JP2002026890A - Data recording apparatus, and data reproducing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data recording apparatus and a data reproducing device that can protect encrypted contents data by excluding external intrusions and to provide a terminal employing them. SOLUTION: A memory card 110 is provided with a key generating module 1432, an encryption section 1434 and a memory 1415. The key generating module 1432 generates a couple of a private encryption key and a public decoding key on the basis of information received from a portable telephone set onto which the memory card 110 is loaded. The memory 1415 stores the private encryption key and the open decoding key is transmitted to the data reproducing device and stored therein. In the case of reproducing encrypted contents data, the encryption section 1434 transmits a contents key encrypted by the private encryption key to the portable telephone set on the basis of the private encryption key read from the memory 1415 and the contents key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data recording apparatus and a data reproducing apparatus capable of protecting content data distributed by a data distribution system capable of protecting copyright of copied information by preventing entry from outside. It is about.

[0002]

2. Description of the Related Art In recent years, with the progress of information communication networks such as the Internet, it has become possible for each user to easily access network information using a personal terminal using a cellular phone or the like.

In such an information communication network, information is transmitted by digital signals. Therefore, for example, even when music or video data transmitted in the information communication network described above is copied by each individual user, the data is copied with almost no deterioration in sound quality or image quality due to such copying. It is possible.

[0004] Therefore, in the case where a creation, such as music data or image data, for which a writer's right exists, is transmitted on such an information communication network, appropriate copyright protection measures must be taken. , The rights of the copyright holder may be significantly infringed.

On the other hand, giving priority to the purpose of copyright protection,
If it is not possible to distribute copyrighted work data through the rapidly expanding digital information communication network, basically, copyright owners who can collect a certain copyright fee when copying copyrighted work data It is rather disadvantageous.

Here, considering not a distribution via the digital information communication network as described above but a recording medium on which digital data is recorded as an example, a CD (compact disc) on which music data which is usually sold is recorded is considered. Regarding (2), music data can be freely copied from a CD to a magneto-optical disk (MD or the like) in principle as long as the copied music is stopped for personal use. However, an individual user who performs digital recording or the like indirectly pays a certain amount of the price of the digital recording device itself or a medium such as an MD as a deposit to the copyright holder.

Furthermore, when music data as a digital signal is copied from a CD to an MD, the music information is transferred from a recordable MD to another MD in consideration of the fact that the information is digital data with little copy deterioration. Copying as digital data is not possible due to copyright protection due to equipment configuration.

[0008] Even in such circumstances, distributing music data and image data to the public through a digital information communication network is itself an act limited by the public transmission right of the copyright holder. Sufficient measures need to be taken.

In this case, with respect to content data such as music data and image data which are copyrighted works transmitted to the public through the information communication network, it is possible to prevent content data once received from being copied without permission. Required.

[0010] Therefore, a distribution server that holds encrypted content data obtained by encrypting the content data is a data server that distributes the encrypted content data to a memory card mounted on a terminal device such as a mobile phone via the terminal device. A distribution system has been proposed. In this data distribution system, a public encryption key of a memory card and a certificate thereof, which have been authenticated by a certificate authority in advance, are transmitted to a distribution server at the time of a distribution request of encrypted content data. After confirming the reception, the encrypted content data and the license key for decrypting the encrypted content data are transmitted to the memory card.
When distributing the encrypted content data and the license key, the distribution server and the memory card generate a different session key for each distribution, and encrypt the public encryption key with the generated session key. The keys are exchanged between the memory cards.

[0011] Finally, the distribution server transmits the license encrypted with the public encryption key unique to each memory card and further encrypted with the session key, and the encrypted content data to the memory card. And
The memory card records the received license key and the encrypted content data on the memory card.

The memory card holds a secret decryption key that is asymmetric to the public encryption key. The secret decryption key is a key that can decrypt data encrypted with the public encryption key. The memory card transmits the secret decryption key to the mobile phone, and the mobile phone decrypts the encrypted license key with the received secret decryption key and decrypts the encrypted content data with the decrypted license key. To play.

In the data distribution system as described above, the distribution server charges for the distribution of the license key, and transmits the license key and the encrypted content data to the memory card in an encrypted state. Well protected. Further, even if the user of the mobile phone that has received the encrypted content data copies the encrypted content data to another person, the other person cannot obtain a license key for decrypting the encrypted content data.
The encrypted content data cannot be reproduced as it is.
In order for others to play back the encrypted content data, it is necessary to access the distribution server and pay a separate fee to purchase a license key. Therefore, while it is free for others to copy the received encrypted content data, others must purchase a new license key. I have.

[0014]

However, when exchanging data between a memory card and a portable telephone in order to reproduce the encrypted content data, a common key generated by the memory card and a portable key generated by the portable telephone are used. And a common key. Therefore, data cannot be exchanged using a key unique to the memory card and the mobile phone, and sufficient protection against external entry has not been provided.

SUMMARY OF THE INVENTION The present invention has been made to solve such a problem, and an object of the present invention is to provide a data recording apparatus and a data reproducing apparatus capable of protecting encrypted content data by preventing entry from outside. It is to provide.

[0016]

A data recording apparatus according to the present invention is connected to a bus and a bus.
An interface section for exchanging data with the outside;
A control unit connected to the bus, a key connected to the bus and configured to generate an encryption key and a decryption key for decrypting data encrypted by the encryption key based on information externally input according to an instruction from a user A generation module, a key holding unit connected to the bus and holding an encryption key, an encryption unit connected to the bus and encrypting with the encryption key held in the key holding unit, and an encryption unit connected to the bus and input from the outside And a memory for recording the obtained data, the control unit records the encryption key generated by the key generation module in the key holding unit, and outputs the decryption key to the outside via the front interface unit.

In the data recording apparatus according to the present invention, information is input by a user from a portable telephone equipped with a memory card, which is an example of the data recording apparatus.
Then, the control unit of the memory card inputs information from the mobile phone and inputs the information to the key generation module. Then, the key generation module generates an encryption key and a decryption key based on the input information. Then, the generated encryption key is stored in the key storage unit, and the decryption key is output to the outside via the interface unit.

Therefore, according to the present invention, the data recording device can generate the encryption key and the decryption key based on the information input from the terminal device attached. As a result, data can be exchanged between the data recording device and the terminal device while preventing entry from the outside.

Preferably, in response to an output request from a user, the control unit obtains the data from the memory and gives the data to the encryption unit, and in the encryption unit, transmits the data encrypted by the encryption key held in the key holding unit to the interface unit. Output to outside via.

When there is an output request from the user via the terminal device equipped with the data recording device, the control unit acquires data from the memory and inputs the data to the encryption unit. Then, the encryption unit encrypts the data using the encryption key. The control unit outputs the data encrypted by the encryption key to the outside. Then, the data reproducing device decrypts and reproduces the data encrypted with the encryption key using the decryption key.

Therefore, according to the present invention, data can be transmitted to the terminal device and reproduced using the encryption key and the decryption key generated based on the information input from the terminal device to which the data recording device is attached. . As a result, it is impossible to externally enter the data reproduction process, and the data can be sufficiently protected.

Preferably, at the time of data input, the control unit
The data encrypted by the encryption key in the encryption unit is recorded in the memory.

When data is input, the encryption unit encrypts the data with the encryption key read from the key holding unit. Then, the control unit records the data encrypted by the encryption key in the memory.

Therefore, according to the present invention, when reproducing the data recorded in the data recording device, the data cannot be easily accessed from the outside, and the data can be sufficiently protected.

Preferably, in response to an output request from a user, the control unit reads data encrypted by the encryption key from the memory and outputs the data to the outside via the interface unit.

When there is an output request from the user, the control section reads the encrypted data recorded in the memory and outputs it to the data reproducing apparatus. Then, in the data reproducing device, the encrypted data is decrypted by the decryption key and reproduced.

Therefore, according to the present invention, at the time of reproducing the encrypted data, it is sufficient to read out the encrypted data from the memory and transmit it to the data reproducing apparatus, and a quick reproducing operation can be realized.

Preferably, the control unit of the data recording device comprises:
An authentication unit authenticates an output destination of the data, and outputs the data when the output destination is authenticated by the authentication unit.

When reproducing data recorded in the data recording device, it is confirmed that the output destination of the data is a normal output destination, and then the data is output to the output destination.

Therefore, according to the present invention, data can be output only to a proper output destination, and sufficient protection can be provided for data recorded in a data recording device.

Further, the data recording device according to the present invention comprises:
A data recording device for recording encrypted data obtained by encrypting data and a license key which is a decryption key for decrypting the encrypted data to obtain the data. , A control unit connected to the bus, and a decryption unit that is connected to the bus and decrypts an encryption key based on information input from the outside according to an instruction from a user and data encrypted by the encryption key. A key generation module for generating a key; a key holding unit connected to the bus and holding an encryption key; an encryption unit connected to the bus and encrypting with the encryption key held in the key holding unit; A memory for recording the license key and the encryption data inputted from outside, and the control unit records the encryption key generated by the key generation module in the key holding unit. To the outside via the interface unit the decryption key.

In the data recording apparatus according to the present invention, information is input by a user's instruction from a portable telephone equipped with a memory card, which is an example of the data recording apparatus. Then, the control unit of the memory card inputs information from the mobile phone and inputs the information to the key generation module. Then, the key generation module generates an encryption key and a decryption key based on the input information. Then, the generated encryption key is stored in the key storage unit, and the decryption key is output to the outside via the interface unit. The memory stores the encrypted data and a license key for decrypting the encrypted data.

Therefore, according to the present invention, the data recording device can generate an encryption key and a decryption key based on information input from the terminal device to which the data recording device is attached. As a result, encrypted data can be exchanged between the data recording device and the terminal device while preventing entry from outside.

Preferably, in response to an output request from the user, the control unit acquires the license key from the memory and gives the license key to the encryption unit, and the license key and the license key encrypted by the encryption key held in the key holding unit in the encryption unit. The encrypted data obtained from the memory is output to the outside via the interface unit.

When there is an output request from the user via the terminal device to which the data recording device is attached, the control unit acquires a license key from the memory and inputs the license key to the encryption unit. Then, the encryption unit encrypts the license key with the encryption key. The control unit outputs the license key encrypted with the encryption key to the outside. Then, the data reproducing device,
The license key encrypted with the encryption key is decrypted with the decryption key, and the decrypted license key is used to decrypt and reproduce the encrypted data.

Therefore, according to the present invention, the license key is encrypted using the encryption key and the decryption key generated based on the information input from the terminal device to which the data recording device is attached, and the encrypted license key is encrypted. The license key transmitted to the terminal device can be reproduced. As a result, it is impossible to enter the process of reproducing the encrypted data from the outside, and the data can be sufficiently protected.

[0037] Preferably, when the license key is input via the interface unit, the control unit records the license key encrypted by the encryption unit in the encryption unit in the memory.

When a license key is input, the encryption unit encrypts data with the encryption key read from the key holding unit. Then, the control unit records the license key encrypted with the encryption key in the memory.

Therefore, according to the present invention, the license key input from the outside can be encrypted using the encryption key generated in the data recording device. As a result, the license key used in the process of reproducing the encrypted data can be transmitted to the data reproducing apparatus while preventing entry from the outside, and the encrypted data can be sufficiently protected.

Preferably, in response to an output request from the user, the control section reads the encrypted data and the license key encrypted by the encryption key from the memory, and outputs them to the outside via the interface section.

When a user makes an output request, the control unit reads out the encrypted data recorded in the memory and the license key encrypted by the encryption key generated in the data recording device, and outputs the license key to the outside. And, for example,
In the data reproducing device, the encrypted license key is decrypted by the decryption key, and the encrypted data is decrypted by the decrypted license key to reproduce the data.

Therefore, according to the present invention, when reproducing the encrypted data, the encrypted license key and the encrypted data need only be read from the memory and transmitted to the data reproducing apparatus, thereby realizing a quick reproducing operation. it can.

Preferably, the control unit of the data recording device comprises:
An authentication unit for authenticating the output destination of the license key is provided, and the license key is output when the output unit is authenticated by the authentication unit.

When reproducing the encrypted data recorded in the data recording device, it is confirmed that the output destination of the encrypted data is a proper output destination, and then the encrypted data is output to the output destination.

Therefore, according to the present invention, the encrypted data can be output only to the authorized output destination, and the encrypted data recorded in the data recording device can be sufficiently protected.

Preferably, the encryption key is asymmetric with the decryption key. The data recording device generates an asymmetric encryption key and a decryption key based on the input information.

Therefore, the encryption key can be handled as a secret key and the decryption key can be handled as a public key. As a result, only the decryption key needs to be transmitted to the reproducing apparatus and held, and at the time of reproduction, the data encrypted by the encryption key needs to be transmitted to the reproducing apparatus, and the data can be sufficiently protected.

Further, the data reproducing apparatus according to the present invention
Data reproduction for recording data, generating a pair of encryption key and decryption key by external input, and reproducing data from a data recording device for outputting the data encrypted with the encryption key and the decryption key to the outside A device, a bus, an input unit connected to the bus, for inputting information by a user, a control unit connected to the bus, and an interface unit connected to the bus and exchanging data with the data recording device; A key memory connected to the bus and holding a decryption key generated in the data recording device; and a key memory connected to the bus and encrypted by the encryption key input from the data recording device, using the decryption key from the key memory. A decoding unit for decoding, the control unit outputs information input by the user from the input unit to the data recording device via the interface unit, the data recording device Of the pair of the encryption key and the decryption key generated based on the information, and inputs the key memory to obtain the decryption key via the interface unit.

In the data reproducing apparatus according to the present invention, when information is input by the user, the input information is transmitted to the data recording apparatus, and the data recording apparatus transmits a pair of encryption key and decryption key based on the information. Is generated. Then, the data reproducing device receives the generated decryption key from the data recording device, and stores it in the key memory.

Therefore, according to the present invention, the data reproducing apparatus can hold the decryption key generated based on the input information. As a result, at the time of data reproduction, only data encrypted by the encryption key needs to be received from the data recording device, and data can be exchanged with the data recording device while preventing intrusion from the outside.

Also, the data reproducing apparatus according to the present invention
Data reproduction for recording data, generating a pair of encryption key and decryption key by external input, and reproducing data from a data recording device for outputting the data encrypted with the encryption key and the decryption key to the outside A device, a bus, an input unit connected to the bus, for inputting an instruction by a user, a control unit connected to the bus, and an interface unit connected to the bus and exchanging data with the data recording device; A key memory connected to the bus and holding a decryption key generated in the data recording device; and a key memory connected to the bus and encrypted by the encryption key input from the data recording device, using the decryption key from the key memory. The control unit holds the device ID and outputs the device ID to the data recording device via the interface unit in accordance with a user instruction from the input unit. And, the data recording apparatus of the pair of the encryption key and the decryption key generated based on the device ID, and input to the key memory to obtain the decryption key via the interface unit.

In the data reproducing device according to the present invention, the device ID of the data reproducing device is transmitted to the data recording device, and the data recording device generates a pair of encryption key and decryption key based on the device ID. Then, the data reproducing device receives the generated decryption key from the data recording device, and stores it in the key memory.

Therefore, according to the present invention, a pair of encryption key and decryption key can be generated based on information unique to the data reproducing apparatus.

In reproducing data, the data reproducing device only needs to receive the data encrypted by the encryption key from the data recording device. Can interact.

Preferably, the control section of the data reproducing apparatus comprises:
The data received from the data supply device via the mobile phone or the simple mobile phone network is recorded in the memory, the telephone number is held, and the telephone number is transmitted to the data recording device via the interface unit according to a user instruction from the input unit. The decryption key is output from the pair of the encryption key and the decryption key generated based on the telephone number by the data recording device via the interface unit and input to the key memory.

The control section of the data reproducing apparatus transmits the stored telephone number to the data recording apparatus according to an instruction from the user. Then, the data recording device generates a pair of an encryption key and a decryption key based on the transmitted telephone number. Then, the data reproducing device receives the generated decryption key from the data recording device, and stores it in the key memory.

Therefore, according to the present invention, a pair of encryption key and decryption key can be generated based on information unique to the data reproducing apparatus.

Further, according to the present invention, the data reproducing apparatus need only receive the data encrypted by the encryption key from the data recording apparatus at the time of reproducing the data. Data can be exchanged between them.

Further, the data reproducing apparatus according to the present invention
The encrypted data obtained by encrypting the data and a license key which is a decryption key for decrypting the encrypted data to obtain the data are recorded, and a pair of an encryption key and a decryption key are generated by an external input, A data reproducing device that reproduces data from a data recording device that outputs a license key encrypted by an encryption key and a decryption key to the outside, comprising: a bus;
An input unit connected to the bus for inputting information by a user, a control unit connected to the bus, and an interface unit connected to the bus and exchanging data with the data recording device;
A key memory connected to the bus and holding a decryption key generated in the data recording device; and a license key connected to the bus and encrypted by the encryption key input from the data recording device, and a decryption key from the key memory. A second decryption unit connected to the bus and decrypting the encrypted data input from the data recording device with the license key decrypted by the first decryption unit; A reproduction unit that reproduces the data decoded by the decoding unit. The control unit outputs information input by the user from the input unit to the data recording device via the interface unit, and the data recording device outputs the information based on the information. Of the pair of encryption keys and decryption keys generated in this way, the decryption key is obtained via the interface unit and input to the key memory.

A data reproducing apparatus according to the present invention transmits input information to a data recording apparatus, receives a decryption key generated based on the transmitted information from the data recording apparatus, and stores the decryption key in a key memory. I do. When playing back the encrypted data, the data playback device receives the license key encrypted with the encryption key and the encrypted data from the data recording device, and decrypts the encrypted license key with the decryption key. The encrypted data is decrypted using the decrypted license key to reproduce the data.

Therefore, according to the present invention, the data reproducing apparatus only needs to receive the encrypted data and the license key encrypted by the encryption key from the data recording apparatus at the time of reproducing the data. In this way, data can be exchanged with the data recording device.

The data reproducing apparatus according to the present invention records encrypted data obtained by encrypting data and a license key which is a decryption key for decrypting the encrypted data to obtain the data. A data reproducing device that generates an encryption key and a decryption key, and reproduces data from a data recording device that outputs a license key encrypted by the encryption key and a decryption key to an external device. An input unit connected to the user for inputting an instruction, a control unit connected to the bus, an interface unit connected to the bus for exchanging data with the data recording device, and an interface unit connected to the bus and generated in the data recording device A key memory for holding the decrypted key, and a license key connected to the bus and encrypted by the encryption key input from the data recording device. And a second decryption unit connected to the bus and decrypting the encrypted data input from the data recording device using the license key decrypted by the first decryption unit. And the second
A reproduction unit that reproduces data decoded by the decoding unit of the control unit, the control unit holds the device ID, and outputs the device ID to the data recording device via the interface unit in accordance with a user instruction from the input unit, Data recording device is device ID
Of the pair of encryption key and decryption key generated based on the above, the decryption key is obtained via the interface unit and input to the key memory.

The data reproducing apparatus according to the present invention transmits the retained device ID to the data recording device, receives the decryption key generated based on the transmitted device ID from the data recording device, and stores the decryption key in the key memory. Hold. When playing back the encrypted data, the data playback device receives the license key encrypted with the encryption key and the encrypted data from the data recording device, and decrypts the encrypted license key with the decryption key. The encrypted data is decrypted using the decrypted license key to reproduce the data.

Therefore, according to the present invention, the encryption key and the decryption key can be generated based on the device ID unique to the data reproducing device.

Further, according to the present invention, the data reproducing apparatus only needs to receive the encrypted data and the license key encrypted by the encryption key from the data recording apparatus at the time of reproducing the data. In this way, data can be exchanged with the data recording device.

Preferably, the control section of the data reproducing apparatus comprises:
The data received from the data supply device via the mobile phone or the simple mobile phone network is recorded in the memory, the telephone number is held, and the telephone number is transmitted to the data recording device via the interface unit according to a user instruction from the input unit. The decryption key is output from the pair of encryption key and decryption key generated based on the telephone number by the data recording device via the interface unit and input to the key memory.

The data reproducing apparatus according to the present invention transmits the telephone number stored therein to the data recording apparatus, receives the decryption key generated based on the transmitted telephone number from the data recording apparatus, and stores the decryption key in the key memory. Hold. When playing back the encrypted data, the data playback device receives the license key encrypted with the encryption key and the encrypted data from the data recording device, and decrypts the encrypted license key with the decryption key. The encrypted data is decrypted using the decrypted license key to reproduce the data.

Therefore, according to the present invention, an encryption key and a decryption key can be generated based on a telephone number unique to the data reproducing apparatus.

Further, according to the present invention, the data reproducing apparatus only needs to receive the encrypted data and the license key encrypted by the encryption key from the data recording apparatus at the time of reproducing the data. In this way, data can be exchanged with the data recording device.

[0070] Preferably, the encryption key is asymmetric with the decryption key. The data recording device generates an asymmetric encryption key and a decryption key based on the input information.

Therefore, the encryption key can be handled as a secret key and the decryption key can be handled as a public key. As a result, only the decryption key needs to be transmitted to the reproducing apparatus and held, and at the time of reproduction, the data encrypted by the encryption key needs to be transmitted to the reproducing apparatus, and the data can be sufficiently protected.

[0072]

Embodiments of the present invention will be described in detail with reference to the drawings. In the drawings, the same or corresponding portions have the same reference characters allotted, and description thereof will not be repeated.

FIG. 1 is a conceptual diagram schematically illustrating an overall configuration of a data distribution system for distributing encrypted content data to be reproduced by a data reproducing device to a data recording device (memory card) according to the present invention. It is.

In the following, a configuration of a data distribution system for distributing digital music data to each mobile phone user via a mobile phone network will be described as an example. As will be apparent from the following description, the present invention is not limited to this configuration. Without being limited to such a case, even when distributing content data as another copyrighted work, for example, image data, moving image data, etc., and even when distributing via another information communication network, It can be applied.

Referring to FIG. 1, license server 10 which manages copyrighted music data has a memory card mounted on a mobile phone of a mobile phone user who has accessed for data distribution. In other words, an authentication process is performed to determine whether or not the data is a valid memory card, and music data (hereinafter, also referred to as content data) is encrypted with respect to the valid memory card by a predetermined encryption method. Then, such encrypted content data is provided to a mobile phone company which is a distribution carrier 20 for distributing data.

The distribution carrier 20 relays a distribution request (delivery request) from each mobile telephone user to the license server 10 through its own mobile telephone network. When there is a distribution request, the license server 10
2 to confirm that the memory card or the like is an authorized device, further encrypt the requested content data, and connect via the mobile phone network of the distribution carrier 20 via the mobile phone of each mobile phone user. And distributes the content data to the memory card.

In FIG. 1, for example, a removable memory card 11 is attached to a mobile phone 100 of a mobile phone user.
0 is attached. Memory card 110
Receives the encrypted content data received by the mobile phone 100, decrypts the encryption performed for the distribution, and provides the decrypted encryption data to a music playback unit (not shown) in the mobile phone 100.

Further, for example, a portable telephone user can “play back” and listen to such content data via a headphone 130 connected to the portable telephone 100 or the like.

In the following, such a license server 1
The distribution server 30 is collectively referred to as “0” and the distribution carrier 20.

Further, the process of transmitting the content data from the distribution server 30 to each portable telephone or the like will be referred to as “distribution”.

With such a configuration, first, unless the memory card 110 is used, it is difficult to receive the distribution of the content data from the distribution server 30 and reproduce the music.

In addition, the distribution carrier 20 counts the frequency each time one piece of content data is distributed, for example, so that the mobile phone user receives (downloads) the content data each time the content data is received (downloaded). Is collected by the distribution carrier 20 together with the communication charge of the mobile phone, the copyright holder can easily secure the copyright charge.

Moreover, since such distribution of content data is performed through a closed system such as a cellular phone network, there is an advantage that it is easier to take measures for copyright protection than an open system such as the Internet. .

In the configuration shown in FIG. 1, in order for the mobile phone user to be able to reproduce the encrypted and distributed content data, the system needs:
The first is a method for distributing an encryption key in communication, the second is a method for encrypting content data to be distributed, and the third is a method for encrypting content data to be distributed.
In this configuration, content data protection for preventing unauthorized distribution of the distributed content data is realized.

In the embodiment of the present invention, particularly, when each session of distribution and reproduction occurs, the authentication and checking functions for the destination of these content data are enhanced, and the non-authentication or decryption key is broken. A configuration for enhancing the copyright protection of the content data by preventing the output of the content data to the recording device and the content reproduction circuit (mobile phone) will be described.

FIG. 2 is a diagram for explaining characteristics of data, information, and the like for communication used in the data distribution system shown in FIG.

First, data distributed from the distribution server 30 will be described. Data is content data such as music data. In the content data Data,
Encrypting that can be decrypted with the license key Kc is performed. The encrypted content data {Data} Kc, which has been encrypted by the license key Kc, is distributed from the distribution server 30 to the mobile phone user in this format.

In the following, it is assumed that the notation {Y} X indicates that the data Y has been encrypted so as to be decryptable with the decryption key X.

Further, the distribution server 30 distributes, along with the encrypted content data, additional information Data-inf as plain text information such as a copyright or server access related to the content data. The license information includes a content ID which is a code for identifying the content data Data, and a license ID which is a management code capable of specifying issuance of a license.
And the license purchase condition AC including information such as the number of licenses and function limitation determined by the designation from the user side.
There are access restriction information AC1 which is information based on restrictions on memory access, and reproduction circuit control information AC2 which is control information in the reproduction circuit, and the like, which are generated based on. Thereafter, the license key Kc and the content I
D, license ID, access control information AC1, and reproduction circuit control information AC2 are collectively referred to as a license.

FIG. 3 is a diagram illustrating characteristics of data, information, and the like for use in the authentication and inhibition class list used in the data distribution system shown in FIG.

In the embodiment of the present invention, a recording device (memory card) and a content reproducing circuit (mobile phone)
Class list CRL so that distribution and reproduction of content data can be prohibited for each class
(Class Revocation List) operation. In the following, data in the prohibited class list may be represented by the symbol CRL as necessary.

The prohibited class list related information includes prohibited class list data CRL listing the classes of the content reproduction circuit and the memory card whose distribution and reproduction of the license are prohibited.

The prohibited class list data CRL is managed in the distribution server 30 and also recorded and held in a memory card. Such a prohibition class list needs to be upgraded and updated at any time, but data changes are basically generated from the distribution server 30 side of the difference data CRL_dat reflecting only the changed points. Accordingly, the prohibition class list CRL in the memory card is rewritten accordingly. For the version of the prohibited class list, CRL_ver
Is output from the memory card side, and this is confirmed on the distribution server 30 side to execute version management. The difference data CRL_dat also includes information of a new version. Also, the update date and time can be used as the version information.

As described above, the prohibited class list CRL is
By maintaining and operating not only in the distribution server but also in the memory card, the license key for the content reproduction circuit and the memory card whose class-specific decryption key is broken, that is, the decryption key specific to the type of the content reproduction circuit and the memory card is broken. Prohibit supply. This makes it impossible to reproduce the content data in the content reproduction circuit and to move the content data in the memory card.

As described above, the prohibited class list CRL in the memory card is configured to sequentially update data at the time of distribution. Also, the prohibited class list CR in the memory circuit
L is managed in the memory card independently of the upper level in the tamper resistant module (Tamper Res
For example, the prohibited class list data CRL is recorded from a higher level by a file system, an application program, or the like, by recording in
Has a configuration that cannot be tampered with. As a result, copyright protection for data can be further strengthened.

Public encryption keys KPpn and KP unique to the content reproduction circuit (cellular phone) and the memory card
mcm are provided, and the public encryption keys KPpn and KPmcm can be respectively decrypted by the secret decryption key Kpn unique to the content reproduction circuit (mobile phone) and the secret decryption key Kmcm unique to the memory card. These public encryption key and secret decryption key have different values for each type of mobile phone and each type of memory card. These public encryption keys and secret decryption keys are collectively called class keys.

Crtfn and Cmcm are provided as class certificates of the reproduction circuit and the memory card, respectively. These class certificates have different information for each class of the memory card and the content reproduction unit (mobile phone). For a class key whose class key encryption has been broken, that is, a secret decryption key has been found,
It is listed in the prohibition class list and is subject to prohibition of license issuance.

[0098] The public encryption key and the class certificate unique to the memory card and the content reproducing section are recorded in the form of authentication data {KPmcm // Cmcm} KPma at the time of shipment from the memory card and the portable telephone, respectively. As will be described in detail later, KPma is a public authentication key common to the entire distribution system.

FIG. 4 is a diagram for collectively explaining the characteristics of keys related to encryption in the data distribution system shown in FIG.

Each time content data is distributed and reproduced, it is generated in the distribution server 30, the mobile phone 100, and the memory card 110 as an encryption key for maintaining confidentiality in data transfer between the outside of the memory card and the memory card. Common keys Ks1 to Ks3 are used.

Here, the common keys Ks1 to Ks3 are unique common keys generated for each “session” that is a unit of communication or access between the distribution server, the mobile phone, or the memory card. The common keys Ks1 to Ks3 are also referred to as “session keys”.

These session keys Ks1 to Ks3
Is managed by the distribution server, the mobile phone, and the memory card by having a unique value for each communication session. Specifically, the session key Ks1 is
Generated by the distribution server for each distribution session.
The session key Ks2 is generated for each distribution session by the memory card, and the session key Ks3 is generated for each reproduction session in the mobile phone. In each session, these session keys are given and received,
By receiving a session key generated by another device, encrypting the session key, and transmitting a license key or the like, the security strength in the session can be improved.

As a key for managing data processing in the memory card 100, a public encryption key KPm and a public encryption key KPm set for each medium such as a memory card are used.
There is a unique secret decryption key Km for each memory card capable of decrypting the data encrypted by.

Further, it is generated based on information selected from the mobile phone, such as the mobile phone ID, the mobile phone telephone number, and the time, and is used for exchanging data between the memory card and the mobile phone when reproducing the encrypted content data. There is a pair of public encryption key KPid and secret decryption key Kid.

FIG. 5 shows the license server 1 shown in FIG.
FIG. 3 is a schematic block diagram illustrating a configuration of a zero.

The license server 10 includes an information database 304 for storing data obtained by encrypting content data in accordance with a predetermined method, distribution information such as a license ID, and starting access to the content data for each mobile phone user. A charging database 302 for storing the corresponding charging information, a CRL database 306 for managing a prohibited class list CRL, and an information database 3
04, a data processing unit 310 for receiving data from the charging database 302 and the CRL database 306 via the data bus BS1, and performing predetermined processing;
Distribution carrier 20 and data processing unit 31 via a communication network
And a communication device 350 for exchanging data with the communication device 350.

The data processing section 310 includes a data bus BS1.
A distribution control unit 315 for controlling the operation of the data processing unit 310 according to the above data, and a session key generation unit 316 for generating a session key Ks1 at the time of the distribution session under the control of the distribution control unit 315. The authentication data {KPmcm // Cmcm} KPma, which is transmitted from the memory card and the mobile phone and decrypted for authentication so that its validity can be authenticated, is transmitted via the communication device 350 and the data bus BS1. receive,
A decryption processing unit 312 that performs decryption processing using the public authentication key KPma, and a session key Ks1 generated by the session key generation unit 316 are encrypted using the public encryption key KPmcm obtained by the decryption processing unit 312, and the data bus BS1 And a decryption processing unit 320 that receives data transmitted after being encrypted by the session key Ks1 from the data bus BS1 and performs a decryption process.

The data processing section 310 further encrypts the license key Kc and the reproduction circuit control information AC2 given from the distribution control section 315 with the public encryption key KPm unique to the memory card obtained by the decryption processing section 320. Encryption processing unit 326 and encryption processing unit 32
6 is further encrypted by the session key Ks2 given from the decryption processing unit 320, and the data bus BS
1 and an encryption processing unit 328 for outputting the data to the output unit 1.

The operation of the license server 10 in a distribution session will be described later in detail with reference to a flowchart.

FIG. 6 is a schematic block diagram for describing the configuration of mobile phone 100 shown in FIG. 1, that is, the configuration of a mobile phone including a data reproducing apparatus according to an embodiment of the present invention.

The portable telephone 100 has an antenna 1102 for receiving a signal wirelessly transmitted by the portable telephone network.
And a transmitting / receiving unit 1104 for receiving a signal from the antenna 1102 and converting it to a baseband signal, or for modulating data from a mobile phone and giving it to the antenna 1102.
A data bus BS2 for exchanging data with each unit of the mobile phone 100, and a controller 11 for controlling the operation of the mobile phone 100 via the data bus BS2.
06. Note that the controller 1106 is a device I
D, and information obtained from the mobile phone 100 such as a telephone number.

The mobile phone 100 further includes an operation button unit 1 for giving an external instruction to the mobile phone 100.
108, a display 1110 for providing information output from the controller 1106 and the like as visual information to a mobile phone user, and a display for reproducing sound based on data received via the database BS2 in a normal call operation. An external interface unit 1107 for exchanging data with the audio reproducing unit 1112 and the outside
And

The portable telephone 100 further includes a removable memory card 110 for storing content data (music data) from the distribution server 30 and decoding the content data.
, A memory card interface for controlling the transfer of data between the memory card 110 and the data bus BS2, and a public encryption key KPp1 and a class certificate Crt which are respectively set for each type (class) of the mobile phone.
By decrypting f1 with the public authentication key KPma, the authentication data {KPp1 /
/ Crtf1 @ Authentication data holding unit 1 holding KPma
500.

Mobile phone 100 further decrypts data received from data bus BS2 by Kp1 or Kp2, and a Kpx holding unit 1502 that holds Kp1 and Kp2, which are the decryption keys unique to the mobile phone (content reproduction circuit). A decryption processing unit 1504 for obtaining a session key Ks2 generated by the memory card and data exchanged on the data bus BS2 between the memory card 110 and a reproduction session for reproducing the content data stored in the memory card 110 A session key generation unit 1508 for generating a session key Ks3 for encryption by using a random number or the like, and a generated session key Ks3 is encrypted by the session key Ks2 obtained by the decryption processing unit 1504, and the data bus BS
2 and a data bus BS2.
A decryption processing unit 1510 for decrypting the above data with the session key Ks3 and outputting the decrypted data.

The portable telephone 100 further includes a public decryption key KPid which is one of a pair of a secret encryption key Kid and a public decryption key KPid generated in the memory card 110.
Key memory 15 that receives and holds the
12 and a secret encryption key K output from the decryption processing unit 1510.
The license key and the reproduction circuit control information {Kc // AC2} KPid encrypted with the id are stored in the key memory 1512.
The decryption process is performed using the public decryption key KPid held in the decryption unit 151 and the decrypted license key Kc is decrypted.
6, the decoding processing unit 151 that outputs the reproduction circuit control information AC2 to the controller 1106 via the data bus BS2.
4 inclusive.

Mobile phone 100 further receives a decrypted content data {Data} Kc from data bus BS2, decrypts it with license key Kc obtained from decryption processing unit 1510, and outputs the content data. Music playback unit 1518 for playing back the content data in response to the output of decryption processing unit 1516
A DA converter 1519 for converting the output of the music reproducing unit 1518 from a digital signal to an analog signal, a DA converter 1113 for converting the output of the audio reproducing unit 1112 from a digital signal to an analog signal, and a DA converter 1113 and a DA converter. A switch 1521 for receiving an output from the converter 1519 and selectively outputting the output from the terminal 1114 or the terminal 1520 according to an operation mode; an amplifier 1522 for receiving the output of the switch 1521 and amplifying data; and an amplifier 1522. And a connection terminal 1530 for receiving the output of and connecting to the headphones 130.

In FIG. 6, for the sake of simplicity, only the blocks related to the distribution and reproduction of music data of the present invention are described, and the blocks relating to the call function originally provided in the mobile phone are shown. Is partially omitted.

For the sake of convenience for the mobile phone user, the entire block related to the distribution and reproduction of content data, which is surrounded by solid lines in FIG. As the module 1550, a configuration in which the module is detachable can be employed.

The operation of each component of the mobile phone 100 in each session will be described later in detail with reference to flowcharts.

FIG. 7 shows the memory card 110 shown in FIG.
FIG. 2 is a schematic block diagram for explaining the configuration of FIG.

As described above, KPmcm and Kmcm are provided as the unique public encryption key and secret decryption key of the memory card, and the class certificate C of the memory card is provided.
mcm are provided. In the memory card 110, these are each represented by a natural number m = 1.

Therefore, the memory card 110 has an authentication data holding unit 1400 for holding the authentication data {KPmc1 // Cmc1} KPma and a K for holding the unique decryption key Kmc1 set for each type of memory card.
mc holding unit 1402 and Km1 holding unit 142 holding secret decryption key Km1 uniquely set for each memory card
1 and a KPm1 holding unit 1416 that holds a public encryption key KPm1 that can be decrypted by Km1. The authentication data holding unit 1400 decrypts the public encryption key KPmc1 and the class certificate Cmc1 set for each type and class of the memory card with the public authentication key KPma, thereby encrypting the authentication so that its validity can be authenticated. The data is held as {KPmc1 // Cmc1} KPma.

By providing an encryption key for a recording device called a memory card, management of distributed content data and an encrypted license key is executed for each memory card as will be apparent from the following description. It becomes possible to do.

The memory card 110 further transmits signals to and from the memory card interface.
02, from the data bus BS3 transmitted and received via the data bus BS3 and the data provided to the data bus BS3 from the memory card interface, a secret decryption key Kmc1 unique to each memory card type is received from the Kmc1 holding unit 1402, and the distribution server 30 distributes the key. Decryption processing unit 1404 that outputs session key Ks1 generated in the session to contact point Pa
And a decryption processing unit 1408 that receives the public authentication key KPma from the KPma holding unit 1414, performs a decryption process on the data provided to the data bus BS3 using the public authentication key KPma, and outputs a decryption result to the encryption processing unit 1410. And an encryption processing unit 1406 for encrypting data selectively given by the changeover switch 1444 with a key selectively given by the changeover switch 1442 and outputting the data to the data bus BS3.

The memory card 110 further stores a session key Ks2 in each of the distribution and reproduction sessions.
And a session key Ks2 output from the session key generator 1418
To the public encryption key KP obtained by the decryption processing unit 1408
An encryption processing unit 1410 that encrypts with pn or KPmcm and sends it out to the data bus BS3, receives data encrypted with the session key Ks2 from BS3, decrypts the data with the session key Ks2 obtained from the session key generation unit 1418, and decrypts the data. Data bus BS
4 for decoding.

The memory card 110 further includes a device ID held by the controller 1106 of the mobile phone 100,
A key generation module 1432 that inputs information such as a telephone number via the interface 1202 and the data bus BS3, and generates a secret encryption key Kid and a public decryption key KPid paired with the secret encryption key Kid based on the input information.
And a Kid holding unit 1433 for holding the secret encryption key Kid
And the secret encryption key Ki held in the Kid holding unit 1433.
and a cryptographic processing unit 1434 that performs cryptographic processing with d.

The memory card 110 further includes a decryption processing unit 1422 for decrypting the data on the data bus BS4 with the secret decryption key Km1 unique to the memory card 110 paired with the public encryption key KPm1, and a public encryption key KPm1.
The license key Kc, the reproduction circuit control information AC2 and the reproduction information (content ID, license ID, access control information AC1), and the difference data CRL_dat for updating the version of the unencrypted prohibited class list. And the prohibited class list data CRL sequentially updated by the data bus BS4 and stored.
a @ Kc and a memory 1415 for receiving and storing the additional information Data-inf from the data bus BS3. The memory 1415 is configured by, for example, a semiconductor memory.

The memory card 110 further stores a part of the license referred to by the memory card 110 obtained by the decryption processing unit 1422, ie, the license I
D, data exchange between the license information holding unit 1440 for holding the content ID and the access restriction information AC1 and the outside via the data bus BS3;
A controller 14 for receiving the reproduction information and the like with the data bus BS4 and controlling the operation of the memory card 110
20.

The license information holding unit 1440 can exchange license ID, data content ID data, and access restriction information AC1 data with the data bus BS4. The license information holding unit 1440 stores N
It has a number (N: natural number) of banks, and holds license information corresponding to each license for each bank.

In FIG. 7, a region surrounded by a solid line constitutes a license protection module 1450. In addition, when an unauthorized opening process or the like from outside is performed in the memory card 110, the memory 1415 erases internal data or destroys the internal circuit, thereby preventing a third party from accessing the circuit existing in the area. Is assumed to be incorporated in a module TRM for disabling the reading of the data or the like. Such modules are commonly referred to as tamper resistance modules.
e Module).

Next, the operation of each session of the data distribution system shown in FIG. 1 will be described in detail with reference to flowcharts.

FIGS. 8 and 9 are first and second flowcharts for explaining a distribution operation (hereinafter, also referred to as a distribution session) that occurs when a content is purchased in the data distribution system shown in FIG.

FIGS. 8 and 9 illustrate an operation when a portable telephone user receives distribution of content data, which is music data, from distribution server 30 via portable telephone 100 by using memory card 110. FIG. ing.

First, the mobile phone 100 of the mobile phone user
Then, a distribution request is made by a mobile phone user operating a key button of the operation button unit 1108 (step S100).

In response to the distribution request, authentication data {KPmc1 // Cmc1} KPma is output from memory card 110 to memory card 110 (step S102).

The mobile phone 100 has a memory card 110
Authentication data for authentication received from ｛KPmc1 //
In addition to Cmc1 @ KPma, a content ID and license purchase condition data AC are transmitted to distribution server 30 (step S104).

In distribution server 30, content ID and authentication data {KPmc1 // Cmc
After receiving 1 ラ イ セ ン ス KPma and the license purchase condition data AC, the decryption processing unit 312 decrypts the authentication data output from the memory card 110 with the public authentication key KPma (step S108).

The distribution control unit 315 determines from the decryption processing result of the decryption processing unit 312 whether the processing has been performed normally, that is, the memory card 110 transmits the public encryption key KPmc1 and the certificate Cmc1 from the authorized memory card. In order to authenticate the holding, authentication processing is performed to determine whether or not an authorized organization has received encrypted authentication data for certifying its validity (step S110).
If it is determined that the authentication data is valid, the distribution control unit 315 determines the public encryption key KPmc1 and the certificate Cmc1.
Approve and accept. Then, the next processing (step S11)
Go to 2). If it is not valid authentication data, it is rejected and the public encryption key KPmc1 and certificate Cmc1
The process is terminated without accepting (step S170).

As a result of the authentication, if it is approved that the access is from a mobile phone equipped with a memory card having valid authentication data, the distribution control unit 315 then sets the class certificate Cmc1 of the memory card 110 to the prohibited class. List CR
The CRL database 306 is checked to see if it is listed in L. If these class certificates are subject to the prohibited class list, the distribution session is ended here (step S170).

On the other hand, if the class certificate of the memory card 110 is not included in the prohibited class list, the process proceeds to the next processing (step S112).

As a result of the authentication, if it is confirmed that the access is from a mobile phone equipped with a memory card having valid authentication data and the class is not included in the prohibited class list, the distribution server 30 generates a session key. The unit 316 generates a session key Ks1 for distribution. The session key Ks1 is the public encryption key K corresponding to the memory card 110 obtained by the decryption processing unit 312.
The encryption is performed by the encryption processing unit 318 using Pmc1 (step S114).

[0142] The encrypted session key Ks1 is
It is output as {Ks1} Kmc1 to the outside via the data bus BS1 and the communication device 350 (step S1).
16).

When mobile phone 100 receives the encrypted session key {Ks1} Kmc1 (step S
118), in the memory card 110, the decoding processing unit 1404 converts the reception data given to the data bus BS3 via the memory card interface into the holding unit 14
The session key Ks1 is decrypted and extracted by performing decryption processing using the secret decryption key Kmc1 unique to the memory card 110 stored in the memory card 02 (step S120).

[0144] The controller 1420
After confirming the reception of the session key Ks1 generated in the step (a), the session key generation unit 1418 sends the session key K generated during the distribution operation to the memory card.
Instruct generation of s2.

In the distribution session, the controller 1420 operates the memory 14 in the memory card 110.
As information relating to the state (version) of the prohibited class list recorded in the memory 15, version data CRL_ver of the list is extracted from the memory 1415 and output to the data bus BS 4.

The encryption processing unit 1406 includes a changeover switch 1
A changeover switch 1 is provided by a session key Ks1 provided from the decryption processing unit 1404 via the contact point Pa of the switch 442.
Session key Ks2 and public encryption key KPm given by sequentially switching the contacts of 444 and 1446
1 and version data CRL_ of the prohibited class list
ver is encrypted as one data string, and {Ks2 /
/ KPm1 // CRL_ver @ Ks1 to data bus B
Output to S3 (step S122).

The encrypted data {Ks2 // KPm1 // CRL_ver} Ks1 output to the data bus BS3 is
Data is output from the data bus BS3 to the mobile phone 100 via the interface 1202 and the memory card interface, and transmitted from the mobile phone 100 to the distribution server 30 (step S124).

[0148] The distribution server 30 transmits the encrypted data {Ks2
// KPm1 // CRL_ver @ Ks1 is received,
The decryption processing unit 320 performs decryption processing using the session key Ks1, and receives the session key Ks2 generated by the memory card 110, the public encryption key KPm1 unique to the memory card 110, and the version data CRL_ver of the prohibited class list in the memory card 110. (Step S126).

Version information CRL of prohibited class list
_Ver is the distribution control unit 31 via the data bus BS1.
5, the distribution control unit 315 generates difference data CRL_dat indicating a change between the version of the CRL_ver and the current version of the prohibited class list data in the CRL database 306 according to the received version data CRL_ver ( Step S12
8).

Furthermore, the wiring control unit 315 determines in step S
According to the content ID and the license purchase condition data AC acquired at 106, a license ID, access restriction information AC1, and reproduction circuit control information AC2 are generated (step S130). Further, a license key Kc for decrypting the encrypted content data is obtained from the information database 304 (step S132).

Referring to FIG. 9, distribution control section 315 gives the generated license, that is, license key Kc, to encryption processing section 326. The encryption processing unit 326 uses the public encryption key KPm1 unique to the memory card 110 obtained by the decryption processing unit 320 to generate the license key Kc,
The reproduction circuit control information AC2, license ID, content ID, and access restriction information AC1 are encrypted (step S136). The encryption processing unit 328 outputs the output of the encryption processing unit 326 and the distribution control unit 315 transmits the data bus BS.
1 is the difference data CR of the forbidden class list supplied via
In response to L_dat, encryption is performed using the session key Ks2 generated in the memory card 110. The encrypted data output from the encryption processing unit 328 is transmitted to the mobile phone 100 via the data bus BS1 and the communication device 350 (step S138).

As described above, the encryption keys generated by the distribution server and the memory card are exchanged, encryption is performed using the encryption keys received by each other, and the encrypted data is transmitted to the other party. In fact, mutual authentication can be performed in the transmission and reception of each encrypted data, and the security of the data distribution system can be improved.

Mobile phone 100 transmits transmitted license {Kc // AC2 // license ID // content ID // AC1 {Km1 // CRL_dat}.
Ks2 is received (step S140), and the memory card 1
At 10, the decoding processing unit 1412 decodes the received data given to the data bus BS3 via the memory card interface. Decryption processing unit 1412
Uses the session key Ks2 given from the session key generator 1418 to decode the data received on the data bus BS3 and output it to the data bus BS4 (step S1).
42).

At this stage, the data bus BS4 has Km
1 and an encryption license {Kc // AC2 // license ID // content ID // AC1} Km1 that can be decrypted with the secret decryption key Km1 held in the holding unit 1421, and CR
L_dat is output. According to the instruction of the controller 1420, the encryption license {Kc // AC2 // license ID // content ID // AC1} Km1
Is recorded in the memory 1415 (step S14).
4). On the other hand, the encrypted license {Kc // AC2 // license ID // content ID // AC1} Km1
Is decrypted by the decryption processing unit 1422 using the secret decryption key Km1, and the memory card 11
Only the license ID, the content ID, and the access restriction information AC1 referred to within 0 are received (step S146).

The controller 1420 transmits the received CRL
Based on _dat, the prohibited class list data CRL in the memory 1415 and its version are updated (step S148). Further, the license ID, the content ID, and the access restriction information A referenced in the memory
C1 is recorded in the license information holding unit 1440 (step S150).

At the stage where the processing up to step S150 has been normally completed in the memory circuit, a request for distribution of content data is made from the cellular phone 100 to the distribution server 30 (step S152).

Upon receiving the content data distribution request, distribution server 30 transmits encrypted content data {Data} Kc and additional information Da from information database 304.
ta-inf is acquired, and these data are output via the data bus BS1 and the communication device 350 (step S154).

[0158] The portable telephone 100 has a function of {Data} Kc /
/ Data-inf is received, and the encrypted content data {Data} Kc and additional information Data-inf are received (step S156). The encrypted content data {Data} Kc and the additional information Data-inf are stored in the memory card interface and interface 12.
02 to the data bus BS3 of the memory card 110. In the memory card 110, the received encrypted content data {Data} Kc and the additional information Data-inf are recorded as they are in the memory 1415 (step S158).

Further, a notification of distribution acceptance is transmitted from memory card 110 to distribution server 30 (step S1).
60) When the distribution server 30 receives the distribution acceptance (step S162), the distribution termination processing is executed (step S164) with the storage of the billing data in the billing database 302 (step S164), and the entire processing ends (step S164). Step S1
70).

As described above, after confirming that the memory card 110 of the mobile phone 100 is a legitimate device, at the same time, it is confirmed that the public encryption key Kmc1 that has been encrypted and transmitted together with the class certificate Cmc1 is valid. The content data is distributed only in response to a distribution request from a memory card that is not included in the class certificate list in which each class certificate Cmc1 is prohibited, that is, the class certificate list in which encryption with the public encryption key Kmc1 has been broken. It is possible to prohibit distribution to an unauthorized memory card and distribution using a decrypted class key.

Referring to FIG. 10, the operation of generating a pair of secret encryption key Kid and public decryption key KPid in memory card 110 based on information obtained from mobile phone 100 will be described.

When the key generation is started, the user inputs arbitrary data from operation button section 1108 of portable telephone 100. Then, the controller 1106 sends the data input through the memory card interface to the memory card 110 and
Is instructed to generate a key (step S200).

The controller 142 of the memory card 110
0 indicates the interface 1202 and the data bus BS3.
And sends the input data to the key generation module 1432. Then, the key generation module 1432
Generates a secret encryption key Kid and a public decryption key KPid based on the input data (step S201).
The public decryption key KPid is asymmetric with the secret encryption key Kid, and means that data encrypted with the secret encryption key Kid can be decrypted with the public decryption key KPid.

The controller 1420 reads out the generated secret encryption key Kid from the key generation module 1432,
Record in the Kid holding unit 1433 (Step S20)
2). Further, the controller 1420 reads the generated public decryption key KPid from the key generation module 1432, and outputs it to the memory card interface via the data bus BS3 and the interface 1202 (step S203).

Controller 1106 of mobile phone 100
Is the public decryption key K via the memory card interface.
Pid is received, and the key memory 1 is received via the data bus BS2.
508 (step S204). This completes the operation of generating the pair of secret encryption key Kid and public decryption key KPid.

Based on the data input from the mobile phone 100, a pair of secret encryption key Kid and public decryption key KPid
Are generated, and the memory card 110 holds the secret encryption key Kid and the mobile phone 100 holds the public decryption key KPid.
00 when sending the encrypted data to the mobile phone 10
A key generated based on information unique to the terminal device of 0 can be used, and the encrypted data can be sufficiently protected by preventing entry from the outside.

In the flowchart of FIG. 10, a pair of secret encryption keys K
Although the ID and the public decryption key KPid are generated, the present invention is not limited to this.
6 may generate a pair of secret encryption key Kid and public decryption key KPid based on the device ID or telephone number held by the device. In this case, in step S200, the user performs an input for instructing key generation from operation button unit 1108. Then, the controller 1106 receives the instruction, and stores the held device ID or telephone number in the memory card 11 via the memory card interface.
Send to 0. Thereafter, according to the flowchart shown in FIG. 10, a pair of the secret encryption key Kid and the public decryption key KPid
Is generated, and the secret encryption key Kid is stored in the memory card 110.
The public decryption key KPid is held in the key memory 1508 of the mobile phone 100 by the Kid holding unit 1433 of the mobile phone 100.

Further, the pair of secret encryption keys Kid and public decryption keys KPid may be generated based on time. That is, a pair of secret encryption key Kid and public decryption key KPid are generated based on the time when the user wants to listen to the encrypted music data recorded on memory card 110 by distribution. In this case, step S200
When the user inputs a music data playback instruction from the operation button unit 1108, the controller 1106
The time at which the reproduction instruction is received is read from a timer (not shown) and sent to the memory card 110 via the memory card interface. Thereafter, a pair of secret encryption key Kid and public decryption key KPid are generated according to the flowchart shown in FIG.
At 415, the public decryption key KPid is held in the key memory of the mobile phone 100. When a pair of secret encryption key Kid and public decryption key KPid are generated based on time, a pair of secret encryption key Kid and public decryption key KPid are generated every time the user wants to listen to music data. Therefore, the encrypted data can be sufficiently protected by preventing entry from outside.

In the present invention, a pair of secret encryption keys Ki
d and the public decryption key KPid are stored in a terminal device (mobile phone 10).
0) is generated based on the information obtained.

Referring to FIG. 11, the operation of reproducing music data recorded on memory card 110 will be described. When the reproduction is started, the user performs an input for a reproduction instruction from the operation button unit 1108 (step S300).
Controller 1106 of mobile phone 100 receives the reproduction instruction. It is instructed to input authentication data {KPp1 // Crtf1} KPma held in authentication data holding section 1500 to memory card 110 (step S301). The memory card 110 stores the authentication data $ K
When receiving Pp1 // Crtf1 @ KPma, the decryption processing unit 1408 decrypts the public authentication key KPma stored in the KPma storage unit 1414 (step S3).
02), the controller 1420 includes a decryption processing unit 1408
From the decryption processing result in the authentication data {KPp1 //
An authentication process for determining whether or not Crtf1 @ KPma is legitimate authentication data is performed. Further, when the authentication data is legitimate data, the controller 1420 determines whether or not the class certificate Crtf1 is included in the prohibited class list CRL read from the memory card 1415 (step S303). That is, if the authentication data is legitimate authentication data and the class certificate Crtf1 is not included in the prohibited class list CRL, the authentication data {KPp1 // Crtf1} KPma is approved, the public encryption key KPp1 and the class certificate Crtf1 is accepted.

If the authentication data is not regular authentication data, or if the class certificate Crtf1 is included in the prohibited class list CRL even if the authentication data is regular authentication data, the certification data {KPp1 // Crtf1} KPm
a is rejected, and the process is terminated.

Public encryption key KPp1 and class certificate Crt
When f1 is received, the controller 1420 sends it to the memory card 110 via the memory card interface. Then, in step S304, by confirming the access restriction information AC1 which is information relating to the restriction on the access to the memory, the reproduction operation is terminated when the reproduction is already disabled, and when the reproduction frequency is restricted, After updating the data of the access restriction information AC1 and updating the number of reproducible times, the process proceeds to the next step (step S305). On the other hand, when the number of times of reproduction is not restricted by the access restriction information AC1, step S305 is skipped, and the processing is performed without updating the reproduction control information AC1, and the process proceeds to the next step (step S30).
Proceed to 6).

Also, even when the content ID of the requested music does not exist in license information holding section 1440, it is determined that reproduction is impossible and the reproduction operation is terminated.

If it is determined in step S304 that the reproduction is possible in the reproduction session, the session key generation section 141 of the memory card 110
8 generates a session key Ks2. Then, the encryption processing unit 1406 generates the generated session key Ks2.
{Ks2} Kp1 encrypted using the received public encryption key KPp1 is output via the data bus BS3 and the interface 1202 (step S306).

Controller 1106 of Mobile Phone 100
In accordance with the instruction, the decryption processing unit 1501 decrypts {Ks2} Kp1 obtained from the memory card 110 using the secret decryption key Kp1 stored in the Kp1 storage unit 1502, and receives the obtained session key Ks2 (step). S30
7). Then, the session key generation unit 1508 of the mobile phone 100 generates a session key Ks3, and generates {Ks3} Ks2 obtained by encrypting the generated session key ks3 using the received session key Ks2 via the memory card interface. To the memory card 110 (step S308).

The controller 142 of the memory card 110
0 is {Ks3} input to the interface 1202
Ks2 is transferred to the decoding processing unit 141 via the data bus BS3.
Give to 2. The decryption processing unit 1412 outputs the session key Ks2 generated by the session key generation unit 1418.
Decrypts {Ks3} Ks2 using
s3 is received (step S309). And memory 1
The decryption processing of the license key Kc and the reproduction information of the reproduction request music recorded in 415 is executed. In particular,
In response to an instruction from the controller 1420, the memory 1415
License $ Kc // AC2 // license ID // contents I read out to data bus BS4 from
D // AC1 @ Km1 is decrypted by the decryption processing unit 1422 using the secret decryption key Km1 unique to the memory card 110, and the license key Kc and the reproduction circuit control information AC2 required for the reproduction process are obtained on the data bus BS4 (step S3).
10).

The obtained license key Kc and reproduction circuit control information AC2 are sent to the encryption processing section 1434 via the data bus BS3. The encryption processing unit 1434 encrypts both the license key Kc and the reproduction circuit control information AC2 received from the data bus BS3 with the secret encryption key Kid, and outputs {Kc // AC2} KPid to the data bus BS4 (step S311). . And the encryption processing unit 1
Reference numeral 406 denotes {Kc // AC2} K on the data bus BS4.
The Pid is further encrypted using the received session key Ks3, and the encrypted data {Kc // AC2} KP
It outputs id @ Ks3 to the data bus BS3 (step S312).

The encrypted data output to data bus BS3 is transmitted to mobile phone 100 via interface 1202 and a memory card interface.

In mobile phone 100, encrypted data {Kc // AC2} KPid transmitted to data bus BS2 via the memory card interface is decrypted by decryption processing section 1510, and encrypted data {Kc / / AC2 \ KPid \ Ks3 to decryption processing unit 1
514 (step S313). Decryption processing unit 1
514 performs decryption processing using the public decryption key KPid stored in the key memory 1512, and receives the license key Kc and the reproduction circuit control information AC2 (step S314). Decoding processing section 1514 outputs reproduction circuit control information AC2 to data bus BS2.

Controller 1106 determines whether or not encrypted data {Kc // AC2} KPid has been decrypted using public decryption key KPid (step S31).
5). This determination is based on the decoded data sequence Kc // AC2
Has a meaningful data string to the end. That is, the encrypted data {Kc // AC2}
KPid is the public decryption key K held in the key memory 1512
When decoding cannot be performed by Pid, surplus data generated by the decoding process becomes a meaningless data string. Therefore, it is possible to determine whether or not decoding is possible.

At this time, the encrypted data {Kc // AC
The fact that 2ｉKPid cannot be decrypted means that the secret encryption key stored in the Kid storage unit 1433 in the memory card 110 does not correspond to the public decryption key stored in the key memory 1512 of the mobile phone 100, in other words, This means that the owner of the memory card 110 and the user of the mobile phone 100 are different.

Thereafter, it is determined whether or not reproduction is possible based on the reproduction circuit control information AC2 (step S316).

If it is determined in step S316 that the reproduction is impossible according to the reproduction circuit control information AC2, the reproduction operation is terminated.

Encrypted data {Kc // AC2} KPid
Can be decrypted by the public decryption key KPid, and reproduction by the mobile phone 100 is permitted by the reproduction circuit control information.
Reference numeral 106 denotes encrypted content data {Data} from the memory card 110 via the memory card interface.
An instruction for acquiring Kc is output.

Then, controller 1420 of memory card 110 reads encrypted content data {Data} Kc from memory 1415 (step S31).
7), data bus BS3 and interface 1202
Is output to the memory card interface via the interface (step S318).

Controller 1106 of Mobile Phone 100
Obtains the encrypted content data {Data} Kc via the memory card interface, and
Input to 16. The decryption processing unit 1516 converts the input encrypted content data {Data} Kc
Then, the content is decoded by the license key Kc decoded in step 14 to obtain the encoded content data Data (step S319).

[0187] Decoding processing section 1516 outputs encoded content data Data to music reproducing section 1518, and music reproducing section 1518 demodulates and reproduces encoded content data Data (step S320).

The DA converter 1519 includes a music reproducing unit 151
8 is converted from a digital signal to an analog signal. Then, the reproduced data is input to the amplifier 1522 via the terminal 1520 and the switch 1521, amplified by the amplifier 1522, and output from the terminal 1530 to the headphone 130 and the like. Thus, the operation of reproducing the encrypted content data ends.

Note that the encrypted content data @Dat
Since the reproduction of a｝ Kc is performed, for example, in blocks of 64 bits, steps S317 to S320 are performed.
Is repeatedly performed until the encrypted content data {Data} Kc disappears, thereby reproducing music.

In the above description, the license key Kc distributed from the distribution server 30 is
0 without being encrypted by the secret encryption key Kid generated by the key generation module 1432 of the memory card 11.
0 is stored in the memory 1415 (step S in FIG. 9).
144) The license key Kc and reproduction circuit control information AC2 required for reproduction may be encrypted by the secret encryption Kid before being recorded in the memory 1415.

That is, the distribution operation proceeds according to the flowcharts shown in FIGS. 8 and 9, and when the operation up to step S144 is completed, as shown in FIG. 12, the decryption processing unit 1422 sets the $ Kc // AC2 // license ID /
/ Content ID // AC1 @ Km1 with secret decryption key K
m1 and only the license key Kc, the reproduction circuit control information AC2, the license ID, the content ID, and the access restriction information AC1 are received (step S1).
46a).

Then, the controller 1420 inputs the received license key Kc, the reproduction circuit control information AC2, and the secret encryption key Kid from the key generation module 1432 to the encryption processing unit 1434. The encryption processing unit 1434 encrypts the license key Kc and the reproduction circuit control information AC2 using the secret encryption key Kid. Controller 142
0 records the encrypted data {Kc // AC2} KPid in the memory 1415 (step S147).

After that, the operations after step S148 in FIG. 9 are executed, and the distribution operation ends.

When the content key Kc is encrypted with the secret encryption key Kid at the time of distribution and recorded in the memory 1415, the reproduction operation of the encrypted content data {Data} Kc is performed as shown in FIG. Is omitted, and step S310 is changed to step 310a. The license key Kc and reproduction circuit control information AC2 necessary for reproduction at the time of distribution are encrypted with the secret encryption key Kid and recorded in the memory 1415, so that the processing time in the decryption processing unit 1422 and the encryption processing unit 1434 during reproduction is omitted. And quick reproduction operation is possible.

Since the secret encryption key Kid and the public decryption key KPid generated in the memory card 110 are recorded in the TRM, entry of the secret encryption key Kid and the public decryption key KPid is managed by excluding entry from outside. In addition, the encrypted content data can be reproduced while sufficiently protecting the encrypted content data using the pair of secret encryption keys Kid and the public decryption key KPid.

In the above description, it has been described that the encrypted content data and the license key for decrypting the encrypted content data are distributed to the memory card 110 using the cellular phone network, but are distributed by other methods. Is also good.

Referring to FIG. 14, distribution of encrypted content data using computer 140 will be described. A memory card 110 is detachable from the mobile phone 100, and a headphone 130 for playing music is connected. The mobile phone 100 is connected to the computer 140 via the communication cable 145.

The computer 140 has the hard disk 1
41, the controller 142, and the external interface 1
43. The hard disk 141 is connected to the controller 142 via the data bus BS5,
The controller 142 is a license protection module 143
including.

The hard disk 141 stores the encrypted content data distributed to the computer 140 via the Internet via the data bus BS5.
When a user of mobile phone 100 requests transmission of encrypted content data via communication cable 145 and external interface 143, controller 142 reads the encrypted content data from hard disk 141 and outputs the content to the outside via external interface 143. I do.

The external interface 143 is connected to the computer 1 via the communication cable 145 from the mobile phone 100.
The signal input to 40 is input to controller 142, and the signal from controller 142 is output to the outside.

The license protection module 144 corresponds to FIG.
Has the same configuration as the data processing unit 310 shown in FIG. 1, and transmits the encrypted content data to the memory card 110 attached to the mobile phone 100, as described above, the mobile phone 100 and the memory card 110, the public encryption key, While exchanging a session key and the like, the encrypted content data is protected and transmitted to the memory card 110.

[0202] Encrypted content data is distributed from the distribution server to computer 140 by Internet distribution, and encrypted content data is stored on hard disk 141 of computer 140 via data bus BS5.

When a user of portable telephone 100 inputs a transmission request from operation button section 1108, communication cable 14
5 and a transmission request is input to the controller 142 via the external interface 143. Controller 142
Receives the transmission request, transmits the requested encrypted content data to the hard disk 1 via the data bus BS5.
41 and input to the license protection module 144.

The license protection module 144 exchanges a public encryption key and a session key with the memory card 110 via the communication cable 145 as described above, and transmits the encrypted content data to the memory card 110.

After transmission, the user of portable telephone 100 reproduces the encrypted content data by the same method as described above.

The computer 140 does not need to receive the encrypted content data through the Internet distribution, and may store the encrypted content data on a CD-ROM.
CD-ROM with ROM connected to computer 140
It is mounted on a drive (not shown), reads out the encrypted content data from the CD-ROM, and
May be sent to Further, the encrypted content data recorded on the CD-ROM is temporarily
May be stored.

In FIG. 14, the computer 14
0 does not transmit the content key for decrypting the encrypted content data to the mobile phone 100. The content key is separately distributed to the mobile phone 100 via a mobile phone network or the like, at which time a copyright fee is charged.

[0208] Further, the computer 140 may generate encrypted content data and a license by CD ripping. Ripping means converting music data obtained from a music CD so that the music data can be reproduced by a music reproduction module. First, a license is generated for the acquired music data. Next, after converting the acquired music data into content data that can be reproduced by the music reproduction unit 1518, the music data is subjected to encryption that can be decrypted with the content key included in the generated license, and the encryption obtained by ripping is performed. The license for which the content data has been generated is managed so that it cannot be copied. Therefore, CD ripping, which is a primary copy from a music CD, is a legitimate act that protects copyright by encrypting content and adopting a configuration in which a license including a content key that is a decryption key cannot be copied.

When a CD is used, the encrypted content data and license acquired and generated from the music CD may be temporarily recorded on the hard disk 141 and then transmitted to the memory card 110, or may be transmitted to the hard disk 141. Instead, the data may be directly transmitted to the memory card 110.

As shown in FIG. 15, the encrypted content data is directly transferred from the memory card 110 to the computer 14.
0, and the encrypted content data may be recorded on the memory card 110. In this case, the computer 140
Of the license protection module 1
By 44, the encrypted content data is recorded directly on the memory card 110.

[0211] In FIG.
Acquires encrypted content data by the same method as that shown in FIG.

[0212] In the above description, the secret encryption key K
id and the public decryption key KPid are
D and the information input from the mobile phone 100, such as the telephone number of the mobile phone 100, are described as being generated asymmetrically. However, the present invention is not limited to this. It may be generated symmetrically based on information input from the mobile phone 100 such as the ID of the mobile phone 100 and the telephone number of the mobile phone 100.

As an embodiment, description has been given of content protection by transferring a license using encryption in recording or outputting a license in a memory card for recording a license including a encrypted content data and a license key which is a decryption key thereof. However, a similar effect can be obtained even if the recording or output of the content data is protected using encryption without using a license.

Further, the present invention can be applied not only to content data such as music data and image data, but also to data in general.

Further, the present invention is not limited to a memory card having a controller, but may be applied to other recording media such as a hard disk having a controller.

The embodiments disclosed this time are to be considered in all respects as illustrative and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description of the embodiments, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

[Brief description of the drawings]

FIG. 1 is a schematic diagram conceptually illustrating a data distribution system.

FIG. 2 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG.

FIG. 3 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG. 1;

4 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG. .

FIG. 5 is a schematic block diagram illustrating a configuration of a license server.

FIG. 6 is a block diagram showing a configuration of the mobile phone according to the embodiment.

FIG. 7 is a block diagram showing a configuration of a memory card according to an embodiment.

FIG. 8 is a first flowchart for explaining a distribution operation in the data distribution system shown in FIG. 1;

FIG. 9 is a second flowchart for explaining a distribution operation in the data distribution system shown in FIG. 1;

FIG. 10 is a flowchart illustrating generation of a pair of secret encryption key and public decryption key based on information input from a mobile phone.

FIG. 11 is a flowchart for describing a reproducing operation in the mobile phone according to the embodiment.

FIG. 12 is another second flowchart for explaining the distribution operation in the data distribution system shown in FIG. 1;

FIG. 13 is another flowchart for describing a reproducing operation in the mobile phone according to the embodiment.

FIG. 14 is a schematic diagram conceptually illustrating another data distribution system.

FIG. 15 is a schematic diagram conceptually illustrating still another data distribution system.

[Explanation of symbols]

10 license server, 20 distribution carrier, 30
Distribution server, 100 mobile phone, 110 memory card, 130 headphones, 140 computer, 1
41 hard disk, 142, 1106, 1420
Controller, 143, 1107 External interface, 144, 1450 License protection module, 1
45 communication cable, 302 charging database, 30
4 information database, 306 CRL database,
310 data processing unit, 312, 320, 1404, 1
408, 1412, 1422, 1504, 1510, 1
514, 1516 decryption processing unit, 315 distribution control unit,
316, 1418, 1508 Session key generator, 3
18,326,328,1406,1410,143
4,1506 Cryptographic processing unit, 350 Communication device, 110
2 antenna, 1104 transmission / reception section, 1108 operation button section, 1110 display, 1112 sound reproduction section, 1113, 1519 DA converter, 1114, 15
20, 1530 terminals, 1200 memory card interface, 1202 interface, 1402 Kmc
1 holding unit, 1414 KPma holding unit, 1415 memory, 1416 KPm1 holding unit, 1421 Km1 holding unit, 1440 license information holding unit, 1442, 14
44, 1446 changeover switch, 1400, 1500 authentication data holding unit, 1432 key generation module, 143
3 Kid holding unit, 1502 Kp1 holding unit, 1512
Key memory, 1518 music playback unit, 1521 switch, 1522 amplifier, 1550 music playback module.

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 7/167 Z (72) Inventor Yoshihiro Hori 2-5-5 Keihanhondori, Moriguchi City, Osaka Sanyo F-term (reference) in Denki Co., Ltd.

Claims (18)

[Claims] 1. A bus, an interface unit connected to the bus and exchanging data with the outside, a control unit connected to the bus, and an external unit connected to the bus and externally input according to an instruction from a user A key generation module that generates an encryption key based on the information to be encrypted and a decryption key that decrypts data encrypted by the encryption key; a key storage unit that is connected to the bus and stores the encryption key; An encryption unit that is connected to a bus and performs encryption with the encryption key held in the key holding unit; and a memory that is connected to the bus and records externally input data. A data recording device that records the encryption key generated by the key generation module in the key holding unit, and outputs the decryption key to the outside via the interface unit. 2. In response to an output request from a user, the control unit obtains the data from the memory and provides the data to the encryption unit, and the control unit encrypts the data with an encryption key held in the key holding unit. 2. The data recording apparatus according to claim 1, wherein the data is output to the outside via the interface unit. 3. The control unit records the data encrypted by the encryption key in the encryption unit in the memory when the data is input.
A data recording device according to claim 1. 4. The control unit according to claim 3, wherein, in response to an output request from a user, the control unit reads the data encrypted with the encryption key from the memory and outputs the data to the outside via the interface unit. Data recording device. 5. The control unit according to claim 1, wherein the control unit has an authentication unit for authenticating an output destination of the data, and outputs the data when the output destination is authenticated by the authentication unit. 5. The data recording device according to any one of 4. 6. A data recording apparatus for recording encrypted data obtained by encrypting data and a license key which is a decryption key for decrypting the encrypted data to obtain the data, comprising: a bus; An interface unit connected to a bus and communicating with the outside; a control unit connected to the bus; an encryption key connected to the bus and based on information externally input according to an instruction from a user; A key generation module for generating a decryption key for decrypting data encrypted by a key; a key storage unit connected to the bus for storing the encryption key; a key storage unit connected to the bus and stored in the key storage unit And a memory connected to the bus and recording the license key and encrypted data input from the outside. The control unit records the encryption key generated by the key generation module to the key holding unit, and outputs the decoding key to the outside through the interface unit, the data recording device. 7. In response to an output request from a user, the control unit acquires the license key from the memory and gives the license key to the encryption unit, and encrypts the license key with the encryption key held in the key holding unit. 7. The data recording apparatus according to claim 6, wherein the license key and the encrypted data obtained from the memory are output to the outside via the interface unit. 8. When a license key is input via the interface unit, the control unit records the license key encrypted by the encryption key in the encryption unit in the memory.
The data recording device according to claim 6. 9. In response to an output request from a user, the control unit reads the encrypted data and a license key encrypted by the encryption key from the memory, and outputs the license data to the outside via the interface unit. The data recording device according to claim 8. 10. The control unit according to claim 6, wherein the control unit includes an authentication unit that authenticates an output destination of the license key, and outputs the license key when the output unit is authenticated by the authentication unit. The data recording device according to claim 9. 11. The data recording device according to claim 1, wherein the encryption key is asymmetric with the decryption key. 12. A data record for recording data, generating a pair of encryption key and decryption key by external input, and outputting the data encrypted by the encryption key and the decryption key to the outside. A data reproducing apparatus for reproducing the data from a device, comprising: a bus; an input unit connected to the bus, for inputting information by a user; a control unit connected to the bus; and a control unit connected to the bus, An interface unit for exchanging data with the data recording device; a key memory connected to the bus for holding a decryption key generated in the data recording device; and a key memory connected to the bus and input from the data recording device. A decryption unit that decrypts the data encrypted by the encryption key using the decryption key from the key memory. The information input from the input unit is output to the data recording device via the interface unit, and, among the pair of encryption key and decryption key generated based on the information by the data recording device, the decryption key is transmitted to the interface. A data reproducing device, which is obtained through a unit and input to the key memory. 13. A data record for recording data, generating a pair of encryption key and decryption key by external input, and outputting the data encrypted by the encryption key and the decryption key to the outside. A data reproducing device that reproduces the data from the device, a bus, an input unit connected to the bus, and a user inputting an instruction; a control unit connected to the bus; and a control unit connected to the bus, An interface unit for exchanging data with the data recording device; a key memory connected to the bus and holding a decryption key generated in the data recording device; and a key memory connected to the bus and input from the data recording device. A decryption unit that decrypts the data encrypted with the encryption key using the decryption key from the key memory, wherein the control unit holds a device ID, The device ID is output to the data recording device via the interface unit according to a user instruction from the input unit, and the data recording device generates a pair of encryption key and decryption key based on the device ID, A data reproduction device, which acquires the decryption key via the interface unit and inputs the decryption key to the key memory. 14. The control unit records data received from a data supply device via a mobile phone or a simple mobile phone network in the memory, holds a telephone number, and in accordance with a user instruction from the input unit. The telephone number is output to the data recording device via the interface unit, and the decryption key of the pair of encryption key and decryption key generated based on the telephone number by the data recording device is transmitted through the interface unit. 14. The data reproducing apparatus according to claim 13, wherein the data is obtained and input to the key memory. 15. Encrypted data obtained by encrypting data,
A license key which is a decryption key for decrypting the encrypted data to obtain the data is recorded, a pair of encryption keys and a decryption key are generated by an external input, and encrypted by the encryption key. A data reproducing device that reproduces the data from a data recording device that outputs the license key and the decryption key to the outside, a bus, an input unit connected to the bus, and a user inputting information, A control unit connected to a bus; an interface unit connected to the bus for exchanging data with the data recording device; a key memory connected to the bus and holding a decryption key generated in the data recording device And a license key connected to the bus and encrypted by the encryption key input from the data recording device.
A first decryption unit for decrypting with the decryption key from the key memory, a license key connected to the bus and decrypting the encrypted data input from the data recording device in the first decryption unit; A second decoding unit that decodes the data decoded by the second decoding unit; and a reproduction unit that reproduces data decoded by the second decoding unit. The control unit transmits information input from the input unit by a user to the interface unit. Via the interface unit, and among the pair of encryption key and decryption key generated by the data recording device based on the information, the decryption key is obtained and input to the key memory. Data reproducing device. 16. Encrypted data obtained by encrypting data,
A license key which is a decryption key for decrypting the encrypted data to obtain the data is recorded, a pair of encryption keys and a decryption key are generated by an external input, and encrypted by the encryption key. A data reproducing device that reproduces the data from a data recording device that outputs the license key and the decryption key to an external device, comprising: a bus; an input unit connected to the bus, the user inputting an instruction; A control unit connected to a bus; an interface unit connected to the bus for exchanging data with the data recording device; a key memory connected to the bus and holding a decryption key generated in the data recording device And a license key connected to the bus and encrypted by the encryption key input from the data recording device.
A first decryption unit for decrypting with the decryption key from the key memory, a license key connected to the bus and decrypting the encrypted data input from the data recording device in the first decryption unit; A decoding unit that decodes the data decoded by the second decoding unit; and a reproduction unit that reproduces the data decoded by the second decoding unit. The control unit holds a device ID, and in accordance with a user instruction from the input unit. The device ID is output to the data recording device via the interface unit, and among the pair of encryption key and decryption key generated by the data recording device based on the device ID, the decryption key is transmitted via the interface unit. A data reproducing device for acquiring the data and inputting the data to the key memory. 17. The control unit records data received from a data supply device via a mobile phone or a simple mobile phone network in the memory, holds a telephone number, and receives a user instruction from the input unit. The telephone number is output to the data recording device via the interface unit, and the decryption key of the pair of encryption key and decryption key generated based on the telephone number by the data recording device is transmitted through the interface unit. 17. The data reproducing apparatus according to claim 16, wherein the data is obtained and input to the key memory. 18. The data reproducing apparatus according to claim 12, wherein the encryption key is asymmetric with the decryption key.