JP2003158514A - Digital copyright protection system, recording medium device, transmitting device, and reproducing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a digital work protection system that makes hacking difficult without increasing the size of the computer program and without slowing down the performance of the computer. SOLUTION: A server apparatus encrypts contents on the basis of a distraction key, and transmits the encrypted contents to a PC via a network. The PC, to which a memory card is connected, outputs the received encrypted contents to the memory card. The memory card decrypts the encrypted contents using the distribution key, converts the data format of the decrypted contents, encrypts the contents using a medium unique key that is unique to the memory card, and records the resulting re-encrypted contents internally. A playback apparatus decrypts the re-encrypted contents using the medium unique key, and plays back the decrypted contents.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technology for realizing copyright protection of digital works, and more particularly to a technology for protecting copyrights in reproduction and recording of digital works.

[0002]

2. Description of the Related Art In recent years, digital works such as digitized documents, music, videos, programs, etc. are distributed via networks such as the Internet, and users can easily access various digital works via the network. Then, it can be taken out, recorded on a recording medium, and reproduced.

However, although there is an advantage that a digital work can be easily copied in this way, there is a problem that the copyright of the author is easily infringed. As a countermeasure, for example, the conventional electronic music distribution system is as follows. (1) The content providing server stores encrypted content, a title key used for encrypting the content, and usage condition data of the content. Here, the encrypted content is content such as music encrypted with the title key unique to each content. Further, the title key and the usage rule data corresponding to the content transmitted in response to the request from the user are encrypted with the user unique key unique to the user to generate the encrypted title key and the encrypted usage rule data. .

The personal computer of the user acquires and stores the encrypted content, the encrypted title key, and the encrypted use condition data from the content providing server connected via the network according to the user's instruction. (2) The personal computer stores the user unique key in advance. In addition, the recording medium for recording the content,
It is installed on the personal computer by the user. The recording medium stores a medium unique key unique to each recording medium in advance.

The personal computer stores the encrypted title key and the encrypted usage condition data stored therein according to the user's instruction.
Decryption is performed using the user unique key to temporarily generate a decryption title key and decryption use condition data. Next, the personal computer securely reads the medium unique key from the attached recording medium, encrypts the decrypted title key and the decryption use condition data using the read medium unique key, and re-encrypts the title key and the re-encrypted title key. The encrypted usage condition data is generated, and the encrypted content, the re-encrypted title key, and the re-encrypted usage condition data are recorded in the recording medium. When the recording on the recording medium is completed, the personal computer deletes the temporarily generated decrypted title key and decrypted use condition data.

(3) The user extracts the recording medium from the personal computer and mounts the extracted recording medium on the reproducing apparatus.
The playback device securely reads the medium unique key from the recording medium, and reads the encrypted content, the re-encrypted title key, and the re-encrypted usage condition data. Next, the playback device decrypts the re-encrypted title key and the re-encrypted usage condition data by using the read medium unique key to generate the title key and usage condition data. Next, the playback device decrypts the encrypted content using the generated title key to generate content, and plays back the generated content within the range permitted by the generated usage rule data.

[0007]

However, in such a system, since the encrypted title key is once decrypted on the personal computer and then re-encrypted (hereinafter referred to as encryption conversion), it is temporarily stored on the personal computer. The decrypted title key is generated and stored in. For this reason, it is technically possible for a malicious user to know the title key that was temporarily generated on the personal computer, and using the title key obtained illegally in this way, the encrypted content can be illegally decrypted. There is a problem that it can be done (hereinafter, such an action is called hacking).

In order to solve such a problem, conventionally, a computer program in a personal computer is made to include an originally unnecessary instruction or a branch instruction in advance to make hacking difficult. However, there are problems that the program is increased and the speed performance is deteriorated. SUMMARY OF THE INVENTION In order to solve the above-described problems, the present invention makes it possible to prevent hacking as described above without increasing the amount of programs and decreasing the speed performance, and a digital work protection system and a recording medium device. , A transmitting device and a reproducing device are provided.

[0009]

In order to achieve the above object, the present invention writes a digital work transmitted from a transmitting device to a portable recording medium device via a receiving device and uses a reproducing device. A digital copyright protection system for reproducing, wherein the digital copyright protection system encrypts original content that is a digital copyright based on a distribution encryption key to generate first encrypted information, and the generated first encryption The transmitting device transmitting the encrypted information via a network, wherein the recording medium device is attached to the receiving device, and the digital copyright protection system further includes the first encrypted information via the network. Having a tamper resistance, a receiving device for receiving the first encrypted information and outputting the received first encrypted information to the recording medium device, an information storage area for storing the information, And a said recording medium device and a tamper module unit, wherein the tamper resistant module unit,
The output first encrypted information is acquired, the first encrypted information is decrypted based on a distribution decryption key to generate intermediate information, and the intermediate is generated based on a medium unique key unique to the recording medium device. Information is encrypted to generate second encrypted information, and the generated second encrypted information is written to the information storage area, wherein the recording medium device in which the second encrypted information is written is the playback device. Mounted on the digital copyright protection system, the digital copyright protection system is further installed in the second storage area.
It includes the reproducing device which reads out the encrypted information, securely reads out the medium unique key, decrypts the second encrypted information based on the medium unique key to generate decrypted content, and reproduces the generated decrypted content. It is characterized by

Here, the transmitting device stores in advance the original content and the original content key unique to the original content, acquires the delivery encryption key used for delivering the digital copyrighted material, and Using the original content key,
Encrypt the original content to generate encrypted content,
The original encrypted content key is encrypted using the acquired distribution encryption key to generate a first encrypted content key, and the first encrypted information including the generated encrypted content and the first encrypted content key And the receiving device receives the first encrypted information including the encrypted content and the first encrypted content key, and outputs the received encrypted content and the first encrypted content key. ,
The tamper resistant module unit stores in advance a distribution decryption key and a medium unique key unique to the recording medium device, and the first encryption including the output encrypted content and the first encrypted content key. Obtaining information, using the distribution decryption key to decrypt the first encrypted content key to generate an intermediate content key, and using the medium unique key,
The generated intermediate content key is encrypted to generate a second encrypted content key, and the second encrypted information including the acquired encrypted content and the generated second encrypted content key is written and reproduced. The apparatus securely acquires the medium unique key from the recording medium apparatus, reads the second encrypted information including the encrypted content and the second encrypted content key from the information storage area, and acquires the second encrypted information. Decrypting the second encrypted content key using the medium unique key to generate a decrypted content key,
The generated decrypted content key may be used to decrypt the read encrypted content to generate decrypted content.

The present invention also relates to a transmitting device for transmitting a digital work, a receiving device for recording the digital work received via a network in a portable recording medium device, and a recording device recorded in the recording medium device. A digital literary protection system including a reproducing device for reproducing the digital literary work and the recording medium device, wherein the transmitting device is an original content that is a digital literary work and an original content unique to the original content. A storage unit that stores a content key in advance, a distribution encryption key acquisition unit that acquires a distribution encryption key used for distribution of a digital work, and an original content key that is used to encrypt the original content. Encryption for generating encrypted content and encrypting the original content key using the acquired distribution encryption key to generate a first encrypted content key And stage, the encrypted content and the first encrypted content key via a network,
Transmitting means for transmitting, wherein the recording medium device is attached to the receiving device, and the receiving device receives the encrypted content and the first encrypted content key via a network; An information storage unit that includes an output unit that outputs the received encrypted content and the first encrypted content key, the recording medium device having an area for storing information; A tamper resistant module means having, wherein the tamper resistant module means, a key storage unit that stores in advance a distribution decryption key and a medium unique key unique to the recording medium device;
An acquisition unit that acquires the output encrypted content and the first encrypted content key, and a decryption unit that decrypts the first encrypted content key using the distribution decryption key to generate an intermediate content key. , Using the medium unique key,
An encryption unit that encrypts the generated intermediate content key to generate a second encrypted content key, and a writing unit that writes the acquired encrypted content and the generated second encrypted content key to the information storage unit. Wherein the recording medium device in which the encrypted content and the second encrypted content key are written is attached to the reproducing device, and the reproducing device retrieves the medium unique key from the key storage unit. Key acquisition means for securely acquiring, reading means for reading the encrypted content and the second encrypted content key from the information storage means, and the second encryption read by using the acquired medium unique key A content key decryption unit that decrypts a content key to generate a decrypted content key, and the encrypted content key that is read using the generated decrypted content key. Characterized in that it comprises a content decryption means for generating a decrypted content by decrypting the encrypted content, and reproducing means for reproducing the generated decrypted content.

The present invention is also a transmitting device for transmitting a digital work via a network, wherein the digital work is written in a portable recording medium device via a receiving device, and the transmitting device is used. Is a storage unit that stores in advance the original content that is a digital work and an original content key that is unique to the original content; And the original content key is used to encrypt the original content to generate encrypted content, and the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key. It is characterized by comprising an encryption means and a transmission means for transmitting the encrypted content and the first encrypted content key via a network.

Here, the storage means further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and the encryption means is Further, the distribution encryption key is used to encrypt the original use condition key to generate a first encrypted use condition key, and the original use condition key is used to encrypt the use condition information to generate a first encrypted use condition key. The encrypted usage condition information may be generated, and the transmission unit may be configured to further transmit the first encrypted usage condition key and the first encrypted usage condition information via a network.

Here, the distribution encryption key acquisition means acquires the distribution encryption key which is a public key generated by using a public key generation algorithm, and the encryption means acquires the distribution encryption key which is a public key. The public key cryptographic algorithm may be used to perform encryption. Here, the transmission device further exposes the revoke list means having an area for recording an invalid distribution encryption key and the distribution decryption key based on the generation of the distribution encryption key which is a public key. In this case, the distribution device further includes a registration unit that writes the distribution encryption key in the revocation list unit, wherein the transmission device newly transmits the content that is a digital work,
The distribution key acquisition unit newly acquires a distribution encryption key, determines whether the acquired distribution encryption key is written in the revoke list unit, and when it determines that the distribution encryption key is written, the distribution key acquisition unit The means may be prohibited from being encrypted, and the transmitting means may be prohibited from transmitting.

Here, the storage means further stores use condition information indicating a use condition of the digital work, and the transmission means further reads out and reads out the use condition information from the storage means. A hash value is generated by applying a hash algorithm to the usage condition information,
The generated hash value and the read usage condition information,
It may be configured to transmit securely via the network.

Here, the transmission device further includes an authentication means for mutually authenticating the legitimacy of the device with the recording medium device, and the distribution encryption key acquisition means is provided when the authentication is successful. Only, the delivery encryption key is acquired from the recording medium device, the encryption unit encrypts only when the authentication is successful, and the transmission unit transmits only when the authentication is successful. You may comprise.

Here, the transmitting device further includes update information storage means for storing in advance update information for updating the tamper resistant module portion provided in the recording medium device,
The update information may be read from the update information storage unit, and the read update information may be transmitted to the recording medium device via the network and the receiving device.

Here, the transmitting device further reads the update information from the update information storage means, applies a hash algorithm to the read update information to generate a hash value, and receives the generated hash value on a network and a receiving side. It may be configured to include a hash means for securely transmitting to the recording medium device via the device. here,
The update information stored in the update information storage means is an encryption method, a decryption method, or the like included in the tamper resistant module unit.
Alternatively, the update information transmitting means includes information for updating the data conversion method from the distribution data format to the recording data format, and the update information transmitting means is an encryption method provided in the tamper resistant module unit,
The update information including information for updating the decoding method or the data conversion method from the distribution data format to the recording data format may be read and the read update information may be transmitted.

Further, the present invention is a portable recording medium device for recording a digital work transmitted from a transmitting device via the receiving device, wherein the recording medium device is mounted on the receiving device. The transmitting device encrypts the original content, which is a digital work, based on the distribution encryption key, and
The encrypted information is generated, the generated first encrypted information is transmitted to the receiving device via a network, and the recording medium device includes an information storage unit having an area for storing the information, and a tamper resistant device. Tamper resistant module means having a property, the tamper resistant module means, via the receiving device, a key storage unit that stores in advance a distribution decryption key and a medium unique key unique to the recording medium device, An acquisition unit that acquires the transmitted first encrypted information, a decryption unit that decrypts the first encrypted information based on the distribution decryption key to generate intermediate information, and the decryption unit based on the medium unique key. An encryption unit that encrypts the intermediate information and generates second encrypted information;
And a writing unit that writes the generated second encrypted information in the information storage unit.

Here, the transmission device stores in advance the original content and an original content key unique to the original content, acquires a delivery encryption key used for delivering a digital copyrighted material, and obtains the original content key. The content key is used to encrypt the original content to generate encrypted content, the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key, and the generated encryption is generated. The first encryption information including the encrypted content and the first encrypted content key is transmitted, and the acquisition unit outputs the first encrypted information including the output encrypted content and the first encrypted content key. The decryption unit obtains the decrypted first encrypted content key included in the first encrypted information by using the distribution decryption key to generate an intermediate content key, The intermediate information including the encrypted content included in the encrypted information and the generated intermediate content key is generated, and the encryption unit uses the medium unique key to generate the intermediate content key included in the intermediate information. To generate a second encrypted content key, generate the second encrypted information including the encrypted content included in the intermediate information and the generated second encrypted content key, and write the writing unit. May write the second encrypted information including the encrypted content and the second encrypted content key.

Here, the transmitting device further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and stores the distribution encryption key. Using the original usage rule key to generate a first encrypted usage rule key, and using the original usage rule key to encrypt the usage rule information to generate first encrypted usage rule information. , The first encrypted use condition key and the first encrypted use condition information are transmitted to the reception device via a network, and the acquisition unit further receives the first encryption via the reception device. An encrypted usage rule key and the first encrypted usage rule information, and the decryption unit further decrypts the first encrypted usage rule key using the delivery decryption key to generate an intermediate usage rule key. Then, using the generated intermediate use condition key, The first encrypted use condition information is decrypted to generate intermediate use condition information, and the encryption unit further uses the medium unique key to encrypt the intermediate use condition information to perform second encryption. The writing unit may generate the usage condition information and further write the generated second encrypted usage condition information in the information storage unit.

Here, the transmission device further acquires the distribution encryption key, which is a public key generated using a public key generation algorithm based on a distribution decryption key which is a secret key, and uses the public key as a public key. The distribution key may be encrypted by a public key encryption algorithm, and the decryption unit may be configured to decrypt the distribution decryption key by a public key decryption algorithm.

Here, the tamper resistant module means is
Further, it includes a conversion unit that converts the intermediate information that is the distribution data format generated by the decryption unit to generate recording intermediate information in a recording data format, and the encryption unit, instead of the intermediate information, The recording intermediate information may be encrypted. Here, the transmitting device pre-stores update information for updating the tamper resistant module means included in the recording medium device, reads the update information, and reads the read update information from a network and a receiving device. To the recording medium device, and the tamper resistant module means includes a microprocessor and a semiconductor memory that records a computer program, and the microprocessor operates in accordance with the computer program, whereby The component included in the tamper module means operates, the acquisition unit acquires the update information via the receiving device, the tamper resistant module means further uses the acquired update information, The computer program is updated so that the tamper resistant module It may be configured to include an update unit components are updated contained.

Here, the transmitting device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and uses the generated first hash value in the network and the receiving device. Through,
The secure transmission to the recording medium device, the tamper resistant module further applies a hash algorithm to the acquired update information to generate a second hash value, and the acquired first hash value. A comparison determination unit that determines whether or not the generated second hash value matches, and the update unit is configured to update only when the comparison determination unit determines that they match. Good.

Here, the update information stored in the transmission device is used to update the encryption system, the decryption system, or the data conversion system from the distribution data format to the recording data format provided in the tamper resistant module means. Including the information, the update information is transmitted, the acquisition unit acquires the update information for updating an encryption method, a decryption method, or a data conversion method via the receiving device, and the update unit is The computer program may be updated using the acquired update information, and thereby the encryption unit, the decryption unit, or the conversion unit included in the tamper-resistant module means may be updated.

Here, the transmitting device further stores use condition information indicating a use condition of the digital work, reads the use condition information, and applies a hash algorithm to the read use condition information. A first hash value is generated, the generated first hash value and the read usage condition information are securely transmitted via a network, and the acquisition unit further receives the reception device via the receiving device.
A hash unit that acquires the transmitted first hash value and the usage condition information, and the tamper resistant module further applies the hash algorithm to the acquired usage condition information to generate a second hash value. In the case where the comparison determination unit determines that the acquired first hash value and the generated second hash value match, the encryption unit determines that they match. May be encrypted, and the writing unit may be configured to write only when the comparison and determination unit determines that they match.

Here, the transmitting device further authenticates the legitimacy of the device with the recording medium device, and only when the authentication is successful, the distribution encryption key is transmitted from the recording medium device. When the tamper resistant module means acquires, encrypts and transmits, the tamper resistant module means further includes an authenticating means for mutually authenticating the legitimacy of the device with the transmitting device, and the acquiring part, when the authentication is successful. Only, the decryption unit decrypts only when the authentication is successful, and the encryption unit encrypts only when the authentication is successful,
The writing unit may be configured to write only when the authentication is successful.

Here, the recording medium device is mounted on a reproducing device, the reproducing device reads information from the information storing means, and the tamper resistant module means further comprises:
It may be configured to include an authentication unit that mutually authenticates the legitimacy of the device with the reproduction device and permits the reproduction device to read information only when the authentication is successful.

Here, the decoding unit is provided with a plurality of decoding methods in advance, and decoding is performed using one decoding method selected from the plurality of decoding methods. Here, the selected decoding method is Alternatively, it may be configured to perform the reverse conversion of the encryption method used in the transmitting device. In addition, the encryption unit may be provided with a plurality of encryption methods in advance, and may be configured to perform encryption using one encryption method selected from the plurality of encryption methods.

Here, the key storage unit stores a plurality of delivery decryption key candidates, and one delivery decryption key candidate is selected as the delivery decryption key from the plurality of delivery decryption key candidates. The decryption unit may be configured to use the selected delivery decryption key. Here, the tamper resistant module means may be configured to realize tamper resistance by software, hardware, or a combination of software and hardware.

Further, the present invention is a reproducing apparatus for reproducing a digital copyrighted material transmitted from a transmitting apparatus via a network and a receiving apparatus and written in a portable recording medium apparatus, wherein the recording medium apparatus is Mounted on the receiver,
The transmitting device encrypts original content that is a digital work based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information to the receiving device via a network, The recording medium device includes an information storage area for storing information, and a tamper resistant module unit having tamper resistance, and the tamper resistant module unit transmits the first cipher transmitted via the receiving device. Encrypted information, decrypts the first encrypted information based on a distribution decryption key to generate intermediate information, and encrypts the intermediate information based on a medium unique key unique to the recording medium device to generate a second information.
Generating encrypted information, writing the generated second encrypted information in the information storage area, wherein the recording medium device in which the second encrypted information is written is attached to the reproducing device, and the reproducing device Is a key acquisition unit that securely acquires the medium unique key from the recording medium device, a reading unit that reads the second encrypted information from the information storage area, and a read based on the acquired medium unique key. The second
It is characterized in that it is provided with a decryption means for decrypting the encryption to generate decrypted content and a reproducing means for reproducing the decrypted content thus generated.

Here, the transmitting device prestores the original content and the original content key unique to the original content, acquires the delivery encryption key used for delivering the digital copyrighted material, and stores the original content key. The content key is used to encrypt the original content to generate encrypted content, the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key, and the generated encryption is generated. The first encrypted information including the encrypted content and the first encrypted content key is transmitted, and the tamper resistant module stores in advance the delivery decryption key and the medium unique key unique to the recording medium device. , The first including the output encrypted content and the first encrypted content key
Obtaining encryption information, using the distribution decryption key to decrypt the first encrypted content key to generate an intermediate content key, and using the medium unique key to encrypt the generated intermediate content key. To generate a second encrypted content key, obtain the encrypted content, and generate the second encrypted content key.
Writing the second encrypted information including an encrypted content key, the reading means reads the second encrypted information including the encrypted content and the second encrypted content key, and the decrypting means, The read medium is used to decrypt the read second encrypted content key to generate a decrypted content key, and the decrypted content key is used to decrypt the read encrypted content. It may be configured to generate decrypted content.

Here, the transmitting device further stores use condition information indicating a use condition of the digital work, and an original use condition key unique to the use condition information, and stores the distribution encryption key. Using the original usage rule key to generate a first encrypted usage rule key, and using the original usage rule key to encrypt the usage rule information to generate first encrypted usage rule information. The first encrypted use condition key and the first encrypted use condition information are transmitted to the reception device via a network, and the recording medium device further transmits the first encrypted use condition key to the reception device via the reception device. An encrypted usage rule key and the first encrypted usage rule information are acquired, the distribution key is used to decrypt the first encrypted usage rule key to generate an intermediate usage rule key, and the generated intermediate Using the condition key,
Decrypt the first encrypted usage rule information to generate intermediate usage rule information, encrypt the intermediate usage rule information using the medium unique key to generate second encrypted usage rule information, and generate The read second encryption use condition information is written in the information storage area, the reading unit further reads the second encrypted use condition information from the information storage area, and the decryption unit further writes the medium unique key. Based on the above, the read second encrypted use condition information is decrypted to generate decryption use condition information, and the reproducing means further determines whether or not the decrypted content can be reproduced based on the generated decryption use condition information. The generated decrypted content may be played back only when it is determined that the content is playable.

Here, the use condition information includes information that limits the number of times the decrypted content is played back, information that limits the playback period of the decrypted content, or information that limits the cumulative playback time of the decrypted content. The reproducing means may be configured to judge whether or not the decrypted content can be reproduced based on the information that limits the number of times of reproduction, the information that limits the reproduction period, or the information that controls the accumulated reproduction time.

Here, the reproducing apparatus further includes an authenticating means for mutually authenticating the legitimacy of the apparatus with the recording medium apparatus, and the key acquiring means is provided only when the authentication is successful. The reading means may be configured to read out only when the authentication is successful.

[0036]

BEST MODE FOR CARRYING OUT THE INVENTION 1. First Embodiment A digital copyright protection system 100 as an embodiment according to the present invention will be described. As shown in FIG. 1, the digital copyright protection system 100 includes a content distribution server device 200 and a personal computer (PC) 3.
00, a portable memory card 400, and a headphone stereo 500, and the PC 300 is a content distribution server device 2 via the Internet 10.
Connected to 00.

The user inserts the memory card 400 into the PC 30.
Attach it to 0. The PC 300 acquires the encrypted content from the content distribution server device 200 according to a user's instruction, and acquires the acquired encrypted content from the memory card 4.
Write to 00. Next, the user removes the memory card 400 from the PC 300, and removes the removed memory card 4
00 is attached to the headphone stereo 500. The headphone stereo 500 decrypts the encrypted content recorded in the memory card 400 to generate content,
The generated content is reproduced and output to the headphones 700.

In this way, the user can enjoy the reproduced content. 1.1 Configuration of Content Delivery Server Device 200 The content delivery server device 200 includes a content storage unit 201 and a delivery data storage unit 20 as shown in FIG.
2, a first authentication unit 211, a distribution public key acquisition unit 212, an ellipse encryption unit 214, a DES encryption unit 215, and a DES encryption unit 250.

The content distribution server device 200 is specifically a computer system including a microprocessor, ROM, RAM, hard disk unit, LAN connection unit, display unit, keyboard, mouse and the like. A computer program is stored in the RAM or the hard disk unit. The content delivery server device 200 achieves its function by the microprocessor operating in accordance with the computer program.

(1) Content Storage Unit 201 The content storage unit 201 is specifically composed of a hard disk unit, and stores in advance the content 600, which is a digital work such as music, movies, electronic books, and game programs. There is. (2) Distribution data storage unit 202 The distribution data storage unit 202 is specifically configured by a hard disk unit, and stores a title key, a usage condition key, and usage condition data in this order in advance as shown in FIG. The title key, the usage rule key, and the usage rule data correspond to the content 600 stored in the content storage unit 201.

The title key is a random number randomly generated for each content and has a length of 56 bits. The usage rule key is a random number randomly generated for each usage rule and has a length of 56 bits. The usage condition data includes reproduction count information, reproduction period information, and reproduction accumulated time information.

The reproduction number information has a 16-bit length, and limits the total number of times that the content stored corresponding to the use condition data can be reproduced to the user. For example, if the reproduction count information is “1
When it is “0”, the user is permitted to reproduce the content up to 10 times. When "FFFF" (hexadecimal number) is designated as the reproduction count information, it indicates that the reproduction can be performed without limitation.

The reproduction period information has a length of 64 bits and limits the period during which the content stored in association with the use condition data can be reproduced to the user. It is composed of a reproduction permission start date and time indicating a start date and time and a reproduction permission end date and time indicating an end date and time of the reproduction period. The user is permitted to play the content only within a period from the playback permission start date and time to the playback permission end date and time. Within this period, the user can reproduce the content any number of times.

Here, when both the reproduction period information and the reproduction number information are specified, the content cannot be reproduced after the permitted period ends or after the reproduction number is reproduced. I shall. The reproduction accumulated time information limits the accumulated value of the time during which the content stored in association with the use condition data can be reproduced for the user. For example, when the reproduction accumulated time information is “10 hours”, the user is permitted to reproduce the content if the accumulated value of the reproduction times of the content is within 10 hours. If it exceeds 10 hours, reproduction is prohibited.

It should be noted that the usage condition data is reproduction number information,
The reproduction condition information and the accumulated reproduction time information are supposed to be included, but the usage condition data is composed of any of the reproduction number information, the reproduction period information and the accumulated reproduction time information, or a combination of any two of them, or any one of them. It may be done. (3) First Authentication Unit 211 The first authentication unit 211 is connected to the Internet 10 and PC 30.
The first authentication unit 4 included in the memory card 400 via 0
11 (described later), mutual challenge-response type device authentication is performed. Specifically, the first authentication unit 21
1 authenticates the first authentication unit 411. Next, the first authentication unit 211 receives the authentication by the first authentication unit 411. Mutual device authentication is considered successful only if both are successful. Note that challenge-response type device authentication is publicly known, and a description thereof will be omitted.

When the authentication of both parties is successful, the first authenticating section 211 outputs the authentication success information indicating the successful authentication to the distribution public key acquiring section 212, the ellipse encrypting section 214 and the DES encrypting section 215. . When the authentication fails, the first authenticating unit 211 stops the subsequent processing. Therefore, the content stored in the content distribution server device 200 is not output to the memory card 400.

(4) Distribution Public Key Acquisition Unit 212 The distribution public key acquisition unit 212 receives the authentication success information from the first authentication unit 211. Upon receiving the authentication success information, the distribution public key acquisition unit 212 determines that the Internet 10 and the PC 3
The secure distribution public key is received from the distribution public key storage unit 412 (described later) included in the memory card 400 via 00, and the received distribution public key is elliptical encryption unit 214.
Output to.

(5) Elliptical encryption section 214 The elliptic encryption section 214 receives the authentication success information from the first authentication section 211. Upon receiving the authentication success information, the elliptic encryption unit 214 receives the distribution public key from the distribution public key acquisition unit 212 and reads the title key and the usage rule key from the distribution data storage unit 202. Next, the ellipse encryption unit 214
Using the received distribution public key as a key, the combined information obtained by combining the title key and the condition-of-use key is subjected to the encryption algorithm E1 by the elliptic encryption method to generate encrypted combined information, and the generated encrypted The combined information is output to the ellipse decoding unit 414 (described later) included in the memory card 400 via the Internet 10 and the PC 300.

For the elliptic code, Douglas
R. It is described in detail in "Basics of Cryptography" by Sinson (Kyoritsu Shuppan Co., Ltd., 1996). Further, in FIG. 2, each block is connected to another block by a connecting line. Here, each connection line indicates a path through which a signal or information is transmitted. Elliptical encryption unit 21
Of the plurality of connection lines connected to the block showing 4,
A key mark on the connection line indicates a path through which information as a key is transmitted to the ellipse encryption unit 214. The same applies to the block showing the DES encryption unit 215. The same applies to other drawings.

(6) DES Encryption Unit 215 The DES encryption unit 215 receives the authentication success information from the first authentication unit 211. When the authentication success information is received, DES
The encryption unit 215 reads the use condition key and the use condition data from the distribution data storage unit 202. Next, the DES encryption unit 215 uses the read usage rule key as a key to add DES (Da) to the read usage rule data.
The encryption use condition data is generated by performing the encryption algorithm E2 according to the ta encryption standard), and the generated encrypted use condition data is transmitted to the DES decryption unit 415 (described later) included in the memory card 400 via the Internet 10 and the PC 300. Output.

(7) DES Encryption Unit 250 The DES encryption unit 250 reads the title key from the distribution data storage unit 202 and the content 600 from the content storage unit 201. Next, the DES encryption unit 25
0 uses the read title key as a key to apply the encryption algorithm E3 by DES to the read content to generate encrypted content, and the generated encrypted content is used for the Internet 10 and the PC 300.
Through the information storage unit 43 of the memory card 400
Write to a first storage area 432 (described later) in 0 (described later).

1.2 Structure of PC 300 As shown in FIG. 4, the PC 300 includes a microprocessor 301, a memory unit 302 such as a ROM, a RAM, a hard disk unit, and an input unit 3 such as a keyboard and a mouse.
03, a display unit 304 such as a display unit, a communication unit 305 for communicating with the outside via the Internet 10, a memory card connection unit 306 for connecting to the memory card 400, and the like. . A computer program is stored in the memory unit 302. The microprocessor 30
1 operates according to the computer program, the PC 300 achieves its function.

1.3 Structure of Memory Card 400 As shown in FIG. 3, the memory card 400 is composed of a tamper resistant module 410 and an information storage unit 430 that cannot be read / written from the outside. The tamper resistant module unit 410 includes a first authentication unit 411 and a distribution public key storage unit 41.
2, distribution private key storage unit 413, elliptic decryption unit 414, DE
The S decryption unit 415, the conversion unit 416, the second authentication unit 417, the recording medium key storage unit 418, the DES encryption unit 419, the distribution data storage unit 423, and the recording data storage unit 422. 1 storage area 432 and second
The storage area 431 is included. Here, it is assumed that the tamper resistant module unit 410 is specifically configured by tamper resistant hardware. In addition, the tamper resistant module unit 410 includes tamper resistant software,
Alternatively, the tamper resistant hardware and the tamper resistant software may be combined.

The tamper resistant module 410 is specifically composed of a microprocessor, a ROM, a RAM, etc., and a computer program is stored in the RAM. The tamper resistant module unit 410 device achieves its function by the microprocessor operating according to the computer program.

(1) Distribution Secret Key Storage Unit 413 The distribution secret key storage unit 413 stores the distribution secret key in advance. The distribution secret key is 160-bit length data. (2) Distribution public key storage unit 412 The distribution public key storage unit 412 stores a distribution public key in advance. The distribution public key is data having a length of 320 bits. The distribution public key is generated based on the distribution secret key stored in the distribution secret key storage unit 413 using a public key generation algorithm based on the elliptic encryption method.

The distribution public key storage unit 412 is the first authentication unit 4
The authentication success information is received from 11. Upon receiving the authentication success information, the distribution public key storage unit 412 reads out and reads out the distribution public key stored therein in response to the request from the distribution public key acquisition unit 212 included in the content distribution server device 200. The distribution public key is transmitted via the PC 300 and the Internet 10 to the content distribution server device 20.
Output to 0.

(3) Recording Medium Key Storage Unit 418 The recording medium key storage unit 418 is the memory card 4 in advance.
00 stores a unique recording medium key. The recording medium key is 56-bit length data. (4) Distribution Data Storage Unit 423 The distribution data storage unit 423 has an area for storing the title key, the usage condition key and the usage condition data.

(5) Recording Data Storage Unit 422 The recording data storage unit 422 has an area for storing a title key and usage condition data. The data format of the title key and the usage rule data recorded in the recorded data storage unit 422 is as shown in FIG. 7, and the title key and the usage rule data are arranged in this order.

(6) First Storage Area 432 The first storage area 432 has an area for storing encrypted content. The first storage area 432 is provided from the content distribution server device 200 to the Internet 10
And receives the encrypted content via the PC 300 and stores the received encrypted content.

(7) Second Storage Area 431 The second storage area 431 has an area for storing the re-encrypted title key and the re-encrypted usage condition data.
The second storage area 431 receives authentication success information indicating success of authentication from the second authentication unit 417. Upon receiving the authentication success information, the second storage area 431 reads out and outputs the re-encrypted title key and the re-encrypted usage condition data.

(8) First Authentication Unit 411 The first authentication unit 411 is the PC 300 and the Internet 1.
Challenge-response type mutual device authentication is performed with the first authentication unit 211 included in the content distribution server device 200 via 0. Specifically, the first authentication unit 4
11 is authenticated by the first authentication unit 211. next,
The first authentication unit 411 authenticates the first authentication unit 211. Mutual device authentication is considered successful only if both are successful. Note that challenge-response type device authentication is publicly known, and a description thereof will be omitted.

When the authentication of both is successful, the first authenticating section 411 outputs the authentication success information indicating the successful authentication to the distribution public key storage section 412. When the authentication has failed, the first authenticating unit 411 stops the subsequent processing. Therefore, the content distribution server device 200 causes the memory card 4 to
Various information is not written to 00.

(9) Elliptic Decoding Unit 414 The elliptic decoding unit 414 is used for the content distribution server device 20.
From 0, via the Internet 10 and PC 300,
Receive encrypted binding information. Upon receiving the encrypted combined information, the elliptic decryption unit 414 reads the distribution private key from the distribution private key storage unit 413 and uses the read distribution private key as a key to decrypt the received encrypted combined information by the elliptic encryption method. The algorithm D1 is applied to generate a title key and a usage rule key, and the generated title key and usage rule key are written in the distribution data storage unit 423.

Here, the decryption algorithm D1 is an algorithm for performing the inverse conversion of the encryption algorithm E1. (10) DES Decryption Unit The DES decryption unit receives encrypted usage condition data from the content distribution server device 200 via the Internet 10 and the PC 300. Upon receiving the encrypted usage rule data, the DES decryption unit determines that the distribution data storage unit 423.
Read the usage rule key from. Next, using the read usage rule key as a key, the received encrypted usage rule data is subjected to a decryption algorithm D2 by DES to generate usage rule data, and the generated usage rule data is stored in the distribution data storage unit 423. Write.

Here, the decryption algorithm D2 is an algorithm for performing the inverse conversion of the encryption algorithm E2. (11) Conversion Unit 416 The conversion unit 416 reads the title key and the usage condition data from the distribution data storage unit 423, and writes the read title key and the usage condition data in the recording data storage unit 422 in this order.

(12) Second Authentication Unit 417 The second authentication unit 417 performs challenge-response type mutual device authentication with the first authentication unit 517 of the headphone stereo 500. Specifically, the second authentication unit 4
17 is authenticated by the second authentication unit 517. next,
The second authentication unit 417 authenticates the second authentication unit 517. Mutual device authentication is considered successful only if both are successful. Note that challenge-response type device authentication is publicly known, and a description thereof will be omitted.

When the authentication of both is successful, the second authenticating section 417 outputs the authentication success information indicating the successful authentication to the information storage section 430. When the authentication fails, the second authenticating unit 417 stops the subsequent processing. Therefore, the headphone stereo 500 does not read out various information from the memory card 400.

(13) DES Encryption Unit 419 The DES encryption unit 419 reads the title key and the usage condition data from the recording data storage unit 422 and the recording medium key from the recording medium key storage unit 418. Next, DES
The encryption unit 419 uses the read recording medium key as a key, applies the encryption algorithm E4 by DES to each of the read title key and the usage condition data,
The re-encrypted title key and the re-encrypted usage condition data are generated, and the generated re-encrypted title key and the re-encrypted usage condition data are written in the second storage area 431.

1.4 Structure of Headphone Stereo 500 As shown in FIG.
Authentication unit 517, recording medium key acquisition unit 518, DES decryption unit 519, re-encrypted data acquisition unit 531, recording data storage unit 532, usage condition determination unit 540, DES decryption unit 550
And a reproducing unit 541.

(1) Recording Data Storage Unit 532 The recording data storage unit 532 has an area for storing the title key and the usage condition data. (2) Second Authentication Unit 517 The second authentication unit 517 is the second authentication unit 517
Challenge-response type mutual device authentication is performed with the authentication unit 417. Specifically, the second authentication unit 517
Authenticates the second authentication unit 417. Next, the second authentication unit 5
17 is authenticated by the second authentication unit 417. Mutual device authentication is considered successful only if both are successful. Note that challenge-response type device authentication is publicly known, and a description thereof will be omitted.

When the authentication of both parties is successful, the second authenticating section 517 outputs the authentication success information indicating the successful authentication to the recording medium key acquiring section 518. If the authentication fails, the second authentication unit 517 stops the subsequent processing. Therefore, the headphone stereo 500 does not read out various information from the memory card 400.

(3) Recording Medium Key Acquisition Unit 518 The recording medium key acquisition unit 518 receives the authentication success information indicating the successful authentication from the second authentication unit 517. Upon receiving the authentication success information, the recording medium key acquisition unit 518 securely reads the recording medium key from the recording medium key storage unit 418 of the memory card 400, and outputs the read recording medium key to the DES decryption unit 519.

(4) Re-encrypted data acquisition unit 531 The re-encrypted data acquisition unit 531 reads the re-encrypted title key and re-encrypted usage condition data from the second storage area 431 of the memory card 400 and reads them out. The re-encrypted title key and the re-encrypted usage condition data are transferred to the DES decryption unit 51.
Output to 9. (5) DES Decryption Unit 519 The DES decryption unit 519 receives the recording medium key from the recording medium key acquisition unit 518 and the re-encrypted title key and re-encrypted usage condition data from the re-encrypted data acquisition unit 531. Next, the DES decryption unit 519 uses the received recording medium key as a key, applies the decryption algorithm D4 by DES to each of the received re-encrypted title key and re-encrypted usage condition data, and then the title key And usage condition data are generated. Next, the generated title key and usage rule data are written in the recording data storage unit 532.

Here, the decryption algorithm D4 is an algorithm for performing the inverse conversion of the encryption algorithm E4. (6) Usage Condition Judgment Unit 540 The usage condition judgment unit 540 reads the usage condition data from the recording data storage unit 532, and uses the read usage condition data to judge whether or not to permit the reproduction of the content.

Specifically, the use condition determining unit 540 permits the reproduction if the reproduction is within the number of times indicated by the reproduction number information included in the use condition data. Otherwise, do not allow playback. In addition, the usage rule determining unit 540 permits the playback if the playback is within the period indicated by the playback period information included in the usage rule data. Otherwise, do not allow playback. In addition, the usage rule determining unit 540 permits the playback if the playback is within the cumulative value indicated by the playback cumulative time information included in the usage rule data. Otherwise, do not allow playback. In all the conditions, when it is determined that the reproduction is permitted, a determination result indicating that the reproduction is possible is generated, and when it is determined that the reproduction is not permitted in any one condition, the determination result indicating the reproduction impossible is generated. .

Next, the usage condition judging unit 540 outputs a judgment result indicating whether or not the condition is possible to the reproducing unit 541. (7) DES Decryption Unit 550 The DES decryption unit 550 reads the title key from the recording data storage unit 532 and the encrypted content from the first storage area 432 of the memory card 400. Next, using the read title key as a key, the read encrypted content is subjected to the DES decryption algorithm D3 to generate decrypted content, and the generated decrypted content is output to the reproduction unit 541.

Here, the decryption algorithm D3 is an algorithm for performing the inverse conversion of the encryption algorithm E3. (8) Playback Unit 541 The playback unit 541 receives the determination result from the usage rule determination unit 540 and the decrypted content from the DES decryption unit 550. When the received determination result indicates that the received determination result is possible, the reproducing unit 541 reproduces the received decrypted content.

When the received decrypted content is music, the reproducing unit 541 converts the decrypted content into an analog electric signal indicating music, and outputs the generated analog electric signal to the headphones 700. Headphones 700
Receives an analog electric signal, converts it into voice, and outputs it. 1.5 Operation of Digital Copyright Protection System 100 The operation of the digital copyright protection system 100 will be described.

(1) Operation when writing to the memory card 400 The user inserts the memory card 400 into the PC 300,
The operation of purchasing the content 600 stored in the content storage unit 201 of the content distribution server device 200 will be described with reference to the flowcharts shown in FIGS. 8 to 10.

The PC 300 accepts the designation of the content from the user (step S101), and transmits an instruction to acquire the designated content to the content distribution server device 200 via the Internet 10 (step S102). Next, the content distribution server device 200
Receives a content acquisition instruction (step S10)
2), the first of the content distribution server device 200
Device authentication is mutually performed between the authentication unit 211 and the first authentication unit 411 included in the memory card 400 (step S10).
3, step S104).

When the authentication is successful (step S105),
The distribution public key acquisition unit 212 issues a distribution public key acquisition instruction
The data is output to the distribution public key storage unit 412 of the memory card 400 via the Internet 10 and the PC 300 (steps S107 to S108). When the authentication is successful (step S106), the distribution public key storage unit 412 receives the distribution public key acquisition instruction (step S108),
Next, the distribution public key storage unit 412 reads the distribution public key (step S109), and the read distribution public key is stored in the PC.
Securely output to the distribution public key acquisition unit 212 via 300 and the Internet 10 (step S110 to S110).
Step S111).

Next, the elliptic encryption unit 214 uses the distribution public key as a key to combine and encrypt the title key and the condition-of-use key (step S112), and the encrypted combined information is
Output to the ellipse decoding unit 414 via the Internet 10 and the PC 300 (step S113 to step S1).
14). The ellipse decryption unit 414 decrypts the encrypted combined information (step S115), and writes the title key and the usage rule key in the distribution data storage unit 423 (step S11).
6).

Next, the DES encryption section 215 encrypts the usage rule data (step S117) and outputs the encrypted usage rule data to the DES decryption section 415 via the Internet 10 and the PC 300 (step S118).
-Step S119). The DES decryption unit 415 decrypts the encrypted use condition data (step S120) and writes the use condition data in the distribution data storage unit 423 (step S121).

Next, the DES encryption section 250 encrypts the content (step S122), and sends the encrypted content to the first via the Internet 10 and the PC 300.
The encrypted content is output to the storage area 432 (steps S123 to S124), and the first storage area 432 stores the encrypted content (step S125). Next, the conversion unit 416
Converts the distribution data stored in the distribution data storage unit 423 to generate recording data, and writes the generated recording data in the recording data storage unit 422 (step S
126). Next, the DES encryption unit 419 encrypts the title key and the usage rule data recorded in the recording data storage unit 422, respectively (step S127), and re-encrypts the title key and the re-encrypted usage condition data. Writing to the second storage area 431 (step S128).

(2) Operation at the time of reading from the memory card 400 Next, when the user extracts the memory card 400 from the PC 300, attaches the extracted memory card 400 to the headphone stereo 500, and reproduces the content. The operation will be described with reference to the flowcharts shown in FIGS.

When the headphone stereo 500 receives a content reproduction instruction from the user (step S20).
1) Mutual device authentication is performed between the second authentication unit 517 of the headphone stereo and the second authentication unit 417 of the memory card 400 (steps S202 and S).
203). When the authentication is successful (step S205), the recording medium key acquisition unit 518 outputs an instruction to acquire the recording medium key to the recording medium key storage unit 418 (step S2).
06).

When the authentication is successful (step S204),
The recording medium key storage unit 418 receives the instruction to acquire the recording medium key (step S206), and the recording medium key storage unit 418 reads the recording medium key (step S20).
7), the read recording medium key is stored in the recording medium key acquisition unit 518.
(Step S208). Next, the re-encrypted data acquisition unit 531 outputs an instruction to acquire the re-encrypted data to the second storage area 431 (step S209),
The second storage area 431 reads the re-encrypted title key and the re-encrypted use condition data (step S210), and the re-encrypted title key and the re-encrypted use condition data that have been read out are re-encrypted data acquisition unit 531. (Step S211). Next, the DES decryption unit 519 decrypts the re-encrypted title key and the re-encrypted usage condition data, and writes them in the recording data storage unit 532 (step S212).

The first storage area 432 reads the encrypted content (step S213), and outputs the read encrypted content to the DES decryption unit 550 (step S2).
14), the DES decryption unit 550 decrypts the encrypted content (step S215). Usage condition determination unit 540
Reads the usage condition data from the recording data storage unit 532, determines whether or not the reproduction of the content is permitted by the read use condition data, and if the reproduction is permitted (step S216), the reproducing unit 541, The decrypted and generated content is reproduced (step S21).
7).

1.6 Summary As described above, by performing the decryption and re-encryption (encryption conversion) of the encrypted title key and the use condition data in the tamper resistant module of the recording medium device, an unauthorized third party It becomes possible to make hacking difficult. 2. Second Embodiment A digital literary protection system 100b (not shown) as another embodiment of the present invention will be described.

The digital copyright protection system 100b is
The digital work protection system 100 has the same configuration as that of the digital work protection system 100, and includes a content distribution server device 200b in place of the content distribution server device 200 and a memory card 400b in place of the memory card 400.
Here, the difference from the digital work protection system 100 will be mainly described.

2.1 Content Delivery Server Device 20
The 0b content distribution server device 200b has the same configuration as the content distribution server device 200 shown in FIG.
As shown in FIG. 3, the first authentication unit 211, the distribution public key acquisition unit 212, the distribution data storage unit 202, and the ellipse encryption unit 21.
4, hash unit 220, content storage unit 201, DE
It is composed of an S encryption unit 250 and a writing unit 221. Here, the difference from the content distribution server device 200 will be mainly described.

(1) Distribution Data Storage Unit 202 As shown in FIG. 16, the distribution data storage unit 202 has an area for storing a title key, a digest, and usage condition data, and the title key and usage condition are stored in advance. It stores data. The title key, digest, and usage rule data correspond to the content 600 stored in the content storage unit 201.

The title key and the usage rule data have been described above, and thus the description thereof will be omitted. The digest is a value obtained by applying a hash function to the usage rule data, and is written in the distribution data storage unit 202 by the hash unit 220. (2) First Authentication Unit 211 The first authentication unit 211 outputs the authentication success information indicating the successful authentication to the distribution public key acquisition unit 212 and the ellipse encryption unit 214.

(3) Hash Unit 220 The hash unit 220 reads the usage condition data from the distribution data storage unit 202, applies the hash function F1 to the read usage condition data, generates a digest, and distributes the generated digest to the distribution data. Write to the storage unit 202. Here, as the hash function F1, specifically, an American standard SHA algorithm or the like can be used. The SHA algorithm is described in detail, for example, in "Introduction to Cryptography" by Eiji Okamoto (Kyoritsu Shuppan Co., Ltd.).

(4) Elliptical encryption unit 214 The elliptic encryption unit 214 reads the title key and the digest from the distribution data storage unit 202. Next, the elliptic encryption unit 214 uses the received distribution public key as a key to apply the encryption algorithm E1 of the elliptic encryption method to the combined information obtained by combining the title key and the digest to generate encrypted combined information. To do.

(5) Writing Unit 221 The writing unit 221 reads the usage condition data from the distribution data storage unit 202, and stores the read usage condition data in the distribution data of the memory card 400b via the Internet 10 and the PC 300. Write in the section 423. 2.2 Memory Card 400b The memory card 400b has the same configuration as that of the memory card 400, and as shown in FIG. The tamper resistant module unit 410b includes a first authentication unit 411 and a distribution public key storage unit 41.
2, distribution secret key storage unit 413, elliptical decryption unit 414, conversion unit 416, second authentication unit 417, recording medium key storage unit 41
8, a DES encryption unit 419, a hash unit 420, a comparison unit 421, a distribution data storage unit 423, and a recording data storage unit 422. Here, memory card 4
The description will be centered on the differences from 00.

(1) Elliptic Decryption Unit 414 The elliptic decryption unit 414 uses the read distribution secret key as a key, applies the decryption algorithm D1 according to the elliptic encryption method to the received encrypted combined information, and obtains the title key and the digest. The generated title key and the generated digest are written in the distribution data storage unit 423.

(2) Hash Unit 420 The hash unit 420 reads the usage condition data from the distribution data storage unit 423, applies the hash function F1 to the read usage condition data, generates a digest, and compares the generated digests. Output to the unit 421. Here, the hash function F1 is the same as the hash function F1 used in the hash unit 220 of the content distribution server device 200b.

(3) Comparison Unit 421 The comparison unit 421 reads the digest from the distribution data storage unit 423 and receives the digest from the hash unit 420. Next, the comparison unit 421 determines whether or not the read digest and the received digest match, and the conversion unit 41 determines the determination information indicating the match or mismatch.
Output to 6.

(4) Converter 416 The converter 416 receives the judgment information from the comparator 421. If the determination information indicates a match, the conversion unit 416 determines that
The title key and the usage condition data are read from the distribution data storage unit 423, and the read title key and the usage condition data are written in the recording data storage unit 422 in this order. FIG. 17 shows the title key and use condition data written in the recorded data storage unit 422.

If the determination information indicates disagreement, the conversion unit 416 does nothing. Therefore, in this case, the title key and the usage rule data are stored in the recording data storage unit 422.
Is not written to. 2.3 Configuration of Headphone Stereo 500 As shown in FIG. 15, the headphone stereo 500 includes a second authentication unit 517, a recording medium key acquisition unit 518, a DES decryption unit 519, a re-encrypted data acquisition unit 531 and a recorded data storage unit. 532, usage condition determination unit 540, DES decryption unit 55
0 and a reproduction unit 541, and has the same configuration as the headphone stereo 500 of the digital copyright protection system 100, and therefore description thereof will be omitted.

2.4 Digital Copyright Protection System 10
Operation of 0b The operation of the digital work protection system 100b will be described. (1) Operation when writing to memory card 400b Regarding operation when user installs memory card 400b in PC 300 and purchases content 600 stored in content storage unit 201 of content distribution server device 200b , And the flowcharts shown in FIGS. 18 to 20.

The PC 300 accepts the designation of the content from the user (step S301), and transmits the instruction for acquiring the designated content to the content distribution server device 200b via the Internet 10 (step S302). Next, the content distribution server device 20
0b receives the content acquisition instruction (step S
302), mutual device authentication is performed between the first authentication unit 211 included in the content distribution server device 200b and the first authentication unit 411 included in the memory card 400b (steps S303 and S304).

When the authentication is successful (step S305),
The distribution public key acquisition unit 212 issues a distribution public key acquisition instruction
The data is output to the distribution public key storage unit 412 of the memory card 400b via the Internet 10 and the PC 300 (steps S307 to S308). If the authentication is successful (step S306), the distribution public key storage unit 412
Receives the distribution public key acquisition instruction (step S30
8) Next, the distribution public key storage unit 412 reads out the distribution public key (step S309), and outputs the read distribution public key to the distribution public key acquisition unit 212 via the PC 300 and the Internet 10 (step S310). -Step S311).

Next, the hash unit 220 reads the usage condition data, applies the hash function F1 to the read usage condition data, and generates a digest (step S31).
2), the generated digest is delivered data storage unit 202
Write to (step S313). Next, the elliptic encryption unit 214 uses the distribution public key as a key to combine and encrypt the title key and the digest (step S31).
4), the encrypted combined information is sent to the Internet 10 and the PC.
The data is output to the ellipse decoding unit 414 via 300 (steps S315 to S316).

The ellipse decryption unit 414 decrypts the encrypted combined information (step S317) and writes the title key and the digest in the distribution data storage unit 423 (step S3).
18). The writing unit 221 reads the usage rule data and writes the read usage rule data to the delivery data storage unit 423 via the Internet 10 and the PC 300 (steps S319 to S320).

Next, the DES encryption section 250 encrypts the content (step S322), and sends the encrypted content to the first via the Internet 10 and the PC 300.
The encrypted content is output to the storage area 432 (steps S323 to S324), and the first storage area 432 stores the encrypted content (step S325). Next, the hash unit 4
20 reads the usage rule data from the distribution data storage unit 423, and adds the hash function F to the read usage rule data.
1 is applied to generate a digest, and the generated digest is output to the comparison unit 421 (step S326). Next, the comparison unit 421 reads the digest from the distribution data storage unit 423, receives the digest from the hash unit 420, determines whether the read digest and the received digest match, and indicates a match or a mismatch. The determination information is output to the conversion unit 416, the conversion unit 416 receives the determination information from the comparison unit 421, and when the determination information indicates a match (step S327), the conversion unit 416 causes the distribution data storage unit 423 to display the title. The key and the usage rule data are read out, and the read title key and the usage rule data are read in this order in the recording data storage unit 42.
2 is written (step S328). Next, the DES encryption unit 419 encrypts the title key and the usage condition data recorded in the recording data storage unit 422 (step S329), and re-encrypts the title key and the re-encrypted usage condition data. Writing to the second storage area 431 (step S330).

If the judgment information received from the comparison unit 421 indicates a mismatch (step S32).
7), nothing is done and the process ends. (2) Operation at the time of reading from the memory card 400b Next, the user reads the memory card 400b from the PC 300.
The operation when the memory card 400b is extracted and the extracted memory card 400b is mounted on the headphone stereo 500 and the content is reproduced is the same as the operation shown in the flowcharts of FIGS.

2.5 Summary As described above, by performing decryption and re-encryption (encryption conversion) of the encrypted title key and the usage rule data in the tamper resistant module part of the recording medium device, the unauthorized third It becomes possible to make hacking by a person difficult. 3. Third Embodiment A digital literary protection system 100c (not shown) as another embodiment of the present invention will be described.

The digital copyright protection system 100c is
The digital work protection system 100 has the same configuration as that of the digital literary protection system 100, and includes a content distribution server device 200c in place of the content distribution server device 200 and a memory card 400c in place of the memory card 400.
Here, the difference from the digital work protection system 100 will be mainly described.

3.1 Content Delivery Server Device 20
0c The content distribution server device 200c includes, in addition to the components included in the content distribution server device 200, a key storage unit 261, an information storage unit 262, a hash unit 263, and an encryption unit 264, as shown in FIG. And a transmitter / receiver 265.

(1) Information Storage Unit 262 The information storage unit 262 stores the update module in advance. The update module is information for updating a computer program, data, etc. included in the tamper resistant module part of the memory card. Specifically, the update module is for updating the encryption method, the decryption method, and the conversion method included in the tamper resistant module unit.

(2) Key storage unit 261 The key storage unit 261 stores the determination key in advance.
The determination key is 64-bit length information. (3) Hash Unit 263 The hash unit 263 reads the update module from the information storage unit 262, applies the hash function F2 to the read update module to generate the first hash value, and encrypts the generated first hash value. Output to H.264.

(4) Encryption Unit 264 The encryption unit 264 reads the determination key from the key storage unit 261 and receives the first hash value from the hash unit 263.
Next, the encryption unit 264 uses the read determination key as a key to apply the encryption algorithm E5 to the received first hash value to generate an encrypted hash value, and uses the generated encrypted hash value as the Internet 10 And to the decryption unit 462 (described later) of the memory card 400c via the PC 300.

(5) Transmitting / Receiving Unit 265 The transmitting / receiving unit 265 reads out the update module from the information storage unit 262, and the read update module is transferred to the memory card 40 via the Internet 10 and the PC 300.
It is transmitted to the transmitting / receiving unit 463 (described later) of 0c. 3.2 Memory Card 400c The memory card 400c has a tamper resistant module 410.
Instead, the tamper resistant module portion 410c is provided.

The tamper resistant module unit 410c has the key storage unit 461 and the decryption unit 46, as shown in FIG. 21, in addition to the components of the tamper resistant module unit 410.
2, transmission / reception unit 463, hash unit 464, determination unit 465
And an updating unit 466. (1) Key storage unit 461 The key storage unit 461 stores a determination key in advance.
The determination key is 64-bit length information. This judgment key is
It is the same as the determination key stored in the key storage unit 261.

(2) Decryption Unit 462 The decryption unit 462 is used by the content distribution server device 200c.
Receives the encrypted hash value via the Internet 10 and the PC 300, and reads the determination key from the key storage unit 461. Next, the decryption unit 462 uses the read determination key as a key to apply the decryption algorithm D5 to the received encrypted hash value to generate the first hash value, and sends the generated first hash value to the determination unit 465. Output.

Here, the decryption algorithm D5 is an algorithm for performing the inverse conversion of the encryption algorithm E5. (3) Transmitter / Receiver 463 The transmitter / receiver 463 is used for the content distribution server device 200.
From c via the Internet 10 and PC 300,
The update module is received, and the received update module is output to the hash unit 464 and the update unit 466.

(4) Hash Unit 464 The hash unit 464 receives the update module from the transmission / reception unit 463, applies the hash function F2 to the received update module to generate the second hash value, and generates the second hash value.
The hash value is output to the determination unit 465. (5) Judgment Unit 465 The judgment unit 465 receives the first hash value from the decryption unit 462 and the second hash value from the hash unit 464. Next, the determination unit 465 determines whether or not the received first hash value and the received second hash value match, and outputs determination information indicating whether or not they match to the update unit 466.

(6) Update Unit 466 The update unit 466 receives the update module from the transmission / reception unit 463 and the determination information from the determination unit 465. If the received determination information indicates that they match, the update unit 4
66 uses the received update module to update the computer program or data stored in the tamper resistant module 410c.

3.3 Digital Copyright Protection System 10
Operation 0c In the digital copyright protection system 100c, the operation when updating the computer or the data included in the tamper resistant module unit 410c in the memory card 400c will be described with reference to the flowchart shown in FIG. In the content distribution server device 200c, the hash unit 263 reads the update module from the information storage unit 262, applies the hash function F2 to the read update module to generate the first hash value, and then generates the first hash value.
The hash value is output to the encryption unit 264 (step S4
01). Next, the encryption unit 264 reads the determination key from the key storage unit 261 and receives the first hash value from the hash unit 263. The read determination key is used as a key and the received first hash value is used as the encryption algorithm E5. To generate an encrypted hash value (step S402).
Next, the encryption unit 264 transmits the generated encrypted hash value to the decryption unit 462 of the memory card 400c via the Internet 10 and the PC 300, and the transmission / reception unit 2
65 reads the update module from the information storage unit 262, and reads the read update module from the Internet 10.
And to the transmission / reception unit 463 of the memory card 400c via the PC 300 (step S403, step S403).
404).

Next, in the memory card 400c, the decryption unit 462 receives the encrypted hash value from the content distribution server device 200c via the Internet 10 and the PC 300, and the transmission / reception unit 463 transmits the content distribution server device 200c. From the internet 10
And the update module is received via the PC 300 (steps S403 and S404). Next, the decryption unit 462 reads the determination key from the key storage unit 461, uses the read determination key as a key, applies the decryption algorithm D5 to the received encrypted hash value to generate the first hash value, and generates it. The determined first hash value is output to the determination unit 465 (step S405). Next, the hash unit 46
4 receives the update module from the transmitter / receiver 463,
A hash function F2 is applied to the received update module to generate a second hash value, and the generated second hash value is output to the determination unit 465 (step S406). Next, the determination unit 465 determines whether the received first hash value and the received second hash value match, outputs determination information indicating whether they match, to the update unit 466, and receives the determination information. If the judgment information indicates that they match (step S
407), the update unit 466 updates the computer program or data stored in the tamper resistant module unit 410c using the received update module (step S408).

If the received judgment information indicates that they do not match (step S407), the updating unit 466 does nothing and ends the processing. 3.6 Summary In the conventional system, the title key and the usage rule data are encrypted according to a predetermined distribution data format and the distribution encryption method, and the encrypted title key and usage condition data are stored on the user's personal computer. After being decrypted, it is re-encrypted according to a predetermined recording data format or a recording encryption method and recorded on a recording medium.

However, if the encryption conversion and the data format conversion performed on the personal computer are realized by the tamper resistant module of the recording medium device, it will be easy to create contents according to different distribution encryption methods and different distribution data formats in the future. Can not correspond to. As a countermeasure against this, the present invention provides a digital copyright protection system, a recording medium device, a server device, and a reproducing device capable of safely updating a tamper-resistant module that performs encryption conversion and format conversion on a recording medium device. With the goal.

4. Summary As described above, the present invention is a digital work protection system for handling contents that are digital works, and includes a server device, a recording medium device, and a playback device. The server device records a first encryption unit that uniquely encrypts the content for each content to generate an encrypted content, and usage rule data representing a usage rule of the content according to a predetermined distribution data format. A second encryption unit that uniquely encrypts each medium device to generate encrypted usage condition data is provided. The recording medium device includes an acquisition unit that acquires the encrypted content and the encrypted usage rule data from the server device,
A first storage area for storing the encrypted content obtained by the obtaining means; and a second decrypting means corresponding to the second encrypting means for decrypting the encrypted use condition data obtained by the obtaining means. Data format conversion means for converting the usage condition data decoded by the second decoding means from the distribution data format to a predetermined recording data format, and the usage condition data converted by the data format conversion means A second storage area for storing the re-encrypted use condition data, and a third storage unit for generating re-encrypted use condition data uniquely for each recording medium device. The decryption means, the data format conversion means, and the third encryption means are composed of a tamper-resistant module having tamper resistance. The reproducing apparatus includes a read unit that reads out the encrypted content stored in the first storage area of the recording medium apparatus and the re-encrypted usage condition data stored in the second storage area of the recording medium apparatus, The third decryption means corresponding to the third encryption means for decrypting the re-encryption use condition data read by the read means, and the encrypted content read by the read means, the first decryption means And a reproduction for reproducing the content decrypted by the first decryption means within a range permitted by the use condition data decrypted by the third decryption means. And means.

Here, the server device further secures the distribution public key corresponding to the distribution private key unique to the recording medium device, which is stored in the distribution private key storage area of the recording medium device. And a first encryption unit for encrypting the content by a common key cryptosystem using a unique title key for each content to generate encrypted content, The second encryption means encrypts the title key and the usage rule data by the public key cryptosystem using the distribution public key acquired by the distribution public key acquisition means to encrypt the title key and the encrypted usage condition. Generate data. The recording medium device further includes a distribution private key storage area for storing a distribution private key corresponding to the distribution public key, and a recording medium unique for storing a recording medium unique key unique to each recording medium device. A key storage area, the acquisition unit acquires the encrypted content, the encrypted title key, and the encrypted use condition data from the server device, and the second decryption unit is the distribution private key storage area. The encrypted title key and the encrypted use condition data are decrypted by using the public key cryptosystem by using the secret key for distribution stored in, and the decrypted title key is decrypted by the third encryption means. And use the recording medium unique key stored in the recording medium unique key storage area to encrypt the use condition data by a common key encryption method to generate a re-encrypted title key and re-encrypted use condition data. In addition to the second decryption means, the data format conversion means, and the third encryption means, the distribution private key storage area and the recording medium unique key storage area are tamper resistant. It is composed of a tamper resistant module. The reproducing apparatus further includes a medium unique key obtaining unit that securely obtains a recording medium unique key stored in a recording medium unique key storage area of the recording medium device, and the reading unit includes the re-encryption unit. The title key and the re-encrypted usage condition data are read from the recording medium device, and the third decryption means uses the re-encrypted title key and the re-encrypted usage condition data read by the reading means with the medium unique key. The first decryption means decrypts the encrypted content by the common key cryptosystem using the title key, and the reproduction means is licensed by the use condition data. Play the decrypted content in the specified range.

Here, the second encryption means of the server device uses the title key and at least one of the digest value of the usage rule data or the usage rule key used for encryption and decryption of the usage rule data. The usage condition-related information including is encrypted by a public key cryptosystem using the distribution public key to generate an encrypted title key and encrypted usage condition-related information, and the usage condition-related information is a digest of the usage condition data. If the usage condition data includes a value, the digest value of the usage condition data is generated by using a hash function on the usage condition data, or if the usage condition related information includes the usage condition key, the usage condition data Is encrypted by a common key cryptosystem using the key for use condition, and the acquisition unit of the recording medium device is When the title key and the encrypted usage condition related information are acquired, and further, when the usage condition related information includes only the digest value of the usage condition data, the usage condition data is acquired and the usage condition related information is used. When the key for use is included, the encrypted use condition data is acquired, and the second decryption means uses the distribution secret key to obtain the encrypted title key and the encrypted use condition related information as a public key. If the usage term key is included in the decrypted previous term usage condition information that is decrypted by the encryption method, the encrypted usage rule data is decrypted by the common key method using the usage rule key, and the usage rule data is decrypted. Or if the previous term use condition related information includes the digest value of the use condition data, the use condition data is converted into the use condition by using the hash function. Generates a reference digest value over data, the reference digest value, it determines whether it matches the digest value of the usage condition data included in the use condition related information.

Here, each of the recording medium device and the server device further includes a first authenticating means, and the server device obtains the distribution public key from the recording medium device. Alternatively, the recording medium device, prior to acquiring the encrypted title key and the encrypted use condition data from the server device, the first authentication means of the server device authenticates the validity of the recording medium device. Then, the first authenticating means of the recording medium device authenticates the legitimacy of the server device, and when each authentication is successful, the server device obtains the distribution public key from the recording medium device. Alternatively, the recording medium device,
The encrypted title key and encrypted usage condition data are acquired.

Here, each of the recording medium device and the reproducing device further includes a second authentication means, and the reproducing device obtains the medium unique key from the recording medium device. Alternatively, the second authentication means of the reproducing apparatus authenticates the recording medium apparatus before the encrypted title key and the encrypted use condition data are read from the reproducing apparatus. The second authenticating means of the recording medium device authenticates the legitimacy of the reproducing device, and when each authentication is successful, the reproducing device acquires the medium unique key from the recording medium device. Alternatively, the encrypted use condition data is read from the recording medium device.

Here, when the distribution private key of the recording medium device is exposed, the server device registers the distribution public key corresponding to the distribution private key in the revoke list, and in the revoke list. It is prohibited to encrypt the title key and the use condition data using the registered public key for distribution and provide the title key and the use condition data to the recording medium device. Here, the usage condition data includes information that controls the number of times the content is played back, information that controls the playback period of the content, or information that controls the cumulative playback time of the content.

Here, the tamper resistant module is configured by tamper resistant hardware, tamper resistant software, or a combination of both. Further, the present invention is a recording medium device for recording content that is a digital work, including encrypted content, acquisition means for acquiring encrypted usage condition data, and encrypted content acquired by the acquisition means. Is stored in advance, second decryption means for decrypting the encrypted usage rule data obtained by the obtaining means, and usage rule data decrypted by the second decrypting means are determined in advance. Data format conversion means for converting the distribution data format to a predetermined recording data format, and the use condition data converted by the data format conversion means is uniquely encrypted for each recording medium device to obtain re-encrypted use condition data. A third encryption means for generating;
A second storage area for storing the re-encrypted usage condition data encrypted by the encryption means, and the second decryption means, the data format conversion means, and the third encryption means It is composed of a tamper resistant module that has tamper resistance.

Here, the recording medium device further includes a distribution private key storage area for storing a distribution private key corresponding to the distribution public key, and a recording medium unique key unique to each recording medium device. A recording medium unique key storage area to be stored, wherein the acquisition unit acquires the encrypted content, the encrypted title key and the encrypted use condition data from the server device, and the second decryption unit is the The third encryption means uses the distribution private key stored in the distribution private key storage area to decrypt the encrypted title key and the encrypted usage condition data using the public key cryptosystem. The decrypted title key and the use condition data are re-encrypted by encrypting the re-encrypted title key and re-encrypted data using the recording medium unique key stored in the recording medium unique key storage area. Shall generate the conditions data,
In addition to the second decryption means, the data format conversion means, and the third encryption means, the distribution private key storage area and the recording medium unique key storage area are tamper resistant. It consists of a tamper module.

Here, the acquisition means of the recording medium device acquires the encrypted title key and the encrypted use condition related information from the server device, and further, the digest value of the use condition data is added to the use condition related information. If only the use condition data is included, the use condition data is acquired, and if the use condition related information includes a use condition key, the encrypted use condition data is acquired, and the second decryption unit is The encrypted title key and the encrypted use condition related information are decrypted by the public key encryption method using the distribution private key, and when the decrypted previous term use condition related information includes the use condition key, the above-mentioned encryption is performed. To obtain the usage rule data by decrypting the encrypted usage rule data by the common key method using the usage rule key, or a digest of the usage rule data in the previous term usage condition related information. If included, the reference condition digest value of the use condition data is generated by using the hash function for the use condition data, and the reference digest value is the use condition data included in the use condition related information. It is judged whether or not it matches the digest value.

Here, the recording medium device further comprises a first
The authentication means and the second authentication means, the recording medium device, prior to the acquisition of the distribution public key by the server device, or the recording medium device,
Prior to acquiring the encrypted title key and the encrypted use condition data from the server device, the first authentication means of the server device authenticates the legitimacy of the recording medium device,
The first authenticating means of the recording medium device authenticates the validity of the server device, and when each authentication is successful,
In the recording medium device, the distribution public key is acquired by the server device, or the recording medium device is
The encrypted title key and the encrypted usage rule data are acquired, and the recording medium device is in advance of the medium unique key being acquired by the reproducing device, or the recording medium device is from the reproducing device. Before the encrypted title key and the encrypted use condition data are read, the second authenticating means of the reproducing device authenticates the recording medium device, and the second authenticating means of the recording medium device operates. , Authenticating the authenticity of the reproducing apparatus, and when the respective authentications are successful, the recording medium apparatus acquires the medium unique key by the reproducing apparatus, or the recording medium apparatus performs the encryption from the recording medium apparatus. The usage conditions are read.

Here, when the distribution data format or the recording data format is changed, the tamper resistant module forming the data format converting means of the recording medium device is updated. here,
When the encryption method used by the second decryption means of the recording medium device or the encryption method used by the third encryption means is changed, the second decryption means or the third decryption means is used. The tamper resistant module constituting the encryption means is updated.

Here, the recording medium device further comprises tamper resistant module determination means for determining the validity of the tamper resistant module to be updated, and the tamper resistant module determination means determines that the tamper resistant module is valid. Update the tamper resistant module. Here, the second decryption unit of the recording medium device can select and decrypt one from a plurality of encryption systems, and the third encryption unit can select one from a plurality of encryption systems. Select to decrypt.

Here, the distribution key storage area of the recording medium device stores a plurality of distribution secret keys, and the second decryption means selectively uses one of the plurality of distribution secret keys. . Here, the tamper resistant module is configured by tamper resistant hardware, tamper resistant software, or a combination of both.

Further, the present invention is a server device for providing a digital literary content to a recording medium device, which is a first cipher for encrypting a content uniquely for each content to generate an encrypted content. Encryption means and second encryption means for generating encrypted encrypted usage rule data by uniquely encrypting the usage rule data representing the usage rule of the content for each recording medium device according to a predetermined distribution format.

Here, the server device further secures the distribution public key corresponding to the distribution private key unique to the recording medium device, which is stored in the distribution private key storage area of the recording medium device. A first public key acquisition unit for distribution, the first encryption unit encrypts the content by a common key cryptosystem using a unique title key for each content to generate encrypted content; The second encryption means encrypts the title key and the usage rule data by the public key cryptosystem using the distribution public key acquired by the distribution public key acquisition means to encrypt the title key and the encrypted usage condition. Generate data.

Here, the second encryption means of the server device uses the title key and at least one of the digest value of the usage rule data or the usage rule key used for encryption and decryption of the usage rule data. The usage condition-related information including is encrypted by a public key cryptosystem using the distribution public key to generate an encrypted title key and encrypted usage condition-related information, and the usage condition-related information is a digest of the usage condition data. If the usage condition data includes a value, the digest value of the usage condition data is generated by using a hash function on the usage condition data, or if the usage condition related information includes the usage condition key, the usage condition data Is encrypted by the common key cryptosystem using the usage condition key.

Here, the server device further comprises a first authenticating means, and the server device obtains the distribution public key from the recording medium device, or the server device: Prior to the encrypted title key and the encrypted usage rule data being acquired by the recording medium device, the first authenticating means of the server device authenticates the legitimacy of the recording medium device to obtain the recording medium device. First authenticating means authenticates the legitimacy of the server device, and when each authentication is successful, the server device acquires the distribution public key from the recording medium device, or the server In the device, the encrypted title key and the encrypted use condition data are acquired by the recording medium device.

Here, when the distribution private key of the recording medium device is exposed, the second encryption means of the server device revokes the distribution public key corresponding to the distribution private key. It is prohibited to encrypt the title key and the use condition data by using the distribution public key registered in the revocation list and provide them to the recording medium device.

Further, the present invention is a reproducing apparatus for reading the content, which is a digital literary work, from the recording medium device and reproducing it, wherein the reproducing device is stored in the first storage area of the recording medium device. A recording medium for reading the encrypted content, the re-encrypted usage condition data stored in the second storage area of the recording medium device, and the re-encrypted usage condition data read by the reading unit Third decryption means corresponding to the third encryption means of the device, and first decryption means corresponding to the first encryption means of the server device for decrypting the encrypted content read by the reading means. And a reproducing means for reproducing the content decrypted by the first decrypting means within a range permitted by the use condition data decrypted by the third decrypting means. Obtain.

Here, the reproduction apparatus further comprises a medium unique key acquisition means for securely obtaining the recording medium unique key stored in the recording medium unique key storage area of the recording medium device, and the reading means. Reads the re-encrypted title key and re-encrypted use condition data from the recording medium device, and the third decryption means reads the re-encrypted title key and re-encrypted use condition data. Is decrypted by the common key cryptosystem with the medium unique key, the first decryption unit decrypts the encrypted content by the common key cryptosystem using the title key, and the reproducing unit is the The decrypted content is reproduced within the range permitted by the usage rule data.

Here, each of the reproducing device and the recording medium device further includes a second authenticating means, and the reproducing device obtains the medium unique key from the recording medium device. Alternatively, the reproducing device authenticates the recording medium device by the second authenticating means of the reproducing device before the encrypted title key and the encrypted use condition data are read by the recording medium device. The second authenticating means of the recording medium device authenticates the legitimacy of the reproducing device, and when each authentication is successful, the reproducing device acquires the medium unique key from the recording medium device. Alternatively, in the reproducing apparatus, the encrypted title key and the encrypted use condition data are read by the recording medium apparatus.

Here, the use condition data includes information for controlling the number of times of reproduction of the content, information for controlling a reproduction period of the content, or information for controlling a cumulative reproduction time of the content. As is clear from the above description, in the copyright protection system, the recording medium device, the server device and the reproducing device according to the present invention, the decryption of the encrypted title key and the use condition data and the re-encryption (encryption conversion) are recorded. By using the tamper resistant module of the medium device, it becomes possible to make hacking by an unauthorized third party difficult.

Further, the tamper resistant module for performing encryption conversion and format conversion on the recording medium device can be safely updated. The digital copyright protection system according to the present invention has been described above. Of course, the present invention is not limited to these embodiments. It may be configured as follows.

(1) In the above embodiment, the case where DES and elliptic cryptography are used as the encryption algorithm has been described, but the invention is not limited to these. Other cryptographic techniques may be applied. (2) In the above-described embodiment, the procedure of saving the purchased content with a usage condition in the memory card or reproducing the content from the memory card has been described, but whether the content has been purchased is not the essence of the invention. . For example, the same procedure can be executed even for a trial free content with usage condition data.

(3) In the above embodiment, the contents are stored in the memory card, but the recording medium is not limited to the memory card. It may be another type of recording medium. (4) In the above embodiment, the content is encrypted, but a part of the content may be encrypted.

(5) In the above embodiment, the case where the usage rule data is added to each content has been described, but the present invention is not limited to this. For example, the usage condition data may be such that up to 100 pieces of music data are purchased on a monthly basis. In this case, for example,
When the monthly contract is cancelled, the usage condition determination unit may be configured not to allow the reproduction of the content stored in the storage area of the memory card from the next month.

(6) In the above embodiment, the case where the use condition data is added for each content has been described, but it goes without saying that the case where the use condition data is not added can be dealt with. (7) Further, when the distribution private key of the memory card is exposed, the content distribution server device registers the distribution public key corresponding to the distribution private key in the revoke list and is registered in the revoke list. A configuration may be adopted in which it is prohibited to encrypt the title key or the like using the distribution public key and provide the encrypted memory to the memory card.

(8) Further, the tamper resistant module portion of the memory card may be formed of tamper resistant hardware, tamper resistant software, or a combination of both. (9) Further, when the distribution data format or the recording data format is changed, the tamper resistant module constituting the data format conversion means of the memory card may be updated so as to be able to cope with the change.

(10) In addition, the encryption method used in the tamper resistant module of the memory card can be changed or added in response to the change or addition of the encryption method (elliptical encryption or DES encryption) used by the content distribution server. The tamper resistant module may be updated when needed, so that it can be dealt with. (11) In the above (9) or (10), the memory card includes a tamper resistant module determination unit that determines the validity of the tamper resistant module to be updated, and the tamper resistant module determination unit determines that the tamper resistant module is valid. In this case, the tamper resistant module may be updated.

(12) The memory card is provided with a plurality of encryption methods in advance, one of the plurality of encryption methods is selected, and the memory card is configured to perform encryption or decryption using the selected encryption method. You may. (13) The memory card may store a plurality of distribution secret keys in advance, and the elliptic decryption means may be configured to selectively use one of the distribution secret keys.

(14) In this embodiment, the digital work distribution system using the headphone stereo has been described, but the present invention is not limited to this. For example, instead of the headphone stereo, a mobile phone, a stationary phone compatible with the L mode, a portable information terminal device, a personal computer, or a home electric appliance such as a television having an Internet connection function may be used. These playback devices play digital works such as music, movies, electronic books, and game programs.

Further, the content distribution server device 200
Although the PC and the PC 300 are connected via the Internet 10, the connection form is not limited to this. For example, the content distribution server device and the PC 300
May be connected via the Internet and a mobile phone network. In addition, a broadcasting device is connected to the content distribution server device, and various information such as content is broadcast on the broadcast wave. Home appliances such as televisions receive the broadcast wave and receive various information from the received broadcast wave. May be extracted.

(15) In the above-described embodiment, the challenge-response type mutual device authentication is performed between the content distribution server and the memory card, but other methods may be applied. (16) In the above embodiment, the receiving device is a PC
However, other devices, for example,
It can also be a mobile phone, a KIOSK terminal, or the like.

(17) In the above embodiment, SHA-1 is used as the hash function applied to the usage condition data, but other hash functions can be used. (18) The present invention may be methods shown by the above. Further, it may be a computer program that realizes these methods by a computer, or may be a digital signal including the computer program.

The present invention also relates to a computer-readable recording medium, such as a flexible disk, a hard disk, a CD-ROM, a MO, a DVD or a DVD-RO, which can read the computer program or the digital signal.
It may be recorded in M, DVD-RAM, semiconductor memory, or the like. Further, it may be the computer program or the digital signal recorded in these recording media.

Furthermore, the present invention may be the computer program or the digital signal transmitted via an electric communication line, a wireless or wired communication line, a network typified by the Internet, or the like. Further, the present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program and the microprocessor operates according to the computer program.

Further, another computer system independent by recording the program or the digital signal in the recording medium and transferring the program or transferring the program or the digital signal via the network or the like. May be carried out by (19) The above embodiment and the above modifications may be combined.

[0162]

As described above, according to the present invention, a digital work transmitted from a transmitting device is written in a portable recording medium device via a receiving device and is reproduced by a reproducing device. In the system, the digital copyright protection system encrypts original content that is a digital copyright based on a distribution encryption key to generate first encrypted information, and the generated first encrypted information is transmitted via a network. The transmitting device, wherein the recording medium device is attached to the receiving device, and the digital copyright protection system further receives and receives the first encrypted information via a network. A receiving device for outputting the first encrypted information to the recording medium device, an information storage area for storing information, and a tamper resistant module unit having tamper resistance. And a said recording medium device comprising the tamper resistant module unit is outputted first
The encrypted information is acquired, the first encrypted information is decrypted based on the distribution decryption key to generate intermediate information, and the intermediate information is encrypted based on the medium unique key unique to the recording medium device to generate the intermediate information. 2 encrypted information is generated, and the generated second encrypted information is written in the information storage area, wherein the recording medium device in which the second encrypted information is written is attached to the playback device, and The copyright protection system further reads the second encrypted information from the information storage area, securely reads the medium unique key, decrypts the second encrypted information based on the medium unique key, and decrypts the decrypted content. And reproducing the generated decrypted content.

According to this structure, the tamper-resistant module section inside the recording medium device decrypts the first encrypted information composed of the encrypted original content and further encrypts it. Can make hacking difficult. Here, the transmission device prestores an original content and an original content key unique to the original content, acquires the delivery encryption key used for delivery of a digital work, and obtains the original content key. To encrypt the original content to generate encrypted content, and using the acquired distribution encryption key to encrypt the original content key to generate a first encrypted content key, and to generate the encrypted content. Transmitting the first encrypted information including a content and a first encrypted content key, the receiving device receiving the first encrypted information including the encrypted content and the first encrypted content key, The received encrypted content and the first encrypted content key are output, and the tamper resistant module unit outputs the distribution decryption key and the medium unique key unique to the recording medium device. Has order stored, it retrieves the first encrypted information including the encrypted content and the first encrypted content key output,
The distribution decryption key is used to decrypt the first encrypted content key to generate an intermediate content key, and the medium unique key is used to encrypt the generated intermediate content key to generate a second encrypted content key. And writing the second encrypted information including the acquired encrypted content and the generated second encrypted content key, and the reproducing device:
The medium unique key that is obtained securely from the recording medium device, the second encrypted information including the encrypted content and the second encrypted content key is read from the information storage area, and the obtained medium unique key is obtained. The key is used to decrypt the second encrypted content key to generate a decrypted content key, and the generated decrypted content key is used to decrypt the read encrypted content to generate decrypted content.

According to this structure, in the recording medium device, only the content key is decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. Therefore, the processing load on the recording medium device can be reduced. Also,
The present invention relates to a transmitting device for transmitting a digital work, a receiving device for recording the digital work received via a network in a portable recording medium device, and the digital work recorded in the recording medium device. A digital literary protection system comprising a reproducing device for reproducing a digital literary content and the recording medium device, wherein the transmitting device prestores an original content that is a digital literary work and an original content key unique to the original content. Storing means, a distribution encryption key acquisition means for acquiring a distribution encryption key used for distribution of a digital work, and the original content key to encrypt the original content to generate encrypted content. And an encryption unit that encrypts the original content key using the acquired distribution encryption key to generate a first encrypted content key; Content and the first encrypted content key are transmitted via a network, wherein the recording medium device is attached to the receiving device, and the receiving device is the encryption device via the network. The recording medium device stores information, including receiving means for receiving encrypted content and the first encrypted content key, and output means for outputting the received encrypted content and the first encrypted content key. And an tamper resistant module means having tamper resistance, wherein the tamper resistant module means stores in advance a distribution decryption key and a medium unique key unique to the recording medium device. Using a key storage unit, an acquisition unit that acquires the output encrypted content and the first encrypted content key, and the distribution decryption key , A decryption unit that decrypts the first encrypted content key to generate an intermediate content key, and an encryption that encrypts the generated intermediate content key using the medium unique key to generate a second encrypted content key An encryption unit, and a writing unit for writing the acquired encrypted content and the generated second encrypted content key in the information storage means, wherein the encrypted content and the second encrypted content key are The written recording medium device is attached to the reproducing device, and the reproducing device secures the medium unique key from the key storage unit, a key acquisition unit, and the encrypted content from the information storage unit. Using the read means for reading the second encrypted content key and the acquired medium unique key, the read second encrypted content key is decrypted and the decryption con- trol is performed. A content key decryption unit that generates a Tents key, a content decryption unit that decrypts the read encrypted content by using the generated decrypted content key to generate decrypted content, and reproduces the decrypted content that is generated. And a reproducing means.

According to this structure, the tamper resistant module in the recording medium device decrypts and re-encrypts the data, which makes hacking by an unauthorized third party difficult.
Moreover, since the encrypted content is not decrypted and further encrypted, the processing load on the recording medium device can be reduced. Further, the present invention is a transmitting device for transmitting a digital work via a network, wherein the digital work is written in a portable recording medium device via a receiving device, and the transmitting device is a digital device. Storage means for storing in advance the original content that is the copyrighted work and the original content key unique to the original content; distribution encryption key acquisition means for acquiring the distribution encryption key used for distributing the digital copyrighted material; Generate an encrypted content by encrypting the original content using an original content key,
Using the obtained distribution encryption key, an encryption unit that encrypts the original content key to generate a first encrypted content key, the encrypted content and the first encrypted content key, via a network, And transmitting means for transmitting.

According to this structure, in the tamper resistant module portion inside the recording medium device, it is possible to make hacking by an unauthorized third party difficult and reduce the processing load on the recording medium device. It is possible to provide a transmission device that transmits a digitalized copyrighted work. Here, the storage unit further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and the encryption unit further includes: The distribution encryption key is used to encrypt the original usage condition key to generate a first encrypted usage condition key, and the original usage condition key is used to encrypt the usage condition information to make a first encrypted usage. Condition information is generated, and the transmission means further includes the first encrypted use condition key and the first encrypted use condition key.
The encrypted use condition information is transmitted via the network.

According to this structure, the use condition information indicating the use condition of the content is transmitted, so that the playback device can control the use of the content. Here, the distribution encryption key acquisition means acquires the distribution encryption key which is a public key generated using a public key generation algorithm, and the encryption means uses the distribution encryption key which is a public key, Encrypt by public key cryptographic algorithm.

According to this structure, since the public key is used for encryption, the key can be safely distributed. here,
The transmission device, further, when the revoke list means having an area for recording an invalid delivery encryption key, and the delivery decryption key based on the generation of the delivery encryption key that is a public key is exposed, Registration means for writing the distribution encryption key in the revoke list means, wherein the transmitting device newly transmits the content that is a digital work, and the distribution key obtaining means newly creates the distribution encryption key. Acquire, determine whether or not the acquired distribution encryption key is written in the revoke list means, and if it is determined that it is written, prohibit encryption to the encryption means,
Transmission is prohibited to the transmission means.

According to this structure, the use of the public key corresponding to the exposed secret key is restricted, so that the content can be distributed more safely. Here, the storage unit further stores use condition information indicating a use condition of the digital work, and the transmission unit further reads the use condition information from the storage unit and uses the read use condition information. A hash algorithm is applied to the condition information to generate a hash value, and the generated hash value and the read use condition information are securely transmitted via the network.

According to this structure, when the usage rule information is falsified in the distribution route, it is possible to prohibit the use of the digital work corresponding to the usage rule information. Here, the transmission device further includes an authentication unit that mutually authenticates the legitimacy of the device with the recording medium device, and the distribution encryption key acquisition unit is configured to perform the authentication only when the authentication is successful. The distribution encryption key is acquired from the recording medium device, the encryption unit encrypts only when the authentication is successful, and the transmission unit transmits only when the authentication is successful.

According to this structure, the authenticity of the device is mutually authenticated between the transmission device and the recording medium device, so that it is possible to prevent the digital work from being output to an unauthorized device. Here, the transmission device further reads update information from the update information storage unit, which stores in advance update information for updating the tamper resistant module unit included in the recording medium device, and the update information from the update information storage unit. And update information transmitting means for transmitting the read update information to the recording medium device via a network and a receiving device.

According to this structure, since information for updating the tamper resistant module is transmitted, in the recording medium device,
The tamper resistant module can be updated. Here, the transmission device further reads the update information from the update information storage means, applies a hash algorithm to the read update information to generate a hash value, and generates the hash value via the network and the reception device. And a hash means for securely transmitting to the recording medium device.

According to this structure, when the update information of the tamper resistant module is tampered with in the distribution route, the use of the update information can be prohibited. Here, the update information stored in the update information storage means is
The tamper resistant module unit includes information for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format, which the tamper resistant module section includes. The update information including information for updating the encryption method, the decryption method, or the data conversion method from the distribution data format to the recording data format is read, and the read update information is transmitted.

According to this configuration, since the update information includes the information for updating the encryption method, the decryption method, or the conversion method, the encryption method, the decryption method, or the conversion method in the tamper resistant module is updated. be able to. Further, the present invention is a portable recording medium device for recording a digital work transmitted from a transmitting device via a receiving device,
The recording medium device is attached to the receiving device, and the transmitting device encrypts original content, which is a digital work, based on a distribution encryption key to generate first encrypted information, and the generated first encrypted information. Is transmitted to the receiving device via a network, and the recording medium device includes an information storage unit having an area for storing information and a tamper resistant module unit having tamper resistance. The module means includes a key storage unit that stores in advance a distribution decryption key and a medium unique key unique to the recording medium device, and an acquisition unit that acquires the first encrypted information transmitted via the receiving device. A decryption unit that decrypts the first encrypted information based on the distribution decryption key to generate intermediate information; and a decryption unit that encrypts the intermediate information based on the medium unique key to generate second encrypted information. Dark And a writing unit for writing the unit, the generated second encrypted information to the information storage means.

According to this structure, it is possible to provide a recording medium device which makes it difficult for an unauthorized third party to hack. Here, the transmission device stores in advance the original content and an original content key unique to the original content, acquires a delivery encryption key used for delivery of a digital work, and obtains the original content key. Using the original content to generate encrypted content, the acquired distribution encryption key to encrypt the original content key to generate a first encrypted content key, and the generated encrypted content and Transmitting the first encrypted information including a first encrypted content key, the acquisition unit acquires the first encrypted information including the output encrypted content and the first encrypted content key, The decryption unit uses the delivery decryption key to generate the first encrypted information included in the first encrypted information.
The encrypted content key is decrypted to generate an intermediate content key, the encrypted content included in the first encrypted information and the intermediate information including the generated intermediate content key are generated, and the encryption unit is The medium unique key is used to encrypt the intermediate content key included in the intermediate information to generate a second encrypted content key, and the encrypted content included in the intermediate information and the generated second encryption The second encryption information including a content key is generated, and the writing unit writes the encrypted content and the second encryption information.
The second encrypted information including the encrypted content key is written.

According to this structure, in the recording medium device, only the content key is decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. Therefore, the processing load on the recording medium device can be reduced. Here, the transmission device further stores use condition information indicating a use condition of the digital work, and an original use condition key unique to the use condition information, and using the delivery encryption key, Encrypting the original usage rule key to generate a first encrypted usage rule key, encrypting the usage rule information using the original usage rule key to generate first encrypted usage rule information,
The first encrypted use condition key and the first encrypted use condition information are transmitted to the reception device via a network, and the acquisition unit further executes the first encryption via the reception device. The usage rule key and the first encrypted usage rule information are acquired, and the decryption unit further decrypts the first encrypted usage rule key using the delivery decryption key to generate an intermediate usage rule key. , The first encrypted use condition information is decrypted using the generated intermediate use condition key to generate intermediate use condition information, and the encryption unit further uses the medium unique key to generate the intermediate use condition information. The intermediate use condition information is encrypted to generate second encrypted use condition information, and the writing unit further writes the generated second encrypted use condition information in the information storage means.

According to this structure, since the use condition information indicating the use condition of the content is stored, the use of the content can be controlled in the reproducing device. Here, the transmission device further acquires the distribution encryption key, which is a public key generated using a public key generation algorithm based on a distribution decryption key that is a private key, and distributes the distribution encryption key that is a public key. Using the key, the public key cryptographic algorithm,
The data is encrypted, and the decryption unit decrypts it using the distribution decryption key by a public key decryption algorithm.

According to this structure, the public key is used for encryption and the private key is used for decryption, so that the key can be safely distributed. Here, the tamper resistant module means further includes a conversion unit that converts the intermediate information in the distribution data format generated by the decryption unit to generate recording intermediate information in the recording data format, and the encryption unit. Department is
Instead of the intermediate information, the recorded intermediate information is encrypted.

According to this structure, since the data format for distribution is converted into the data format for recording, it is possible to cope with the case where the data format for distribution and the data format for recording are different. Further, even if a new data format is added, it can be easily dealt with. Here, the transmission device stores in advance update information for updating the tamper resistant module means included in the recording medium device,
The update information is read, and the read update information is
Transmitting to the recording medium device via a network and a receiving device, the tamper resistant module means includes a semiconductor memory storing a microprocessor and a computer program, and the microprocessor operates according to the computer program. Thereby, the components included in the tamper resistant module means operate, the acquisition unit acquires the update information via the receiving device, and the tamper resistant module means further includes:
The computer program is updated by using the acquired update information, and the update unit includes the update unit for updating the components included in the tamper resistant module means.

According to this structure, it becomes possible to obtain the information for updating the tamper resistant module and update the tamper resistant module in the recording medium device. Here, the transmission device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and generates the first hash value via the network and the reception device. The secure transmission to the recording medium device, the tamper resistant module further applies a hash algorithm to the acquired update information to generate a second hash value, and the acquired first hash value. A comparison determination unit that determines whether or not the generated second hash value matches, and the update unit updates only when the comparison determination unit determines that they match.

According to this structure, when the update information of the tamper resistant module is tampered with in the distribution route, the use of the update information can be prohibited. Here, the update information stored in the transmission device includes information for updating the encryption method, the decryption method, or the data conversion method from the distribution data format to the recording data format provided in the tamper resistant module means. , The update information is transmitted, the acquisition unit acquires the update information for updating an encryption method, a decryption method, or a data conversion method via the receiving device, and the update unit acquires the update information. The computer program is updated using the update information, whereby the encryption unit, the decryption unit, or the conversion unit included in the tamper resistant module means is updated.

According to this structure, since the update information includes the information for updating the encryption method, the decryption method, or the conversion method, the encryption method, the decryption method, or the conversion method in the tamper resistant module is updated. be able to. Here, the transmission device further stores use condition information indicating a use condition of the digital work, reads the use condition information, applies a hash algorithm to the read use condition information, and performs a first hash. A value is generated, and the generated first hash value and the read usage condition information are securely transmitted through a network, and the acquisition unit further transmits the first hash by the receiving device. A value and the usage condition information are acquired, and the tamper resistant module further applies a hash algorithm to the acquired usage condition information to generate a second hash value, and the acquired first hash. A comparison determination unit that determines whether or not a value and the generated second hash value match, and the encryption unit is configured by the comparison determination unit. Only when it is determined that the matching, encrypts the write unit, only when it is determined that coincides with the comparing and judging section writes.

According to this structure, when the usage rule information is falsified in the distribution route, it is possible to prohibit the use of the digital work corresponding to the usage rule information. Here, the transmission device further authenticates the legitimacy of the device with the recording medium device, and only when the authentication is successful, acquires the distribution encryption key from the recording medium device, Encrypted and transmitted, the tamper resistant module means further includes an authentication means for mutually authenticating the legitimacy of the device with the transmission device, the acquisition unit, only when the authentication is successful, And the decryption unit decrypts only when the authentication is successful, the encryption unit encrypts only when the authentication is successful, and the writing unit:
Write only if the authentication is successful.

According to this structure, since the authenticity of the device is mutually authenticated between the transmitting device and the recording medium device, it is possible to prevent the digital work from being obtained from an unauthorized device. Here, the recording medium device is mounted on a reproducing device, the reproducing device reads information from the information storing means, and the tamper resistant module means further mutually validates the device with the reproducing device. Authentication means for authenticating the information and permitting the reproduction device to read out information only when the authentication is successful.

According to this configuration, since the legitimacy of the device is mutually authenticated between the recording medium device and the reproducing device, it is possible to prevent the digital work from being output to an unauthorized device. Here, the decoding unit includes a plurality of decoding methods in advance, and performs decoding using one decoding method selected from the plurality of decoding methods, and the selected decoding method is the transmission method. Reverses the encryption method used by the device. Further, the encryption unit has a plurality of encryption methods in advance, and performs encryption using one encryption method selected from the plurality of encryption methods.

According to this structure, the recording medium device is selected from a plurality of decryption systems or one of a plurality of encryption systems to be used, so that it is easy to change it according to the system of the transmission device or the reproduction device. . Here, the key storage unit stores a plurality of distribution decryption key candidates, one distribution decryption key candidate is selected as the distribution decryption key from the plurality of distribution decryption key candidates, and the decryption unit Uses the selected distribution decryption key.

According to this configuration, the recording medium device selects and uses one of a plurality of distribution secret keys, and therefore, even when the selected distribution secret key is exposed, another distribution secret key is used. By using the private key, the recording medium device can be continuously used. Here, the tamper resistant module means realizes tamper resistance by software, hardware, or a combination of software and hardware.

According to this structure, it is possible to prevent an illegal attack on the tamper resistant module. here,
A reproducing device for reproducing a digital work transmitted from a transmitting device via a network and a receiving device and written in a portable recording medium device, wherein the recording medium device is attached to the receiving device. Is an original content that is a digital work, is encrypted based on a distribution encryption key to generate first encrypted information, the generated first encrypted information is transmitted to the receiving device via a network, and the recording medium The device includes an information storage area for storing information and a tamper resistant module unit having tamper resistance, and the tamper resistant module unit stores the first encrypted information transmitted via the receiving device. Acquire, decrypt the first encrypted information based on the distribution decryption key to generate intermediate information, and encrypt the intermediate information based on the medium unique key unique to the recording medium device. It generates two encrypted information, writes the generated second encrypted information to the information storage area, wherein,
The recording medium device in which the second encrypted information is written is attached to the reproducing device, and the reproducing device secures the medium unique key from the recording medium device, and the information storage area. Read means for reading the second encrypted information from the device, decryption means for decrypting the read second encryption on the basis of the acquired medium unique key, and generating decrypted content; and the generated decrypted content. And a reproducing means for reproducing.

With this configuration, it is possible to reproduce the digital work recorded on the recording medium device which makes it difficult for an unauthorized third party to hack. Here, the transmission device stores in advance the original content and an original content key unique to the original content, acquires a delivery encryption key used for delivery of a digital work, and obtains the original content key. Using the obtained distribution encryption key, the original content key is encrypted to generate a first encrypted content key, and the generated encrypted content is generated. The first encrypted information including a first encrypted content key is transmitted, and the tamper resistant module unit stores the delivery decryption key and the medium unique key unique to the recording medium device in advance and outputs the same. And obtains the first encrypted information including the encrypted content and the first encrypted content key, and decrypts the first encrypted content key using the delivery decryption key. Content content key is generated, the generated intermediate content key is encrypted using the medium unique key to generate a second encrypted content key, and the acquired encrypted content and the generated second encrypted content are generated. The second encryption information including a key is written, the reading means reads the second encryption information including the encrypted content and the second encrypted content key, and the decrypting means acquires the acquired second encryption information. The medium unique key is used to decrypt the read second encrypted content key to generate a decrypted content key, and the generated decrypted content key is used to decrypt the read encrypted content to obtain a decrypted content. To generate.

According to this structure, in the recording medium device, only the content key is decrypted using the distribution decryption key and further encrypted using the medium unique key, and the content is not decrypted and further encrypted. Therefore, the processing load on the recording medium device can be reduced. Here, the transmission device further stores use condition information indicating a use condition of the digital work, and an original use condition key unique to the use condition information, and using the delivery encryption key, Encrypting the original usage rule key to generate a first encrypted usage rule key, encrypting the usage rule information using the original usage rule key to generate first encrypted usage rule information,
The first encrypted use condition key and the first encrypted use condition information are transmitted to the receiving device via a network, and the recording medium device further receives the first encryption via the receiving device. An encrypted usage condition key and the first encrypted usage condition information, and using the delivery decryption key, the first
Decrypt the encrypted terms of use key to generate an intermediate terms of use key,
Using the generated intermediate usage rule key to decrypt the first encrypted usage rule information to generate intermediate usage rule information,
A second encrypted generated usage condition information is generated by encrypting the intermediate usage condition information using the medium unique key.
The encrypted use condition information is written in the information storage area, and the reading means is further configured to read the second information from the information storage area.
The encrypted use condition information is read, the decryption unit further decrypts the read second encrypted use condition information based on the medium unique key to generate decrypted use condition information, and the reproducing unit. Furthermore, it is determined whether or not the decrypted content can be reproduced based on the generated decryption usage condition information,
Only when it is determined that the reproduction is possible, the generated decrypted content is reproduced.

According to this structure, the use of the content can be controlled based on the obtained use condition information. here,
The use condition information includes information that limits the number of times the decrypted content is played back, information that limits the playback period of the decrypted content, or information that limits the cumulative playback time of the decrypted content, and the playback means is the number of playbacks. Whether or not the decrypted content can be reproduced is determined based on the information that restricts the reproduction time, the information that restricts the reproduction period, or the information that controls the reproduction accumulated time.

According to this structure, the content is reproduced based on the information that limits the number of times the decrypted content is reproduced, the information that limits the reproduction period of the decrypted content, or the information that restricts the accumulated reproduction time of the decrypted content. You can judge the approval or disapproval. Here, the reproduction device further includes an authentication unit that mutually authenticates the validity of the device with the recording medium device, and the key acquisition unit acquires only when the authentication is successful, The reading means reads only when the authentication is successful.

According to this structure, since the legitimacy of the device is mutually authenticated between the reproducing device and the recording medium device, it is possible to prevent the digital work from being obtained from an unauthorized device.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a digital work protection system 100.

FIG. 2 is a block diagram showing the configurations of a content distribution server device 200 and a memory card 400.

FIG. 3 is a block diagram showing a configuration of a memory card 400.

FIG. 4 is a block diagram showing a configuration of a PC 300.

FIG. 5: Memory card 400 and headphone stereo 5
It is a block diagram which shows the structure of 00.

FIG. 6 shows a structure of a distribution data format.

FIG. 7 shows a structure of a recording data format.

FIG. 8 is a flowchart showing an operation at the time of writing to the memory card 400. Continuing to FIG.

FIG. 9 is a flowchart showing an operation at the time of writing to the memory card 400. Continuing to FIG.

FIG. 10 is a flowchart showing an operation at the time of writing to the memory card 400. Continuing from FIG.

FIG. 11 is a flowchart showing an operation at the time of reading from the memory card 400. Continued in FIG.

FIG. 12 is a flowchart showing an operation at the time of reading from the memory card 400. Continuing from FIG.

FIG. 13 is a block diagram showing the configurations of a content distribution server device 200b and a memory card 400b.

FIG. 14 is a block diagram showing a configuration of a memory card 400b.

FIG. 15 is a block diagram showing configurations of a memory card 400b and a headphone stereo 500.

FIG. 16 shows a structure of a distribution data format.

FIG. 17 shows the structure of a recording data format.

FIG. 18 is a flowchart showing an operation at the time of writing to the memory card 400b. Continuing to FIG.

FIG. 19 is a flowchart showing an operation at the time of writing to the memory card 400b. Continuing to FIG.

FIG. 20 is a flowchart showing an operation at the time of writing to the memory card 400b. Continuing from FIG.

FIG. 21 is a block diagram showing configurations of a content distribution server device 200c and a memory card 400c.

FIG. 22 shows the tamper resistant module unit 4 in the memory card 400c in the digital work protection system 100c.
10 is a flowchart showing an operation when updating a computer or data included in 10c.

[Explanation of symbols]

10 Internet 100 Digital Copyright Protection System 200 Content distribution server device 201 Content storage 202 Distribution data storage unit 211 First Authentication Unit 212 Distribution public key acquisition unit 214 Elliptical encryption unit 215 DES encryption unit 250 DES encryption unit 300 PC 301 microprocessor 302 memory unit 303 Input section 304 display 305 Communication unit 306 Memory card connection 400 memory card 410 Anti-tamper module 411 First authentication unit 412 distribution public key storage unit 413 Delivery private key storage unit 414 Ellipse Decoding Unit 415 DES Decoding Unit 416 Converter 417 Second Authentication Unit 418 Recording Medium Key Storage Unit 419 DES encryption unit 422 recording data storage unit 423 Delivery data storage unit 430 Information storage unit 431 Second storage area 432 First storage area 500 headphone stereo 517 Second Authentication Unit 518 Recording Medium Key Acquisition Unit 519 DES decryption unit 531 Re-encrypted data acquisition unit 532 recording data storage 540 Usage condition determination unit 541 playback unit 550 DES decryption unit 700 headphones

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06K 19/00 G11B 20/10 D 5J104 19/10 H G09C 1/00 660 H04L 9/00 601A G11B 20 / 10 601B G06K 19/00 Q H04N 5/765 R 5/91 H04N 5/91 L 5/93 P 5/93 Z (72) Inventor Miya ▲ Zaki ▼ Masaya 1006 Kadoma, Kadoma-shi, Osaka Matsushita Electric Industrial Co., Ltd. Company (72) Inventor Tsutomu Sekibe 1006 Kadoma, Kadoma City, Osaka Prefecture Matsushita Electric Industrial Co., Ltd. (72) Inventor Yoshiaki Nakanishi 1006 Kadoma, Kadoma City, Osaka Prefecture (72) Inventor Natsume Matsuzaki 1006, Kadoma, Kadoma-shi, Osaka Prefecture F-term in Matsushita Electric Industrial Co., Ltd. (reference) 5B017 AA06 BA07 CA16 5B035 AA13 BB09 BB11 BC00 CA1 1 CA29 5B058 CA02 CA23 KA01 KA04 KA06 KA12 KA31 KA35 YA20 5C053 FA13 GB06 JA21 LA11 LA14 5D044 BC01 BC04 CC04 DE17 DE50 GK17 HL08 5J104 AA01 AA12 AA16 NA41 NA42 NA04 NA02 NA04 NA02 NA05 JA21 NA31 JA21 JA31 JA21 NA31 JA31 JA21 JA31 JA31 JA31 JA31 JA21 JA31 JA31 NA21 JA31 NA21 JA31 NA21 JA31 NA21 JA31 NA21 JA31

Claims (32)

[Claims] 1. A digital literary protection system for writing a digital literary work transmitted from a transmitting device into a portable recording medium device via a receiving device and reproducing the literary work by a reproducing device. The system includes the transmitting device that encrypts original content, which is a digital work, based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information via a network. Then, the recording medium device is attached to the receiving device, the digital copyright protection system further receives the first encrypted information via a network, and the received first encrypted information is stored in the recording medium. A receiving device for outputting to a device, an information storage area for storing information, and a tamper resistant module unit having tamper resistance, The tamper resistant module unit acquires the output first encrypted information, decrypts the first encrypted information based on a distribution decryption key to generate intermediate information, and is unique to the recording medium device. Encrypting the intermediate information based on the medium unique key to generate second encrypted information, and writing the generated second encrypted information to the information storage area, where the second encrypted information is written. The recording medium device is attached to the reproducing device, and the digital copyright protection system further reads the second encrypted information from the information storage area, securely reads the medium unique key, and reads the medium unique key. A digital work protection system, comprising: the reproduction device for decoding the second encrypted information to generate decrypted content based on, and reproducing the generated decrypted content. 2. The transmission device prestores an original content and an original content key unique to the original content, acquires the delivery encryption key used for delivering a digital work, and obtains the original content key. The content key is used to encrypt the original content to generate encrypted content, and the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key, and the generated content is generated. The first encrypted information including the encrypted content and the first encrypted content key is transmitted, and the receiving device receives the first encrypted information including the encrypted content and the first encrypted content key. Then
The received encrypted content and the first encrypted content key are output, and the tamper resistant module stores the delivery decryption key and the medium unique key unique to the recording medium device in advance, and the output Acquiring the first encrypted information including the encrypted content and the first encrypted content key, decrypting the first encrypted content key using the distribution decryption key to generate an intermediate content key, and Using the medium unique key,
Encrypting the generated intermediate content key to generate a second encrypted content key, writing the second encrypted information including the acquired encrypted content and the generated second encrypted content key, and playing the content. The apparatus securely acquires the medium unique key from the recording medium apparatus, reads the second encrypted information including the encrypted content and the second encrypted content key from the information storage area, and acquires the second encrypted information. The medium unique key is used to decrypt the second encrypted content key to generate a decrypted content key, and the decrypted content key generated is used to decrypt the read encrypted content to generate decrypted content. The digital work protection system according to claim 1, wherein 3. A transmission device for transmitting a digital work,
A receiving device for recording the digital work received via a network in a portable recording medium device, a reproducing device for reproducing the digital work recorded in the recording medium device, and the recording medium device. In the digital copyright protection system described above, the transmitting device has a storage unit that stores in advance the original content that is a digital work and an original content key that is unique to the original content; Distribution encryption key acquisition means for acquiring a distribution encryption key used for, the original content key is used to encrypt the original content to generate encrypted content, and the acquired distribution encryption key is used to obtain the original content. Encryption means for encrypting a key to generate a first encrypted content key; and the encrypted content and the first encrypted content key. Transmitting means for transmitting via the network, wherein the recording medium device is attached to the receiving device, and the receiving device is configured to transmit the encrypted content and the first encrypted content key via the network. An information storage unit that includes a receiving unit that receives the data, and an output unit that outputs the received encrypted content and the first encrypted content key, wherein the recording medium device has an area for storing information; A tamper resistant module means having tamper resistance, wherein the tamper resistant module means stores a distribution decryption key and a medium unique key unique to the recording medium device in advance, and An acquisition unit that acquires encrypted content and the first encrypted content key, and decrypts the first encrypted content key using the distribution decryption key A decryption unit for generating an intermediate content key, an encryption unit for encrypting the generated intermediate content key using the medium unique key to generate a second encrypted content key, and the acquired encrypted content and A writing unit that writes the generated second encrypted content key in the information storage unit, wherein the recording medium device in which the encrypted content and the second encrypted content key are written is the playback device. The playback device is attached to the key storage unit, the key storage unit securely acquires the medium unique key from the key storage unit, the encrypted content from the information storage unit, and the second content storage unit.
Reading means for reading the encrypted content key; and the second reading means for reading using the acquired medium unique key.
Content key decryption means for decrypting the encrypted content key to generate a decrypted content key, and content decryption means for decrypting the read encrypted content by using the generated decrypted content key to generate decrypted content And a reproduction means for reproducing the generated decrypted content, a digital copyright protection system. 4. A transmitter for transmitting a digital work via a network, wherein the digital work is written in a portable recording medium device via a receiver, and the transmitter is a digital work. Storage means for storing in advance the original content that is a product and an original content key unique to the original content; An encryption means for encrypting the original content by using the content key to generate encrypted content, and encrypting the original content key for generating the first encrypted content key using the obtained distribution encryption key; A transmitting device comprising: a transmitting unit configured to transmit the encrypted content and the first encrypted content key via a network. 5. The storage means further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and the encryption means, Furthermore, using the delivery encryption key,
Encrypting the original usage rule key to generate a first encrypted usage rule key, encrypting the usage rule information using the original usage rule key to generate first encrypted usage rule information, and transmitting the The transmitting device according to claim 4, wherein the means further transmits the first encrypted use condition key and the first encrypted use condition information via a network. 6. The distribution encryption key acquisition means acquires the distribution encryption key which is a public key generated using a public key generation algorithm, and the encryption means uses the distribution encryption key which is a public key. hand,
The transmission device according to claim 5, wherein the transmission device performs encryption using a public key encryption algorithm. 7. The transmission device further exposes a revoke list means including an area for recording an invalid distribution encryption key, and a distribution decryption key based on the generation of the distribution encryption key which is a public key. Registration means for writing the distribution encryption key in the revoke list means, where the transmission device newly transmits content that is a digital work, and the distribution key acquisition means To obtain the distribution encryption key, determine whether the obtained distribution encryption key is written in the revoke list means, and if it is determined that the distribution encryption key has been written, prohibit the encryption from the encryption means. The transmission device according to claim 6, wherein the transmission is prohibited to the transmission unit. 8. The storage means further stores use condition information indicating a use condition of the digital work, and the transmitting means further reads out and reads out the use condition information from the storage means. The transmission device according to claim 4, wherein the usage condition information is subjected to a hash algorithm to generate a hash value, and the generated hash value and the read usage condition information are securely transmitted via a network. . 9. The transmission device further includes an authentication unit that mutually authenticates the legitimacy of the device with the recording medium device, and the delivery encryption key acquisition unit only when the authentication is successful. The distribution encryption key is obtained from the recording medium device, the encryption unit encrypts only when the authentication is successful, and the transmission unit transmits only when the authentication is successful. The transmitter according to claim 4, wherein the transmitter is a transmitter. 10. The transmission device further includes update information storage means for storing in advance update information for updating a tamper resistant module unit included in the recording medium device, and the update information from the update information storage means. 5. The transmission device according to claim 4, further comprising: an update information transmission unit that reads out the update information and transmits the read update information to the recording medium device via a network and a reception device. 11. The transmission device further reads the update information from the update information storage means, applies a hash algorithm to the read update information to generate a hash value, and the generated hash value is used by the network and the reception device. 2. A hash unit for securely transmitting the data to the recording medium device via the Internet.
0. The transmitting device according to 0. 12. The update information stored in the update information storage means is for updating an encryption method, a decryption method, or a data conversion method from a distribution data format to a recording data format provided in the tamper resistant module unit. The update information transmitting means includes the information for updating the encryption method, the decryption method, or the data conversion method from the distribution data format to the recording data format included in the tamper resistant module unit. 12. The transmitting device according to claim 11, wherein the transmitting device reads the update information and transmits the read update information. 13. A portable recording medium device for recording, via a receiving device, a digital work transmitted from a transmitting device, wherein the recording medium device is attached to the receiving device, and the transmitting device is , Original content that is a digital work is encrypted based on a distribution encryption key to generate first encrypted information, and the generated first encrypted information is transmitted to the receiving device via a network, and the recording is performed. The medium device includes: an information storage unit having an area for storing information; and a tamper resistant module unit having tamper resistance, wherein the tamper resistant module unit is a distribution decryption key and a medium unique to the recording medium device. A key storage unit that stores a unique key in advance, an acquisition unit that acquires the first encrypted information transmitted via the reception device, and the first encryption based on the distribution decryption key A decryption unit that decrypts the information to generate intermediate information; an encryption unit that encrypts the intermediate information based on the medium unique key to generate second encrypted information; A recording medium device, comprising: a writing unit for writing the information in the information storage unit. 14. The transmission device prestores an original content and an original content key unique to the original content, acquires a delivery encryption key used for delivering a digital work, and obtains the original content. The key is used to encrypt the original content to generate encrypted content, the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key, and the generated encryption The first including content and a first encrypted content key
Transmitting encrypted information, the acquisition unit acquires the first encrypted information including the output encrypted content and the first encrypted content key, and the decryption unit uses the delivery decryption key Then, the first encrypted content key included in the first encrypted information is decrypted to generate an intermediate content key, and the encrypted content included in the first encrypted information and the generated intermediate content key are generated. And generating the second encrypted content key by encrypting the intermediate content key included in the intermediate information, using the medium unique key, to generate the second encrypted content key. Generating the second encrypted information including the encrypted content included and the generated second encrypted content key, wherein the writing unit writes the encrypted content and the second encrypted content. 14. The recording medium device according to claim 13, wherein the second encrypted information including a key is written. 15. The transmission device further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and uses the delivery encryption key. And encrypts the original condition key and
An encrypted usage rule key is generated, the usage rule information is encrypted using the original usage rule key to generate first encrypted usage rule information, and the first encrypted usage rule key and the first encrypted usage rule key are generated.
The encrypted usage condition information is transmitted to the receiving device via a network, and the acquisition unit further receives the first encrypted usage condition key and the first encrypted usage condition information via the receiving device. The decryption unit further uses the delivery decryption key to decrypt the first encrypted usage rule key to generate an intermediate usage rule key, and uses the generated intermediate usage rule key, The first encrypted use condition information is decrypted to generate intermediate use condition information, and the encryption unit further uses the medium unique key to encrypt the intermediate use condition information to perform second encryption. 15. The recording medium device according to claim 14, wherein the use condition information is generated, and the writing unit further writes the generated second encrypted use condition information in the information storage unit. 16. The transmission device further obtains the distribution encryption key which is a public key generated by using a public key generation algorithm based on a distribution decryption key which is a secret key,
The delivery encryption key, which is a public key, is used for encryption with a public key encryption algorithm, and the decryption unit decrypts with the delivery decryption key with a public key decryption algorithm.
5. The recording medium device according to item 5. 17. The tamper resistant module means further includes a conversion unit for converting the intermediate information in a distribution data format generated by the decoding unit to generate recording intermediate information in a recording data format, The recording medium device according to claim 14, wherein the encryption unit encrypts the recording intermediate information instead of the intermediate information. 18. The transmission device pre-stores update information for updating the tamper resistant module means included in the recording medium device, and reads the update information,
The read update information is transmitted to the recording medium device via a network and a receiving device, and the tamper resistant module means includes a microprocessor and a semiconductor memory recording a computer program, and according to the computer program, When the microprocessor operates, the components included in the tamper resistant module means operate, the acquisition unit acquires the update information via the receiving device, and the tamper resistant module means further includes 18. The recording according to claim 17, further comprising: an updating unit that updates the computer program by using the acquired update information and thereby updates the components included in the tamper resistant module means. Media device. 19. The transmission device further reads the update information, applies a hash algorithm to the read update information to generate a first hash value, and transmits the generated first hash value via a network and a reception device. Securely transmitted to the recording medium device, the tamper resistant module further applies a hash algorithm to the acquired update information to generate a second hash value, and the acquired first hash. A comparison determination unit that determines whether or not the value and the generated second hash value match, and the update unit updates only when the comparison determination unit determines that they match. Claim 18
The recording medium device described in 1. 20. The update information stored in the transmission device is an encryption method provided in the tamper resistant module means,
Decryption method, or including information for updating the data conversion method from the distribution data format to the recording data format, transmits the update information, the acquisition unit, the encryption method, the decryption method, or the data conversion method The update information for updating is acquired via the receiving device, and the update unit updates the computer program by using the acquired update information, whereby the encryption included in the tamper resistant module means. 20. The recording medium device according to claim 19, wherein the conversion unit, the decoding unit, or the conversion unit is updated. 21. The transmission device further stores use condition information indicating a use condition of the digital work, reads the use condition information, and applies a hash algorithm to the read use condition information to obtain a first condition. 1 hash value is generated, the generated first hash value and the read usage condition information are securely transmitted via a network, and the acquisition unit further transmits the first hash value transmitted via the receiving device. 1 hash value and the usage condition information are acquired, the tamper resistant module means further applies the hash algorithm to the acquired usage condition information to generate a second hash value, and the acquired the first hash value. A comparison determination unit that determines whether or not one hash value and the generated second hash value match, and the encryption unit includes the comparison unit. Only when it is determined to match the cross section, and encrypts, according to claim wherein the writing section is characterized only be written if it is determined that coincides with the comparing and judging section 14
The recording medium device described in 1. 22. The transmitting device further authenticates the validity of the device with the recording medium device, and obtains the distribution encryption key from the recording medium device only when the authentication is successful. Then, the tamper resistant module means further includes an authenticating means for mutually authenticating the legitimacy of the device with the transmitting device, and the acquiring section, when the authentication is successful, Only, the decryption unit decrypts only when the authentication succeeds, the encryption unit encrypts only when the authentication succeeds, and the writing unit succeeds in the authentication 15. The recording medium device according to claim 14, wherein the writing is performed only when the writing is performed. 23. The recording medium device is mounted on a reproducing device, the reproducing device reads information from the information storing means, and the tamper resistant module means further mutually interacts with the reproducing device. 15. An authenticating means for authenticating the legitimacy of the device and permitting the reproducing device to read out information only when the authentication is successful.
The recording medium device described in 1. 24. The decoding unit is provided with a plurality of decoding methods in advance, and performs decoding using one decoding method selected from the plurality of decoding methods, wherein the selected decoding method is: The recording medium device according to claim 14, wherein the recording medium device performs an inverse conversion of an encryption method used in the transmitting device. 25. The encryption unit is provided with a plurality of encryption methods in advance, and one selected from the plurality of encryption methods.
The recording medium device according to claim 14, wherein encryption is performed by using one encryption method. 26. The key storage unit stores a plurality of delivery decryption key candidates, and one delivery decryption key candidate is selected as the delivery decryption key from the plurality of delivery decryption key candidates, The recording medium device according to claim 14, wherein the decryption unit uses the selected delivery decryption key. 27. The recording medium device according to claim 14, wherein the tamper resistant module means realizes tamper resistance by software, hardware, or a combination of software and hardware. 28. A reproducing device for reproducing a digital work transmitted from a transmitting device via a network and a receiving device and written in a portable recording medium device, wherein the recording medium device is attached to the receiving device. The transmitting device encrypts original content, which is a digital work, based on a distribution encryption key to generate first encrypted information, and transmits the generated first encrypted information to the receiving device via a network. However, the recording medium device includes an information storage area for storing information, and a tamper-resistant module unit having tamper resistance, the tamper-resistant module unit, the tamper resistant module unit 1. Obtaining encrypted information, decrypting the first encrypted information based on a distribution decryption key to generate intermediate information, and performing the intermediate operation based on a medium unique key unique to the recording medium device. Encrypting information to generate second encrypted information, writing the generated second encrypted information in the information storage area, wherein the recording medium device in which the second encrypted information is written is the reproducing device Mounted on the playback device, the playback device securely acquires the medium unique key from the recording medium device, reading means for reading the second encrypted information from the information storage area, and the obtained medium unique key. A reproducing apparatus comprising: a decrypting unit that decrypts the read second encryption based on a key to generate decrypted content; and a reproducing unit that reproduces the decrypted content that is generated. 29. The transmission device prestores an original content and an original content key unique to the original content, acquires a delivery encryption key used for delivering a digital work, and obtains the original content. The key is used to encrypt the original content to generate encrypted content, the obtained distribution encryption key is used to encrypt the original content key to generate a first encrypted content key, and the generated encryption The first including content and a first encrypted content key
Transmitting encrypted information, the tamper resistant module unit stores in advance the delivery decryption key and a medium unique key unique to the recording medium device,
The first encrypted information including the output encrypted content and the first encrypted content key is acquired, and the first encrypted content key is decrypted by using the distribution decryption key to obtain an intermediate content key. Generated, using the medium unique key to encrypt the generated intermediate content key to generate a second encrypted content key, including the acquired encrypted content and the generated second encrypted content key. The second encryption information is written, the reading means reads the second encryption information including the encrypted content and the second encrypted content key, and the decryption means uses the acquired medium unique key. By using the decrypted second encrypted content key to generate a decrypted content key, and using the generated decrypted content key, the read encrypted content key Reproducing apparatus according to claim 28, characterized in that to generate the decrypted content to decode. 30. The transmission device further stores use condition information indicating a use condition of the digital work and an original use condition key unique to the use condition information, and uses the distribution encryption key. And encrypts the original condition key and
An encrypted usage rule key is generated, the usage rule information is encrypted using the original usage rule key to generate first encrypted usage rule information, and the first encrypted usage rule key and the first encrypted usage rule key are generated.
The encrypted usage condition information is transmitted to the receiving device via a network, and the recording medium device further via the receiving device,
Acquiring the first encrypted usage rule key and the first encrypted usage rule information, decrypting the first encrypted usage rule key using the distribution decryption key to generate an intermediate usage rule key, and generating The first encrypted use condition information is decrypted by using the intermediate use condition key that has been generated to generate intermediate use condition information, and the intermediate use condition information is encrypted by using the medium unique key. Generating encrypted use condition information, writing the generated second use condition information in the information storage area, the reading means further reading the second encrypted use condition information from the information storage area, The decryption means may further include, based on the medium unique key,
The read second encrypted use condition information is decrypted to generate decryption use condition information, and the reproducing means further determines whether or not the decrypted content can be reproduced based on the generated decryption use condition information, and reproduces the decrypted content. 30. The reproducing apparatus according to claim 29, which reproduces the generated decrypted content only when it is determined to be possible. 31. The usage condition information includes information that limits the number of times the decrypted content is played back, information that limits the playback period of the decrypted content, or information that limits the cumulative playback time of the decrypted content, 31. The reproducing apparatus according to claim 30, wherein the means determines whether the decrypted content can be reproduced, based on information that limits the number of times of reproduction, information that limits the reproduction period, or information that controls the accumulated reproduction time. . 32. The reproducing device further includes an authenticating unit that mutually authenticates the validity of the device with the recording medium device, and the key acquiring unit acquires the key only when the authentication is successful. 30. The reproducing apparatus according to claim 29, wherein the reading unit reads out only when the authentication is successful.