to fourth bytes as block seeds. The block data after the (m + 1) th byte separated by the selector 2308 is encrypted 2309 in accordance with an encryption algorithm preset in the encryption processing means 150. As the encryption algorithm, for example, DES (Data En
encryption Standard) can be used.

Here, when the block length (input / output data size) of the encryption algorithm to be used is 8 bytes like DES, X is set to 32, for example, and m is set to a multiple of 8, for example. The entire block data after the (m + 1) th byte can be encrypted.

That is, when the number of TS packets stored in one block is X, the input / output data size of the encryption algorithm is L bytes, and n is an arbitrary natural number, 192 * X = m + n * L holds. X, m,
By defining L, the fraction processing becomes unnecessary.

The encrypted block data of the (m + 1) th and subsequent bytes are combined with the unencrypted first to m-th byte data by the selector 2310 and stored as encrypted content 2312 in the recording medium 1120.

By the above processing, the content is encrypted by the block key generated based on the block seed including the ATS in block units and stored in the recording medium. In addition, the block key is generated based on the device ID when the reproduction device is not restricted, and is generated based on the device unique key when the reproduction device is restricted.
These encrypted data, if you restrict the playback device,
The data can be reproduced only by the device that records the data.

That is, when there is no restriction on the playback device, a block key, which is an encryption key for block data, is generated based on the data including the device ID, and the device ID is stored in the recording medium. Therefore, the device that wants to reproduce the recording medium has the device ID from the recording medium.
Can be obtained, and a similar block key can be generated, so that block data can be decrypted.
However, in the case where the playback device is limited, a block key that is an encryption key for block data is generated based on data including a device unique key. This device unique key is a secret key that differs for each device, and other devices cannot obtain the key. When the block data is encrypted and stored in the recording medium, the process of writing the device unique key to the recording medium is not performed. Therefore, even if a recording medium storing the encrypted block data is attached to another playback device, the same device unique key cannot be obtained, and a decryption key for decrypting the block data is generated. Cannot be decoded and cannot be reproduced. The details of the reproduction process will be described later.

Next, according to the flowchart shown in FIG. 25, the ATS addition processing and the encryption processing means 1 in the TS processing means 300 which are executed together with the data recording processing.
The flow of the encryption process at 50 will be described. FIG.
In step S2501, the recording / reproducing apparatus starts its own memory 1
A master key, a device ID as a device identifier, and a device unique key stored in 80 are read.

In S2502, it is checked whether a disc ID (Disc ID) as identification information has already been recorded on the recording medium. If it has been recorded, this disk ID is read in S2503, and if it has not been recorded, S2
At 504, a disk ID is generated randomly or by a predetermined method and recorded on the disk. Next, in S2505, a disk unique key is generated using the master key and the disk ID. As described above, the disk unique key is obtained by applying, for example, a method using a hash function SHA-1 defined in FIPS 180-1 or a method using a hash function based on a block cipher.

Then, the flow advances to step S2506 to extract a title key (Title Key), a playback device restriction flag (Player Restriction Flag) as a unique key for each recording, and a device ID as device identification information. Record on disc. Next, in step S2507, a title unique key is generated from the disc unique key, the title key, and the device ID (when the playback device is not restricted) or the device unique key (when the playback device is restricted).

FIG. 27 shows a detailed flow of generating a title unique key. The encryption processing means 150 determines in step S270
In step 1, it is determined whether or not the playback device is restricted. This determination is made based on instruction data input by a user who uses the recording / reproducing device, or use restriction information added to the content.

If the determination in S2701 is No, that is, if there is no restriction on the playback device, the flow advances to step S2702, and
A title unique key (Title Unique Key) is generated from the disc unique key (Disc Unique Key), the title key (Title Key), and the device ID.

[0219] If the determination in S2701 is Yes, that is, if the playback device is to be restricted, the process proceeds to step S2703, where the disc unique key (Disc Unique Key) and the title key (T
A title unique key (Title Unique Key) is generated from the itleKey) and the device unique key. For key generation,
A method using SHA-1 or a hash function based on a block cipher is used.

At S2508, the recording / reproducing apparatus receives the encrypted data of the content data to be recorded in the form of a TS packet. In step S2509, the TS processing unit 300
ATS, which is time information when each TS packet is received, is added. Alternatively, a value obtained by combining the copy control information CCI, the ATS, and other information is added. Next, S251
0, the TS packets to which ATS is added are sequentially received, and 1
It is determined whether, for example, X = 32 forming a block has been reached, or whether identification data indicating the end of a packet has been received. If any of the conditions is satisfied, step S2
Proceeding to 511, X packets or packets up to the end of the packet are arranged to form block data of one block.

Next, the encryption processing means 150 determines in S2512
Then, a block key which is a key for encrypting the data of the block is generated from the first 32 bits of the block data (block seed including ATS) and the title unique key generated in S2507.

In S2513, S is executed using the block key.
The block data formed in step 2511 is encrypted. As described above, the encryption target is
It is from the (m + 1) th byte of the block data to the last data. As the encryption algorithm, for example, DES (Data Encryption Standard) specified in FIPS 46-2 is applied.

In S2514, the encrypted block data is recorded on a recording medium. In S2515, it is determined whether all the data has been recorded. If all data has been recorded, the recording process ends, and if not all data has been recorded, S2508
Return to and execute the processing of the remaining data.

[Data decryption and playback processing in a system capable of setting device restrictions for playback of recorded data] Next, processing for decrypting and playing back the encrypted content recorded on the recording medium as described above. About Figure 2
This will be described with reference to the processing block diagram of FIG. 9 and the flowchart of FIG.

First, description will be made with reference to the processing block diagram shown in FIG. The recording / reproducing device 2900 has a disk 2920
, A master key 2901, a device ID 2931 as a device identifier, and a device unique key 2932 from its own memory.
As is clear from the above description of the recording process, the disc ID
Is an identifier unique to the disc which is recorded on the disc or generated by the recording / reproducing device when it is not recorded and recorded on the disc. The master key 2901 is a secret key stored in the licensed recording / reproducing device. The device ID is an identifier unique to the recording / reproducing device, and the device unique key is a secret key specific to the recording / reproducing device.

Next, the recording / reproducing apparatus 2900 generates a disc unique key (Disc Unique Key) using the disc ID (Disc ID) and the master key (Master Key).
3 In this key generation method, for example, data generated by bit concatenation of a master key and a disc ID (Disc ID) is input to a hash function SHA-1 defined in FIPS 180-1, and 160 bits of the data are input. Only the required data length from the output is disc unique key (Disc Unique Key)
Or a master key and a disk ID in a hash function using a block cipher function.
(Disc ID) and using the result obtained.

Next, a title key (Title Key) 290 recorded corresponding to the data to be read from the disk is displayed.
5 and further reads the device ID 2935 of the recording / reproducing device that recorded this data and the reproduction device restriction flag 2934 set corresponding to the data, and the reproduction device restriction information indicated by the read reproduction device restriction flag 2933 is: "Reproduction device limited" and "device ID 2935 read from recording medium and own device ID 293"
1 matches ”or the playback device restriction information indicated by the read playback device restriction flag 2933 is“ no playback device restriction ”, the playback is enabled, and the playback device indicated by the read playback device restriction flag 2933 is displayed. If the restriction information is “reproduction device restricted” and “device ID 2934 read from recording medium and own device ID 293
When "1 does not match", reproduction becomes impossible.

If the data cannot be reproduced, the data has been encrypted with the block key generated based on the device-specific key unique to the recording / reproducing device on which the data was recorded. Since the recording / reproducing device other than the device does not have the same device-specific key, it is not possible to generate a block key for decrypting data.

[0229] If the disc can be reproduced, a disc unique key (Disc Unique Key), a title key (Title Key),
Device ID or disc unique key (Disc Uni
queKey), a title key (Title Key), and a device unique key.
tle Unique Key).

That is, if the setting is such that the playback device is not restricted, a title unique key (Title Unique Key) is generated from the disc unique key (Disc Unique Key), the title key (Title Key), and the device ID. If the setting is to restrict playback devices, a disc unique key (Disc Unique Key), a title key (Title Key),
From the own device unique key and the title unique key (Titl
e Unique Key). As the key generation method, a hash function using a hash function SHA-1 or a block cipher function can be applied.

In the above description, the master key (Ma
A disc unique key (Disc Unique Key) is generated from the ster key and the disc ID (Disc ID), and is generated from the title key (Title Key) and the device ID, or the title key (Title Key) and the device unique key from the title unique key. (Title Unique Key) is generated, but the disc unique key (Disc Unique Key) is not required and the master key (Master Key) and disc ID
The title unique key (Title Unique Key) may be directly generated from the (Disc ID), the title key (Title Key), and the device ID or the device unique key, or the master may be generated without using the title key. Key (Mas
ter Key), disc ID (Disc ID), and device ID
A key equivalent to a title unique key (Title Unique Key) may be generated from the (unlimited playback device) or device-unique key (unlimited playback device).

Next, block data (Block Data) is sequentially stored from the encrypted content 2912 stored on the disk.
Is read, and the leading 4 of the block data (Block Data) is read.
A block seed (Block Seed) constituting a byte is separated by a selector 2910 and a block key (Block Key) is generated by mutual processing with a title unique key (Title Unique Key).

As a method for generating a block key, the configuration of FIG. 14 described above can be applied. That is, a 32-bit block seed (Block
Seed) and a 64-bit title unique key (Title Uniq
ue Key) and 64-bit block key (Block Ke)
The configuration that generates y) is applicable.

In the above description, the disc unique key (Disc U)
nique key), Title Unique Ke
y), an example of generating a block key has been described. For example, a disc unique key (Disc Uni
Queue Key) and title unique key (Title Unique Key) without generating a master key (Master Key), disc ID (Disc ID), title key (Title Key), and block seed (Block Seed) for each block. )
And, a block key may be generated using a device ID (when the playback device is not restricted) or a device unique key (when the playback device is restricted).

When the block key is generated, the encrypted block data is decrypted 2909 using the block key (Block Key), and is output as decrypted data via the selector 2908. It should be noted that ATS is added to each transport packet constituting the transport stream in the decoded data, and the TS processing means 300 described above executes stream processing based on the ATS. The data can then be used, for example, displaying images or playing music.

As described above, the encrypted content encrypted in block units and stored in the recording medium can be reproduced by being subjected to decryption processing in block units with the block key generated based on the block seed including the ATS. Becomes

Next, the flow of the decoding process and the reproduction process will be described with reference to the flowchart shown in FIG. In S3001 in FIG. 30, the recording / reproducing apparatus reads a disk ID from a disk, and reads a master key, a device ID, and a device unique key from its own memory. In step S3002, a disk unique key is generated using the disk ID and the master key.

Next, in step S3003, the title key of the data to be read from the disk, the device ID of the recording / reproducing device that has recorded the data, and the reproduction device restriction flag set corresponding to the data are read.

Next, in S3004, it is determined whether or not the data to be read can be reproduced. Details of the determination are shown in FIG. In step S3101 of FIG. 31, it is determined whether the playback device restriction information indicated by the read playback device restriction flag is set to “reproduction device limited”. If yes, in step S3102, it is determined whether or not the device ID read from the recording medium matches its own device ID. If they match, it is determined that reproduction is possible. If it is determined in step S3101 that the setting is not “reproduction device limited”, it is determined that reproduction is possible. If the reproduction device restriction information indicated by the read reproduction device restriction flag is “reproduction device restricted” and “the device ID read from the recording medium does not match its own device ID”, it is determined that reproduction is impossible.

Next, in step S3005, a title unique key is generated. FIG. 32 shows a detailed flow of generating a title unique key. The encryption processing means 150 determines in step S32
At 01, it is determined whether the setting is to set the playback device restriction or not. This determination is made based on the playback device restriction flag read from the disk.

If the determination in S3201 is No, that is, if the setting is such that the playback device is not restricted, step S320
Proceeding to 2, the title unique key (Title Unique Key) is generated from the disc unique key (Disc Unique Key), the title key (Title Key), and the device ID.

[0242] If the determination in S3201 is Yes, that is, if the playback device is to be restricted, the process proceeds to step S3203, where the disc unique key (Disc Unique Key) and the title key (T
A title unique key (Title Unique Key) is generated from the itleKey) and the device unique key of the recording / reproducing device. For key generation, a method using SHA-1 or a hash function based on a block cipher is used.

Next, in step S3006, the encrypted block data is read from the disk. S300
In step 7, a block key is generated using the block seed (Block Seed) of the first 4 bytes of the block data and the title unique key generated in step S3005.

Next, in step S3008, the encrypted block data is decrypted using the block key.
In step 9, it is determined whether or not all data has been read. If all data has been read, the process ends. If not, the process returns to step S3006 to read the remaining data.

As described above, when the playback device is not restricted, a block key is generated based on the device ID, and when the playback device is restricted, the block key is generated based on the device unique key. It is possible to encrypt the content in block units based on one of the settings and store the encrypted content in the recording medium. When playing back data stored on a recording medium, data encrypted based on a device unique key can be played back only on the device that recorded the data,
If the playback device is not restricted, the other device can generate the block key using the device ID recorded on the disk, so that the decryption process and the playback process in the other device can be executed. .

[Copy Control in Recording Process] In order to protect the interests of the copyright holder of the content, it is necessary to control the copying of the content in the licensed device.

That is, when recording a content on a recording medium, it is necessary to check whether the content can be copied (copiable) and to record only the content that can be copied. is there. When reproducing and outputting the content recorded on the recording medium, it is necessary to prevent the output content from being illegally copied later.

The processing of the recording / reproducing apparatus shown in FIG. 1 or FIG. 2 when recording / reproducing content while performing such copy control of content will be described with reference to the flowcharts of FIG. 33 and FIG. .

First, in the case of recording the content of an external digital signal on a recording medium, FIG.
A recording process is performed according to the flowchart of FIG. The processing in FIG. 33A will be described. The recording / reproducing apparatus 100 of FIG. 1 will be described as an example. If the content of the digital signal (digital content) is, for example, IEEE13
When the data is supplied to the input / output I / F 120 via a serial bus or the like, in step S3301, the input / output I / F
120 receives the digital content, and proceeds to step S3302.

In step S3302, input / output I / F1
20 determines whether the received digital content can be copied. That is, for example, the input / output I /
If the content received by the F120 is not encrypted (for example, if the plaintext content is supplied to the input / output I / F 120 without using the above-described DTCP), the content can be copied. It is determined that there is.

It is assumed that the recording / reproducing apparatus 100 is an apparatus conforming to DTCP, and the processing is executed according to DTCP. In DTCP, 2-bit EMI (Encryption) as copy control information for controlling copying is used.
ion Mode Indicator) is defined. EMI is 00
If the content is B (B indicates that the previous value is a binary number), the content is copy-free.
ly), and when the EMI is 01B, it indicates that the content cannot be copied any more (No-more-copies). further,
If the EMI is 10B, it indicates that the content can be copied only once (Copy-one-generation). If the EMI is 11B, the content is prohibited from being copied. This is a thing (Copy-never).

An input / output I / F 120 of the recording / reproducing apparatus 100
EMI is included in the signal supplied to the
If it is py-freely or Copy-one-generation, the content is determined to be copyable. Also, EMI
Is No-more-copies or Copy-never, it is determined that the content cannot be copied.

If it is determined in step S3302 that the content is not copyable, step S33
03 to S3305 are skipped, and the recording process ends. Therefore, in this case, the content is stored in the recording medium 1.
Not recorded in 95.

If it is determined in step S3302 that the content can be copied, the flow advances to step S3303, and thereafter, steps S3303 to S33 are performed.
05, steps S302 and S30 in FIG.
3. Processing similar to the processing in S304 is performed. That is, the ATS is added to the transport packet by the TS processing means 300, and the encryption processing in the encryption processing means I50 is executed. The resulting encrypted content is recorded on the recording medium 195, and the recording processing is terminated.

The EMI is included in the digital signal supplied to the input / output I / F 120. When the digital content is recorded, the EMI is copied together with the digital content in the same manner as the EMI or EMI. Information indicating the control state (for example, embedded CCI in DTCP) is also recorded.

At this time, generally, Copy-One-Generatio
The information indicating n should be No-
Converted to more-copies and recorded.

In the recording / reproducing apparatus of the present invention, the EMI or
Copy control information such as embedded CCI is recorded in a form added to the TS packet. That is, as shown in Example 2 and Example 3 of FIG. 10, the ATS is for 24 to 30 bits, and 32 bits including the copy control information are added to each T as shown in FIG.
Add to S packet.

The contents of the analog signal from the outside are
When recording on a recording medium, a recording process is performed according to the flowchart of FIG. FIG.
The process (B) will be described. When the content of the analog signal (analog content) is supplied to the input / output I / F 140, the input / output I / F 140 executes the processing in step S33.
In step 11, the analog content is received, and the flow advances to step S3312 to determine whether the received analog content can be copied.

Here, the determination processing in step S3312 is performed, for example, by adding a Macrovision signal or a CGMS-A (Copy) to the signal received by the input / output I / F 140.
Generation Management System-Analog) is performed based on whether or not a signal is included. That is, the macro vision signal is a signal that causes noise when recorded on a VHS video cassette tape.
If it is included in the signal received at / F140, it is determined that the analog content is not copyable.

For example, the CGMS-A signal is a CGMS signal used for digital signal copy control.
A signal applied to analog signal copy control, whose content is copy-free (Copy-free), which can be copied only once (Copy-one-generation), or whose copy is prohibited (Copy-free). never).

Therefore, the CGMS-A signal is input / output I / O
Included in the signal received at F140 and the CGMS
If the -A signal indicates Copy-freely or Copy-one-generation, it is determined that the analog content can be copied. Also, the CGMS-A signal is used for Copy-n
If it represents ever, it is determined that the analog content cannot be copied.

Further, for example, the macro vision signal also
If the CGMS-A signal is not included in the signal received at the input / output I / F 4, it is determined that the analog content can be copied.

If it is determined in step S3312 that analog content cannot be copied, steps S3313 to S3317 are skipped, and the recording process ends. Therefore, in this case, the content is not recorded on the recording medium 195.

When it is determined in step S3312 that analog content can be copied,
The process proceeds to step S3313, and thereafter, proceeds to step S3313.
In steps S3317 to S3317, step S32 in FIG.
The same processing as the processing from S2 to S326 is performed, whereby the content is subjected to digital conversion, MPEG encoding, TS processing, and encryption processing and recorded on the recording medium, and the recording processing ends.

When the analog signal received by the input / output I / F 140 includes the CGMS-A signal,
When recording analog content on a recording medium, the CGMS-A signal is also recorded on the recording medium. That is,
In the CCI or other information part shown in FIG.
This signal is recorded. At this time, generally, Copy-One
-Generation information is converted to No-more-copies and recorded so that no further copying is allowed. However, in the system, for example, "Copy-one-generation
Is recorded without conversion to No-more-copies, but is not limited to this rule when a rule such as "handle as No-more-copies" is determined.

[Copy Control in Reproduction Processing] Next, in the case where the content recorded on the recording medium is reproduced and output to the outside as digital content, FIG.
The reproduction process is performed according to the flowchart of FIG. The processing in FIG. 34A will be described. First, in steps S3401, S3402, and S3403, steps S401, S402, and S4 in FIG.
03, the same processing as that performed in step 03 is performed.
The encrypted content read from the recording medium is subjected to decryption processing in the encryption processing means 150, and is subjected to TS processing. The digital content subjected to each process is supplied to the input / output I / F 120 via the bus 110.

The input / output I / F 120 determines in step S 340
At 4, it is determined whether the digital content supplied thereto can be copied later. That is,
For example, if the digital content supplied to the input / output I / F 120 does not include EMI or information (copy control information) indicating a copy control state like EMI, the digital content can be copied later. Is determined to be the correct one.

For example, when digital content supplied to the input / output I / F 120 includes EMI,
Therefore, when the EMI is recorded in accordance with the DTCP standard at the time of recording the content, if the EMI (recorded EMI) is Copy-freely, the digital content is copied later. It is determined that it is possible. Also, EMI is No-more-
When the content is a copy, it is determined that the content cannot be copied later.

In general, the recorded EMI is
There is no copy-one-generation or copy-never. C
opy-one-generation EMI recorded No-more-copies
This is because digital content that has been converted to EMI and has Copy-never EMI is not recorded on the recording medium.
However, in the system, for example, "Copy-one-generat
The copy control information of the ion is recorded without being converted to No-more-copies, but is not limited to this rule when a rule such as "handle as No-more-copies" is determined.

If it is determined in step S3404 that the content can be copied later, the flow advances to step S3405, where the input / output I / F 120 outputs the digital content to the outside, and ends the reproduction process. I do.

If it is determined in step S3404 that the content cannot be copied later, the flow advances to step S3406 to execute input / output I / F 120
For example, according to the DTCP standard or the like, the digital content is output to the outside in such a manner that the digital content will not be copied later, and the reproduction process ends.

That is, for example, as described above, when the recorded EMI is No-more-copies (or in the system, for example, “Copy-one-generation copy control information is stored in No-more-copies. Record without conversion,
No-more-copies are handled, and the EMI recorded under that condition is Copy-one-gener
), the content is not allowed to be copied further.

For this reason, the input / output I / F 120 has the DTC
In accordance with the P standard, mutual authentication is performed with the partner device, and when the partner is a legitimate device (here, DTC
If the device complies with the P standard), the digital content is encrypted and output to the outside.

Next, when the content recorded on the recording medium is reproduced and output to the outside as analog content, a reproduction process according to the flowchart of FIG. 34B is performed. The processing in FIG. 34B will be described. In steps S3411 to S3415, processing similar to the processing in steps S421 to S425 in FIG. 4B is performed. That is, reading of the encrypted content, decryption processing, TS processing, MPEG decoding, and D / A conversion are performed. The analog content thus obtained is received by the input / output I / F 140.

The input / output I / F 140 determines in step S341
At 6, it is determined whether the content supplied thereto can be copied later. That is, for example, when the copy control information is not recorded together with the content, it is determined that the content can be copied later.

When recording content, for example, DT
When EMI or copy control information is recorded according to the CP standard, and when the EMI or copy control information is Copy-freely, it is determined that the analog content can be copied later. .

When EMI or copy control information is No.
-more-copies, or in the system, for example, "Copy-one-generation copy control information is N
Record without converting to o-more-copies, but no-more-copies
EMI or copy control information recorded under that condition
If the content is ne-generation, it is determined that the content cannot be copied later.

Further, for example, when the CGMS-A signal is included in the analog content supplied to the input / output I / F 140, and when the CGMS-A signal is recorded together with the content at the time of recording the content,
When the CGMS-A signal is Copy-freely, it is determined that the analog content can be copied later. In addition, the CGMS-A signal is a Copy-nev
If it is er, it is determined that the analog content is not copyable later.

If it is determined in step S3416 that the analog content can be copied later,
Proceeding to step S3417, the input / output I / F 140 outputs the analog signal supplied thereto to the outside as it is, and ends the reproduction process.

If it is determined in step S3416 that the analog content cannot be copied later, the flow advances to step S3418 to execute input / output I / F 140
Outputs the analog content to the outside in such a manner that the analog content will not be copied later, and ends the reproduction process.

That is, for example, as described above, when the recorded copy control information such as EMI is No-more-copies (or in the system, for example, “Copy-one-g
Eneration copy control information is recorded without conversion to No-more-copies, but it is treated as No-more-copies. "
If the copy control information such as I is Copy-one-generation), further copying of the content is not allowed.

For this reason, the input / output I / F 140 outputs the analog content to the outside, for example, by adding a macrovision signal or a GCMS-A signal representing Copy-never to the analog content. Also, for example, the recorded CGMS-A
Even if the signal is copy-never, no further copying of the content is allowed. Therefore, the input / output I / F
No. 4 changes the CGMS-A signal to Copy-never and outputs it together with the analog content to the outside.

As described above, by recording and reproducing the content while controlling the copy of the content,
It is possible to prevent a copy (illegal copy) out of the range permitted for the content from being made.

[Configuration of Data Processing Means] The above-described series of processing can be performed not only by hardware but also by software. That is, for example, the encryption processing unit 150 can be configured as an encryption / decryption LSI, but can also be configured to execute a program by a general-purpose computer or a one-chip microcomputer. . Similarly, the TS processing means 300 can execute the processing by software. When a series of processing is performed by software, a program constituting the software is installed in a general-purpose computer, a one-chip microcomputer, or the like. FIG. 35 illustrates a configuration example of an embodiment of a computer on which a program for executing the above-described series of processes is installed.

The program is stored in a hard disk 3505 or a ROM as a recording medium built in the computer.
3503 can be recorded in advance. Or,
Program is floppy (registered trademark) disk, CD-
ROM (Compact Disc Read Only Memory), MO (Magnet
o optical) Disc, DVD (Digital Versatile Dis)
c) It can be temporarily or permanently stored (recorded) in a removable recording medium 3510 such as a magnetic disk or a semiconductor memory. Such a removable recording medium 3510 can be provided as so-called package software.

The program can be installed in the computer from the removable recording medium 3510 as described above, can be wirelessly transferred from a download site to the computer via an artificial satellite for digital satellite broadcasting, or can be connected to a LAN (Local Area Network). ), Via a network such as the Internet, and by wire to a computer, the computer can receive the transferred program by the communication unit 3508 and install it on the built-in hard disk 3505.

The computer has a CPU (Central Process).
ing Unit) 3502. The CPU 3502 has an input / output interface 35 via a bus 3501.
11 is connected, and when a user inputs a command through the input / output interface 3510 by operating the input unit 3507 including a keyboard, a mouse, and the like, the CPU 3502 responds accordingly.
A program stored in a ROM (Read Only Memory) 3503 is executed.

Alternatively, the CPU 3502 may execute a program stored in the hard disk 3505, a program transferred from a satellite or a network, received by the communication unit 3508 and installed in the hard disk 3505, or a removable recording medium 3510 mounted in the drive 3509. The program read from the hard disk 3505 and installed on the hard disk 3505 is stored in the RAM (R
andom Access Memory) 3504 for execution.

As a result, the CPU 3502 performs the processing according to the above-described flowchart or the processing performed by the configuration of the above-described block diagram. And C
The PU 3502 transmits the processing result to the LCD (L) via the input / output interface 3511 as necessary.
Output from an output unit 3506 composed of a liquid crystal display (Iquid Crystal Display), a speaker, or the like, or transmission from a communication unit 3508, and further recording on a hard disk 3505.

Here, in this specification, processing steps for writing a program for causing a computer to perform various processes do not necessarily need to be processed in chronological order in the order described in the flowchart, and may be performed in parallel. Alternatively, it also includes processing executed individually (for example, parallel processing or processing by an object).

The program may be processed by one computer, or may be processed in a distributed manner by a plurality of computers. Further, the program may be transferred to a remote computer and executed.

In the present embodiment, the block for encrypting / decrypting the content has been mainly described as an example in which the block is configured by a one-chip encryption / decryption LSI, but the block for encrypting / decrypting the content is described. Can be realized as, for example, one software module executed by the CPU 170 shown in FIGS. 1 and 2. Similarly, the processing of the TS processing unit 300 can be realized as one software module executed by the CPU 170.

The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.

[0294]

According to the information recording / reproducing apparatus and method of the present invention, in a recording / reproducing apparatus for recording data, an encryption process in a setting with a restricted reproduction device and an encryption in a setting without a restricted reproduction device. Processing can be selectively executed.

According to the information recording / reproducing apparatus and method of the present invention, when recording data, if the data can be reproduced only by the device (reproduction device is restricted), the device unique key (device unique key) is used. The encryption key is applied to the data encryption key, and if not (the playback device is not restricted), the device identification information (device ID) is applied to the encryption key of the data for encryption. Furthermore, since the device identification information of the recorded device and the information (reproduction device restriction flag) indicating in which mode the reproduction device was restricted or not was recorded on the recording medium, the data During playback, if the playback device is restricted, only the recording device that knows the device unique key can decrypt the data.If the playback device is not restricted, any device uses the device identification information of the recording device. To decrypt the data.

Also, since a block key for encrypting block data is generated using ATS configured as random data according to the arrival time of each packet, a unique key different for each block is generated. Can be generated, the encryption key can be changed for each block,
Strength against cryptanalysis can be increased. Also, A
With the configuration in which the block key is generated using the TS, an area on the recording medium for storing the encryption key for each block is not required, and the main data area can be used effectively. Furthermore, there is no need to access data other than the main data part when recording and reproducing data,
Processing becomes efficient.

[Brief description of the drawings]

FIG. 1 is a configuration example of an information recording / reproducing apparatus of the present invention (part 1).
FIG.

FIG. 2 is a configuration example (part 2) of the information recording / reproducing apparatus of the present invention.
FIG.

FIG. 3 is a diagram showing a data recording processing flow of the information recording / reproducing apparatus of the present invention.

FIG. 4 is a diagram showing a data reproducing process flow of the information recording / reproducing apparatus of the present invention.

FIG. 5 is a diagram illustrating a data format processed in the information recording / reproducing apparatus of the present invention.

FIG. 6 is a block diagram showing a configuration of a transport stream (TS) processing means in the information recording / reproducing apparatus of the present invention.

FIG. 7 is a diagram illustrating a configuration of a transport stream processed in the information recording / reproducing device of the present invention.

FIG. 8 is a block diagram showing a configuration of a transport stream (TS) processing means in the information recording / reproducing apparatus of the present invention.

FIG. 9 is a block diagram showing a configuration of a transport stream (TS) processing means in the information recording / reproducing apparatus of the present invention.

FIG. 10 is a diagram showing a configuration example of block data as additional information of block data processed in the information recording / reproducing apparatus of the present invention.

FIG. 11 is a block diagram (part 1) illustrating an encryption process at the time of data recording in a system requiring data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 12 is a block diagram (part 2) for explaining the encryption processing at the time of data recording processing in a system requiring data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 13 is a flowchart illustrating an encryption process during a data recording process in a system requiring data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 14 is a diagram illustrating a method for generating a block key in the information recording / reproducing apparatus of the present invention.

FIG. 15 is a block diagram illustrating a decoding process during a data reproduction process in a system requiring data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 16 is a flowchart illustrating a decoding process in a data reproduction process in a system requiring data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 17 is a block diagram illustrating encryption processing during data recording processing in a system that does not require data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 18 is a flowchart illustrating an encryption process in a data recording process in a system in which data compatibility is not required in the information recording / reproducing apparatus of the present invention.

FIG. 19 is a block diagram illustrating an example (part 1) of a device unique key generation process in a system in which data compatibility is not required in the information recording / reproducing apparatus of the present invention.

FIG. 20 is a block diagram illustrating an example (part 2) of a device-specific key generation process in a system that does not require data compatibility in the information recording / reproducing apparatus of the present invention.

FIG. 21 is a block diagram illustrating a decoding process during a data reproduction process in a system in which data compatibility is not required in the information recording / reproducing apparatus of the present invention.

FIG. 22 is a flowchart illustrating a decoding process in a data reproduction process in a system in which data compatibility is not required in the information recording / reproducing device of the present invention.

FIG. 23 is a block diagram (part 1) for explaining the encryption processing at the time of data recording processing in a system capable of restricting reproduction equipment in the information recording / reproducing apparatus of the present invention.

FIG. 24 is a block diagram (part 2) for explaining the encryption processing at the time of data recording processing in a system capable of restricting reproduction equipment in the information recording / reproducing apparatus of the present invention.

FIG. 25 is a flowchart illustrating data recording processing in a system capable of restricting reproduction devices in the information recording / reproduction device of the present invention.

FIG. 26 is a diagram illustrating an example of generating a disc unique key in the information recording / reproducing apparatus of the present invention.

FIG. 27 is a diagram showing a flow of processing for generating a title-specific key in a system capable of restricting playback devices in the information recording / playback apparatus of the present invention.

FIG. 28 is a diagram showing an example of a process of generating a title unique key at the time of data recording in a system capable of restricting playback devices in the information recording / playback apparatus of the present invention.

FIG. 29 is a block diagram illustrating decoding processing during data reproduction processing in a system capable of restricting reproduction equipment in the information recording / reproducing apparatus of the present invention.

FIG. 30 is a flowchart illustrating a data reproduction process in a system capable of restricting reproduction devices in the information recording / reproducing apparatus of the present invention.

FIG. 31 is a flowchart showing details of a reproducibility control determining process in a data reproducing process in a system capable of restricting a reproducing device in the information recording / reproducing apparatus of the present invention.

FIG. 32 is a diagram showing a flow of a process of generating a title-specific key at the time of data heyday in a system capable of restricting playback devices in the information recording and playback apparatus of the present invention.

FIG. 33 is a flowchart illustrating copy control processing during data recording processing in the information recording / reproducing apparatus of the present invention.

FIG. 34 is a flowchart illustrating copy control processing during data reproduction processing in the information recording / reproducing apparatus of the present invention.

FIG. 35 is a block diagram showing a configuration of a processing unit when executing data processing by software in the information recording / reproducing apparatus of the present invention.

[Explanation of symbols]

 Reference Signs List 100, 200 recording / reproducing device 110 bus 120 input / output I / F 130 MPEG codec 140 input / output I / F 141 A / D, D / A converter 150 encryption processing means 160 ROM 170 CPU 180 memory 190 drive 195 recording medium 210 recording medium I / F 300 TS processing means 600, 607 terminal 602 Bit stream parser 603 PLL 604 time stamp generation circuit 605 block seed addition circuit 606 smoothing buffer 800, 806 terminal 801 block seed separation circuit 802 output control circuit 803 comparator 804 timing generation circuit 805 27 MHz clock 901, 904, 913 terminal 902 MPEG video encoder 903 Video stream buffer 905 MPEG audio encoder 906 Audio stream buffer 908 Multiplexing scheduler 909 Transport packet encoder 910 Arrival time stamp calculating means 911 Block seed adding circuit 912 Smoothing buffer 976 Switch 3501 Bus 3502 CPU 3503 ROM 3504 RAM 3505 Hard disk 3506 Output unit 3507 Input unit 3508 Communication unit 3509 Drive 3510 Removable recording medium 3511 Input / output interface

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 5/92 H04N 5/92 H

Claims (42)

[Claims] 1. An information recording apparatus for recording information on a recording medium, comprising: an encryption processing means for executing encryption processing of data stored in the recording medium, wherein the encryption processing means includes: A first data stored on the recording medium based on the first encryption key generation data;
Performing an encryption process on the stored data based on the first encryption key by generating an encryption key,
A data encryption process for storing the first encryption key generation data in the recording medium without restriction on a playback device; and a second encryption key generation data built in the information recording apparatus. Second of stored data
And a data encryption process with a playback device restriction for generating an encryption key and executing an encryption process based on the second encryption key for the stored data. Characteristic information recording device. 2. The device according to claim 1, wherein the first data for generating an encryption key is a device ID which is an identifier of an information recording device, and the second data for generating an encryption key is a device which is a unique key of the information recording device. The information recording device according to claim 1, wherein the information recording device is a unique key. 3. The encryption processing means, wherein in the encryption processing without restriction on the reproduction device, a master key stored in an information recording device, a disk ID that is a recording medium identifier unique to a recording medium, and a recording medium recorded on the recording medium. Generating a title-specific key based on a data-specific title key to be performed and a device ID that is an identifier of the information recording apparatus; generating the first encryption key based on the title-specific key; In the encryption processing with device limitation, a master key stored in the information recording device, a disk ID as a recording medium identifier unique to the recording medium, a title key unique to data to be recorded on the recording medium, A title unique key is generated based on a device unique key that is a unique key, and the second encryption key is generated based on the title unique key. An apparatus according to claim 1, characterized in that the structure to be generated. 4. The information recording apparatus according to claim 1, wherein a flag indicating whether the encryption processing executed by the encryption processing means is the data encryption processing without restriction on the reproduction device or the data encryption processing with restriction on the reproduction device. 2. The information recording apparatus according to claim 1, wherein the information recording apparatus is configured to record the data on the recording medium in correspondence with data stored in the recording medium. 5. The encryption processing means comprises: a disk ID which is a recording medium identifier unique to a recording medium;
2. The information recording apparatus according to claim 1, wherein the information recording apparatus is configured to execute a process of generating a title key unique to data to be recorded on the recording medium and storing the title key in the recording medium. 6. The information recording apparatus further comprises receiving time information (A) in each packet constituting a transport stream composed of intermittent transport packets.
TS), and a transport stream processing unit that adds a transport stream (TS), wherein the encryption processing unit generates a block key as an encryption key for block data including one or more packets to which the reception time information (ATS) is added. In the data encryption process without restriction on the playback device, the data encryption process includes the first encryption key generation data and a block seed that is additional information unique to block data including the reception time information (ATS). A first block key as a first encryption key is generated based on the data. In the data encryption process with the playback device restriction, the second encryption key generation data and the reception time information (ATS ) As a second encryption key based on data including a block seed which is additional information unique to block data including An apparatus according to claim 1, characterized in that it has a configuration for generating a Kkuki. 7. A block seed as additional information specific to block data including reception time information (ATS) added to a first transport packet of a plurality of transport packets constituting the block data. 7. The information recording apparatus according to claim 6, wherein a block key for encrypting the block data is generated based on the block data. 8. The information recording apparatus according to claim 6, wherein the block seed is data including copy control information in addition to the reception time information (ATS). 9. An information recording apparatus according to claim 1, wherein said encryption processing means is configured to execute encryption processing of data stored in said recording medium in accordance with a DES algorithm. 10. The information recording apparatus has interface means for receiving information to be recorded on a recording medium, the interface means comprising a copy added to each packet included in a transport stream constituting data. 2. The information recording apparatus according to claim 1, wherein the information recording apparatus has a configuration for identifying control information and controlling whether to execute recording on a recording medium based on the copy control information. 11. The information recording apparatus has interface means for receiving information to be recorded on a recording medium, the interface means comprising a 2-bit EMI (Encryption) as copy control information for controlling copying. Mo
2. The information recording apparatus according to claim 1, wherein the information recording apparatus has a configuration for identifying whether or not to execute recording on a recording medium based on the EMI. 12. An information reproducing apparatus for reproducing information stored on a recording medium, comprising: a cryptographic processing unit for executing a decryption process of encrypted data stored on the recording medium; Generating a first decryption key for the encrypted data stored on the recording medium based on the first decryption key generation data stored in the storage medium, and performing a decryption process based on the first decryption key on the encrypted data. A data decryption process without restriction on the playback device to be executed, and a second decryption key for the encrypted data stored in the recording medium based on the second decryption key generation data built in the information recording device. And a data decryption process with a playback device restriction for performing a decryption process based on the second decryption key on the encrypted data. Apparatus. 13. The first decryption key generation data is a device ID that is an identifier of an information recording apparatus that has recorded encrypted data stored in a recording medium. The second decryption key generation data is 13. A device unique key, which is a unique key of an information recording apparatus that records encrypted data stored in a recording medium.
An information reproducing apparatus according to claim 1. 14. The encryption processing means, in the decryption processing without restriction on the reproduction device, acquires a master key stored in an information recording device, and obtains, from a recording medium, a disk ID which is a recording medium identifier unique to the recording medium. And a title key unique to the data to be decrypted, and a device ID that is an identifier of the information recording device that has recorded the encrypted data, and a device ID that is the identifier of the information recording device. The master key, the disc ID, the title key, A title unique key is generated based on the device ID, the first decryption key is generated based on the title unique key, and the master key stored in the information recording device is used in the decryption processing with the playback device restriction. And a device unique key that is a unique key of the information recording device stored in the information recording device. Then, a disc ID, which is a recording medium identifier unique to the recording medium, and a title key unique to the data to be decoded are obtained from the recording medium, and the title is obtained based on the master key, the disc ID, the title key, and the device unique key. Generate a unique key,
13. The information reproducing apparatus according to claim 12, wherein the second decryption key is generated based on the title unique key. 15. The information reproducing apparatus according to claim 1, wherein a flag indicating whether the encrypted data stored in the recording medium is the encrypted data without the restriction on the reproduction device or the encrypted data with the restriction on the reproduction device is recorded on the recording medium. 13. The information reproducing apparatus according to claim 12, wherein the information reproducing apparatus has a configuration for determining whether reproduction processing is possible or not. 16. The information reproducing apparatus executes data output control based on reception time information (ATS) added to each of a plurality of transport packets constituting the block data decrypted by the encryption processing means. A transport stream processing unit, wherein the encryption processing unit has a configuration to generate a block key as a decryption key for block data composed of one or more packets to which the reception time information (ATS) is added; In the data decryption processing without restriction on the playback device, the first decryption key generation data and the reception time information (A
TS), and generates a first block key as a first decryption key based on data including a block seed which is additional information specific to block data including the TS. Second decryption key generation data and the reception time information (A
13. The apparatus according to claim 12, wherein a second block key as a second decryption key is generated based on data including a block seed which is additional information unique to block data including (TS). Information playback device. 17. The system according to claim 17, wherein said encryption processing means comprises: a block seed, which is additional information unique to block data including reception time information (ATS) added to a leading transport packet of the plurality of transport packets constituting the block data. 17. The information reproducing apparatus according to claim 16, wherein a block key for decryption processing on the block data is generated based on the information. 18. The information reproducing apparatus according to claim 16, wherein the block seed is data including copy control information in addition to the reception time information (ATS). 19. The encryption processing means according to claim 1, wherein the decryption processing of the encryption data stored in the storage medium is performed by a DE.
13. The information reproducing apparatus according to claim 12, wherein the information reproducing apparatus is configured to execute according to an S algorithm. 20. An information reproducing apparatus, comprising: interface means for receiving information to be recorded on a recording medium, wherein the interface means includes a copy added to each packet included in a transport stream constituting data. 13. The information reproducing apparatus according to claim 12, wherein the information reproducing apparatus has a configuration for identifying control information and controlling whether or not reproduction from a recording medium can be executed based on the copy control information. 21. The information reproducing apparatus has interface means for receiving information to be recorded on a recording medium, the interface means comprising a 2-bit EMI (Encryption) as copy control information for controlling copying. Mo
13. The information reproducing apparatus according to claim 12, wherein the information reproducing apparatus has a configuration for identifying whether or not reproduction from a recording medium is to be performed based on the EMI. 22. An information recording method for recording information on a recording medium, comprising: generating a first encryption key of data stored in the recording medium based on first encryption key generation data built in the information recording apparatus. And performing encryption processing based on the first encryption key on the stored data, and storing the first encryption key generation data on the recording medium without data limitation on a playback device. Based on the second encryption key generation data built in the information recording device,
A data encryption process with a playback device restriction for generating an encryption key and executing an encryption process based on the second encryption key on the stored data, and an encryption process step for selectively executing An information recording method, characterized in that: 23. In the encryption processing step, the first encryption key generation data is a device ID that is an identifier of an information recording device, and the second encryption key generation data is an information recording device. 23. The information recording method according to claim 22, wherein the information recording device is a device unique key. 24. In the encryption processing step, in the encryption processing without restriction on a playback device, a master key stored in an information recording device, a disk ID that is a recording medium identifier unique to a recording medium, and a recording medium recorded on the recording medium. Generating a title-specific key based on a data-specific title key to be performed and a device ID that is an identifier of the information recording apparatus; generating the first encryption key based on the title-specific key; In the encryption processing with device limitation, a master key stored in an information recording device, a disk ID which is a recording medium identifier unique to a recording medium, a title key unique to data to be recorded on the recording medium, A title unique key is generated based on a device unique key that is a unique key, and the second encryption is performed based on the title unique key. The information recording method according to claim 22, characterized in that to generate the over. 25. The information recording method, further comprising: storing a flag indicating whether the encryption process is the data encryption process without the restriction on the reproduction device or the data encryption process with the restriction on the reproduction device in the recording medium. 23. The information recording method according to claim 22, wherein the information is recorded on the recording medium in correspondence with data. 26. In the encryption processing step, a disk ID which is a recording medium identifier unique to the recording medium;
23. The information recording method according to claim 22, further comprising: executing a process of generating a title key unique to data to be recorded on the recording medium and storing the title key in the recording medium. 27. The information recording method, further comprising: receiving time information (A) in each packet constituting a transport stream composed of intermittent transport packets.
TS), which includes a transport stream processing step of adding a transport stream (TS), and the encryption processing step generates a block key as an encryption key for block data composed of one or more packets to which the reception time information (ATS) is added. In the data encryption process without restriction on the playback device, the first
Key generation data and the reception time information (AT
Generating a first block key as a first encryption key based on data including a block seed which is additional information unique to the block data including S); Second
Key generation data and the reception time information (AT
23. The information recording according to claim 22, wherein a second block key as a second encryption key is generated based on data including a block seed which is additional information unique to block data including S). Method. 28. The cryptographic processing step, wherein the block seed is additional information unique to block data including reception time information (ATS) added to the first transport packet of a plurality of transport packets constituting the block data. 28. The information recording method according to claim 27, further comprising the step of generating a block key for encryption processing on the block data based on the information. 29. The encryption processing step according to claim 2, wherein encryption processing of data stored in the recording medium is performed according to a DES algorithm.
2. The information recording method according to item 2. 30. The information recording method further comprises identifying copy control information added to each packet included in a transport stream constituting data, and determining whether to execute recording on a recording medium based on the copy control information. 23. The information recording method according to claim 22, further comprising a copy control step for controlling the information recording. 31. The information recording method further comprises identifying 2-bit EMI (Encryption Mode Indicator) as copy control information for controlling copying, and determining whether or not to execute recording on a recording medium based on the EMI. 23. The information recording method according to claim 22, further comprising a copy control step for controlling. 32. An information reproducing method for reproducing information stored in a recording medium, comprising: a decryption processing step of performing a decryption processing of encrypted data stored in the recording medium; Generating a first decryption key for the encrypted data stored on the recording medium based on the first decryption key generation data stored in the storage medium, and performing a decryption process based on the first decryption key on the encrypted data. A data decryption process without restriction on the playback device to be executed, and a second decryption key for the encrypted data stored in the recording medium based on the second decryption key generation data built in the information recording device. And a data decryption process with a playback device restriction for performing a decryption process based on the second decryption key with respect to the encrypted data. . 33. In the decryption processing step, the first decryption key generation data is a device ID that is an identifier of an information recording device that has recorded encrypted data stored in a recording medium, and the second decryption key 33. The key generation data according to claim 32, wherein the key generation data is a device unique key that is a unique key of the information recording apparatus that records the encrypted data stored in the recording medium.
Information reproduction method described in 1. 34. In the decryption processing step, in the decryption processing without restriction on a playback device, a master key stored in an information recording device is obtained, and a disc ID, which is a recording medium identifier unique to the recording medium, is obtained from the recording medium. And a title key unique to the data to be decrypted, and a device ID that is an identifier of the information recording device that has recorded the encrypted data, and a device ID that is the identifier of the information recording device. The master key, the disc ID, the title key, A title unique key is generated based on the device ID, the first decryption key is generated based on the title unique key, and the master key stored in the information recording device is used in the decryption processing with the playback device restriction. And obtaining a device unique key that is a unique key of the information recording device stored in the information recording device. First, a disc ID, which is a recording medium identifier unique to the recording medium, and a title key unique to the data to be decrypted are obtained from the recording medium, and based on the master key, the disc ID, the title key, and the device unique key. Generate a title-specific key,
33. The information reproducing method according to claim 32, wherein the second decryption key is generated based on the title unique key. 35. The information reproducing method, further comprising the step of setting a flag indicating whether the encrypted data stored in the recording medium is the encrypted data without the restriction on the reproduction device or the encrypted data with the restriction on the reproduction device. 33. The information reproducing method according to claim 32, further comprising a step of determining from a recording medium whether or not reproduction processing is possible. 36. The information reproducing method, further comprising: controlling data output based on reception time information (ATS) added to each of a plurality of transport packets constituting the block data decoded in the decoding processing step. A transport stream processing unit to be executed; and the decryption processing step includes a step of generating a block key as a decryption key for block data including one or more packets to which the reception time information (ATS) is added. In the data decryption processing without restriction on the playback device, the first decryption key generation data and the reception time information (A
TS), and generates a first block key as a first decryption key based on data including a block seed which is additional information specific to block data including the TS. Second decryption key generation data and the reception time information (A
33. The information reproducing method according to claim 32, wherein a second block key as a second decryption key is generated based on data including a block seed, which is additional information unique to block data including (TS). . 37. The decoding step, wherein the block seed is additional information specific to block data including reception time information (ATS) added to the first transport packet of the plurality of transport packets constituting the block data. 37. The information reproducing method according to claim 36, further comprising a step of generating a block key for decryption processing on the block data based on the information. 38. The decrypting step comprises: decrypting the encrypted data stored in the recording medium by DE.
33. The information reproducing method according to claim 32, wherein the information reproducing method is configured to execute according to the S algorithm. 39. An information reproducing method comprising the steps of: identifying copy control information added to each packet included in a transport stream constituting data, and determining whether reproduction from a recording medium can be executed based on the copy control information. The information reproducing method according to claim 32, wherein the method is controlled. 40. An information reproducing method comprising the steps of: identifying a 2-bit EMI (Encryption Mode Indicator) as copy control information added to each packet included in a transport stream constituting data, based on the EMI; 33. The information reproducing method according to claim 32, wherein whether to execute reproduction from a recording medium is controlled. 41. A program providing medium for providing a computer program for causing an information recording process for recording information on a recording medium to be executed on a computer system, wherein the computer program is a first program incorporated in an information recording apparatus. A first encryption key of data stored on the recording medium is generated based on the encryption key generation data, and an encryption process based on the first encryption key is performed on the stored data. A data encryption process for storing the first encryption key generation data in the recording medium without restriction on a playback device; and a second encryption key generation data built in the information recording apparatus. Second of stored data
A data encryption process with a playback device restriction for generating an encryption key and executing an encryption process based on the second encryption key on the stored data; and an encryption process step for selectively executing A program providing medium characterized by being executed. 42. A program providing medium for providing a computer program for causing a computer system to execute an information reproducing process for reproducing information stored in a recording medium, wherein the computer program is stored in the recording medium. Decrypting the encrypted data stored in the recording medium based on the first decryption key generation data stored in the recording medium. A data decryption process without restriction on a reproduction device for generating a first decryption key and performing a decryption process based on the first decryption key on the encrypted data; and a second decryption key built in the information recording device. A second decryption key for the encrypted data stored in the recording medium is generated based on the generation data, and a second decryption key is generated based on the second decryption key. And a data decryption process with a playback device restriction for performing the decryption process on the encrypted data.